def get_tiddlers(environ, start_response):
"""
Get the list of tiddlers produced by this
recipe.
"""
usersign = environ['tiddlyweb.usersign']
store = environ['tiddlyweb.store']
filters = environ['tiddlyweb.filters']
recipe = _determine_recipe(environ)
title = 'Tiddlers From Recipe %s' % recipe.name
title = environ['tiddlyweb.query'].get('title', [title])[0]
# check the recipe can be read
recipe.policy.allows(usersign, 'read')
# check the bags in the recipe can be read
try:
template = control.recipe_template(environ)
for bag_name, _ in recipe.get_recipe(template):
bag = Bag(bag_name)
bag = store.get(bag)
bag.policy.allows(usersign, 'read')
except NoBagError, exc:
raise HTTP404('recipe %s lists an unknown bag: %s' %
(recipe.name, exc))
def get_tiddlers(environ, start_response):
"""
Get the list of tiddlers produced by this
recipe.
"""
usersign = environ['tiddlyweb.usersign']
store = environ['tiddlyweb.store']
filters = environ['tiddlyweb.filters']
recipe = _determine_recipe(environ)
title = 'Tiddlers From Recipe %s' % recipe.name
title = environ['tiddlyweb.query'].get('title', [title])[0]
# check the recipe can be read
recipe.policy.allows(usersign, 'read')
# check the bags in the recipe can be read
try:
template = control.recipe_template(environ)
for bag_name, _ in recipe.get_recipe(template):
bag = Bag(bag_name)
bag = store.get(bag)
bag.policy.allows(usersign, 'read')
except NoBagError, exc:
raise HTTP404('recipe %s lists an unknown bag: %s' %
(recipe.name, exc))
def _valid_bag(self, environ, space, container_name):
"""
Return True if the requested entity is part of the current
space's recipe or an ADMIN BAG. Otherwise return False
indicating that privileges will be dropped.
"""
store = environ['tiddlyweb.store']
recipe_name = determine_space_recipe(environ, space.name)
space_recipe = store.get(Recipe(recipe_name))
template = recipe_template(environ)
recipe_bags = [bag for bag, _ in space_recipe.get_recipe(template)]
recipe_bags.extend(space.extra_bags())
if environ['REQUEST_METHOD'] == 'GET':
if container_name in recipe_bags:
return True
if container_name in ADMIN_BAGS:
return True
else:
base_bags = space.list_bags()
# add bags in the recipe which may have been added
# by the recipe mgt. That is: bags which are not
# included and not core.
acceptable_bags = [bag for bag in recipe_bags if not (
Space.bag_is_public(bag) or Space.bag_is_private(bag)
or Space.bag_is_associate(bag))]
acceptable_bags.extend(base_bags)
acceptable_bags.extend(ADMIN_BAGS)
if container_name in acceptable_bags:
return True
return False
def _valid_bag(self, environ, space, container_name):
"""
Return True if the requested entity is part of the current
space's recipe or an ADMIN BAG. Otherwise return False
indicating that privileges will be dropped.
"""
store = environ['tiddlyweb.store']
recipe_name = determine_space_recipe(environ, space.name)
space_recipe = store.get(Recipe(recipe_name))
template = recipe_template(environ)
recipe_bags = [bag for bag, _ in space_recipe.get_recipe(template)]
recipe_bags.extend(space.extra_bags())
if environ['REQUEST_METHOD'] == 'GET':
if container_name in recipe_bags:
return True
if container_name in ADMIN_BAGS:
return True
else:
base_bags = space.list_bags()
# add bags in the recipe which may have been added
# by the recipe mgt. That is: bags which are not
# included and not core.
acceptable_bags = [
bag for bag in recipe_bags
if not (Space.bag_is_public(bag) or Space.bag_is_private(bag)
or Space.bag_is_associate(bag))
]
acceptable_bags.extend(base_bags)
acceptable_bags.extend(ADMIN_BAGS)
if container_name in acceptable_bags:
return True
return False
def get_tiddlers(environ, start_response):
"""
Handle ``GET`` on a tiddlers-within-a-recipe URI.
