Exemplo n.º 1
0
 def val(r):
     objs, unresolved_path = traverse_path(oms_root, r)
     if unresolved_path:
         return [(timestamp,
                  dict(event='delete', name=os.path.basename(r),
                       url=r))]
     return IStream(objs[-1]).events(after, limit=limit)
Exemplo n.º 2
0
    def handle_request(self, request):
        """Takes a request, maps it to a domain object and a corresponding IHttpRestView
        and returns the rendered output of that view.
        """
        principal = self.check_auth(request)

        oms_root = db.get_root()['oms_root']
        objs, unresolved_path = traverse_path(oms_root, request.path[1:])

        if not objs and unresolved_path:
            objs = [oms_root]

        obj = objs[-1]

        interaction = self.get_interaction(request, principal)
        request.interaction = interaction

        if self.use_security_proxy:
            obj = proxy_factory(obj, interaction)

        view = self.find_view(obj, unresolved_path, request)

        needs_rw_transaction = view.rw_transaction(request)

        # create a security proxy if we have a secured interaction
        if interaction:
            try:
                view = proxy_factory(view, interaction)
            except:
                # XXX: TODO: define a real exception for this proxy creation error
                # right now we want to ignore security when there are no declared rules
                # on how to secure a view
                pass

        def get_renderer(view, method):
            try:
                return getattr(view, method, None)
            except zope.security.interfaces.Unauthorized:
                raise Forbidden('User does not have permission to access this resource')

        for method in ('render_' + request.method,
                       'render_' + request.method.lower(),
                       'render'):
            renderer = get_renderer(view, method)
            if renderer:
                from opennode.oms.endpoint.httprest.auth import AuthView
                if isinstance(view, AuthView) and renderer.__name__ == 'render':
                    res = renderer(request, self.use_keystone_tokens)
                else:
                    res = renderer(request)
                return res if needs_rw_transaction else db.RollbackValue(res)

        raise NotImplementedError("Method %s is not implemented in %s\n" % (request.method, view))
Exemplo n.º 3
0
    def handle_request(self, request):
        """Takes a request, maps it to a domain object and a corresponding IHttpRestView
        and returns the rendered output of that view.
        """
        token = self.get_token(request)

        oms_root = db.get_root()['oms_root']
        objs, unresolved_path = traverse_path(oms_root, request.path[1:])

        if not objs and unresolved_path:
            objs = [oms_root]

        obj = objs[-1]

        interaction = self.get_interaction(request, token)
        request.interaction = interaction

        if self.use_security_proxy:
            obj = proxy_factory(obj, interaction)

        view = self.find_view(obj, unresolved_path, request)

        needs_rw_transaction = view.rw_transaction(request)

        # create a security proxy if we have a secured interaction
        if interaction:
            try:
                view = proxy_factory(view, interaction)
            except:
                # XXX: TODO: define a real exception for this proxy creation error
                # right now we want to ignore security when there are no declared rules
                # on how to secure a view
                pass

        def get_renderer(view, method):
            try:
                return getattr(view, method, None)
            except zope.security.interfaces.Unauthorized, e:
                from opennode.oms.endpoint.httprest.auth import IHttpRestAuthenticationUtility
                auth_util = getUtility(IHttpRestAuthenticationUtility)
                if token or not auth_util.get_basic_auth_credentials(request) or \
                            (self.use_keystone_tokens and
                             not auth_util.get_keystone_auth_credentials(request)):
                    raise Forbidden(
                        'User does not have permission to access this resource'
                    )
                raise Unauthorized()
Exemplo n.º 4
0
    def handle_request(self, request):
        """Takes a request, maps it to a domain object and a corresponding IHttpRestView
        and returns the rendered output of that view.
        """
        token = self.get_token(request)

        oms_root = db.get_root()['oms_root']
        objs, unresolved_path = traverse_path(oms_root, request.path[1:])

        if not objs and unresolved_path:
            objs = [oms_root]

        obj = objs[-1]

        interaction = self.get_interaction(request, token)
        request.interaction = interaction

        if self.use_security_proxy:
            obj = proxy_factory(obj, interaction)

        view = self.find_view(obj, unresolved_path, request)

        needs_rw_transaction = view.rw_transaction(request)

        # create a security proxy if we have a secured interaction
        if interaction:
            try:
                view = proxy_factory(view, interaction)
            except:
                # XXX: TODO: define a real exception for this proxy creation error
                # right now we want to ignore security when there are no declared rules
                # on how to secure a view
                pass

        def get_renderer(view, method):
            try:
                return getattr(view, method, None)
            except zope.security.interfaces.Unauthorized, e:
                from opennode.oms.endpoint.httprest.auth import IHttpRestAuthenticationUtility
                auth_util = getUtility(IHttpRestAuthenticationUtility)
                if token or not auth_util.get_basic_auth_credentials(request) or \
                            (self.use_keystone_tokens and 
                             not auth_util.get_keystone_auth_credentials(request)):
                    raise Forbidden('User does not have permission to access this resource')
                raise Unauthorized()
Exemplo n.º 5
0
    def try_index(self, searcher, model, event):
        path = canonical_path(model)
        op = 'un' if IModelDeletedEvent.providedBy(event) else ''

        log.msg("%sindexing %s %s" % (op, path, type(event).__name__), system="indexer")

        objs, unresolved_path = traverse_path(db.get_root()['oms_root'], path)
        if unresolved_path and not IModelDeletedEvent.providedBy(event):
            return False

        obj = objs[-1]

        try:
            if IModelDeletedEvent.providedBy(event):
                searcher.unindex_object(obj)
            else:
                searcher._index_object(obj)
        except NotYet:
            return False

        log.msg("%sindexed %s %s" % (op, path, type(event).__name__), system="indexer")
        return True
Exemplo n.º 6
0
 def traverse(path):
     res, _ = traverse_path(oms_root, path)
     if not res:
         return None
     return res[-1]
Exemplo n.º 7
0
 def traverse(path):
     res, _ = traverse_path(oms_root, path)
     if not res:
         return None
     return res[-1]
Exemplo n.º 8
0
 def val(r):
     objs, unresolved_path = traverse_path(oms_root, r)
     if unresolved_path:
         return [(timestamp, dict(event='delete', name=os.path.basename(r), url=r))]
     return IStream(objs[-1]).events(after, limit=limit)
Exemplo n.º 9
0
 def traverse_full(self, path):
     if path.startswith('/'):
         return traverse_path(db.get_root()['oms_root'], path[1:])
     else:
         return traverse_path(self.current_obj, path)
Exemplo n.º 10
0
 def traverse_full(self, path):
     if path.startswith('/'):
         return traverse_path(db.get_root()['oms_root'], path[1:])
     else:
         return traverse_path(self.current_obj, path)