def __init__(self, *args, **kw): # /event/url/submissions self.event = kw.get('event', None) # /event/url/lesson/id/submissions self.lesson = kw.get('lesson', None) # /event/url/sheet/id/assignment/id/submissions self.assignment = kw.get('assignment', None) # /event/url/sheet/id/submissions self.sheet = kw.get('sheet', None) if self.event: pass elif self.lesson: self.event = self.lesson.event elif self.assignment: self.event = self.assignment.sheet.event elif self.sheet: self.event = self.sheet.event else: log.warn('SubmissionController without any filter') flash('You can not view Submissions without any constraint.', 'error') abort(400) # Allow access for event teacher and lesson teacher self.allow_only = Any( has('teachers', self.event), has('tutors', self.lesson), # has_teacher(self.event), # has_teachers(self.event), # has_teacher(self.lesson), has_permission('manage'), msg=u'You have no permission to manage this Lesson' ) self.table = SubmissionTable(DBSession) self.table_filler = SubmissionTableFiller(DBSession, lesson=self.lesson)
def _before(self, *args, **kw): try: TIMRestPathContextSetup.current_user() TIMRestPathContextSetup.current_workspace() TIMRestPathContextSetup.current_folder() except NoResultFound: abort(404)
def submit_verification(self, output_id, status): user = request.identity['user'] try: output_id = int(output_id) except ValueError: return { 'status': 'error', 'msg': 'There was an error. Please try clearing your ' 'browser cache and repeating this action.' } output = DBSession.query(Output).get(output_id) if not output or output.input.group_id != self.group.id: abort(404) try: status = VerificationStatus[status] except KeyError: abort(404) if not user.admin and not self.group.competition.verification_open: return {'status': 'error', 'msg': 'Verification closed'} assert output.original is True assert output.active is True assert output.use_ground_truth is False output.verification = status return self.verification_data()
def get_delete(self, *args, **kw): '''This is the code that creates a confirm_delete page The delete operation will be simulated to be able to display all related objects that would be deleted too. ''' if not self.allow_delete: abort(403) pks = self.provider.get_primary_fields(self.model) kw, d = {}, {} for i, pk in enumerate(pks): kw[pk] = args[i] for i, arg in enumerate(args): d[pks[i]] = arg obj = self.provider.delete(self.model, d) deps = u'<dl>' for k, g in groupby(sorted(o for o in DBSession.deleted if o != obj), lambda x: type(x)): deps += u'<dt>' + unicode(k.__name__) + u's' + u'</dt>' deps += u'<dd>' + u', '.join(sorted(unicode(o) for o in g)) + u'</dd>' deps += u'</dl>' transaction.doom() #obj = self.edit_filler.__provider__.get_obj(self.model, params=kw, fields=self.edit_filler.__fields__) pklist = u'/'.join(map(lambda x: unicode(getattr(obj, x)), pks)) return dict(obj=obj, model=self.model.__name__, deps=deps, pk_count=len(pks), pklist=pklist)
def require_current_user_is_owner(item_id: int): current_user = tmpl_context.current_user item = ContentApi(current_user, True, True).get_one(item_id, ContentType.Any) if item.owner_id != current_user.user_id: abort(403, _('You\'re not allowed to access this resource'))
def _lookup(self, uname, *args): user = DBSession.query(User) \ .filter(User.user_name == uname) \ .one_or_none() if not user: abort(404, "No such user") return UserController(user), args
def csrf_protect(remainder, params): """ Perform CSRF protection checks. Performs checks to determine if submitted form data matches the token in the cookie. It is assumed that the GET request handler successfully set the token for the request and that the form was instrumented with a CSRF token field. Use the :py:func:`~csrf_token` decorator to do this. Generally, the handler does not need to do anything CSRF-protection-specific. All it needs is the decorator:: @csrf_protect @expose('myapp.templates.protected_post_handler') def protected_post_handler(): if successful: tg.redirect('/someplace') return dict(errors="There were some errors") """ req = tg.request._current_obj() secret, token_name, path, expires = _get_conf() token = req.signed_cookie(token_name, secret=secret) if not token: tg.abort(403, 'The form you submitted is invalid or has expired') form_token = req.args_params.get(token_name) if form_token != token.decode(ENCODING): tg.response.delete_cookie(token_name, path=path) tg.abort(403, 'The form you submitted is invalid or has expired')