Get a list representation of the :py:class:`tiddlers
<tiddlyweb.model.tiddler.Tiddler>` generated from a :py:class:`recipe
<tiddlyweb.model.recipe.Recipe>`.
The information sent is dependent on the serialization chosen
via :py:mod:`tiddlyweb.web.negotiate`.
"""
usersign = environ['tiddlyweb.usersign']
store = environ['tiddlyweb.store']
filters = environ['tiddlyweb.filters']
recipe = _determine_recipe(environ)
title = 'Tiddlers From Recipe %s' % recipe.name
title = environ['tiddlyweb.query'].get('title', [title])[0]
# check the recipe can be read
recipe.policy.allows(usersign, 'read')
# check the bags in the recipe can be read
try:
template = control.recipe_template(environ)
for bag_name, _ in recipe.get_recipe(template):
bag = Bag(bag_name)
bag = store.get(bag)
bag.policy.allows(usersign, 'read')
except NoBagError as exc:
raise HTTP404('recipe %s lists an unknown bag: %s' %
(recipe.name, exc))
# from this point forward we know the tiddlers are
# readable
# get the tiddlers from the recipe and uniquify them
try:
candidate_tiddlers = control.get_tiddlers_from_recipe(recipe, environ)
except NoBagError as exc:
raise HTTP404('recipe %s lists an unknown bag: %s' %
(recipe.name, exc))
except FilterError as exc:
raise HTTP400('malformed filter: %s' % exc)
tiddlers = Tiddlers(title=title)
if not filters:
tiddlers.store = store
tiddlers.recipe = recipe.name
for tiddler in candidate_tiddlers:
tiddler.recipe = recipe.name
tiddlers.add(tiddler)
tiddlers.link = '%s/tiddlers' % web.recipe_url(environ, recipe,
full=False)
return send_tiddlers(environ, start_response, tiddlers=tiddlers)
def get_tiddlers(environ, start_response):
"""
Handle ``GET`` on a tiddlers-within-a-recipe URI.
Get a list representation of the :py:class:`tiddlers
<tiddlyweb.model.tiddler.Tiddler>` generated from a :py:class:`recipe
<tiddlyweb.model.recipe.Recipe>`.
The information sent is dependent on the serialization chosen
via :py:mod:`tiddlyweb.web.negotiate`.
"""
usersign = environ['tiddlyweb.usersign']
store = environ['tiddlyweb.store']
filters = environ['tiddlyweb.filters']
recipe = _determine_recipe(environ)
title = 'Tiddlers From Recipe %s' % recipe.name
title = environ['tiddlyweb.query'].get('title', [title])[0]
# check the recipe can be read
recipe.policy.allows(usersign, 'read')
# check the bags in the recipe can be read
try:
template = control.recipe_template(environ)
for bag_name, _ in recipe.get_recipe(template):
bag = Bag(bag_name)
bag = store.get(bag)
bag.policy.allows(usersign, 'read')
except NoBagError as exc:
raise HTTP404('recipe %s lists an unknown bag: %s' %
(recipe.name, exc))
# from this point forward we know the tiddlers are
# readable
# get the tiddlers from the recipe and uniquify them
try:
candidate_tiddlers = control.get_tiddlers_from_recipe(recipe, environ)
except NoBagError as exc:
raise HTTP404('recipe %s lists an unknown bag: %s' %
(recipe.name, exc))
except FilterError as exc:
raise HTTP400('malformed filter: %s' % exc)
tiddlers = Tiddlers(title=title)
if not filters:
tiddlers.store = store
tiddlers.recipe = recipe.name
for tiddler in candidate_tiddlers:
tiddler.recipe = recipe.name
tiddlers.add(tiddler)
tiddlers.link = '%s/tiddlers' % web.recipe_url(environ, recipe, full=False)
return send_tiddlers(environ, start_response, tiddlers=tiddlers)
def test_get_recipe():
recipe = Recipe('templated')
recipe.set_recipe([('common', 'select=topic:{{ id:default }}'),
('{{ user }}', ''), ('system', '')])
stuff = recipe.get_recipe()
assert stuff[0][1] == 'select=topic:{{ id:default }}'
assert stuff[1][0] == '{{ user }}'
filled = recipe.get_recipe(recipe_template(environ))
assert filled[0][1] == 'select=topic:default'
assert filled[1][0] == 'JohnSmith'
def test_get_recipe():
recipe = Recipe('templated')
recipe.set_recipe([
('common', 'select=topic:{{ id:default }}'),
('{{ user }}', ''),
('system', '')
])
stuff = recipe.get_recipe()
assert stuff[0][1] == 'select=topic:{{ id:default }}'
assert stuff[1][0] == '{{ user }}'
