def get_service_definition(self, resource, tail):
if tail and len(tail) > 0:
# convert match lookups
view_name = routes.path_to_view_name(tail)
elif not tail:
view_name = ''
else:
return None
request = get_mocked_request()
method = (self.options.get('method') or 'get').upper()
method = app_settings['http_methods'][method]
# container registry lookup
try:
view = query_multi_adapter(
(resource, request), method, name=view_name)
return view.__route__.service_configuration
except AttributeError:
pass
def get_service_definition(self, resource, tail):
if tail and len(tail) > 0:
# convert match lookups
view_name = routes.path_to_view_name(tail)
elif not tail:
view_name = ''
else:
return None
request = get_mocked_request()
method = (self.options.get('method') or 'get').upper()
method = app_settings['http_methods'][method]
# container registry lookup
try:
view = query_multi_adapter(
(resource, request), method, name=view_name)
return view.__route__.service_configuration
except AttributeError:
pass
def test_convert_non_route_path_to_view_name():
assert routes.path_to_view_name("foobar/foo/bar") == "foobar//"
async def _handle(self, request, message):
tm = get_tm()
txn = get_transaction()
if txn.status in (Status.ABORTED, Status.COMMITTED, Status.CONFLICT):
# start txn
txn = await tm.begin()
method = app_settings["http_methods"][message["method"].upper()]
endpoint = urlparse(message["endpoint"]).path
path = tuple(p for p in endpoint.split("/") if p)
obj, tail = await traverse(request, task_vars.container.get(), path)
if tail and len(tail) > 0:
# convert match lookups
view_name = routes.path_to_view_name(tail)
# remove query params from view name
view_name = view_name.split("?")[0]
elif not tail:
view_name = ""
else:
raise
permission = get_utility(IPermission, name="guillotina.AccessContent")
security = get_security_policy()
allowed = security.check_permission(permission.id, obj)
if not allowed:
return {
"success": False,
"body": {
"reason": "Not allowed"
},
"status": 401
}
try:
view = query_multi_adapter((obj, request), method, name=view_name)
except AttributeError:
view = None
try:
view.__route__.matches(request, tail or [])
except (KeyError, IndexError, AttributeError):
view = None
if view is None:
return {
"success": False,
"body": {
"reason": "Not found"
},
"status": 404
}
ViewClass = view.__class__
view_permission = get_view_permission(ViewClass)
if not security.check_permission(view_permission, view):
return {
"success": False,
"body": {
"reason": "No view access"
},
"status": 401,
}
if hasattr(view, "prepare"):
view = (await view.prepare()) or view
view_result = await view()
if self.eager_commit:
await tm.commit()
return self._gen_result(view_result)
async def _handle(self, request, message):
method = app_settings['http_methods'][message['method'].upper()]
endpoint = urlparse(message['endpoint']).path
path = tuple(p for p in endpoint.split('/') if p)
obj, tail = await traverse(request, self.request.container, path)
if tail and len(tail) > 0:
# convert match lookups
view_name = routes.path_to_view_name(tail)
# remove query params from view name
view_name = view_name.split('?')[0]
elif not tail:
view_name = ''
else:
raise
permission = get_utility(IPermission, name='guillotina.AccessContent')
security = get_adapter(self.request, IInteraction)
allowed = security.check_permission(permission.id, obj)
if not allowed:
return {
'success': False,
'body': {
'reason': 'Not allowed'
},
'status': 401
}
try:
view = query_multi_adapter((obj, request), method, name=view_name)
except AttributeError:
view = None
try:
view.__route__.matches(request, tail or [])
except (KeyError, IndexError, AttributeError):
view = None
if view is None:
return {
'success': False,
'body': {
'reason': 'Not found'
},
'status': 404
}
ViewClass = view.__class__
view_permission = get_view_permission(ViewClass)
if not security.check_permission(view_permission, view):
return {
'success': False,
'body': {
'reason': 'No view access'
},
'status': 401
}
if hasattr(view, 'prepare'):
view = (await view.prepare()) or view
# Include request's security in view
view.request.security = self.request.security
view_result = await view()
if self.eager_commit:
await request._tm.commit(request)
return self._gen_result(view_result)
def test_convert_non_route_path_to_view_name():
assert routes.path_to_view_name('foobar/foo/bar') == 'foobar/foo/bar'
def test_convert_path_to_view_name():
assert routes.path_to_view_name('@foobar/foo/bar') == '@foobar//'
async def handle_ws_request(self, ws, message):
method = app_settings['http_methods']['GET']
try:
frame_id = message['id']
except KeyError:
frame_id = '0'
parsed = parse.urlparse(message.get('path', message.get('value')))
path = tuple(p for p in parsed.path.split('/') if p)
from guillotina.traversal import traverse
obj, tail = await traverse(self.request, self.request.container, path)
if tail and len(tail) > 0:
# convert match lookups
view_name = routes.path_to_view_name(tail)
elif not tail:
view_name = ''
else:
raise
permission = get_utility(
IPermission, name='guillotina.AccessContent')
security = get_adapter(self.request, IInteraction)
allowed = security.check_permission(permission.id, obj)
if not allowed:
return await ws.send_str(ujson.dumps({
'error': 'Not allowed'
}))
try:
view = query_multi_adapter(
(obj, self.request), method, name=view_name)
except AttributeError:
view = None
try:
view.__route__.matches(self.request, tail or [])
except (KeyError, IndexError):
view = None
if view is None:
return await ws.send_str(ujson.dumps({
'error': 'Not found',
'id': frame_id
}))
ViewClass = view.__class__
view_permission = get_view_permission(ViewClass)
if not security.check_permission(view_permission, view):
return await ws.send_str(ujson.dumps({
'error': 'No view access',
'id': frame_id
}))
if hasattr(view, 'prepare'):
view = (await view.prepare()) or view
view_result = await view()
if IAioHTTPResponse.providedBy(view_result):
raise Exception('Do not accept raw aiohttp exceptions in ws')
else:
from guillotina.traversal import apply_rendering
resp = await apply_rendering(view, self.request, view_result)
# Return the value, body is always encoded
response_object = ujson.dumps({
'data': resp.body.decode('utf-8'),
'id': frame_id
})
await ws.send_str(response_object)
# Wait for possible value
self.request.execute_futures()
def test_convert_non_route_path_to_view_name():
assert routes.path_to_view_name('foobar/foo/bar') == 'foobar//'
async def real_resolve(self, request: IRequest) -> Optional[MatchInfo]:
"""Main function to resolve a request."""
security = get_adapter(request, IInteraction)
if request.method not in app_settings['http_methods']:
raise HTTPMethodNotAllowed(
method=request.method,
allowed_methods=[k for k in app_settings['http_methods'].keys()])
method = app_settings['http_methods'][request.method]
try:
resource, tail = await self.traverse(request)
except ConflictError:
# can also happen from connection errors so we bubble this...
raise
except Exception as _exc:
logger.error('Unhandled exception occurred', exc_info=True)
request.resource = request.tail = None
request.exc = _exc
data = {
'success': False,
'exception_message': str(_exc),
'exception_type': getattr(type(_exc), '__name__', str(type(_exc))), # noqa
}
if app_settings.get('debug'):
data['traceback'] = traceback.format_exc()
raise HTTPBadRequest(content={
'reason': data
})
request.record('traversed')
await notify(ObjectLoadedEvent(resource))
request.resource = resource
request.tail = tail
if request.resource is None:
await notify(TraversalResourceMissEvent(request, tail))
raise HTTPNotFound(content={
"reason": 'Resource not found'
})
if tail and len(tail) > 0:
# convert match lookups
view_name = routes.path_to_view_name(tail)
elif not tail:
view_name = ''
request.record('beforeauthentication')
await self.apply_authorization(request)
request.record('authentication')
for language in get_acceptable_languages(request):
translator = query_adapter((resource, request), ILanguage,
name=language)
if translator is not None:
resource = translator.translate()
break
# Add anonymous participation
if len(security.participations) == 0:
security.add(AnonymousParticipation(request))
# container registry lookup
try:
view = query_multi_adapter(
(resource, request), method, name=view_name)
except AttributeError:
view = None
if view is None and method == IOPTIONS:
view = DefaultOPTIONS(resource, request)
# Check security on context to AccessContent unless
# is view allows explicit or its OPTIONS
permission = get_utility(IPermission, name='guillotina.AccessContent')
if not security.check_permission(permission.id, resource):
# Check if its a CORS call:
if IOPTIONS != method:
# Check if the view has permissions explicit
if view is None or not view.__allow_access__:
logger.info(
"No access content {content} with {auths}".format(
content=resource,
auths=str([x.principal.id
for x in security.participations])),
request=request)
raise HTTPUnauthorized(
content={
"reason": "You are not authorized to access content",
"content": str(resource),
"auths": [x.principal.id
for x in security.participations]
}
)
if not view and len(tail) > 0:
# we should have a view in this case because we are matching routes
await notify(TraversalViewMissEvent(request, tail))
return None
request.found_view = view
request.view_name = view_name
request.record('viewfound')
ViewClass = view.__class__
view_permission = get_view_permission(ViewClass)
if not security.check_permission(view_permission, view):
if IOPTIONS != method:
raise HTTPUnauthorized(
content={
"reason": "You are not authorized to view",
"content": str(resource),
"auths": [x.principal.id
for x in security.participations]
}
)
try:
view.__route__.matches(request, tail or [])
except (KeyError, IndexError):
await notify(TraversalRouteMissEvent(request, tail))
return None
except AttributeError:
pass
if hasattr(view, 'prepare'):
view = (await view.prepare()) or view
request.record('authorization')
return MatchInfo(resource, request, view)