def docs(self, arg='', *args, **kwargs): page_title = u'SAUCE Documentation' page_header = u'' if arg: try: f = open(os.path.join(g.loc, 'docs', arg + '.rst')) except IOError: abort(404) else: content = publish_string( f.read(), writer_name='html', settings_overrides={'output_encoding': 'unicode'}) page_title += ' - %s' % arg.capitalize() else: page_header = u'SAUCE Documentation' content = u'<p>In the menu on the left, you find all kinds of documentation about <b>SAUCE</b>.</p>' c.side_menu = c.doc_menu return dict(page='docs', page_title=page_title, page_header=page_header, content=content)
def _judge_permissions(self): '''Check current users permissions for judging and generate appropriate warnings''' if not request.allowance(self.submission): abort(403) if self.assignment.is_active: flash('The assignment is still active, this submission could still be edited by the student.', 'warning')
def __do_process(self, url, **kw): ''' runs requested operation ''' log.info("STARTING INTERNAL (%s): %s", datetime.now().isoformat(), url) m = re.search(r'(\/image_service\/(image[s]?\/|))(?P<id>[\w-]+)', url) #includes cases without image(s) in the url if m is None: #url did not match the regex return None uniq = m.group('id') # check for access permission resource = self.check_access(uniq, view='image_meta') user_name = self.get_user_name(resource.get('owner')) # fetch image meta from a resource if any, has to have a name and a type as "image_meta" meta = self.srv.cache.get_meta(uniq) # run processing try: r = self.srv.process(url, uniq, imagemeta=meta, resource=resource, user_name=user_name) log.info("FINISHED INTERNAL (%s): %s", datetime.now().isoformat(), url) return r except ImageServiceException, e: log.error('Responce Code: %s for %s: %s ' % (e.code, uniq, e.message)) log.info("FINISHED INTERNAL with ERROR (%s): %s", datetime.now().isoformat(), url) abort(e.code, e.message)
def get_one(self, func): try: step = FUNCTIONS[func] except: abort(404) return dict(name=func, doc=step.__doc__)
def delete(self, uid=None): e_filter = DBSession.query(ExtractionFilter).get(uid) if not e_filter: abort(404) extraction_id = e_filter.extraction_id DBSession.delete(e_filter) return redirect('/extractions/view/%s' % extraction_id)
def save_extraction(self, dashboard_id, **kw): axis = request.json['graph_axis'] visualization_type = request.json['visualization'] validate_axis_against_extraction_visualization( visualization_type, axis, DBSession.query(Extraction).get(int( request.json['extraction_id']))) try: de = DBSession.query(DashboardExtractionAssociation).filter( DashboardExtractionAssociation.uid == request.json['uid'], ).one() except (NoResultFound, KeyError): de = DashboardExtractionAssociation() de.dashboard_id = int(dashboard_id) de.extraction_id = request.json['extraction_id'] de.extraction_id = request.json['extraction_id'] de.visualization = visualization_type de.graph_axis = axis de.index = request.json['index'] try: columns = int(request.json['columns']) except ValueError: abort(412, detail='columns must be an integer beetween 4 and 8') if 8 < columns or 4 > columns: abort(412, detail='columns must be between 4 and 8') de.columns = columns DBSession.add(de) return dict( de=de, dashboard=de.dashboard, extraction=de.extraction, )
def new(self, *args, **kw): """Display a page to show a new record.""" if getattr(self, 'new_form', None) is None: abort(404) tmpl_context.widget = self.new_form return dict(value=kw, model=self.model.__name__)
def index(self, **kw): if not "user" in kw: abort(status_code=500, detail="Traffic error, parameter (user) not found") else: gaugeParameters = Statistics() currentGauge=gaugeParameters.byUser(kw["groups"]) currentComments = [] all = DBSession.query(helpComment).all() for item in all: currentComments.append(dict(id=item.id, hcomment=item.comment)) currentGauge["group"]=kw["groups"] currentGauge["user"] = kw["user"] currentGauge["list"]=currentComments if 'application_id' in kw: r=requests.get('https://sun.dudewhereismy.com.mx/services/utc_zone?application_id='+kw["application_id"]) parameters = {} parameters["application_id"] = kw["application_id"] newSession = requests.session() mkw = {'params': parameters,'verify': False, 'timeout': 10} response = newSession.get('https://sun.dudewhereismy.com.mx/services/utc_zone', **mkw) values = response.json() if "error" in values: if values['error']=='ok': currentGauge["tz"] =values["utc_zone"] #print("TZ:{}".format(currentGauge["tz"])) else: currentGauge["tz"] = "America/Mexico_City" else: currentGauge["tz"] = "America/Mexico_City" #for k,v in kw.items(): # print("{} {}".format(k,v)) #print("**************> GROUPS:{}".format(kw['groups'])) return currentGauge