filled = recipe.get_recipe(recipe_template(environ))
assert filled[0][1] == 'select=topic:default'
assert filled[1][0] == 'JohnSmith'
def _handle_dropping_privs(self, environ, req_uri):
if environ['tiddlyweb.usersign']['name'] == 'GUEST':
return
http_host, _ = determine_host(environ)
space_name = determine_space(environ, http_host)
if space_name == None:
return
space = Space(space_name)
store = environ['tiddlyweb.store']
container_name = req_uri.split('/')[2]
if req_uri.startswith('/bags/'):
recipe_name = determine_space_recipe(environ, space_name)
space_recipe = store.get(Recipe(recipe_name))
template = recipe_template(environ)
recipe_bags = [bag for bag, _ in space_recipe.get_recipe(template)]
recipe_bags.extend(space.extra_bags())
if environ['REQUEST_METHOD'] == 'GET':
if container_name in recipe_bags:
return
if container_name in ADMIN_BAGS:
return
else:
base_bags = space.list_bags()
# add bags in the recipe which may have been added
# by the recipe mgt. That is: bags which are not
# included and not core.
acceptable_bags = [
bag for bag in recipe_bags
if not (Space.bag_is_public(bag) or Space.bag_is_private(
bag) or Space.bag_is_associate(bag))
]
acceptable_bags.extend(base_bags)
acceptable_bags.extend(ADMIN_BAGS)
if container_name in acceptable_bags:
return
if (req_uri.startswith('/recipes/')
and container_name in space.list_recipes()):
return
self._drop_privs(environ)
return
def _handle_dropping_privs(self, environ, req_uri):
if environ['tiddlyweb.usersign']['name'] == 'GUEST':
return
http_host, _ = determine_host(environ)
space_name = determine_space(environ, http_host)
if space_name == None:
return
space = Space(space_name)
store = environ['tiddlyweb.store']
container_name = req_uri.split('/')[2]
if req_uri.startswith('/bags/'):
recipe_name = determine_space_recipe(environ, space_name)
space_recipe = store.get(Recipe(recipe_name))
template = recipe_template(environ)
recipe_bags = [bag for bag, _ in space_recipe.get_recipe(template)]
recipe_bags.extend(space.extra_bags())
if environ['REQUEST_METHOD'] == 'GET':
if container_name in recipe_bags:
return
if container_name in ADMIN_BAGS:
return
else:
base_bags = space.list_bags()
# add bags in the recipe which may have been added
# by the recipe mgt. That is: bags which are not
# included and not core.
acceptable_bags = [bag for bag in recipe_bags if not (
Space.bag_is_public(bag) or Space.bag_is_private(bag)
or Space.bag_is_associate(bag))]
acceptable_bags.extend(base_bags)
acceptable_bags.extend(ADMIN_BAGS)
if container_name in acceptable_bags:
return
if (req_uri.startswith('/recipes/')
and container_name in space.list_recipes()):
return
self._drop_privs(environ)
return
def _delete_duplicates(environ, titles, recipe_name, space_name):
store = environ['tiddlyweb.store']
try:
recipe = store.get(Recipe(recipe_name))
template = control.recipe_template(environ)
recipe_list = recipe.get_recipe(template)
space_bags = [bag for bag, _ in recipe_list
if bag.startswith('%s_' % space_name)]
for title in titles:
for bag in space_bags:
try:
tiddler = Tiddler(title, bag)
tiddler = store.get(tiddler)
except NoTiddlerError:
continue
store.delete(tiddler)
except NoRecipeError, exc:
raise HTTP404('space recipe not found while trying safe mode: %s' % exc)
def _delete_duplicates(environ, titles, recipe_name, space_name):
store = environ['tiddlyweb.store']
try:
recipe = store.get(Recipe(recipe_name))
template = control.recipe_template(environ)
recipe_list = recipe.get_recipe(template)
space_bags = [bag for bag, _ in recipe_list
if bag.startswith('%s_' % space_name)]
for title in titles:
for bag in space_bags:
try:
tiddler = Tiddler(title, bag)
tiddler = store.get(tiddler)
except NoTiddlerError:
continue
store.delete(tiddler)
except NoRecipeError, exc:
raise HTTP404('space recipe not found while trying safe mode: %s'
% exc)
def _handle_core_request(self, environ, req_uri):
"""
Override a core request, adding filters or sending 404s where
necessary to limit the view of entities.
