def _index(req, c, ln, doctype, act, startPg, access, mainmenu, fromdir, nextPg, nbPg, curpage, step, mode): auth_args = {} if doctype: auth_args['doctype'] = doctype if act: auth_args['act'] = act uid = getUid(req) if uid == -1 or CFG_ACCESS_CONTROL_LEVEL_SITE >= 1: return page_not_authorized(req, "direct", navmenuid='submit') if CFG_CERN_SITE: ## HACK BEGIN: this is a hack for CMS and ATLAS draft user_info = collect_user_info(req) if doctype == 'CMSPUB' and act == "" and 'cds-admin [CERN]' not in user_info['group'] and not user_info['email'].lower() == '*****@*****.**': if isGuestUser(uid): return redirect_to_url(req, "%s/youraccount/login%s" % ( CFG_SITE_SECURE_URL, make_canonical_urlargd({'referer' : CFG_SITE_SECURE_URL + req.unparsed_uri, 'ln' : args['ln']}, {})) , norobot=True) if 'cms-publication-committee-chair [CERN]' not in user_info['group']: return page_not_authorized(req, "../submit", text="In order to access this submission interface you need to be member of the CMS Publication Committee Chair.", navmenuid='submit') elif doctype == 'ATLPUB' and 'cds-admin [CERN]' not in user_info['group'] and not user_info['email'].lower() == '*****@*****.**': if isGuestUser(uid): return redirect_to_url(req, "%s/youraccount/login%s" % ( CFG_SITE_SECURE_URL, make_canonical_urlargd({'referer' : CFG_SITE_SECURE_URL + req.unparsed_uri, 'ln' : args['ln']}, {})) , norobot=True) if 'atlas-gen [CERN]' not in user_info['group']: return page_not_authorized(req, "../submit", text="In order to access this submission interface you need to be member of ATLAS.", navmenuid='submit') ## HACK END if doctype == "": catalogues_text, at_least_one_submission_authorized, submission_exists = makeCataloguesTable(req, ln=CFG_SITE_LANG) if not at_least_one_submission_authorized and submission_exists: if isGuestUser(uid): return redirect_to_url(req, "%s/youraccount/login%s" % ( CFG_SITE_SECURE_URL, make_canonical_urlargd({'referer' : CFG_SITE_SECURE_URL + req.unparsed_uri, 'ln' : args['ln']}, {})) , norobot=True) else: return page_not_authorized(req, "../submit", uid=uid, navmenuid='submit') return home(req, catalogues_text, c, ln) elif act == "": return action(req, c, ln, doctype) elif int(step)==0: return interface(req, c, ln, doctype, act, startPg, access, mainmenu, fromdir, nextPg, nbPg, curpage) else: return endaction(req, c, ln, doctype, act, startPg, access, mainmenu, fromdir, nextPg, nbPg, curpage, step, mode)
def perform_info(req, ln): """Display the main features of CDS personalize""" out = "" uid = getUid(req) user_info = collect_user_info(req) return websession_templates.tmpl_account_info(ln=ln, uid=uid, guest=isGuestUser(uid), CFG_CERN_SITE=CFG_CERN_SITE)
def perform_youradminactivities(user_info, ln): """Return text for the `Your Admin Activities' box. Analyze whether user UID has some admin roles, and if yes, then print suitable links for the actions he can do. If he's not admin, print a simple non-authorized message.""" your_role_actions = acc_find_user_role_actions(user_info) your_roles = [] your_admin_activities = [] guest = isGuestUser(user_info['uid']) for (role, action) in your_role_actions: if role not in your_roles: your_roles.append(role) if action not in your_admin_activities: your_admin_activities.append(action) if SUPERADMINROLE in your_roles: for action in ("runbibedit", "cfgbibformat", "cfgbibharvest", "cfgoairepository", "cfgbibrank", "cfgbibindex", "cfgwebaccess", "cfgwebcomment", "cfgwebsearch", "cfgwebsubmiit", "cfgbibknowledge", "runbatchuploader"): if action not in your_admin_activities: your_admin_activities.append(action) return websession_templates.tmpl_account_adminactivities( ln = ln, uid = user_info['uid'], guest = guest, roles = your_roles, activities = your_admin_activities, )
def unsubscribe(self, req, form): """ Unsubscribe current user from current discussion. """ argd = wash_urlargd(form, {"referer": (str, None)}) user_info = collect_user_info(req) uid = getUid(req) if isGuestUser(uid): cookie = mail_cookie_create_authorize_action( VIEWRESTRCOLL, {"collection": guess_primary_collection_of_a_record(self.recid)} ) target = "/youraccount/login" + make_canonical_urlargd( {"action": cookie, "ln": argd["ln"], "referer": CFG_SITE_URL + user_info["uri"]}, {} ) return redirect_to_url(req, target, norobot=True) success = unsubscribe_user_from_discussion(self.recid, uid) display_url = "%s/record/%s/comments/display?subscribed=%s&ln=%s" % ( CFG_SITE_URL, self.recid, str(-success), argd["ln"], ) redirect_to_url(req, display_url)
def subscribe(self, req, form): """ Subscribe current user to receive email notification when new comments are added to current discussion. """ argd = wash_urlargd(form, {'referer': (str, None)}) uid = getUid(req) user_info = collect_user_info(req) (auth_code, auth_msg) = check_user_can_view_comments(user_info, self.recid) if isGuestUser(uid): cookie = mail_cookie_create_authorize_action(VIEWRESTRCOLL, {'collection' : guess_primary_collection_of_a_record(self.recid)}) target = '/youraccount/login' + \ make_canonical_urlargd({'action': cookie, 'ln' : argd['ln'], 'referer' : \ CFG_SITE_URL + user_info['uri']}, {}) return redirect_to_url(req, target, norobot=True) elif auth_code: return page_not_authorized(req, "../", \ text = auth_msg) success = subscribe_user_to_discussion(self.recid, uid) display_url = "%s/record/%s/comments/display?subscribed=%s&ln=%s" % \ (CFG_SITE_URL, self.recid, str(success), argd['ln']) redirect_to_url(req, display_url)
def display(self, req, form): """Display search history page. A misnomer.""" argd = wash_urlargd(form, {'p': (str, "n") }) uid = getUid(req) # load the right language _ = gettext_set_language(argd['ln']) if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1: return page_not_authorized(req, "%s/youralerts/display" % \ (CFG_SITE_URL,), navmenuid="youralerts") elif uid == -1 or isGuestUser(uid): return redirect_to_url(req, "%s/youraccount/login%s" % ( CFG_SITE_SECURE_URL, make_canonical_urlargd({ 'referer' : "%s/youralerts/display%s" % ( CFG_SITE_URL, make_canonical_urlargd(argd, {})), "ln" : argd['ln']}, {}))) user_info = collect_user_info(req) if not user_info['precached_usealerts']: return page_not_authorized(req, "../", \ text = _("You are not authorized to use alerts.")) if argd['p'] == 'y': _title = _("Popular Searches") else: _title = _("Your Searches") # register event in webstat if user_info['email']: user_str = "%s (%d)" % (user_info['email'], user_info['uid']) else: user_str = "" try: register_customevent("alerts", ["display", "", user_str]) except: register_exception(suffix="Do the webstat tables exists? Try with 'webstatadmin --load-config'") return page(title=_title, body=webalert.perform_display(argd['p'], uid, ln=argd['ln']), navtrail= """<a class="navtrail" href="%(sitesecureurl)s/youraccount/display?ln=%(ln)s">%(account)s</a>""" % { 'sitesecureurl' : CFG_SITE_SECURE_URL, 'ln': argd['ln'], 'account' : _("Your Account"), }, description=_("%s Personalize, Display searches") % CFG_SITE_NAME_INTL.get(argd['ln'], CFG_SITE_NAME), keywords=_("%s, personalize") % CFG_SITE_NAME_INTL.get(argd['ln'], CFG_SITE_NAME), uid=uid, language=argd['ln'], req=req, lastupdated=__lastupdated__, navmenuid='youralerts', secure_page_p=1)
def update(self, req, form): argd = wash_urlargd( form, { "name": (str, None), "freq": (str, None), "notif": (str, None), "idb": (int, None), "idq": (int, None), "old_idb": (int, None), }, ) uid = getUid(req) if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1: return page_not_authorized(req, "%s/youralerts/update" % (CFG_SITE_SECURE_URL,), navmenuid="youralerts") elif uid == -1 or isGuestUser(uid): return redirect_to_url( req, "%s/youraccount/login%s" % ( CFG_SITE_SECURE_URL, make_canonical_urlargd( { "referer": "%s/youralerts/update%s" % (CFG_SITE_SECURE_URL, make_canonical_urlargd(argd, {})), "ln": argd["ln"], }, {}, ), ), ) # load the right language _ = gettext_set_language(argd["ln"]) user_info = collect_user_info(req) if not user_info["precached_usealerts"]: return page_not_authorized(req, "../", text=_("You are not authorized to use alerts.")) try: html = webalert.perform_update_alert( argd["name"], argd["freq"], argd["notif"], argd["idb"], argd["idq"], argd["old_idb"], uid, ln=argd["ln"] ) except webalert.AlertError, msg: return page( title=_("Error"), body=webalert_templates.tmpl_errorMsg(ln=argd["ln"], error_msg=msg), navtrail="""<a class="navtrail" href="%(sitesecureurl)s/youraccount/display?ln=%(ln)s">%(account)s</a>""" % {"sitesecureurl": CFG_SITE_SECURE_URL, "ln": argd["ln"], "account": _("Your Account")}, description=_("%s Personalize, Set a new alert") % CFG_SITE_NAME_INTL.get(argd["ln"], CFG_SITE_NAME), keywords=_("%s, personalize") % CFG_SITE_NAME_INTL.get(argd["ln"], CFG_SITE_NAME), uid=uid, language=argd["ln"], req=req, lastupdated=__lastupdated__, navmenuid="youralerts", )
def write(self, req, form): """ write(): interface for message composing @param msg_reply_id: if this message is a reply to another, id of the other @param msg_to: if this message is not a reply, nickname of the user it must be delivered to. @param msg_to_group: name of group to send message to @param ln: language @return: the compose page """ argd = wash_urlargd(form, {'msg_reply_id': (int, 0), 'msg_to': (str, ""), 'msg_to_group': (str, ""), 'msg_subject' : (str, ""), 'msg_body' : (str, "")}) # Check if user is logged uid = getUid(req) _ = gettext_set_language(argd['ln']) if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1: return page_not_authorized(req, "%s/yourmessages/write" % \ (CFG_SITE_URL,), navmenuid="yourmessages") elif uid == -1 or isGuestUser(uid): return redirect_to_url(req, "%s/youraccount/login%s" % ( CFG_SITE_SECURE_URL, make_canonical_urlargd({ 'referer' : "%s/yourmessages/write%s" % ( CFG_SITE_URL, make_canonical_urlargd(argd, {})), "ln" : argd['ln']}, {}))) user_info = collect_user_info(req) if not user_info['precached_usemessages']: return page_not_authorized(req, "../", \ text = _("You are not authorized to use messages.")) # Request the composing page body = perform_request_write( uid=uid, msg_reply_id=argd['msg_reply_id'], msg_to=argd['msg_to'], msg_to_group=argd['msg_to_group'], msg_subject=argd['msg_subject'], msg_body=argd['msg_body'], ln=argd['ln']) title = _("Write a message") return page(title = title, body = body, navtrail = get_navtrail(argd['ln'], title), uid = uid, lastupdated = __lastupdated__, req = req, language = argd['ln'], navmenuid = "yourmessages", secure_page_p=1)
def _handler(req): """ This handler is invoked by mod_python with the apache request.""" try: allowed_methods = ("GET", "POST", "HEAD", "OPTIONS") req.allow_methods(allowed_methods, 1) if req.method not in allowed_methods: raise apache.SERVER_RETURN, apache.HTTP_METHOD_NOT_ALLOWED if req.method == 'OPTIONS': ## OPTIONS is used to now which method are allowed req.headers_out['Allow'] = ', '.join(allowed_methods) raise apache.SERVER_RETURN, apache.OK # Set user agent for fckeditor.py, which needs it here os.environ["HTTP_USER_AGENT"] = req.headers_in.get('User-Agent', '') guest_p = isGuestUser(getUid(req)) uri = req.uri if uri == '/': path = [''] else: ## Let's collapse multiple slashes into a single / uri = RE_SLASHES.sub('/', uri) path = uri[1:].split('/') if uri.startswith('/yours') or not guest_p: ## Private/personalized request should not be cached req.headers_out['Cache-Control'] = 'private, no-cache, no-store, max-age=0, must-revalidate' req.headers_out['Pragma'] = 'no-cache' req.headers_out['Vary'] = '*' else: req.headers_out['Cache-Control'] = 'public, max-age=3600' req.headers_out['Vary'] = 'Cookie, ETag, Cache-Control' try: if req.header_only and not RE_SPECIAL_URI.match(req.uri): return root._traverse(req, path, True, guest_p) else: ## bibdocfile have a special treatment for HEAD return root._traverse(req, path, False, guest_p) except TraversalError: raise apache.SERVER_RETURN, apache.HTTP_NOT_FOUND except apache.SERVER_RETURN: ## This is one of mod_python way of communicating raise except IOError, exc: if 'Write failed, client closed connection' not in "%s" % exc: ## Workaround for considering as false positive exceptions ## rised by mod_python when the user close the connection ## or in some other rare and not well identified cases. register_exception(req=req, alert_admin=True) raise except Exception: register_exception(req=req, alert_admin=True) raise # Serve an error by default. raise apache.SERVER_RETURN, apache.HTTP_NOT_FOUND