def updateTrafficStatus(self, **kw): traffic_id = kw['traffic_id'] state = kw['state'] comment = kw['comment'] if kw['false_alarm'] == "true": false_alarm = 1 else: false_alarm = 0 alert = DBSession.query(Traffic).filter_by(id=traffic_id).first() if alert is not None: alert.attended_state = state alert.comment = comment alert.false_alarm = false_alarm if state == "A": alert.attended_time = datetime.datetime.utcnow() if state == "P": OperatorLog.addLog(user_name=kw["user"], group_name=kw["group"], operation=app_globals.putPending, traffic_id=traffic_id) alert.pending_time = datetime.datetime.utcnow() if state == "C": OperatorLog.addLog(user_name=kw["user"], group_name=kw["group"], operation=app_globals.finalizedTraffic, traffic_id=traffic_id) alert.closed_time = datetime.datetime.utcnow() DBSession.flush() else: print("NOT FOUND!!!") if not "group" in kw: abort(status_code=500, detail="Traffic error, parameter (group) not found") else: gaugeParameters = Statistics() currentGauge=gaugeParameters.byUser(kw["group"]) Message.post("trafficlistener_" + kw["group"], 'REPAINT' + "|") return currentGauge
def set_extraction_index(self, dashboard_id): uid = request.json['uid'] new_index = request.json['index'] if new_index < 0: return abort(400, detail='cannot raise first extraction') last_index = DBSession.query(func.max(DashboardExtractionAssociation.index))\ .filter_by(dashboard_id=dashboard_id).one()[0] if new_index > last_index: return abort(400, detail='cannot lower last extraction') try: de = DBSession.query(DashboardExtractionAssociation).filter( DashboardExtractionAssociation.uid == uid, ).one() except NoResultFound: return abort(404, detail='dashboard not found') old_index = de.index try: other_de = DBSession.query(DashboardExtractionAssociation).filter( DashboardExtractionAssociation.dashboard_id == dashboard_id, DashboardExtractionAssociation.index == new_index, ).one() other_de.index = old_index except NoResultFound: other_de = None de.index = new_index return dict(de=de, other_de=other_de)
def submit(self, *args, **kwargs): '''Create new submission for this assignment''' if 'manage' not in request.permissions and \ request.user not in set(self.event.members) | set(self.event.tutorsandteachers): abort(403) if (not self.assignment.is_active and not request.allowance(self.assignment)): flash('This assignment is not active, you may not create a submission', 'warning') redirect(url(self.assignment.url)) submission = Submission( assignment=self.assignment, filename=self.assignment.submission_filename or None, source=self.assignment.submission_template or None, language=self.assignment.allowed_languages[0] if self.assignment.allowed_languages else None, user=request.user, created=datetime.now(), modified=datetime.now(), ) DBSession.add(submission) try: DBSession.flush() except SQLAlchemyError: DBSession.rollback() log.warn('Error creating new submission', exc_info=True) flash('Error creating new submission', 'error') redirect(url(self.assignment.url)) else: redirect(url(submission.url + '/edit'))
def submit(self, *args, **kwargs): '''Create new submission for this assignment''' if 'manage' not in request.permissions and \ request.user not in set(self.event.members) | set(self.event.tutorsandteachers): abort(403) if (not self.assignment.is_active and not request.allowance(self.assignment)): flash( 'This assignment is not active, you may not create a submission', 'warning') redirect(url(self.assignment.url)) submission = Submission( assignment=self.assignment, filename=self.assignment.submission_filename or None, source=self.assignment.submission_template or None, language=self.assignment.allowed_languages[0] if self.assignment.allowed_languages else None, user=request.user, created=datetime.now(), modified=datetime.now(), ) DBSession.add(submission) try: DBSession.flush() except SQLAlchemyError: DBSession.rollback() log.warn('Error creating new submission', exc_info=True) flash('Error creating new submission', 'error') redirect(url(self.assignment.url)) else: redirect(url(submission.url + '/edit'))
def read(self, uid, **kw): if not uid: abort(404) user = User.by_user_id(uid) if not user: abort(404) return dict(page='soviet-read', user=user)
def respond(self): if not self.survey: abort(404, 'No survey for meeting') if not self.survey.active: if not has_permission('admin'): abort(403, 'Survey not avalible') return flash( 'This page is currently disabled. You can see it because you are an admin.', 'warn') form = request.POST if form: user = request.identity and request.identity.get('user') response = SurveyResponse(user=user, provided_name=form.get('_provided_name'), survey=self.survey) DBSession.add(response) requires_ft = bool(form.get('first_time')) for f in self.survey.fields: if f.first_time and not requires_ft: continue fo = f.type_object() v = fo.from_post(form) if v: DBSession.add( SurveyData(response=response, field=f, contents=v)) flash('Response submitted successfully') redirect(base_url='/') else: return {'survey': self.survey}