filtering can be disabled with a custom HTTP header X-ControlView set
to false
"""
http_host, host_url = determine_host(environ)
request_method = environ['REQUEST_METHOD']
disable_ControlView = environ.get('HTTP_X_CONTROLVIEW') == 'false'
if http_host != host_url and not disable_ControlView:
space_name = determine_space(environ, http_host)
if space_name == None:
return
recipe_name = determine_space_recipe(environ, space_name)
store = environ['tiddlyweb.store']
try:
recipe = store.get(Recipe(recipe_name))
except NoRecipeError, exc:
raise HTTP404('No recipe for space: %s', exc)
space = Space(space_name)
template = recipe_template(environ)
bags = space.extra_bags()
for bag, _ in recipe.get_recipe(template):
bags.append(bag)
bags.extend(ADMIN_BAGS)
filter_string = None
if req_uri.startswith('/recipes') and req_uri.count('/') == 1:
filter_string = 'oom=name:'
if recipe_name == space.private_recipe():
filter_parts = space.list_recipes()
else:
filter_parts = [space.public_recipe()]
filter_string += ','.join(filter_parts)
elif req_uri.startswith('/bags') and req_uri.count('/') == 1:
filter_string = 'oom=name:'
filter_parts = bags
filter_string += ','.join(filter_parts)
elif req_uri.startswith('/search') and req_uri.count('/') == 1:
filter_string = 'oom=bag:'
filter_parts = bags
filter_string += ','.join(filter_parts)
else:
entity_name = req_uri.split('/')[2]
if '/recipes/' in req_uri:
valid_recipes = space.list_recipes()
if entity_name not in valid_recipes:
raise HTTP404('recipe %s not found' % entity_name)
else:
if entity_name not in bags:
raise HTTP404('bag %s not found' % entity_name)
if filter_string:
filters, _ = parse_for_filters(filter_string)
for single_filter in filters:
environ['tiddlyweb.filters'].insert(0, single_filter)
def _handle_core_request(self, environ, req_uri, start_response):
"""
Override a core request, adding filters or sending 404s where
necessary to limit the view of entities.
filtering can be disabled with a custom HTTP header X-ControlView set
to false
"""
http_host, host_url = determine_host(environ)
disable_ControlView = environ.get('HTTP_X_CONTROLVIEW') == 'false'
if http_host != host_url and not disable_ControlView:
space_name = determine_space(environ, http_host)
if space_name == None:
return None
recipe_name = determine_space_recipe(environ, space_name)
store = environ['tiddlyweb.store']
try:
recipe = store.get(Recipe(recipe_name))
except NoRecipeError, exc:
raise HTTP404('No recipe for space: %s', exc)
space = Space(space_name)
template = recipe_template(environ)
bags = space.extra_bags()
for bag, _ in recipe.get_recipe(template):
bags.append(bag)
bags.extend(ADMIN_BAGS)
search_string = None
if req_uri.startswith('/recipes') and req_uri.count('/') == 1:
serialize_type, mime_type = get_serialize_type(environ)
serializer = Serializer(serialize_type, environ)
if recipe_name == space.private_recipe():
recipes = space.list_recipes()
else:
recipes = [space.public_recipe()]
def lister():
for recipe in recipes:
yield Recipe(recipe)
return list_entities(environ, start_response, mime_type,
lister, serializer.list_recipes)
elif req_uri.startswith('/bags') and req_uri.count('/') == 1:
serialize_type, mime_type = get_serialize_type(environ)