def perform_display_account(req, username, bask, aler, sear, msgs, loan, grps, sbms, appr, admn, ln): """Display a dynamic page that shows the user's account.""" # load the right message language _ = gettext_set_language(ln) uid = getUid(req) user_info = collect_user_info(req) #your account if isGuestUser(uid): user = "******" login = "******" % (CFG_SITE_SECURE_URL, ln) accBody = _("You are logged in as guest. You may want to %(x_url_open)slogin%(x_url_close)s as a regular user.") %\ {'x_url_open': '<a href="' + login + '">', 'x_url_close': '</a>'} accBody += "<br /><br />" bask=aler=msgs= _("The %(x_fmt_open)sguest%(x_fmt_close)s users need to %(x_url_open)sregister%(x_url_close)s first") %\ {'x_fmt_open': '<strong class="headline">', 'x_fmt_close': '</strong>', 'x_url_open': '<a href="' + login + '">', 'x_url_close': '</a>'} sear= _("No queries found") else: user = username accBody = websession_templates.tmpl_account_body( ln = ln, user = user, ) #Display warnings if user is superuser roles = acc_find_user_role_actions(user_info) warnings = "0" for role in roles: if "superadmin" in role: warnings = "1" break warning_list = superuser_account_warnings() #check if tickets ok tickets = (acc_authorize_action(user_info, 'runbibedit')[0] == 0) return websession_templates.tmpl_account_page( ln = ln, warnings = warnings, warning_list = warning_list, accBody = accBody, baskets = bask, alerts = aler, searches = sear, messages = msgs, loans = loan, groups = grps, submissions = sbms, approvals = appr, tickets = tickets, administrative = admn )
def _index(req, c, ln, doctype, act, startPg, access, mainmenu, fromdir, nextPg, nbPg, curpage, step, mode): uid = getUid(req) if isGuestUser(uid): return redirect_to_url( req, "%s/youraccount/login%s" % ( CFG_SITE_SECURE_URL, make_canonical_urlargd({"referer": CFG_SITE_URL + req.unparsed_uri, "ln": args["ln"]}, {}), ), norobot=True, ) if uid == -1 or CFG_ACCESS_CONTROL_LEVEL_SITE >= 1: return page_not_authorized(req, "../submit", navmenuid="submit") if CFG_CERN_SITE: ## HACK BEGIN: this is a hack for CMS and ATLAS draft from invenio.webuser import collect_user_info user_info = collect_user_info(req) if ( doctype == "CMSPUB" and "cds-admin [CERN]" not in user_info["group"] and not user_info["email"].lower() == "*****@*****.**" ): if "cms-publication-committee-chair [CERN]" not in user_info["group"]: return page_not_authorized( req, "../submit", text="In order to access this submission interface you need to be member of the CMS Publication Committee Chair.", navmenuid="submit", ) elif ( doctype == "ATLPUB" and "cds-admin [CERN]" not in user_info["group"] and not user_info["email"].lower() == "*****@*****.**" ): if "atlas-gen [CERN]" not in user_info["group"]: return page_not_authorized( req, "../submit", text="In order to access this submission interface you need to be member of ATLAS.", navmenuid="submit", ) ## HACK END if doctype == "": return home(req, c, ln) elif act == "": return action(req, c, ln, doctype) elif int(step) == 0: return interface(req, c, ln, doctype, act, startPg, access, mainmenu, fromdir, nextPg, nbPg, curpage) else: return endaction( req, c, ln, doctype, act, startPg, access, mainmenu, fromdir, nextPg, nbPg, curpage, step, mode )
def index(self, req, form): """Index page.""" argd = wash_urlargd(form, {'page': (int, 1), 'format': (str, "rc"), 'order_by': (str, "lcf"), 'per_page': (str, "all"), }) # TODO: support also "reviews", by adding new option to show/hide them if needed uid = getUid(req) # load the right language _ = gettext_set_language(argd['ln']) # Is site ready to accept comments? if not CFG_WEBCOMMENT_ALLOW_COMMENTS or CFG_ACCESS_CONTROL_LEVEL_SITE >= 1: return page_not_authorized(req, "%s/yourcomments" % \ (CFG_SITE_SECURE_URL,), text="Comments are currently disabled on this site", navmenuid="yourcomments") elif uid == -1 or isGuestUser(uid): return redirect_to_url(req, "%s/youraccount/login%s" % ( CFG_SITE_SECURE_URL, make_canonical_urlargd({ 'referer' : "%s/yourcomments%s" % ( CFG_SITE_SECURE_URL, make_canonical_urlargd(argd, {})), "ln" : argd['ln']}, {}))) user_info = collect_user_info(req) if not user_info['precached_sendcomments']: # Maybe we should still authorize if user submitted # comments in the past? return page_not_authorized(req, "../", \ text = _("You are not authorized to use comments.")) return page(title=_("Your Comments"), body=perform_display_your_comments(user_info, page_number=argd['page'], selected_order_by_option=argd['order_by'], selected_display_number_option=argd['per_page'], selected_display_format_option=argd['format'], ln=argd['ln']), navtrail= """<a class="navtrail" href="%(sitesecureurl)s/youraccount/display?ln=%(ln)s">%(account)s</a>""" % { 'sitesecureurl' : CFG_SITE_SECURE_URL, 'ln': argd['ln'], 'account' : _("Your Account"), }, description=_("%s View your previously submitted comments") % CFG_SITE_NAME_INTL.get(argd['ln'], CFG_SITE_NAME), keywords=_("%s, personalize") % CFG_SITE_NAME_INTL.get(argd['ln'], CFG_SITE_NAME), uid=uid, language=argd['ln'], req=req, lastupdated=__lastupdated__, navmenuid='youralerts', secure_page_p=1)
def list(self, req, form): argd = wash_urlargd(form, {}) uid = getUid(req) if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1: return page_not_authorized(req, "%s/youralerts/list" % (CFG_SITE_SECURE_URL,), navmenuid="youralerts") elif uid == -1 or isGuestUser(uid): return redirect_to_url( req, "%s/youraccount/login%s" % ( CFG_SITE_SECURE_URL, make_canonical_urlargd( { "referer": "%s/youralerts/list%s" % (CFG_SITE_SECURE_URL, make_canonical_urlargd(argd, {})), "ln": argd["ln"], }, {}, ), ), ) # load the right language _ = gettext_set_language(argd["ln"]) user_info = collect_user_info(req) if not user_info["precached_usealerts"]: return page_not_authorized(req, "../", text=_("You are not authorized to use alerts.")) # register event in webstat if user_info["email"]: user_str = "%s (%d)" % (user_info["email"], user_info["uid"]) else: user_str = "" try: register_customevent("alerts", ["list", "", user_str]) except: register_exception(suffix="Do the webstat tables exists? Try with 'webstatadmin --load-config'") return page( title=_("Your Alerts"), body=webalert.perform_list_alerts(uid, ln=argd["ln"]), navtrail="""<a class="navtrail" href="%(sitesecureurl)s/youraccount/display?ln=%(ln)s">%(account)s</a>""" % {"sitesecureurl": CFG_SITE_SECURE_URL, "ln": argd["ln"], "account": _("Your Account")}, description=_("%s Personalize, Display alerts") % CFG_SITE_NAME_INTL.get(argd["ln"], CFG_SITE_NAME), keywords=_("%s, personalize") % CFG_SITE_NAME_INTL.get(argd["ln"], CFG_SITE_NAME), uid=uid, language=argd["ln"], req=req, lastupdated=__lastupdated__, navmenuid="youralerts", )
def modify(self, req, form): argd = wash_urlargd(form, {'idq': (int, None), 'old_idb': (int, None), 'name': (str, ""), 'freq': (str, "week"), 'notif': (str, "y"), 'idb': (int, 0), 'error_msg': (str, ""), }) uid = getUid(req) if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1: return page_not_authorized(req, "%s/youralerts/modify" % \ (CFG_SITE_URL,), navmenuid="youralerts") elif uid == -1 or isGuestUser(uid): return redirect_to_url(req, "%s/youraccount/login%s" % ( CFG_SITE_SECURE_URL, make_canonical_urlargd({ 'referer' : "%s/youralerts/modify%s" % ( CFG_SITE_URL, make_canonical_urlargd(argd, {})), "ln" : argd['ln']}, {}))) # load the right language _ = gettext_set_language(argd['ln']) user_info = collect_user_info(req) if not user_info['precached_usealerts']: return page_not_authorized(req, "../", \ text = _("You are not authorized to use alerts.")) try: html = webalert.perform_input_alert("update", argd['idq'], argd['name'], argd['freq'], argd['notif'], argd['idb'], uid, argd['old_idb'], ln=argd['ln']) except webalert.AlertError, msg: return page(title=_("Error"), body=webalert_templates.tmpl_errorMsg(ln=argd['ln'], error_msg=msg), navtrail= """<a class="navtrail" href="%(sitesecureurl)s/youraccount/display?ln=%(ln)s">%(account)s</a>""" % { 'sitesecureurl' : CFG_SITE_SECURE_URL, 'ln': argd['ln'], 'account' : _("Your Account"), }, description=_("%s Personalize, Set a new alert") % CFG_SITE_NAME_INTL.get(argd['ln'], CFG_SITE_NAME), keywords=_("%s, personalize") % CFG_SITE_NAME_INTL.get(argd['ln'], CFG_SITE_NAME), uid=uid, language=argd['ln'], req=req, lastupdated=__lastupdated__, navmenuid='youralerts')
def display_msg(self, req, form): """ Display a message @param msgid: id of message @param ln: languae @return: page """ argd = wash_urlargd(form, {"msgid": (int, -1)}) # Check if user is logged uid = getUid(req) if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1: return page_not_authorized(req, "%s/yourmessages/display_msg" % (CFG_SITE_URL,), navmenuid="yourmessages") elif uid == -1 or isGuestUser(uid): return redirect_to_url( req, "%s/youraccount/login%s" % ( CFG_SITE_SECURE_URL, make_canonical_urlargd( { "referer": "%s/yourmessages/display_msg%s" % (CFG_SITE_URL, make_canonical_urlargd(argd, {})), "ln": argd["ln"], }, {}, ), ), ) _ = gettext_set_language(argd["ln"]) user_info = collect_user_info(req) if not user_info["precached_usemessages"]: return page_not_authorized(req, "../", text=_("You are not authorized to use messages.")) # Generate content (body, errors, warnings) = perform_request_display_msg(uid, argd["msgid"], argd["ln"]) title = _("Read a message") return page( title=title, body=body, navtrail=get_navtrail(argd["ln"], title), uid=uid, lastupdated=__lastupdated__, req=req, language=argd["ln"], errors=errors, warnings=warnings, navmenuid="yourmessages", )
def delete_all(self, req, form): """ Empty user's inbox @param confimed: 1 if message is confirmed @param ln: language \return page """ argd = wash_urlargd(form, {"confirmed": (int, 0)}) # Check if user is logged uid = getUid(req) if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1: return page_not_authorized(req, "%s/yourmessages/delete_all" % (CFG_SITE_URL,), navmenuid="yourmessages") elif uid == -1 or isGuestUser(uid): return redirect_to_url( req, "%s/youraccount/login%s" % ( CFG_SITE_SECURE_URL, make_canonical_urlargd( { "referer": "%s/yourmessages/delete_all%s" % (CFG_SITE_URL, make_canonical_urlargd(argd, {})), "ln": argd["ln"], }, {}, ), ), ) _ = gettext_set_language(argd["ln"]) user_info = collect_user_info(req) if not user_info["precached_usemessages"]: return page_not_authorized(req, "../", text=_("You are not authorized to use messages.")) # Generate content (body, errors, warnings) = perform_request_delete_all(uid, argd["confirmed"], argd["ln"]) return page( title=_("Your Messages"), body=body, navtrail=get_navtrail(argd["ln"]), uid=uid, lastupdated=__lastupdated__, req=req, language=argd["ln"], errors=errors, warnings=warnings, navmenuid="yourmessages", )