def _default(self): root = ET.fromstring(self.record) node = root.find(self.xpath) if request.method == 'POST': try: new_node = ET.fromstring(request.POST['editor']) except: abort(500, 'You made a mistake writing the XML.') node.clear() for ch in new_node: node.append(ch) node.attrib = new_node.attrib pk, blockchain_id = store_record(ET.tostring(root), b'foobar') self.user.blockchain_id_cache = blockchain_id private_key = PrivateKey(user_id=self.user.id, blockchain_id=blockchain_id, private_key=pk) DBSession.add(private_key) DBSession.add(self.user) redirect('/p/' + self.xpath[2:] + '/') return dict(page='profile', content=minidom.parseString(ET.tostring(node)).toprettyxml( indent=" ").partition('\n')[2], xpath=self.xpath)
def before_edit(remainder, params, output): self = request.controller_state.controller if not getattr(self, 'allow_edit', True): abort(403) # Use my bootstrap-enabled template override_template(FilterCrudRestController.edit, 'mako:sauce.templates.crc.edit')
def _default(self, page=None, *args, **kw): page_slug = dict(slug=page) hooks.notify('flatpages.before_override_template', args=(page_slug, self)) page = model.FlatPage.by_slug(page_slug['slug']) if page is None: abort(404, 'Page not found') permission = page.required_permission if permission and permission != 'public': if permission == 'not_anonymous': predicate = predicates.not_anonymous() else: predicate = predicates.has_permission(permission) if not predicate.is_met(request.environ): abort(403, 'Forbidden') try: userid = request.identity['user'].user_id except: userid = None override_template(RootController._default, page.template) hooks.notify('flatpages.after_override_template', (page, self)) return dict(page=page, tg_cache={'expire': self.CACHE_EXPIRE, 'key': '%s-%s-%s' % (page.slug, page.updated_at, userid)})
def cli(self, client_name=None, client_id=None): user = tg.request.identity["user"] if client_name and client_id: if len(client_id) != 88: tg.abort(400, "client_id must be 88 characters long") if " " in client_id: tg.abort(400, "client_id cannot contain spaces") token = model.AuthToken( client_name=client_name, client_id=client_id, date_added=datetime.datetime.now(), user=user, ) try: model.DBSession.add(token) model.DBSession.flush() except sqlalchemy.exc.IntegrityError: tg.flash("Cannot add client (already added?)", "danger") model.DBSession.rollback() else: tg.flash(f"Client {client_name} successfully added!", "success") tg.redirect(tg.url("/pref/cli")) identity = tg.request.environ.get("repoze.who.identity", {}) this_client_id = identity.get("token") auth_tokens_json = [{ "id": token.id, "client_name": token.client_name, "date_added": token.date_added.isoformat(), "this_client": this_client_id == token.client_id, } for token in user.auth_tokens] return dict(auth_tokens=auth_tokens_json)
def get_delete(self, *args, **kw): '''This is the code that creates a confirm_delete page''' if not self.allow_delete: abort(403) pks = self.provider.get_primary_fields(self.model) kw, d = {}, {} for i, pk in enumerate(pks): kw[pk] = args[i] for i, arg in enumerate(args): d[pks[i]] = arg obj = self.provider.delete(self.model, d) deps = u'<dl>' for k, g in groupby(sorted(o for o in DBSession.deleted if o != obj), lambda x: type(x)): deps += u'<dt>' + unicode(k.__name__) + u'</dt>' deps += u'<dd>' + u', '.join(sorted(unicode(o) for o in g)) + u'</dd>' deps += u'</dl>' transaction.doom() #obj = self.edit_filler.__provider__.get_obj(self.model, params=kw, fields=self.edit_filler.__fields__) pklist = u'/'.join(map(lambda x: unicode(getattr(obj, x)), pks)) return dict(obj=obj, model=self.model.__name__, deps=deps, pk_count=len(pks), pklist=pklist)
def _default(self, page=None, *args, **kw): page = model.FlatPage.by_slug(page) if page is None: abort(404, 'Page not found') permission = page.required_permission if permission and permission != 'public': if permission == 'not_anonymous': predicate = predicates.not_anonymous() else: predicate = predicates.has_permission(permission) if not predicate.is_met(request.environ): abort(403, 'Forbidden') try: userid = request.identity['user'].user_id except: userid = None override_template(RootController._default, page.template) hooks.notify('flatpages.before_render_page', (page, )) return dict(page=page, tg_cache={ 'expire': self.CACHE_EXPIRE, 'key': '%s-%s-%s' % (page.slug, page.updated_at, userid) })