serializer = Serializer(serialize_type, environ)
def lister():
for bag in bags:
yield Bag(bag)
return list_entities(environ, start_response, mime_type,
lister, serializer.list_bags)
elif req_uri.startswith('/search') and req_uri.count('/') == 1:
search_string = ' OR '.join(['bag:%s' % bag
for bag in bags])
else:
entity_name = urllib.unquote(
req_uri.split('/')[2]).decode('utf-8')
if '/recipes/' in req_uri:
valid_recipes = space.list_recipes()
if entity_name not in valid_recipes:
raise HTTP404('recipe %s not found due to ControlView'
% entity_name)
else:
if entity_name not in bags:
raise HTTP404('bag %s not found due to ControlView'
% entity_name)
if search_string:
search_query = environ['tiddlyweb.query'].get('q', [''])[0]
environ['tiddlyweb.query.original'] = search_query
if search_query:
search_query = '%s AND (%s)' % (search_query,
search_string)
environ['tiddlyweb.query']['q'][0] = search_query
else:
search_query = '(%s)' % search_string
environ['tiddlyweb.query']['q'] = [search_query]
def test_get_template_from_recipe_template():
template = recipe_template(environ)
assert template['user'] == 'JohnSmith'
assert template['foo'] == 'bar'
def _handle_core_request(self, environ, req_uri):
"""
Override a core request, adding filters or sending 404s where
necessary to limit the view of entities.
filtering can be disabled with a custom HTTP header X-ControlView set
to false
"""
http_host, host_url = determine_host(environ)
request_method = environ['REQUEST_METHOD']
disable_ControlView = environ.get('HTTP_X_CONTROLVIEW') == 'false'
if http_host != host_url and not disable_ControlView:
space_name = determine_space(environ, http_host)
if space_name == None:
return
recipe_name = determine_space_recipe(environ, space_name)
store = environ['tiddlyweb.store']
try:
recipe = store.get(Recipe(recipe_name))
except NoRecipeError, exc:
raise HTTP404('No recipe for space: %s', exc)
space = Space(space_name)
template = recipe_template(environ)
bags = space.extra_bags()
for bag, _ in recipe.get_recipe(template):
bags.append(bag)
bags.extend(ADMIN_BAGS)
filter_string = None
if req_uri.startswith('/recipes') and req_uri.count('/') == 1:
filter_string = 'oom=name:'
if recipe_name == space.private_recipe():
filter_parts = space.list_recipes()
else:
filter_parts = [space.public_recipe()]
filter_string += ','.join(filter_parts)
elif req_uri.startswith('/bags') and req_uri.count('/') == 1:
filter_string = 'oom=name:'
filter_parts = bags
filter_string += ','.join(filter_parts)
elif req_uri.startswith('/search') and req_uri.count('/') == 1:
filter_string = 'oom=bag:'
filter_parts = bags
filter_string += ','.join(filter_parts)
else:
entity_name = req_uri.split('/')[2]
if '/recipes/' in req_uri:
valid_recipes = space.list_recipes()
if entity_name not in valid_recipes:
raise HTTP404('recipe %s not found' % entity_name)
else:
if entity_name not in bags:
raise HTTP404('bag %s not found' % entity_name)
if filter_string:
filters, _ = parse_for_filters(filter_string)
for single_filter in filters:
environ['tiddlyweb.filters'].insert(0, single_filter)
def _handle_core_request(self, environ, req_uri, start_response):
"""
Override a core request, adding filters or sending 404s where
necessary to limit the view of entities.