def perform_list_alerts(uid, ln=CFG_SITE_LANG): """perform_list_alerts display the list of alerts for the connected user""" # set variables out = "" # query the database query = """ SELECT q.id, q.urlargs, a.id_basket, b.name, a.alert_name, a.frequency,a.notification, DATE_FORMAT(a.date_creation,'%%Y-%%m-%%d %%H:%%i:%%s'), DATE_FORMAT(a.date_lastrun,'%%Y-%%m-%%d %%H:%%i:%%s') FROM user_query_basket a LEFT JOIN query q ON a.id_query=q.id LEFT JOIN bskBASKET b ON a.id_basket=b.id WHERE a.id_user=%s ORDER BY a.alert_name ASC """ res = run_sql(query, (uid,)) alerts = [] for (qry_id, qry_args, bsk_id, bsk_name, alrt_name, alrt_frequency, alrt_notification, alrt_creation, alrt_last_run) in res: try: if not qry_id: raise StandardError("""\ Warning: I have detected a bad alert for user id %d. It seems one of his/her alert queries was deleted from the 'query' table. Please check this and delete it if needed. Otherwise no problem, I'm continuing with the other alerts now. Here are all the alerts defined by this user: %s""" % (uid, repr(res))) alerts.append({ 'queryid' : qry_id, 'queryargs' : qry_args, 'textargs' : get_textual_query_info_from_urlargs(qry_args, ln=ln), 'userid' : uid, 'basketid' : bsk_id, 'basketname' : bsk_name, 'alertname' : alrt_name, 'frequency' : alrt_frequency, 'notification' : alrt_notification, 'created' : convert_datetext_to_dategui(alrt_creation), 'lastrun' : convert_datetext_to_dategui(alrt_last_run) }) except StandardError: register_exception(alert_admin=True) # link to the "add new alert" form out = webalert_templates.tmpl_list_alerts(ln=ln, alerts=alerts, guest=isGuestUser(uid), guesttxt=warning_guest_user(type="alerts", ln=ln)) return out
def display(self, req, form): """ Displays all loans of a given user @param ln: language @return the page for inbox """ argd = wash_urlargd(form, {'barcode': (str, ""), 'borrower_id': (int, 0), 'request_id': (int, 0)}) # Check if user is logged uid = getUid(req) if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1: return page_not_authorized(req, "%s/yourloans/display" % \ (CFG_SITE_URL,), navmenuid="yourloans") elif uid == -1 or isGuestUser(uid): return redirect_to_url(req, "%s/youraccount/login%s" % ( CFG_SITE_SECURE_URL, make_canonical_urlargd({ 'referer' : "%s/yourloans/display%s" % ( CFG_SITE_URL, make_canonical_urlargd(argd, {})), "ln" : argd['ln']}, {})), norobot=True) _ = gettext_set_language(argd['ln']) user_info = collect_user_info(req) if not user_info['precached_useloans']: return page_not_authorized(req, "../", \ text = _("You are not authorized to use loans.")) body = perform_borrower_loans(uid=uid, barcode=argd['barcode'], borrower_id=argd['borrower_id'], request_id=argd['request_id'], ln=argd['ln']) return page(title = _("Your Loans"), body = body, uid = uid, lastupdated = __lastupdated__, req = req, language = argd['ln'], navmenuid = "yourloans", secure_page_p=1)
def display(self, req, form): """ Displays the Inbox of a given user @param ln: language @return: the page for inbox """ argd = wash_urlargd(form, {}) # Check if user is logged uid = getUid(req) if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1: return page_not_authorized(req, "%s/yourmessages/display" % (CFG_SITE_URL,), navmenuid="yourmessages") elif uid == -1 or isGuestUser(uid): return redirect_to_url( req, "%s/youraccount/login%s" % ( CFG_SITE_SECURE_URL, make_canonical_urlargd( { "referer": "%s/yourmessages/display%s" % (CFG_SITE_URL, make_canonical_urlargd(argd, {})), "ln": argd["ln"], }, {}, ), ), ) _ = gettext_set_language(argd["ln"]) user_info = collect_user_info(req) if not user_info["precached_usemessages"]: return page_not_authorized(req, "../", text=_("You are not authorized to use messages.")) (body, errors, warnings) = perform_request_display(uid=uid, ln=argd["ln"]) return page( title=_("Your Messages"), body=body, navtrail=get_navtrail(argd["ln"]), uid=uid, lastupdated=__lastupdated__, req=req, language=argd["ln"], errors=errors, warnings=warnings, navmenuid="yourmessages", )
def delete(self, req, form): """ Suppress a message @param msgid: id of message @param ln: language @return: page """ argd = wash_urlargd(form, {'msgid': (int, -1), }) # Check if user is logged uid = getUid(req) if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1: return page_not_authorized(req, "%s/yourmessages/delete" % \ (CFG_SITE_URL,), navmenuid="yourmessages") elif uid == -1 or isGuestUser(uid): return redirect_to_url(req, "%s/youraccount/login%s" % ( CFG_SITE_SECURE_URL, make_canonical_urlargd({ 'referer' : "%s/yourmessages/delete%s" % ( CFG_SITE_URL, make_canonical_urlargd(argd, {})), "ln" : argd['ln']}, {}))) _ = gettext_set_language(argd['ln']) user_info = collect_user_info(req) if not user_info['precached_usemessages']: return page_not_authorized(req, "../", \ text = _("You are not authorized to use messages.")) # Generate content (body, errors, warnings) = perform_request_delete_msg(uid, argd['msgid'], argd['ln']) return page(title = _("Your Messages"), body = body, navtrail = get_navtrail(argd['ln']), uid = uid, lastupdated = __lastupdated__, req = req, language = argd['ln'], errors = errors, warnings = warnings, navmenuid = "yourmessages", secure_page_p=1)
def toggle(self, req, form): """ Store the visibility of a comment for current user """ argd = wash_urlargd(form, {'comid': (int, -1), 'referer': (str, None), 'collapse': (int, 1)}) uid = getUid(req) if isGuestUser(uid): # We do not store information for guests return '' toggle_comment_visibility(uid, argd['comid'], argd['collapse'], self.recid) if argd['referer']: return redirect_to_url(req, CFG_SITE_SECURE_URL + \ (not argd['referer'].startswith('/') and '/' or '') + \ argd['referer'] + '#' + str(argd['comid']))
def unsubscribe(self, req, form): """ Unsubscribe current user from current discussion. """ argd = wash_urlargd(form, {'referer': (str, None)}) user_info = collect_user_info(req) uid = getUid(req) if isGuestUser(uid): cookie = mail_cookie_create_authorize_action(VIEWRESTRCOLL, {'collection' : guess_primary_collection_of_a_record(self.recid)}) target = '/youraccount/login' + \ make_canonical_urlargd({'action': cookie, 'ln' : argd['ln'], 'referer' : \ CFG_SITE_SECURE_URL + user_info['uri']}, {}) return redirect_to_url(req, target, norobot=True) success = unsubscribe_user_from_discussion(self.recid, uid) display_url = "%s/%s/%s/comments/display?subscribed=%s&ln=%s" % \ (CFG_SITE_SECURE_URL, CFG_SITE_RECORD, self.recid, str(-success), argd['ln']) redirect_to_url(req, display_url)
def loanshistoricaloverview(self, req, form): """ Show loans historical overview. """ argd = wash_urlargd(form, {}) # Check if user is logged uid = getUid(req) if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1: return page_not_authorized(req, "%s/yourloans/loanshistoricaloverview" % \ (CFG_SITE_URL,), navmenuid="yourloans") elif uid == -1 or isGuestUser(uid): return redirect_to_url(req, "%s/youraccount/login%s" % ( CFG_SITE_SECURE_URL, make_canonical_urlargd({ 'referer' : "%s/yourloans/loanshistoricaloverview%s" % ( CFG_SITE_URL, make_canonical_urlargd(argd, {})), "ln" : argd['ln']}, {})), norobot=True) _ = gettext_set_language(argd['ln']) user_info = collect_user_info(req) if not user_info['precached_useloans']: return page_not_authorized(req, "../", \ text = _("You are not authorized to use loans.")) body = perform_loanshistoricaloverview(uid=uid, ln=argd['ln']) return page(title = _("Loans - historical overview"), body = body, uid = uid, lastupdated = __lastupdated__, req = req, language = argd['ln'], navmenuid = "yourloans", secure_page_p=1)
def display(self, req, form): """ Displays all loans of a given user @param ln: language @return the page for inbox """ argd = wash_urlargd(form, {}) # Check if user is logged uid = getUid(req) if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1: return page_not_authorized(req, "%s/ill/display" % \ (CFG_SITE_URL,), navmenuid="ill") elif uid == -1 or isGuestUser(uid): return redirect_to_url(req, "%s/youraccount/login%s" % ( CFG_SITE_SECURE_URL, make_canonical_urlargd({ 'referer' : "%s/ill/display%s" % ( CFG_SITE_URL, make_canonical_urlargd(argd, {})), "ln" : argd['ln']}, {})), norobot=True) _ = gettext_set_language(argd['ln']) user_info = collect_user_info(req) if not user_info['precached_useloans']: return page_not_authorized(req, "../", \ text = _("You are not authorized to use ill.")) body = display_ill_form(ln=argd['ln']) return page(title = _("Interlibrary loan request for books"), body = body, uid = uid, lastupdated = __lastupdated__, req = req, language = argd['ln'], navmenuid = "ill")
def perform_input_alert(action, id_query, alert_name, frequency, notification, id_basket, uid, old_id_basket=None, ln = CFG_SITE_LANG): """get the alert settings input: action="add" for a new alert (blank form), action="modify" for an update (get old values) id_query id the identifier of the search to be alerted for the "modify" action specify old alert_name, frequency of checking, e-mail notification and basket id. output: alert settings input form""" # load the right language _ = gettext_set_language(ln) # security check: if not check_user_can_add_alert(uid, id_query): raise AlertError(_("You do not have rights for this operation.")) # display query information res = run_sql("SELECT urlargs FROM query WHERE id=%s", (id_query,)) try: urlargs = res[0][0] except: urlargs = "UNKNOWN" baskets = create_personal_baskets_selection_box(uid=uid, html_select_box_name='idb', selected_bskid=old_id_basket, ln=ln) return webalert_templates.tmpl_input_alert( ln = ln, query = get_textual_query_info_from_urlargs(urlargs, ln = ln), action = action, frequency = frequency, notification = notification, alert_name = alert_name, baskets = baskets, old_id_basket = old_id_basket, id_basket = id_basket, id_query = id_query, guest = isGuestUser(uid), guesttxt = warning_guest_user(type="alerts", ln=ln) )
def _handler(req): """ This handler is invoked by mod_python with the apache request.""" try: allowed_methods = ("GET", "POST", "HEAD", "OPTIONS") req.allow_methods(allowed_methods, 1) if req.method not in allowed_methods: raise apache.SERVER_RETURN, apache.HTTP_METHOD_NOT_ALLOWED if req.method == 'OPTIONS': ## OPTIONS is used to now which method are allowed req.headers_out['Allow'] = ', '.join(allowed_methods) raise apache.SERVER_RETURN, apache.OK # Set user agent for fckeditor.py, which needs it here os.environ["HTTP_USER_AGENT"] = req.headers_in.get('User-Agent', '') guest_p = isGuestUser(getUid(req)) uri = req.uri if uri == '/': path = [''] else: ## Let's collapse multiple slashes into a single / uri = RE_SLASHES.sub('/', uri) path = uri[1:].split('/') if CFG_ACCESS_CONTROL_LEVEL_SITE > 1: ## If the site is under maintainance mode let's return ## 503 to casual crawler to avoid having the site being ## indexed req.status = 503 if uri.startswith('/yours') or not guest_p: ## Private/personalized request should not be cached g = _RE_BAD_MSIE.search(req.headers_in.get('User-Agent', "MSIE 6.0")) bad_msie = g and float(g.group(1)) < 9.0 if bad_msie: req.headers_out['Cache-Control'] = 'private, max-age=0, must-revalidate' else: req.headers_out['Cache-Control'] = 'private, no-cache, no-store, max-age=0, must-revalidate' req.headers_out['Pragma'] = 'no-cache' req.headers_out['Vary'] = '*' else: req.headers_out['Cache-Control'] = 'public, max-age=3600' req.headers_out['Vary'] = 'Cookie, ETag, Cache-Control' try: if req.header_only and not RE_SPECIAL_URI.match(req.uri): return root._traverse(req, path, True, guest_p) else: ## bibdocfile have a special treatment for HEAD return root._traverse(req, path, False, guest_p) except TraversalError: raise apache.SERVER_RETURN, apache.HTTP_NOT_FOUND except apache.SERVER_RETURN: ## This is one of mod_python way of communicating raise except IOError, exc: if 'Write failed, client closed connection' not in "%s" % exc: ## Workaround for considering as false positive exceptions ## rised by mod_python when the user close the connection ## or in some other rare and not well identified cases. register_exception(req=req, alert_admin=True) raise except Exception: # send the error message, much more convenient than log hunting if remote_debugger: args = {} if req.args: args = cgi.parse_qs(req.args) if 'debug' in args: remote_debugger.error_msg(args['debug']) register_exception(req=req, alert_admin=True) raise # Serve an error by default. raise apache.SERVER_RETURN, apache.HTTP_NOT_FOUND