def submit_evaluations(self): me = request.identity['user'] students_allowed = set(user.id for user in self.group.users) for user_id, score in request.POST.items(): user_id = int(user_id) if user_id not in students_allowed: abort(403, "You cannot submit an evaluation to this user") score = float(score) if score < 0: abort(403, "Negative contributions are not allowed") e = (DBSession.query(Evaluation) .filter(Evaluation.from_student_id == me.id) .filter(Evaluation.to_student_id == user_id) .filter(Evaluation.group_id == self.group.id) .one_or_none()) if not e: e = Evaluation( from_student_id=me.id, to_student_id=user_id, group=self.group, score=score) else: e.score = score DBSession.add(e) flash('Your evaluations have been saved. Thank you.', 'success') redirect('/group/{}'.format(self.group.id))
def get_one(self, id, **kw): entity = self._prepare_query(**kw).filter(self.model.id == id).first() if entity is None: abort(404, 'Not found') return {'value': self._dictify(entity)}
def create(cls, parameters, name, url): cwd = os.getenv('dispatch_DIR') np = cwd.rfind("/") + 1 who = whoami() if who == "": error = "CSV Failure" reason = "User not logged" message = "The following {} occured, this is due to {}, please DEBUG the url : {}".format( error, reason, url) abort(status_code=500, detail=message) file_name = cwd + "/" + cwd[np:].replace( ".", "") + "/public/" + who + "_" + name + ".pdf" my_file = Path(file_name) if my_file.is_file(): os.remove(file_name) ## PDF Generation ## options = { 'page-width': '11.0in', 'page-height': '8.5in', 'margin-top': '0.1in', 'margin-right': '0.1in', 'margin-bottom': '0.1in', 'margin-left': '0.1in', 'encoding': "UTF-8", 'quiet': '', } body = render_template(parameters, "mako", url) pdfkit.from_string(body, file_name, options=options) return "/" + who + "_" + name + ".pdf"
def insert(self, path=None, user=None, **kwargs): """ Move a resource identified by path """ if user is not None and identity.is_admin(): identity.current.set_current_user(user) resource = self._check_post_body() if resource is None: resource = etree.Element('resource', value=path) else: path = resource.get('value') log.info("insert_path() %s %s %s", tg.request.method, path, kwargs) store, driver = self.mounts.valid_store_ref(resource) if store is None: abort(400, "%s is not a valid store " % path) if resource.get('name') is None: resource.set('name', path.replace(driver.mount_url, '')) log.debug("insert %s %s %s", path, driver.mount_url, etree.tostring(resource)) resource = self.blobsrv.store_blob(resource) return etree.tostring(resource)
def check_access(self, ident): resource = data_service.resource_load (uniq = ident) if resource is None: if identity.not_anonymous(): abort(403) else: abort(401) return resource
def share(self, slug=None, product=None, *args, **kw): product = app_globals.shop.product.get(slug=slug, _id=product) if product is None: abort(404, 'Product not found') return dict(product=product, buy_form=get_buy_product_form(), action=plug_url('stroller2', '/product/add_to_cart'), active=self._product_is_active(product))
def accept(self, uid, **kw): if not uid: abort(404) user = User.by_user_id(uid) if not user: abort(404) user.status = True return redirect('/soviet')
def delete_permission(self, permission_id): primary_field = get_primary_field('Permission') try: model.provider.delete(app_model.Permission, {primary_field: permission_id}) except AttributeError: abort(404) flash(_('Permission deleted')) return redirect(url(self.mount_point))
def edit(self, *args, **kw): user = handler.user.get_user_in_session(request) # get circle id if request.method == 'GET': sequence_id = args[0] else : sequence_id = kw.get('cid') sequence_id=int(sequence_id) sequence = DBSession.query(Sequence).filter(Sequence.id == sequence_id).first() if not sequence: abort(404, 'Sequence with id %s not found' % sequence_id) if not sequence.public: add_user_widget = form.AddUser(action=url('/sequences/edit/%s' % sequence_id)).req() if request.method == 'POST': # add an user mail = kw.get('mail') try: add_user_widget.validate({'cid' : sequence_id, 'mail' : mail}) except twc.ValidationError as e: users = ', '.join(['%s' % u.email for u in sequence.users]) default_tracks = ', '.join(['%s' % t.name for t in sequence.default_tracks]) kw['cid'] = sequence_id users = sequence.users for u in users: u.__dict__['sid'] = sequence_id widget = e.widget widget.value = kw return dict(page='sequences', users=users, add_user=add_user, add_user_widget=add_user_widget, default_tracks=default_tracks, au_error=True, seq_id=sequence_id) to_add = DBSession.query(User).filter(User.email == mail).first() if to_add is None: to_add = handler.user.create_tmp_user(mail) sequence.users.append(to_add) DBSession.flush() kw['cid'] = sequence_id add_user_widget.value = kw else: add_user_widget = None users = sequence.users for u in users: u.__dict__['sid'] = sequence_id tracks = sequence.default_tracks for t in tracks: t.__dict__['sid'] = sequence_id add_user = util.to_datagrid(datagrid.sequence_user_grid, users, "Users", len(users)>0) def_tracks = util.to_datagrid(datagrid.sequence_default_tracks, tracks, "Default tracks", len(tracks)>0) return dict(page='sequences', users=users, add_user=add_user, add_user_widget=add_user_widget, default_tracks=def_tracks, au_error=False, seq_id=sequence_id)