filtering can be disabled with a custom HTTP header X-ControlView set
to false
"""
http_host, host_url = determine_host(environ)
disable_ControlView = environ.get('HTTP_X_CONTROLVIEW') == 'false'
if http_host != host_url and not disable_ControlView:
space_name = determine_space(environ, http_host)
if space_name == None:
return None
recipe_name = determine_space_recipe(environ, space_name)
store = environ['tiddlyweb.store']
try:
recipe = store.get(Recipe(recipe_name))
except NoRecipeError, exc:
raise HTTP404('No recipe for space: %s', exc)
space = Space(space_name)
template = recipe_template(environ)
bags = space.extra_bags()
for bag, _ in recipe.get_recipe(template):
bags.append(bag)
bags.extend(ADMIN_BAGS)
search_string = None
if req_uri.startswith('/recipes') and req_uri.count('/') == 1:
serialize_type, mime_type = get_serialize_type(environ)
serializer = Serializer(serialize_type, environ)
if recipe_name == space.private_recipe():
recipes = space.list_recipes()
else:
recipes = [space.public_recipe()]
def lister():
for recipe in recipes:
yield Recipe(recipe)
return list_entities(environ, start_response, mime_type,
lister, serializer.list_recipes)
elif req_uri.startswith('/bags') and req_uri.count('/') == 1:
serialize_type, mime_type = get_serialize_type(environ)
serializer = Serializer(serialize_type, environ)
def lister():
for bag in bags:
yield Bag(bag)
return list_entities(environ, start_response, mime_type,
lister, serializer.list_bags)
elif req_uri.startswith('/search') and req_uri.count('/') == 1:
search_string = ' OR '.join(['bag:%s' % bag for bag in bags])
else:
entity_name = urllib.unquote(
req_uri.split('/')[2]).decode('utf-8')
if '/recipes/' in req_uri:
valid_recipes = space.list_recipes()
if entity_name not in valid_recipes:
raise HTTP404(
'recipe %s not found due to ControlView' %
entity_name)
else:
if entity_name not in bags:
raise HTTP404('bag %s not found due to ControlView' %
entity_name)
if search_string:
search_query = environ['tiddlyweb.query'].get('q', [''])[0]
environ['tiddlyweb.query.original'] = search_query
if search_query:
search_query = '%s AND (%s)' % (search_query,
search_string)
environ['tiddlyweb.query']['q'][0] = search_query
else:
search_query = '(%s)' % search_string
environ['tiddlyweb.query']['q'] = [search_query]
class ControlView(object):
"""
WSGI Middleware which adapts an incoming request to restrict what
entities from the store are visible to the requestor. The effective
result is that only those bags and recipes contained in the current
space are visible in the HTTP routes.
Filtering can be disabled with a custom HTTP header X-ControlView set
to the string 'false'.
"""
def __init__(self, application):
self.application = application
def __call__(self, environ, start_response):
req_uri = environ.get('SCRIPT_NAME', '') + environ.get('PATH_INFO', '')
disable_control_view = (environ.get('HTTP_X_CONTROLVIEW',
'').lower() == 'false')
http_host, host_url = determine_host(environ)
if http_host != host_url:
space_name = determine_space(environ, http_host)
if (space_name is not None and not disable_control_view and
(req_uri.startswith('/bags') or req_uri.startswith('/search')
or req_uri.startswith('/recipes'))):
response = self._handle_core_request(environ, req_uri,
space_name,
start_response)
if response:
return response
return self.application(environ, start_response)
def _handle_core_request(self, environ, req_uri, space_name,
start_response):
"""
Override a core request, adding filters or sending 404s where
necessary to limit the visibility of entities.
"""
recipe_name = determine_space_recipe(environ, space_name)
store = environ['tiddlyweb.store']
try:
recipe = store.get(Recipe(recipe_name))
except NoRecipeError, exc:
raise HTTP404('No recipe for space: %s', exc)
space = Space(space_name)
visible_bags = space.extra_bags()
for bag, _ in recipe.get_recipe(recipe_template(environ)):
visible_bags.append(bag)
visible_bags.extend(ADMIN_BAGS)
if req_uri.startswith('/recipes') and req_uri.count('/') == 1:
if recipe_name == space.private_recipe():
recipes = space.list_recipes()
else:
recipes = [space.public_recipe()]
def lister():
"""List recipes"""
for recipe in recipes:
yield Recipe(recipe)
return list_entities(environ,
start_response,
'list_recipes',
store_list=lister)
elif req_uri.startswith('/bags') and req_uri.count('/') == 1:
def lister():
"""List bags"""
for bag in visible_bags:
yield Bag(bag)
return list_entities(environ,
start_response,
'list_bags',
store_list=lister)
elif req_uri.startswith('/search') and req_uri.count('/') == 1:
self._handle_search(environ, visible_bags)
else:
self._handle_descendant(req_uri, space, visible_bags)