def report(self, req, form): """ Report a comment/review for inappropriate content @param comid: comment/review id @param recid: the id of the record the comment/review is associated with @param ln: language @param do: display order hh = highest helpful score, review only lh = lowest helpful score, review only hs = highest star score, review only ls = lowest star score, review only od = oldest date nd = newest date @param ds: display since all= no filtering by date nd = n days ago nw = n weeks ago nm = n months ago ny = n years ago where n is a single digit integer between 0 and 9 @param nb: number of results per page @param p: results page @param referer: http address of the calling function to redirect to (refresh) @param reviews: boolean, enabled for reviews, disabled for comments """ argd = wash_urlargd( form, { 'comid': (int, -1), 'recid': (int, -1), 'do': (str, "od"), 'ds': (str, "all"), 'nb': (int, 100), 'p': (int, 1), 'referer': (str, None) }) _ = gettext_set_language(argd['ln']) client_ip_address = req.remote_ip uid = getUid(req) user_info = collect_user_info(req) (auth_code, auth_msg) = check_user_can_view_comments(user_info, self.recid) if isGuestUser(uid): cookie = mail_cookie_create_authorize_action( VIEWRESTRCOLL, { 'collection': guess_primary_collection_of_a_record( self.recid) }) target = '/youraccount/login' + \ make_canonical_urlargd({'action': cookie, 'ln' : argd['ln'], 'referer' : \ CFG_SITE_URL + user_info['uri']}, {}) return redirect_to_url(req, target, norobot=True) elif auth_code: return page_not_authorized(req, "../", \ text = auth_msg) # Check that comment belongs to this recid if not check_comment_belongs_to_record(argd['comid'], self.recid): return page_not_authorized(req, "../", \ text = _("Specified comment does not belong to this record")) # Check that user can access the record (auth_code, auth_msg) = check_user_can_view_comment(user_info, argd['comid']) if auth_code: return page_not_authorized(req, "../", \ text = _("You do not have access to the specified comment")) # Check that comment is not currently deleted if is_comment_deleted(argd['comid']): return page_not_authorized(req, "../", \ text = _("You cannot report a deleted comment"), ln=argd['ln']) success = perform_request_report(argd['comid'], client_ip_address, uid) if argd['referer']: argd[ 'referer'] += "?ln=%s&do=%s&ds=%s&nb=%s&p=%s&reported=%s&" % ( argd['ln'], argd['do'], argd['ds'], argd['nb'], argd['p'], str(success)) redirect_to_url(req, argd['referer']) else: #Note: sent to comments display referer = "%s/record/%s/%s/display?ln=%s&voted=1" referer %= (CFG_SITE_URL, self.recid, self.discussion == 1 and 'reviews' or 'comments', argd['ln']) redirect_to_url(req, referer)
def send(self, req, form): """ Sends the message. Possible form keys: @param msg_to_user: comma separated usernames. @type msg_to_user: string @param msg_to_group: comma separated groupnames. @type msg_to_group: string @param msg_subject: message subject. @type msg_subject: string @param msg_body: message body. @type msg_body: string @param msg_send_year: year to send this message on. @type msg_send_year: int @param_msg_send_month: month to send this message on @type msg_send_month: year @param_msg_send_day: day to send this message on @type msg_send_day: int @param results_field: value determining which results field to display. See CFG_WEBMESSAGE_RESULTS_FIELD in webmessage_config.py. @param names_to_add: list of usernames to add to msg_to_user / group. @type names_to_add: list of strings @param search_pattern: will search for users/groups with this pattern. @type search_pattern: string @param add_values: if 1 users_to_add will be added to msg_to_user field. @type add_values: int @param *button: which button was pressed. @param ln: language. @type ln: string @return: body. """ argd = wash_urlargd( form, { 'msg_to_user': (str, ""), 'msg_to_group': (str, ""), 'msg_subject': (str, ""), 'msg_body': (str, ""), 'msg_send_year': (int, 0), 'msg_send_month': (int, 0), 'msg_send_day': (int, 0), 'results_field': (str, CFG_WEBMESSAGE_RESULTS_FIELD['NONE']), 'names_selected': (list, []), 'search_pattern': (str, ""), 'send_button': (str, ""), 'search_user': (str, ""), 'search_group': (str, ""), 'add_user': (str, ""), 'add_group': (str, ""), }) # Check if user is logged uid = getUid(req) _ = gettext_set_language(argd['ln']) if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1: return page_not_authorized(req, "%s/yourmessages/send" % \ (CFG_SITE_URL,), navmenuid="yourmessages") elif uid == -1 or isGuestUser(uid): return redirect_to_url( req, "%s/youraccount/login%s" % (CFG_SITE_SECURE_URL, make_canonical_urlargd( { 'referer': "%s/yourmessages/send%s" % (CFG_SITE_URL, make_canonical_urlargd(argd, {})), "ln": argd['ln'] }, {}))) user_info = collect_user_info(req) if not user_info['precached_usemessages']: return page_not_authorized(req, "../", \ text = _("You are not authorized to use messages.")) if argd['send_button']: (body, title, navtrail) = perform_request_send( uid=uid, msg_to_user=argd['msg_to_user'], msg_to_group=argd['msg_to_group'], msg_subject=escape_html(argd['msg_subject']), msg_body=escape_email_quoted_text(argd['msg_body']), msg_send_year=argd['msg_send_year'], msg_send_month=argd['msg_send_month'], msg_send_day=argd['msg_send_day'], ln=argd['ln']) else: title = _('Write a message') navtrail = get_navtrail(argd['ln'], title) if argd['search_user']: argd['results_field'] = CFG_WEBMESSAGE_RESULTS_FIELD['USER'] elif argd['search_group']: argd['results_field'] = CFG_WEBMESSAGE_RESULTS_FIELD['GROUP'] add_values = 0 if argd['add_group'] or argd['add_user']: add_values = 1 body = perform_request_write_with_search( uid=uid, msg_to_user=argd['msg_to_user'], msg_to_group=argd['msg_to_group'], msg_subject=escape_html(argd['msg_subject']), msg_body=escape_email_quoted_text(argd['msg_body']), msg_send_year=argd['msg_send_year'], msg_send_month=argd['msg_send_month'], msg_send_day=argd['msg_send_day'], names_selected=argd['names_selected'], search_pattern=argd['search_pattern'], results_field=argd['results_field'], add_values=add_values, ln=argd['ln']) return page(title=title, body=body, navtrail=navtrail, uid=uid, lastupdated=__lastupdated__, req=req, language=argd['ln'], navmenuid="yourmessages", secure_page_p=1)
def _index(req, c, ln, doctype, act, startPg, access, mainmenu, fromdir, nextPg, nbPg, curpage, step, mode): auth_args = {} if doctype: auth_args['doctype'] = doctype if act: auth_args['act'] = act uid = getUid(req) if CFG_CERN_SITE: ## HACK BEGIN: this is a hack for CMS and ATLAS draft user_info = collect_user_info(req) if doctype == 'CMSPUB' and act == "" and 'cds-admin [CERN]' not in user_info[ 'group'] and not user_info['email'].lower( ) == '*****@*****.**': if isGuestUser(uid): return redirect_to_url( req, "%s/youraccount/login%s" % (CFG_SITE_SECURE_URL, make_canonical_urlargd( { 'referer': CFG_SITE_SECURE_URL + req.unparsed_uri, 'ln': args['ln'] }, {})), norobot=True) if 'cms-publication-committee-chair [CERN]' not in user_info[ 'group']: return page_not_authorized( req, "../submit", text= "In order to access this submission interface you need to be member of the CMS Publication Committee Chair.", navmenuid='submit') elif doctype == 'ATLPUB' and 'cds-admin [CERN]' not in user_info[ 'group'] and not user_info['email'].lower( ) == '*****@*****.**': if isGuestUser(uid): return redirect_to_url( req, "%s/youraccount/login%s" % (CFG_SITE_SECURE_URL, make_canonical_urlargd( { 'referer': CFG_SITE_SECURE_URL + req.unparsed_uri, 'ln': args['ln'] }, {})), norobot=True) if 'atlas-gen [CERN]' not in user_info['group']: return page_not_authorized( req, "../submit", text= "In order to access this submission interface you need to be member of ATLAS.", navmenuid='submit') ## HACK END if doctype == "": catalogues_text, at_least_one_submission_authorized, submission_exists = makeCataloguesTable( req, ln=CFG_SITE_LANG) if not at_least_one_submission_authorized and submission_exists: if isGuestUser(uid): return redirect_to_url( req, "%s/youraccount/login%s" % (CFG_SITE_SECURE_URL, make_canonical_urlargd( { 'referer': CFG_SITE_SECURE_URL + req.unparsed_uri, 'ln': args['ln'] }, {})), norobot=True) else: return page_not_authorized(req, "../submit", uid=uid, navmenuid='submit') return home(req, catalogues_text, c, ln) elif act == "": return action(req, c, ln, doctype) elif int(step) == 0: return interface(req, c, ln, doctype, act, startPg, access, mainmenu, fromdir, nextPg, nbPg, curpage) else: return endaction(req, c, ln, doctype, act, startPg, access, mainmenu, fromdir, nextPg, nbPg, curpage, step, mode)
def managedocfilesasync(self, req, form): "Upload file and returns upload interface" argd = wash_urlargd( form, { 'ln': (str, ''), 'recid': (int, 1), 'doctype': (str, ''), 'access': (str, ''), 'indir': (str, ''), }) user_info = collect_user_info(req) include_headers = False # User submitted either through WebSubmit, or admin interface. if form.has_key('doctype') and form.has_key('indir') \ and form.has_key('access'): # Submitted through WebSubmit. Check rights include_headers = True working_dir = os.path.join(CFG_WEBSUBMIT_STORAGEDIR, argd['indir'], argd['doctype'], argd['access']) try: assert (working_dir == os.path.abspath(working_dir)) except AssertionError: raise apache.SERVER_RETURN(apache.HTTP_UNAUTHORIZED) try: # Retrieve recid from working_dir, safer. recid_fd = file(os.path.join(working_dir, 'SN')) recid = int(recid_fd.read()) recid_fd.close() except: recid = "" try: act_fd = file(os.path.join(working_dir, 'act')) action = act_fd.read() act_fd.close() except: action = "" # Is user authorized to perform this action? auth_code = acc_authorize_action( user_info, "submit", authorized_if_no_roles=not isGuestUser(getUid(req)), doctype=argd['doctype'], act=action)[0] if auth_code and not acc_is_role( "submit", doctype=argd['doctype'], act=action): # There is NO authorization plugged. User should have access auth_code = 0 else: # User must be allowed to attach files auth_code = acc_authorize_action(user_info, 'runbibdocfile')[0] recid = argd['recid'] if auth_code: raise apache.SERVER_RETURN(apache.HTTP_UNAUTHORIZED) return create_file_upload_interface(recid=recid, ln=argd['ln'], print_outside_form_tag=False, print_envelope=False, form=form, include_headers=include_headers, sbm_indir=argd['indir'], sbm_access=argd['access'], sbm_doctype=argd['doctype'], uid=user_info['uid'])[1]
# Retrieve user information. We cannot rely on the session here. res = run_sql("SELECT uid FROM session WHERE session_key=%s", (argd['session_id'],)) if len(res): uid = res[0][0] user_info = collect_user_info(uid) try: act_fd = file(os.path.join(curdir, 'act')) action = act_fd.read() act_fd.close() except: act = "" # Is user authorized to perform this action? (auth_code, auth_message) = acc_authorize_action(uid, "submit", authorized_if_no_roles=not isGuestUser(uid), verbose=0, doctype=argd['doctype'], act=action) if acc_is_role("submit", doctype=argd['doctype'], act=action) and auth_code != 0: # User cannot submit raise apache.SERVER_RETURN(apache.HTTP_UNAUTHORIZED) else: # Process the upload and get the response json_response = {} for key, formfields in form.items(): filename = key.replace("[]", "") if hasattr(formfields, "filename") and formfields.filename: dir_to_open = os.path.abspath(os.path.join(curdir, 'files', str(user_info['uid']),
def _handler(req): """ This handler is invoked by mod_python with the apache request.""" allowed_methods = ("GET", "POST", "HEAD", "OPTIONS", "PUT") req.allow_methods(allowed_methods, 1) if req.method not in allowed_methods: raise apache.SERVER_RETURN, apache.HTTP_METHOD_NOT_ALLOWED if req.method == 'OPTIONS': ## OPTIONS is used to now which method are allowed req.headers_out['Allow'] = ', '.join(allowed_methods) req.headers_out['Access-Control-Allow-Origin'] = '*' raise apache.SERVER_RETURN, apache.OK # Set user agent for fckeditor.py, which needs it here os.environ["HTTP_USER_AGENT"] = req.headers_in.get('User-Agent', '') # Check if REST authentication can be performed if req.args: args = cgi.parse_qs(req.args) if 'apikey' in args and req.is_https(): uid = web_api_key.acc_get_uid_from_request(req.uri, req.args) if uid < 0: raise apache.SERVER_RETURN, apache.HTTP_UNAUTHORIZED else: setUid(req=req, uid=uid) guest_p = isGuestUser(getUid(req), run_on_slave=False) uri = req.uri if uri == '/': path = [''] else: ## Let's collapse multiple slashes into a single / uri = RE_SLASHES.sub('/', uri) path = uri[1:].split('/') if CFG_ACCESS_CONTROL_LEVEL_SITE > 1: ## If the site is under maintainance mode let's return ## 503 to casual crawler to avoid having the site being ## indexed req.status = 503 g = _RE_BAD_MSIE.search(req.headers_in.get('User-Agent', "MSIE 6.0")) bad_msie = g and float(g.group(1)) < 9.0 if uri.startswith('/yours') or not guest_p: ## Private/personalized request should not be cached if bad_msie and req.is_https(): req.headers_out[ 'Cache-Control'] = 'private, max-age=0, must-revalidate' else: req.headers_out[ 'Cache-Control'] = 'private, no-cache, no-store, max-age=0, must-revalidate' req.headers_out['Pragma'] = 'no-cache' req.headers_out['Vary'] = '*' elif not (bad_msie and req.is_https()): req.headers_out['Cache-Control'] = 'public, max-age=3600' req.headers_out['Vary'] = 'Cookie, ETag, Cache-Control' try: if req.header_only and not RE_SPECIAL_URI.match(req.uri): return root._traverse(req, path, True, guest_p) else: ## bibdocfile have a special treatment for HEAD return root._traverse(req, path, False, guest_p) except TraversalError: raise apache.SERVER_RETURN(apache.HTTP_NOT_FOUND) except apache.SERVER_RETURN: ## This is one of mod_python way of communicating raise except IOError, exc: if not ('Write failed, client closed connection' in str(exc) or 'request data read error' in str(exc)): ## Workaround for considering as false positive exceptions ## rised by mod_python when the user close the connection ## or in some other rare and not well identified cases. register_exception(req=req, alert_admin=True) raise else: raise apache.SERVER_RETURN(apache.HTTP_BAD_REQUEST)