def postflight(self, runtype=None, mac=None, name=None, serial=None, manifest=None, base64bz2report=None): """Log postflight.""" # Decode report # FIXME: there has to be a better way to submit a binary blob try: base64bz2report = base64bz2report.replace(" ", "+") bz2report = base64.b64decode(base64bz2report) report = bz2.decompress(bz2report) except BaseException as e: print "Can't decode report from %s (%s): %s" % (request.environ['REMOTE_ADDR'], mac, str(e)) abort(403) # Parse plist with plistlib, as Objective-C objects can't be pickled. try: plist = plistlib.readPlistFromString(report) except BaseException as e: print "Received invalid plist from %s (%s): %s" % (request.environ['REMOTE_ADDR'], mac, str(e)) abort(403) #plist, format, error = \ # NSPropertyListSerialization.propertyListFromData_mutabilityOption_format_errorDescription_( # buffer(report), # NSPropertyListMutableContainers, # None, # None # ) #if error: # print "error:", error # abort(401) # Create client if needed. client = Client.by_serial(serial) if not client: print "postflight running without preflight for %s" % mac client = Client() client.serial = serial DBSession.add(client) # Update client attributes. client.runtype = runtype if name: client.name = name else: client.name = "<NO NAME>" # Get manifest id from plist client.mac = mac client.manifest = manifest client.runstate = u"done" client.timestamp = datetime.now() client.remote_ip = unicode(request.environ['REMOTE_ADDR']) # Save report, updating activity, errors, warnings, and console_user. client.update_report(plist) DBSession.flush() return "postflight logged for %s\n" % name
def report_plist(self, serial=None): """View a munki report.""" client=Client.by_serial(unicode(serial)) if not client: abort(404) # Work with a copy of the client report so we can modify it without # causing a database update. report = dict(client.report_plist) return plistlib.writePlistToString(report)
def index(self, *args, **kwargs): try: server = oauth2.Server() server.add_signature_method(oauth2.SignatureMethod_HMAC_SHA1()) req = oauth2.Request.from_request( request.method, request.url, request.headers, request.params, request.query_string ) params = server.verify_request(req, oauth2.Consumer(self.key, self.secret), None) except: log.debug("LTI Tool Provider OAuth Error", exc_info=True) flash("LTI Tool Provider OAuth Error", "error") abort(403) else: log.debug(params) user_name = ( params.get("tool_consumer_info_product_family_code", "external") + "_" + params.get("tool_consumer_instance_guid", "external") + "_" + params.get("user_id") ) user = User.query.filter_by(user_name=user_name).first() if not user: log.info("New user %s", user_name) user = User( user_name=user_name, display_name=params.get("lis_person_name_full"), email_address=params.get("lis_person_contact_email_primary"), ) DBSession.add(user) submission = Submission.query.filter(Submission.assignment == self.assignment, Submission.user == user).first() if not submission: submission = Submission( assignment=self.assignment, filename=self.assignment.submission_filename or None, source=self.assignment.submission_template or None, language=self.assignment.allowed_languages[0], user=user, created=datetime.now(), modified=datetime.now(), ) DBSession.add(submission) DBSession.flush() session["lti"] = True session["params"] = params session["user"] = user.id session["submission"] = submission.id session.save() redirect("/lti/%d/edit" % self.assignment.id)
def get_all(self, *args, **kw): """Return all records. Pagination is done by offset/limit in the filler method. Returns an HTML page with the records if not json. """ if self.pagination: paginator = request.paginators['value_list'] paginator.paginate_items_per_page = self.pagination['items_per_page'] else: paginator = request.paginators['value_list'] paginator.paginate_items_per_page = -1 paginator.paginate_page = 0 if tg.request.response_type == 'application/json': adapt_params_for_pagination(kw, self.pagination_enabled) try: count, values = self.table_filler._do_get_provider_count_and_objs(**kw) except Exception as e: log.exception('Failed to retrieve table data') abort(400, detail=unicode_text(e)) values = self._dictify(values, length=count) if self.pagination_enabled: values = SmartPaginationCollection(values, count) return dict(value_list=values) if not getattr(self.table.