def remove(self, req, form): argd = wash_urlargd(form, { 'name': (str, None), 'idq': (int, None), 'idb': (int, None), }) uid = getUid(req) if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1: return page_not_authorized(req, "%s/youralerts/remove" % \ (CFG_SITE_URL,), navmenuid="youralerts") elif uid == -1 or isGuestUser(uid): return redirect_to_url( req, "%s/youraccount/login%s" % (CFG_SITE_SECURE_URL, make_canonical_urlargd( { 'referer': "%s/youralerts/remove%s" % (CFG_SITE_URL, make_canonical_urlargd(argd, {})), "ln": argd['ln'] }, {}))) # load the right language _ = gettext_set_language(argd['ln']) user_info = collect_user_info(req) if not user_info['precached_usealerts']: return page_not_authorized(req, "../", \ text = _("You are not authorized to use alerts.")) try: html = webalert.perform_remove_alert(argd['name'], argd['idq'], argd['idb'], uid, ln=argd['ln']) except webalert.AlertError, msg: return page( title=_("Error"), body=webalert_templates.tmpl_errorMsg(ln=argd['ln'], error_msg=msg), navtrail= """<a class="navtrail" href="%(sitesecureurl)s/youraccount/display?ln=%(ln)s">%(account)s</a>""" % { 'sitesecureurl': CFG_SITE_SECURE_URL, 'ln': argd['ln'], 'account': _("Your Account"), }, description=_("%s Personalize, Set a new alert") % CFG_SITE_NAME_INTL.get(argd['ln'], CFG_SITE_NAME), keywords=_("%s, personalize") % CFG_SITE_NAME_INTL.get(argd['ln'], CFG_SITE_NAME), uid=uid, language=argd['ln'], req=req, lastupdated=__lastupdated__, navmenuid='youralerts')
def display(self, req, form): """Display search history page. A misnomer.""" argd = wash_urlargd(form, {'p': (str, "n")}) uid = getUid(req) # load the right language _ = gettext_set_language(argd['ln']) if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1: return page_not_authorized(req, "%s/youralerts/display" % \ (CFG_SITE_URL,), navmenuid="youralerts") elif uid == -1 or isGuestUser(uid): return redirect_to_url( req, "%s/youraccount/login%s" % (CFG_SITE_SECURE_URL, make_canonical_urlargd( { 'referer': "%s/youralerts/display%s" % (CFG_SITE_URL, make_canonical_urlargd(argd, {})), "ln": argd['ln'] }, {}))) user_info = collect_user_info(req) if not user_info['precached_usealerts']: return page_not_authorized(req, "../", \ text = _("You are not authorized to use alerts.")) if argd['p'] == 'y': _title = _("Popular Searches") else: _title = _("Your Searches") # register event in webstat if user_info['email']: user_str = "%s (%d)" % (user_info['email'], user_info['uid']) else: user_str = "" try: register_customevent("alerts", ["display", "", user_str]) except: register_exception( suffix= "Do the webstat tables exists? Try with 'webstatadmin --load-config'" ) return page( title=_title, body=webalert.perform_display(argd['p'], uid, ln=argd['ln']), navtrail= """<a class="navtrail" href="%(sitesecureurl)s/youraccount/display?ln=%(ln)s">%(account)s</a>""" % { 'sitesecureurl': CFG_SITE_SECURE_URL, 'ln': argd['ln'], 'account': _("Your Account"), }, description=_("%s Personalize, Display searches") % CFG_SITE_NAME_INTL.get(argd['ln'], CFG_SITE_NAME), keywords=_("%s, personalize") % CFG_SITE_NAME_INTL.get(argd['ln'], CFG_SITE_NAME), uid=uid, language=argd['ln'], req=req, lastupdated=__lastupdated__, navmenuid='youralerts', secure_page_p=1)
def direct(self, req, form): """Directly redirected to an initialized submission.""" args = wash_urlargd(form, {'sub': (str, ''), 'access': (str, '')}) sub = args['sub'] access = args['access'] ln = args['ln'] _ = gettext_set_language(ln) uid = getUid(req) if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1: return page_not_authorized(req, "direct", navmenuid='submit', text=_("Submissions are not available")) myQuery = req.args if not sub: return warning_page(_("Sorry, 'sub' parameter missing..."), req, ln=ln) res = run_sql( "SELECT docname,actname FROM sbmIMPLEMENT WHERE subname=%s", (sub, )) if not res: return warning_page(_("Sorry. Cannot analyse parameter"), req, ln=ln) else: # get document type doctype = res[0][0] # get action name action = res[0][1] # get category categ = req.form.get('combo%s' % doctype, '*') # retrieve other parameter values params = dict(form) # Check if user is authorized, based on doctype/action/categ, # in order to give guest users a chance to log in if needed: (auth_code, auth_message) = acc_authorize_action( req, 'submit', authorized_if_no_roles=not isGuestUser(uid), verbose=0, doctype=doctype, act=action, categ=categ) if not auth_code == 0 and isGuestUser(uid): # Propose to login redirection_params = params redirection_params[ 'referer'] = CFG_SITE_SECURE_URL + req.unparsed_uri return redirect_to_url( req, "%s/youraccount/login%s" % (CFG_SITE_SECURE_URL, make_canonical_urlargd(redirection_params, {})), norobot=True) # else: continue, and let main interface control the access # find existing access number if not access: # create 'unique' access number pid = os.getpid() now = time.time() access = "%i_%s" % (now, pid) # retrieve 'dir' value res = run_sql("SELECT dir FROM sbmACTION WHERE sactname=%s", (action, )) dir = res[0][0] mainmenu = req.headers_in.get('referer') params['access'] = access params['act'] = action params['doctype'] = doctype params['startPg'] = '1' params['mainmenu'] = mainmenu params['ln'] = ln params['indir'] = dir url = "%s/submit?%s" % (CFG_SITE_SECURE_URL, urlencode(params)) redirect_to_url(req, url)
(argd['session_id'], )) if len(res): uid = res[0][0] user_info = collect_user_info(uid) try: act_fd = file(os.path.join(curdir, 'act')) action = act_fd.read() act_fd.close() except: act = "" # Is user authorized to perform this action? (auth_code, auth_message) = acc_authorize_action( uid, "submit", authorized_if_no_roles=not isGuestUser(uid), verbose=0, doctype=argd['doctype'], act=action) if acc_is_role("submit", doctype=argd['doctype'], act=action) and auth_code != 0: # User cannot submit raise apache.SERVER_RETURN(apache.HTTP_UNAUTHORIZED) else: # Process the upload and get the response json_response = {} for key, formfields in form.items(): filename = key.replace("[]", "") if hasattr(formfields, "filename") and formfields.filename: dir_to_open = os.path.abspath( os.path.join(curdir, 'files', str(user_info['uid']),
def _handler(req): """ This handler is invoked by mod_python with the apache request.""" try: allowed_methods = ("GET", "POST", "HEAD", "OPTIONS") req.allow_methods(allowed_methods, 1) if req.method not in allowed_methods: raise apache.SERVER_RETURN, apache.HTTP_METHOD_NOT_ALLOWED if req.method == 'OPTIONS': ## OPTIONS is used to now which method are allowed req.headers_out['Allow'] = ', '.join(allowed_methods) raise apache.SERVER_RETURN, apache.OK # Set user agent for fckeditor.py, which needs it here os.environ["HTTP_USER_AGENT"] = req.headers_in.get( 'User-Agent', '') guest_p = isGuestUser(getUid(req)) uri = req.uri if uri == '/': path = [''] else: ## Let's collapse multiple slashes into a single / uri = RE_SLASHES.sub('/', uri) path = uri[1:].split('/') if uri.startswith('/yours') or not guest_p: ## Private/personalized request should not be cached req.headers_out[ 'Cache-Control'] = 'private, no-cache, no-store, max-age=0, must-revalidate' req.headers_out['Pragma'] = 'no-cache' req.headers_out['Vary'] = '*' else: req.headers_out['Cache-Control'] = 'public, max-age=3600' req.headers_out['Vary'] = 'Cookie, ETag, Cache-Control' try: if req.header_only and not RE_SPECIAL_URI.match(req.uri): return root._traverse(req, path, True, guest_p) else: ## bibdocfile have a special treatment for HEAD return root._traverse(req, path, False, guest_p) except TraversalError: raise apache.SERVER_RETURN, apache.HTTP_NOT_FOUND except apache.SERVER_RETURN: ## This is one of mod_python way of communicating raise except IOError, exc: if 'Write failed, client closed connection' not in "%s" % exc: ## Workaround for considering as false positive exceptions ## rised by mod_python when the user close the connection ## or in some other rare and not well identified cases. register_exception(req=req, alert_admin=True) raise except Exception: # send the error message, much more convenient than log hunting if remote_debugger: args = {} if req.args: args = cgi.parse_qs(req.args) if 'debug' in args: remote_debugger.error_msg(args['debug']) register_exception(req=req, alert_admin=True) raise # Serve an error by default. raise apache.SERVER_RETURN, apache.HTTP_NOT_FOUND
def upload_video(self, req, form): """ A clone of uploadfile but for (large) videos. Does not copy the uploaded file to the websubmit directory. Instead, the path to the file is stored inside the submission directory. """ def gcd(a, b): """ the euclidean algorithm """ while a: a, b = b % a, a return b from invenio.bibencode_extract import extract_frames from invenio.bibencode_config import CFG_BIBENCODE_WEBSUBMIT_ASPECT_SAMPLE_DIR, CFG_BIBENCODE_WEBSUBMIT_ASPECT_SAMPLE_FNAME from invenio.bibencode_encode import determine_aspect from invenio.bibencode_utils import probe from invenio.bibencode_metadata import ffprobe_metadata from invenio.websubmit_config import CFG_WEBSUBMIT_TMP_VIDEO_PREFIX argd = wash_urlargd( form, { 'doctype': (str, ''), 'access': (str, ''), 'indir': (str, ''), 'session_id': (str, ''), 'rename': (str, ''), }) curdir = None if not form.has_key("indir") or \ not form.has_key("doctype") or \ not form.has_key("access"): raise apache.SERVER_RETURN(apache.HTTP_BAD_REQUEST) else: curdir = os.path.join(CFG_WEBSUBMIT_STORAGEDIR, argd['indir'], argd['doctype'], argd['access']) user_info = collect_user_info(req) if form.has_key("session_id"): # Are we uploading using Flash, which does not transmit # cookie? The expect to receive session_id as a form # parameter. First check that IP addresses do not # mismatch. uid = session.uid user_info = collect_user_info(uid) try: act_fd = file(os.path.join(curdir, 'act')) action = act_fd.read() act_fd.close() except: act = "" # Is user authorized to perform this action? (auth_code, auth_message) = acc_authorize_action( uid, "submit", authorized_if_no_roles=not isGuestUser(uid), verbose=0, doctype=argd['doctype'], act=action) if acc_is_role("submit", doctype=argd['doctype'], act=action) and auth_code != 0: # User cannot submit raise apache.SERVER_RETURN(apache.HTTP_UNAUTHORIZED) else: # Process the upload and get the response json_response = {} for key, formfields in form.items(): filename = key.replace("[]", "") if hasattr(formfields, "filename") and formfields.filename: dir_to_open = os.path.abspath( os.path.join(curdir, 'files', str(user_info['uid']), key)) try: assert ( dir_to_open.startswith(CFG_WEBSUBMIT_STORAGEDIR)) except AssertionError: register_exception(req=req, prefix='curdir="%s", key="%s"' % (curdir, key)) raise apache.SERVER_RETURN(apache.HTTP_FORBIDDEN) if not os.path.exists(dir_to_open): try: os.makedirs(dir_to_open) except OSError, e: if e.errno != errno.EEXIST: # If the issue is only that directory # already exists, then continue, else # report register_exception(req=req, alert_admin=True) raise apache.SERVER_RETURN( apache.HTTP_FORBIDDEN) filename = formfields.filename ## Before saving the file to disc, wash the filename (in particular ## washing away UNIX and Windows (e.g. DFS) paths): filename = os.path.basename(filename.split('\\')[-1]) filename = filename.strip() if filename != "": # Check that file does not already exist while os.path.exists( os.path.join(dir_to_open, filename)): #dirname, basename, extension = decompose_file(new_destination_path) basedir, name, extension = decompose_file(filename) new_name = propose_next_docname(name) filename = new_name + extension #-------------# # VIDEO STUFF # #-------------# ## Remove all previous uploads filelist = os.listdir( os.path.split(formfields.file.name)[0]) for afile in filelist: if argd['access'] in afile: os.remove( os.path.join( os.path.split(formfields.file.name)[0], afile)) ## Check if the file is a readable video ## We must exclude all image and audio formats that are readable by ffprobe if (os.path.splitext(filename)[1] in [ 'jpg', 'jpeg', 'gif', 'tiff', 'bmp', 'png', 'tga', 'jp2', 'j2k', 'jpf', 'jpm', 'mj2', 'biff', 'cgm', 'exif', 'img', 'mng', 'pic', 'pict', 'raw', 'wmf', 'jpe', 'jif', 'jfif', 'jfi', 'tif', 'webp', 'svg', 'ai', 'ps', 'psd', 'wav', 'mp3', 'pcm', 'aiff', 'au', 'flac', 'wma', 'm4a', 'wv', 'oga', 'm4a', 'm4b', 'm4p', 'm4r', 'aac', 'mp4', 'vox', 'amr', 'snd' ] or not probe(formfields.file.name)): formfields.file.close() raise apache.SERVER_RETURN(apache.HTTP_FORBIDDEN) ## We have no "delete" attribute in Python 2.4 if sys.hexversion < 0x2050000: ## We need to rename first and create a dummy file ## Rename the temporary file for the garbage collector new_tmp_fullpath = os.path.split( formfields.file.name )[0] + "/" + CFG_WEBSUBMIT_TMP_VIDEO_PREFIX + argd[ 'access'] + "_" + os.path.split( formfields.file.name)[1] os.rename(formfields.file.name, new_tmp_fullpath) dummy = open(formfields.file.name, "w") dummy.close() formfields.file.close() else: # Mark the NamedTemporatyFile as not to be deleted formfields.file.delete = False formfields.file.close() ## Rename the temporary file for the garbage collector new_tmp_fullpath = os.path.split( formfields.file.name )[0] + "/" + CFG_WEBSUBMIT_TMP_VIDEO_PREFIX + argd[ 'access'] + "_" + os.path.split( formfields.file.name)[1] os.rename(formfields.file.name, new_tmp_fullpath) # Write the path to the temp file to a file in STORAGEDIR fp = open(os.path.join(dir_to_open, "filepath"), "w") fp.write(new_tmp_fullpath) fp.close() fp = open(os.path.join(dir_to_open, "filename"), "w") fp.write(filename) fp.close() ## We are going to extract some thumbnails for websubmit ## sample_dir = os.path.join( curdir, 'files', str(user_info['uid']), CFG_BIBENCODE_WEBSUBMIT_ASPECT_SAMPLE_DIR) try: ## Remove old thumbnails shutil.rmtree(sample_dir) except OSError: register_exception(req=req, alert_admin=False) try: os.makedirs( os.path.join(curdir, 'files', str(user_info['uid']), sample_dir)) except OSError: register_exception(req=req, alert_admin=False) try: extract_frames( input_file=new_tmp_fullpath, output_file=os.path.join( sample_dir, CFG_BIBENCODE_WEBSUBMIT_ASPECT_SAMPLE_FNAME ), size="600x600", numberof=5) json_response['frames'] = [] for extracted_frame in os.listdir(sample_dir): json_response['frames'].append(extracted_frame) except: ## If the frame extraction fails, something was bad with the video os.remove(new_tmp_fullpath) register_exception(req=req, alert_admin=False) raise apache.SERVER_RETURN(apache.HTTP_FORBIDDEN) ## Try to detect the aspect. if this fails, the video is not readable ## or a wrong file might have been uploaded try: (aspect, width, height) = determine_aspect(new_tmp_fullpath) if aspect: aspx, aspy = aspect.split(':') else: the_gcd = gcd(width, height) aspx = str(width / the_gcd) aspy = str(height / the_gcd) json_response['aspx'] = aspx json_response['aspy'] = aspy except TypeError: ## If the aspect detection completely fails os.remove(new_tmp_fullpath) register_exception(req=req, alert_admin=False) raise apache.SERVER_RETURN(apache.HTTP_FORBIDDEN) ## Try to extract some metadata from the video container metadata = ffprobe_metadata(new_tmp_fullpath) json_response['meta_title'] = metadata['format'].get( 'TAG:title') json_response['meta_description'] = metadata[ 'format'].get('TAG:description') json_response['meta_year'] = metadata['format'].get( 'TAG:year') json_response['meta_author'] = metadata['format'].get( 'TAG:author') ## Empty file name else: raise apache.SERVER_RETURN(apache.HTTP_BAD_REQUEST) ## We found our file, we can break the loop break # Send our response if CFG_JSON_AVAILABLE: dumped_response = json.dumps(json_response) # store the response in the websubmit directory # this is needed if the submission is not finished and continued later response_dir = os.path.join(curdir, 'files', str(user_info['uid']), "response") try: os.makedirs(response_dir) except OSError: # register_exception(req=req, alert_admin=False) pass fp = open(os.path.join(response_dir, "response"), "w") fp.write(dumped_response) fp.close() return dumped_response
def uploadfile(self, req, form): """ Similar to /submit, but only consider files. Nice for asynchronous Javascript uploads. Should be used to upload a single file. Also try to create an icon, and return URL to file(s) + icon(s) Authentication is performed based on session ID passed as parameter instead of cookie-based authentication, due to the use of this URL by the Flash plugin (to upload multiple files at once), which does not route cookies. FIXME: consider adding /deletefile and /modifyfile functions + parsing of additional parameters to rename files, add comments, restrictions, etc. """ argd = wash_urlargd( form, { 'doctype': (str, ''), 'access': (str, ''), 'indir': (str, ''), 'session_id': (str, ''), 'rename': (str, ''), }) curdir = None if not form.has_key("indir") or \ not form.has_key("doctype") or \ not form.has_key("access"): raise apache.SERVER_RETURN(apache.HTTP_BAD_REQUEST) else: curdir = os.path.join(CFG_WEBSUBMIT_STORAGEDIR, argd['indir'], argd['doctype'], argd['access']) user_info = collect_user_info(req) if form.has_key("session_id"): # Are we uploading using Flash, which does not transmit # cookie? The expect to receive session_id as a form # parameter. First check that IP addresses do not # mismatch. uid = session.uid user_info = collect_user_info(uid) try: act_fd = file(os.path.join(curdir, 'act')) action = act_fd.read() act_fd.close() except: action = "" # Is user authorized to perform this action? (auth_code, auth_message) = acc_authorize_action( uid, "submit", authorized_if_no_roles=not isGuestUser(uid), verbose=0, doctype=argd['doctype'], act=action) if acc_is_role("submit", doctype=argd['doctype'], act=action) and auth_code != 0: # User cannot submit raise apache.SERVER_RETURN(apache.HTTP_UNAUTHORIZED) else: # Process the upload and get the response added_files = {} for key, formfields in form.items(): filename = key.replace("[]", "") file_to_open = os.path.join(curdir, filename) if hasattr(formfields, "filename") and formfields.filename: dir_to_open = os.path.abspath( os.path.join(curdir, 'files', str(user_info['uid']), key)) try: assert ( dir_to_open.startswith(CFG_WEBSUBMIT_STORAGEDIR)) except AssertionError: register_exception(req=req, prefix='curdir="%s", key="%s"' % (curdir, key)) raise apache.SERVER_RETURN(apache.HTTP_FORBIDDEN) if not os.path.exists(dir_to_open): try: os.makedirs(dir_to_open) except OSError, e: if e.errno != errno.EEXIST: # If the issue is only that directory # already exists, then continue, else # report register_exception(req=req, alert_admin=True) raise apache.SERVER_RETURN( apache.HTTP_FORBIDDEN) filename = formfields.filename ## Before saving the file to disc, wash the filename (in particular ## washing away UNIX and Windows (e.g. DFS) paths): filename = os.path.basename(filename.split('\\')[-1]) filename = filename.strip() if filename != "": # Check that file does not already exist n = 1 while os.path.exists( os.path.join(dir_to_open, filename)): #dirname, basename, extension = decompose_file(new_destination_path) basedir, name, extension = decompose_file(filename) new_name = propose_next_docname(name) filename = new_name + extension # This may be dangerous if the file size is bigger than the available memory fp = open(os.path.join(dir_to_open, filename), "w") fp.write(formfields.file.read()) fp.close() fp = open(os.path.join(curdir, "lastuploadedfile"), "w") fp.write(filename) fp.close() fp = open(file_to_open, "w") fp.write(filename) fp.close() try: # Create icon (icon_path, icon_name) = create_icon({ 'input-file': os.path.join(dir_to_open, filename), 'icon-name': filename, # extension stripped automatically 'icon-file-format': 'gif', 'multipage-icon': False, 'multipage-icon-delay': 100, 'icon-scale': "300>", # Resize only if width > 300 'verbosity': 0, }) icons_dir = os.path.join( os.path.join(curdir, 'icons', str(user_info['uid']), key)) if not os.path.exists(icons_dir): # Create uid/icons dir if needed try: os.makedirs(icons_dir) except OSError, e: if e.errno != errno.EEXIST: # If the issue is only that # directory already exists, # then continue, else report register_exception(req=req, alert_admin=True) raise apache.SERVER_RETURN( apache.HTTP_FORBIDDEN) os.rename(os.path.join(icon_path, icon_name), os.path.join(icons_dir, icon_name)) added_files[key] = { 'name': filename, 'iconName': icon_name } except InvenioWebSubmitIconCreatorError, e: # We could not create the icon added_files[key] = {'name': filename} continue else:
def send(self, req, form): """ Sends the message. Possible form keys: @param msg_to_user: comma separated usernames. @type msg_to_user: string @param msg_to_group: comma separated groupnames. @type msg_to_group: string @param msg_subject: message subject. @type msg_subject: string @param msg_body: message body. @type msg_body: string @param msg_send_year: year to send this message on. @type msg_send_year: int @param_msg_send_month: month to send this message on @type msg_send_month: year @param_msg_send_day: day to send this message on @type msg_send_day: int @param results_field: value determining which results field to display. See CFG_WEBMESSAGE_RESULTS_FIELD in webmessage_config.py. @param names_to_add: list of usernames to add to msg_to_user / group. @type names_to_add: list of strings @param search_pattern: will search for users/groups with this pattern. @type search_pattern: string @param add_values: if 1 users_to_add will be added to msg_to_user field. @type add_values: int @param *button: which button was pressed. @param ln: language. @type ln: string @return: body. """ argd = wash_urlargd(form, {'msg_to_user': (str, ""), 'msg_to_group': (str, ""), 'msg_subject': (str, ""), 'msg_body': (str, ""), 'msg_send_year': (int, 0), 'msg_send_month': (int, 0), 'msg_send_day': (int, 0), 'results_field': (str, CFG_WEBMESSAGE_RESULTS_FIELD['NONE']), 'names_selected': (list, []), 'search_pattern': (str, ""), 'send_button': (str, ""), 'search_user': (str, ""), 'search_group': (str, ""), 'add_user': (str, ""), 'add_group': (str, ""), }) # Check if user is logged uid = getUid(req) _ = gettext_set_language(argd['ln']) if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1: return page_not_authorized(req, "%s/yourmessages/send" % \ (CFG_SITE_URL,), navmenuid="yourmessages") elif uid == -1 or isGuestUser(uid): return redirect_to_url(req, "%s/youraccount/login%s" % ( CFG_SITE_SECURE_URL, make_canonical_urlargd({ 'referer' : "%s/yourmessages/send%s" % ( CFG_SITE_URL, make_canonical_urlargd(argd, {})), "ln" : argd['ln']}, {}))) user_info = collect_user_info(req) if not user_info['precached_usemessages']: return page_not_authorized(req, "../", \ text = _("You are not authorized to use messages.")) if argd['send_button']: (body, title, navtrail) = perform_request_send( uid=uid, msg_to_user=argd['msg_to_user'], msg_to_group=argd['msg_to_group'], msg_subject=escape_html(argd['msg_subject']), msg_body=escape_email_quoted_text(argd['msg_body']), msg_send_year=argd['msg_send_year'], msg_send_month=argd['msg_send_month'], msg_send_day=argd['msg_send_day'], ln=argd['ln']) else: title = _('Write a message') navtrail = get_navtrail(argd['ln'], title) if argd['search_user']: argd['results_field'] = CFG_WEBMESSAGE_RESULTS_FIELD['USER'] elif argd['search_group']: argd['results_field'] = CFG_WEBMESSAGE_RESULTS_FIELD['GROUP'] add_values = 0 if argd['add_group'] or argd['add_user']: add_values = 1 body = perform_request_write_with_search( uid=uid, msg_to_user=argd['msg_to_user'], msg_to_group=argd['msg_to_group'], msg_subject=escape_html(argd['msg_subject']), msg_body=escape_email_quoted_text(argd['msg_body']), msg_send_year=argd['msg_send_year'], msg_send_month=argd['msg_send_month'], msg_send_day=argd['msg_send_day'], names_selected=argd['names_selected'], search_pattern=argd['search_pattern'], results_field=argd['results_field'], add_values=add_values, ln=argd['ln']) return page(title = title, body = body, navtrail = navtrail, uid = uid, lastupdated = __lastupdated__, req = req, language = argd['ln'], navmenuid = "yourmessages", secure_page_p=1)