__class__, '__retrieves_own_value__', False): kw.pop('substring_filters', None) if self.substring_filters is True: substring_filters = list(set(kw.keys()) - set(['limit', 'offset', 'order_by', 'desc'])) else: substring_filters = self.substring_filters adapt_params_for_pagination(kw, self.pagination_enabled) try: values = self.table_filler.get_value(substring_filters=substring_filters, **kw) except Exception as e: log.exception('Failed to retrieve table data') flash('Unable to retrieve data (Filter "%s": %s)' % (request.query_string, e), 'warn') # Reset all variables to sane defaults kw = {} values = [] self.table_filler.__count__ = 0 if self.pagination_enabled: values = SmartPaginationCollection(values, self.table_filler.__count__) else: values = [] tmpl_context.widget = self.table search_fields = self._get_search_fields(kw) current_search = self._get_current_search(search_fields) return dict(model=self.model.__name__, value_list=values, mount_point=self._mount_point(), headers=search_fields, # Just for backwards compatibility search_fields=search_fields, current_search=current_search)
def before_render_edit(remainder, params, output): '''Function to be hooked before edit - Determines whether editing is even allowed - Replaces template with our own ''' self = request.controller_state.controller if not getattr(self, 'allow_edit', True): abort(403) # Use my bootstrap-enabled template override_template(FilterCrudRestController.edit, 'mako:sauce.templates.crc.edit')
def get_user_in_session(request): ''' Get the user that is performing the current request @param request: the web request @type request: a WebOb ''' if not 'repoze.who.identity' in request.environ: abort(401) identity = request.environ['repoze.who.identity'] email = identity['repoze.who.userid'] user = DBSession.query(User).filter(User.email == email).first() return user
def delete_note(self, note_id, visiting_group_id): log.debug(u'Trying to delete note with id="%s" visting_group_id="%s"' % (note_id, visiting_group_id)) note_o = common_couch.getCouchDBDocument(holly_couch, note_id, doc_type=None) if note_o['target_id'] != visiting_group_id: abort(403) # TODO: NOT ALLOWED TO DO THIS, FORBIDDEN. if note_o['type'] == 'attachment': note_o['attachment_state'] = -100 elif note_o['type'] == 'note': note_o['note_state'] = -100 holly_couch[note_id] = note_o # TODO: add to history raise redirect(request.referrer)
def diff(self, *args, **kwargs): c.rgb = rgb c.pygmentize = Pygmentize( formatter_args=dict( linenos='table', lineanchors='line', linespans='line', ) ) try: a = Submission.query.filter_by(id=int(args[0])).one() b = Submission.query.filter_by(id=int(args[1])).one() except ValueError: abort(400) except IndexError: abort(400) except NoResultFound: abort(404) except MultipleResultsFound: # pragma: no cover log.warn('Database inconsistency', exc_info=True) abort(500) else: return dict(page='assignment', view='diff', assignment=self.assignment, x=distances.combined(a.source or u'', b.source or u''), a=a, b=b, source=udiff(a.source, b.source, unicode(a), unicode(b)))
def edit(self, *args, **kw): """Display a page to edit the record.""" if getattr(self, 'edit_form', None) is None: abort(404) obj = self._get_object(kw) if obj is None: abort(404) tmpl_context.widget = self.edit_form value = self.edit_filler.get_value(kw) value['_method'] = 'PUT' return dict(value=value, model=self.model.__name__, pk_count=len(self.provider.get_primary_fields(self.model)))
def upload(self, filename='upload', **kwargs): if 'Content-MD5' not in request.headers: abort(400, 'Request must contain a valid "Content-MD5" header.') stage_path = config.get('upload_path') with nimsutil.TempDir(prefix='.tmp', dir=stage_path) as tempdir_path: hash_ = hashlib.sha1() upload_filepath = os.path.join(tempdir_path, filename) with open(upload_filepath, 'wb') as upload_file: for chunk in iter(lambda: request.body_file.read(2**20), ''): hash_.update(chunk) upload_file.write(chunk) if hash_.hexdigest() != request.headers['Content-MD5']: abort(400, 'Content-MD5 mismatch (or unset).') print 'upload from %s: %s [%s]' % (request.user_agent, os.path.basename(upload_filepath), nimsutil.hrsize(request.content_length)) os.rename(upload_filepath, os.path.join(stage_path, str(uuid.uuid1()) + '_' + filename)) # add UUID to prevent clobbering files
def _lookup(self, url, *args): '''Return EventController for specified url''' try: event = Event.by_url(url) except NoResultFound: flash('Event %s not found' % url, 'error') abort(404) except MultipleResultsFound: # pragma: no cover log.error('Database inconsistency: Event %s', url, exc_info=True) flash('An error occurred while accessing Event %s' % url, 'error') abort(500) controller = EventController(event) return controller, args