def page(title, body, navtrail="", description="", keywords="", metaheaderadd="", uid=None, cdspageheaderadd="", cdspageboxlefttopadd="", cdspageboxleftbottomadd="", cdspageboxrighttopadd="", cdspageboxrightbottomadd="", cdspagefooteradd="", lastupdated="", language=CFG_SITE_LANG, verbose=1, titleprologue="", titleepilogue="", secure_page_p=0, req=None, errors=[], warnings=[], navmenuid="admin", navtrail_append_title_p=1, of="", rssurl=CFG_SITE_URL + "/rss", show_title_p=True, body_css_classes=None): """page(): display CDS web page input: title of the page body of the page in html format description goes to the metadata in the header of the HTML page keywords goes to the metadata in the header of the html page metaheaderadd goes to further metadata in the header of the html page cdspageheaderadd is a message to be displayed just under the page header cdspageboxlefttopadd is a message to be displayed in the page body on left top cdspageboxleftbottomadd is a message to be displayed in the page body on left bottom cdspageboxrighttopadd is a message to be displayed in the page body on right top cdspageboxrightbottomadd is a message to be displayed in the page body on right bottom cdspagefooteradd is a message to be displayed on the top of the page footer lastupdated is a text containing the info on last update (optional) language is the language version of the page verbose is verbosity of the page (useful for debugging) titleprologue is to be printed right before page title titleepilogue is to be printed right after page title req is the mod_python request object errors is the list of error codes as defined in the moduleName_config.py file of the calling module log is the string of data that should be appended to the log file (errors automatically logged) secure_page_p is 0 or 1 and tells whether we are to use HTTPS friendly page elements or not navmenuid the section of the website this page belongs (search, submit, baskets, etc.) navtrail_append_title_p is 0 or 1 and tells whether page title is appended to navtrail of is an output format (use xx for xml output (e.g. AJAX)) rssfeed is the url of the RSS feed for this page show_title_p is 0 or 1 and tells whether page title should be displayed in body of the page output: the final cds page with header, footer, etc. """ _ = gettext_set_language(language) if req and uid is None: uid = getUid(req) if CFG_EXTERNAL_AUTH_USING_SSO and not isGuestUser(uid): ## If the user is logged in and we are using SSO ## this trick will keep the SSO session alive ## (SSO session need an https connection) body += """<img src="%s/img/keep_sso_connection_alive.gif" alt=" " width="0" height="0" style="visibility : hidden;" />""" % CFG_SITE_SECURE_URL elif uid is None: ## 0 means generic guest user. uid = 0 if of == 'xx': #xml output (e.g. AJAX calls) => of=xx req.content_type = 'text/xml' impl = getDOMImplementation() output = impl.createDocument(None, "invenio-message", None) root = output.documentElement body_node = output.createElement('body') body_text = output.createCDATASection(unicode(body, 'utf_8')) body_node.appendChild(body_text) root.appendChild(body_node) if errors: errors_node = output.createElement('errors') errors = get_msgs_for_code_list(errors, 'error', language) register_errors(errors, 'error', req) for (error_code, error_msg) in errors: error_node = output.createElement('error') error_node.setAttribute('code', error_code) error_text = output.createTextNode(error_msg) error_node.appendChild(error_text) errors_node.appendChild(error_node) root.appendChild(errors_node) if warnings: warnings_node = output.createElement('warnings') warnings = get_msgs_for_code_list(warnings, 'warning', language) register_errors(warnings, 'warning') for (warning_code, warning_msg) in warnings: warning_node = output.createElement('warning') warning_node.setAttribute('code', warning_code) warning_text = output.createTextNode(warning_msg) warning_node.appendChild(warning_text) warnings_node.appendChild(warning_node) root.appendChild(warnings_node) return output.toprettyxml(encoding="utf-8") else: #usual output # if there are event if warnings: warnings = get_msgs_for_code_list(warnings, 'warning', language) register_errors(warnings, 'warning') # if there are errors if errors: errors = get_msgs_for_code_list(errors, 'error', language) register_errors(errors, 'error', req) body = create_error_box(req, errors=errors, ln=language) return webstyle_templates.tmpl_page(req, ln=language, description = description, keywords = keywords, metaheaderadd = metaheaderadd, userinfobox = create_userinfobox_body(req, uid, language), useractivities_menu = create_useractivities_menu(req, uid, navmenuid, language), adminactivities_menu = create_adminactivities_menu(req, uid, navmenuid, language), navtrailbox = create_navtrailbox_body(navtrail_append_title_p \ and title or '', navtrail, language=language), uid = uid, secure_page_p = secure_page_p, pageheaderadd = cdspageheaderadd, boxlefttop = CFG_WEBSTYLE_CDSPAGEBOXLEFTTOP, boxlefttopadd = cdspageboxlefttopadd, boxleftbottomadd = cdspageboxleftbottomadd, boxleftbottom = CFG_WEBSTYLE_CDSPAGEBOXLEFTBOTTOM, boxrighttop = CFG_WEBSTYLE_CDSPAGEBOXRIGHTTOP, boxrighttopadd = cdspageboxrighttopadd, boxrightbottomadd = cdspageboxrightbottomadd, boxrightbottom = CFG_WEBSTYLE_CDSPAGEBOXRIGHTBOTTOM, titleprologue = titleprologue, title = title, titleepilogue = titleepilogue, body = body, lastupdated = lastupdated, pagefooteradd = cdspagefooteradd, navmenuid = navmenuid, rssurl = rssurl, show_title_p = show_title_p, body_css_classes=body_css_classes)
def write(self, req, form): """ write(): interface for message composing @param msg_reply_id: if this message is a reply to another, id of the other @param msg_to: if this message is not a reply, nickname of the user it must be delivered to. @param msg_to_group: name of group to send message to @param ln: language @return: the compose page """ argd = wash_urlargd( form, { 'msg_reply_id': (int, 0), 'msg_to': (str, ""), 'msg_to_group': (str, ""), 'msg_subject': (str, ""), 'msg_body': (str, "") }) # Check if user is logged uid = getUid(req) _ = gettext_set_language(argd['ln']) if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1: return page_not_authorized(req, "%s/yourmessages/write" % \ (CFG_SITE_URL,), navmenuid="yourmessages") elif uid == -1 or isGuestUser(uid): return redirect_to_url( req, "%s/youraccount/login%s" % (CFG_SITE_SECURE_URL, make_canonical_urlargd( { 'referer': "%s/yourmessages/write%s" % (CFG_SITE_URL, make_canonical_urlargd(argd, {})), "ln": argd['ln'] }, {}))) user_info = collect_user_info(req) if not user_info['precached_usemessages']: return page_not_authorized(req, "../", \ text = _("You are not authorized to use messages.")) # Request the composing page body = perform_request_write(uid=uid, msg_reply_id=argd['msg_reply_id'], msg_to=argd['msg_to'], msg_to_group=argd['msg_to_group'], msg_subject=argd['msg_subject'], msg_body=argd['msg_body'], ln=argd['ln']) title = _("Write a message") return page(title=title, body=body, navtrail=get_navtrail(argd['ln'], title), uid=uid, lastupdated=__lastupdated__, req=req, language=argd['ln'], navmenuid="yourmessages", secure_page_p=1)
def answer(self, req, user_info, of, cc, colls_to_search, p, f, search_units, ln): """ Answer question given by context. Return (relevance, html_string) where relevance is integer from 0 to 100 indicating how relevant to the question the answer is (see C{CFG_WEBSEARCH_SERVICE_MAX_SERVICE_ANSWER_RELEVANCE} for details) , and html_string being a formatted answer. """ _ = gettext_set_language(ln) if f or (CFG_WEBSEARCH_COLLECTION_NAMES_SEARCH < 0) or \ (CFG_WEBSEARCH_COLLECTION_NAMES_SEARCH == 0 and cc != CFG_SITE_NAME): return (0, '') words = [ stem(unit[1].lower(), CFG_SITE_LANG) for unit in search_units if unit[2] == '' ] if not words: return (0, '') cache = self.get_data_cache() # TODO: If all categories of a submission match, display only submission (not categories) matching_submissions = {} for word in words: # Look for submission names if CFG_CERN_SITE and word == 'cern': # This keyword is useless here... continue submissions = cache.get(word, []) for doctype, submission_label, category in submissions: if acc_authorize_action(req, 'submit', \ authorized_if_no_roles=not isGuestUser(user_info['uid']), \ doctype=(CFG_CERN_SITE and doctype.startswith('GENSBM#') and 'GENSBM') or doctype, categ=category)[0] != 0: # Not authorized to submit in this submission continue if not matching_submissions.has_key( (doctype, submission_label)): matching_submissions[(doctype, submission_label)] = 0 add_score = 1 if category != '*': # This is the submission category, consider that # words that are part of the submission name are # less important than others here: if not word.lower() in category.lower(): # word is only in submission name add_score = 0.5 else: add_score = 1.5 matching_submissions[(doctype, submission_label)] += add_score matching_submissions_sorted = sorted(matching_submissions.iteritems(), key=lambda (k, v): (v, k), reverse=True) if not matching_submissions_sorted: return (0, '') best_score = matching_submissions_sorted[0][1] max_score_difference = 1.9 matching_submissions_names = [(submission_label, \ CFG_SITE_URL + '/submit?doctype=' + doctype.split("#", 1)[0] + '&ln=' + ln + (CFG_CERN_SITE and doctype.startswith('GENSBM#') and '#' + doctype.split("#", 1)[-1] or '') ) \ for (doctype, submission_label), score in matching_submissions_sorted if score > best_score - max_score_difference] best_sbm_words = whitespace_re.split( matching_submissions_sorted[0][0][1]) score_bonus = (((_("Submit").lower() in words) or ("submit" in words)) or \ ((_("Revise").lower() in words) or ("revise" in words)) or \ ((_("Modify").lower() in words) or ("modify" in words))) and 40 or 0 relevance = min( 100, max(0, (score_bonus + (100 * float(best_score) / float(len(best_sbm_words) + len(words)))) - 10)) return (relevance, self.display_answer_helper(matching_submissions_names, ln))