def _get_obj(self, entity, pkdict): '''Get just one object with primary keys and matching modifiers''' pk_names = self.get_primary_fields(entity) pks = dict((n, pkdict[n]) for n in pk_names) query = self.session.query(entity) if self.query_modifier: query = self.query_modifier(query) query = query.reset_joinpoint().filter_by(**pks) try: obj = query.first() except DataError: obj = None abort(400) # log.debug(obj) return obj
def reset_munkiadminadmin_password(self, password=None, password_verify=None): """Reset munkiadmin password.""" if get_users(): abort(403) if password != password_verify: abort(404) create_file_users("munkiadmin", "MunkiAdmin", password) flash(_("Created munkiadmin user"), "ok") return dict( page='index', num_users=len(get_users()) )
def add_to_cart(self, product=None, quantity=1, **kw): print kw return product = app_globals.shop.product.get(_id=product) if product is None: abort(404, 'Product not found') try: cart = app_globals.shop.cart.create_or_get(request.identity['user'].user_id) except CartLockedException: flash(_('The cart is unavailable, try again later'), 'error') return redirect('/product/%s' % product.slug) if not app_globals.shop.product.buy(cart, product, 0, quantity): flash(_('The product is sold out'), 'error') else: flash(_('Product %s added to cart') % product.i18n_name) return redirect('/product/%s' % product.slug)
def get(self, id, *args, **kw): """ Display the form by it's id """ # check plugin id plug = None try: plug = putil.get_plugin_byId(id) except: tg.abort(400, "Bad plugin identifier") debug('get plugin %s' % id) # get the plugin obj = plug info = obj.info form = info.get('output')() desc = info.get('description') debug('params = %s' % kw, 1) # bioscript parameters bs_private = {} if 'bs_private' in kw: bs_private = json.loads(kw['bs_private']) debug("get bs private parameters %s" % bs_private, 2) if 'prefill' in bs_private: prefill_fields(info.get('in'), form, bs_private['prefill'], kw) # {'bs_private': {'app': pp, 'cfg': handler.job.bioscript_config, 'prefill': prefill}}) # add some private parameters from BioScript pp = {'id': id} # if user is a serviec, add the key & the mail in the authentication user = util.get_user(tg.request) if user.is_service: pp['mail'] = user.email pp['key'] = user.key bs_private['pp'] = pp # prepare form output main_proxy = tg.config.get('main.proxy') widget = form(action=main_proxy + tg.url('/plugins/validate', {'id': id})).req() widget.value = {'bs_private': json.dumps(bs_private), 'key': user.key} debug('display plugin with bs_private : %s' % bs_private) debug('vaaalue : %s' % widget.value) debug(user) return {'page': 'plugin', 'desc': desc, 'title': info.get('title'), 'widget': widget}
def get_one(self, *args, **kw): """get one record, returns HTML or json""" obj = self._get_object(kw) if tg.request.response_type == 'application/json': if obj is None: tg.response.status_code = 404 elif self.conditional_update_field is not None: tg.response.last_modified = getattr(obj, self.conditional_update_field) return dict(model=self.model.__name__, value=self._dictify(obj)) if obj is None: abort(404) tmpl_context.widget = self.edit_form value = self.edit_filler.get_value(kw) return dict(value=value, model=self.model.__name__)
def download(self, pageid): from rst2pdf.createpdf import RstToPdf p = model.FlatPage.by_id(pageid) or abort(404) out = BytesIO() rst2pdf = RstToPdf() rst2pdf.createPdf(p.content, output=out) out.seek(0) return out.read()
def get_all(self, **kw): """ model?limit=5 model?limit=5&offset=2 model?order_by=amount model?order_by=date|desc;amount|desc model?pagesize=10&page=1 :param kw: :return: """ query = self._prepare_query(**kw) filtered_query = self._filter_query(query, **kw) entities = filtered_query.all() if entities is None: abort(404, 'Not found') return {'value_list': self._dictify(entities), 'total_entries': query.count(), 'entries': filtered_query.count()}
def docs(self, arg=''): page_title = u'SAUCE Documentation' page_header = u'' if arg: try: f = open(os.path.join(g.loc, 'docs', arg + '.rst')) except IOError: abort(404) else: content = publish_string(f.read(), writer_name='html', settings_overrides={'output_encoding': 'unicode'}) page_title += ' - %s' % arg.capitalize() else: page_header = u'SAUCE Documentation' content = u'<p>In the menu on the left, you find all kinds of documentation about <b>SAUCE</b>.</p>' c.side_menu = c.doc_menu return dict(page='docs', page_title=page_title, page_header=page_header, content=content)