def direct(self, req, form): """Directly redirected to an initialized submission.""" args = wash_urlargd(form, {'sub': (str, ''), 'access' : (str, '')}) sub = args['sub'] access = args['access'] ln = args['ln'] _ = gettext_set_language(ln) uid = getUid(req) if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1: return page_not_authorized(req, "direct", navmenuid='submit', text=_("Submissions are not available")) myQuery = req.args if not sub: return warning_page(_("Sorry, 'sub' parameter missing..."), req, ln=ln) res = run_sql("SELECT docname,actname FROM sbmIMPLEMENT WHERE subname=%s", (sub,)) if not res: return warning_page(_("Sorry. Cannot analyse parameter"), req, ln=ln) else: # get document type doctype = res[0][0] # get action name action = res[0][1] # get category categ = req.form.get('combo%s' % doctype, '*') # retrieve other parameter values params = dict(form) # Check if user is authorized, based on doctype/action/categ, # in order to give guest users a chance to log in if needed: (auth_code, auth_message) = acc_authorize_action(req, 'submit', authorized_if_no_roles=not isGuestUser(uid), verbose=0, doctype=doctype, act=action, categ=categ) if not auth_code == 0 and isGuestUser(uid): # Propose to login redirection_params = params redirection_params['referer'] = CFG_SITE_SECURE_URL + req.unparsed_uri return redirect_to_url(req, "%s/youraccount/login%s" % ( CFG_SITE_SECURE_URL, make_canonical_urlargd(redirection_params, {})), norobot=True) # else: continue, and let main interface control the access # find existing access number if not access: # create 'unique' access number pid = os.getpid() now = time.time() access = "%i_%s" % (now, pid) # retrieve 'dir' value res = run_sql ("SELECT dir FROM sbmACTION WHERE sactname=%s", (action,)) dir = res[0][0] mainmenu = req.headers_in.get('referer') params['access'] = access params['act'] = action params['doctype'] = doctype params['startPg'] = '1' params['mainmenu'] = mainmenu params['ln'] = ln params['indir'] = dir url = "%s/submit?%s" % (CFG_SITE_SECURE_URL, urlencode(params)) redirect_to_url(req, url)
def ill_register_request_with_recid(self, req, form): """ Register ILL request. """ argd = wash_urlargd( form, { 'ln': (str, ""), 'period_of_interest_from': (str, ""), 'period_of_interest_to': (str, ""), 'additional_comments': (str, ""), 'conditions': (str, ""), 'only_edition': (str, ""), }) _ = gettext_set_language(argd['ln']) uid = getUid(req) body = ill_register_request_with_recid( recid=self.recid, uid=uid, period_of_interest_from=argd['period_of_interest_from'], period_of_interest_to=argd['period_of_interest_to'], additional_comments=argd['additional_comments'], conditions=argd['conditions'], only_edition=argd['only_edition'], ln=argd['ln']) uid = getUid(req) if uid == -1 or CFG_ACCESS_CONTROL_LEVEL_SITE >= 1: return page_not_authorized(req, "../holdings/ill_request_with_recid", navmenuid='yourbaskets') if isGuestUser(uid): if not CFG_WEBSESSION_DIFFERENTIATE_BETWEEN_GUESTS: return redirect_to_url( req, "%s/youraccount/login%s" % (CFG_SITE_SECURE_URL, make_canonical_urlargd( { 'referer': "%s/record/%s/holdings/ill_request_with_recid%s" % (CFG_SITE_URL, self.recid, make_canonical_urlargd(argd, {})), "ln": argd['ln'] }, {}))) user_info = collect_user_info(req) (auth_code, auth_msg) = check_user_can_view_record(user_info, self.recid) if auth_code and user_info['email'] == 'guest': cookie = mail_cookie_create_authorize_action( VIEWRESTRCOLL, { 'collection': guess_primary_collection_of_a_record( self.recid) }) target = '/youraccount/login' + \ make_canonical_urlargd({'action': cookie, 'ln' : argd['ln'], 'referer' : \ CFG_SITE_URL + user_info['uri']}, {}) return redirect_to_url(req, target) elif auth_code: return page_not_authorized(req, "../", \ text = auth_msg) unordered_tabs = get_detailed_page_tabs(get_colID( guess_primary_collection_of_a_record(self.recid)), self.recid, ln=argd['ln']) ordered_tabs_id = [(tab_id, values['order']) for (tab_id, values) in unordered_tabs.iteritems()] ordered_tabs_id.sort(lambda x, y: cmp(x[1], y[1])) link_ln = '' if argd['ln'] != CFG_SITE_LANG: link_ln = '?ln=%s' % argd['ln'] tabs = [(unordered_tabs[tab_id]['label'], \ '%s/record/%s/%s%s' % (CFG_SITE_URL, self.recid, tab_id, link_ln), \ tab_id in ['holdings'], unordered_tabs[tab_id]['enabled']) \ for (tab_id, _order) in ordered_tabs_id if unordered_tabs[tab_id]['visible'] == True] top = webstyle_templates.detailed_record_container_top( self.recid, tabs, argd['ln']) bottom = webstyle_templates.detailed_record_container_bottom( self.recid, tabs, argd['ln']) title = websearch_templates.tmpl_record_page_header_content( req, self.recid, argd['ln'])[0] navtrail = create_navtrail_links( cc=guess_primary_collection_of_a_record(self.recid), ln=argd['ln']) navtrail += ' > <a class="navtrail" href="%s/record/%s?ln=%s">' % ( CFG_SITE_URL, self.recid, argd['ln']) navtrail += title navtrail += '</a>' return pageheaderonly(title=title, navtrail=navtrail, uid=uid, verbose=1, req=req, language=argd['ln'], navmenuid='search', navtrail_append_title_p=0) + \ websearch_templates.tmpl_search_pagestart(argd['ln']) + \ top + body + bottom + \ websearch_templates.tmpl_search_pageend(argd['ln']) + \ pagefooteronly(lastupdated=__lastupdated__, language=argd['ln'], req=req)
def add(self, req, form): """ Add a comment (review) to record with id recid where recid>0 Also works for adding a remark to basket with id recid where recid<-99 @param ln: languange @param recid: record id @param action: 'DISPLAY' to display add form 'SUBMIT' to submit comment once form is filled 'REPLY' to reply to an already existing comment @param msg: the body of the comment/review or remark @param score: star score of the review @param note: title of the review @param comid: comment id, needed for replying @param editor_type: the type of editor used for submitting the comment: 'textarea', 'fckeditor'. @param subscribe: if set, subscribe user to receive email notifications when new comment are added to this discussion @return the full html page. """ argd = wash_urlargd(form, {'action': (str, "DISPLAY"), 'msg': (str, ""), 'note': (str, ''), 'score': (int, 0), 'comid': (int, -1), 'editor_type': (str, ""), 'subscribe': (str, ""), 'cookie': (str, "") }) _ = gettext_set_language(argd['ln']) actions = ['DISPLAY', 'REPLY', 'SUBMIT'] uid = getUid(req) # Is site ready to accept comments? if uid == -1 or (not CFG_WEBCOMMENT_ALLOW_COMMENTS and not CFG_WEBCOMMENT_ALLOW_REVIEWS): return page_not_authorized(req, "../comments/add", navmenuid='search') # Is user allowed to post comment? user_info = collect_user_info(req) (auth_code_1, auth_msg_1) = check_user_can_view_comments(user_info, self.recid) (auth_code_2, auth_msg_2) = check_user_can_send_comments(user_info, self.recid) if isGuestUser(uid): cookie = mail_cookie_create_authorize_action(VIEWRESTRCOLL, {'collection' : guess_primary_collection_of_a_record(self.recid)}) # Save user's value in cookie, so that these "POST" # parameters are not lost during login process msg_cookie = mail_cookie_create_common('comment_msg', {'msg': argd['msg'], 'note': argd['note'], 'score': argd['score'], 'editor_type': argd['editor_type'], 'subscribe': argd['subscribe']}, onetime=True) target = '/youraccount/login' + \ make_canonical_urlargd({'action': cookie, 'ln' : argd['ln'], 'referer' : \ CFG_SITE_URL + user_info['uri'] + '&cookie=' + msg_cookie}, {}) return redirect_to_url(req, target, norobot=True) elif (auth_code_1 or auth_code_2): return page_not_authorized(req, "../", \ text = auth_msg_1 + auth_msg_2) user_info = collect_user_info(req) can_attach_files = False (auth_code, auth_msg) = check_user_can_attach_file_to_comments(user_info, self.recid) if not auth_code and (user_info['email'] != 'guest' or user_info['apache_user']): can_attach_files = True warning_msgs = [] added_files = {} if can_attach_files: # User is allowed to attach files. Process the files file_too_big = False formfields = form.get('commentattachment[]', []) if not hasattr(formfields, "__getitem__"): # A single file was uploaded formfields = [formfields] for formfield in formfields[:CFG_WEBCOMMENT_MAX_ATTACHED_FILES]: if hasattr(formfield, "filename") and formfield.filename: filename = formfield.filename dir_to_open = os.path.join(CFG_TMPDIR, 'webcomment', str(uid)) try: assert(dir_to_open.startswith(CFG_TMPDIR)) except AssertionError: register_exception(req=req, prefix='User #%s tried to upload file to forbidden location: %s' \ % (uid, dir_to_open)) if not os.path.exists(dir_to_open): try: os.makedirs(dir_to_open) except: register_exception(req=req, alert_admin=True) ## Before saving the file to disc, wash the filename (in particular ## washing away UNIX and Windows (e.g. DFS) paths): filename = os.path.basename(filename.split('\\')[-1]) filename = filename.strip() if filename != "": # Check that file does not already exist n = 1 while os.path.exists(os.path.join(dir_to_open, filename)): basedir, name, extension = decompose_file(filename) new_name = propose_next_docname(name) filename = new_name + extension fp = open(os.path.join(dir_to_open, filename), "w") # FIXME: temporary, waiting for wsgi handler to be # fixed. Once done, read chunk by chunk ## while formfield.file: ## fp.write(formfield.file.read(10240)) fp.write(formfield.file.read()) fp.close() # Isn't this file too big? file_size = os.path.getsize(os.path.join(dir_to_open, filename)) if CFG_WEBCOMMENT_MAX_ATTACHMENT_SIZE > 0 and \ file_size > CFG_WEBCOMMENT_MAX_ATTACHMENT_SIZE: os.remove(os.path.join(dir_to_open, filename)) # One file is too big: record that, # dismiss all uploaded files and re-ask to # upload again file_too_big = True warning_msgs.append(('WRN_WEBCOMMENT_MAX_FILE_SIZE_REACHED', cgi.escape(filename), str(file_size/1024) + 'KB', str(CFG_WEBCOMMENT_MAX_ATTACHMENT_SIZE/1024) + 'KB')) else: added_files[filename] = os.path.join(dir_to_open, filename) if file_too_big: # One file was too big. Removed all uploaded filed for filepath in added_files.items(): try: os.remove(filepath) except: # File was already removed or does not exist? pass client_ip_address = req.remote_ip check_warnings = [] (ok, problem) = check_recID_is_in_range(self.recid, check_warnings, argd['ln']) if ok: title, description, keywords = websearch_templates.tmpl_record_page_header_content(req, self.recid, argd['ln']) navtrail = create_navtrail_links(cc=guess_primary_collection_of_a_record(self.recid)) if navtrail: navtrail += ' > ' navtrail += '<a class="navtrail" href="%s/record/%s?ln=%s">'% (CFG_SITE_URL, self.recid, argd['ln']) navtrail += title navtrail += '</a>' navtrail += '> <a class="navtrail" href="%s/record/%s/%s/?ln=%s">%s</a>' % (CFG_SITE_URL, self.recid, self.discussion==1 and 'reviews' or 'comments', argd['ln'], self.discussion==1 and _('Reviews') or _('Comments')) if argd['action'] not in actions: argd['action'] = 'DISPLAY' if not argd['msg']: # User had to login in-between, so retrieve msg # from cookie try: (kind, cookie_argd) = mail_cookie_check_common(argd['cookie'], delete=True) argd.update(cookie_argd) except InvenioWebAccessMailCookieDeletedError, e: return redirect_to_url(req, CFG_SITE_URL + '/record/' + \ str(self.recid) + (self.discussion==1 and \ '/reviews' or '/comments')) except InvenioWebAccessMailCookieError, e: # Invalid or empty cookie: continue pass
def add(self, req, form): """ Add a comment (review) to record with id recid where recid>0 Also works for adding a remark to basket with id recid where recid<-99 @param ln: languange @param recid: record id @param action: 'DISPLAY' to display add form 'SUBMIT' to submit comment once form is filled 'REPLY' to reply to an already existing comment @param msg: the body of the comment/review or remark @param score: star score of the review @param note: title of the review @param comid: comment id, needed for replying @param editor_type: the type of editor used for submitting the comment: 'textarea', 'fckeditor'. @param subscribe: if set, subscribe user to receive email notifications when new comment are added to this discussion @return the full html page. """ argd = wash_urlargd( form, { 'action': (str, "DISPLAY"), 'msg': (str, ""), 'note': (str, ''), 'score': (int, 0), 'comid': (int, 0), 'editor_type': (str, ""), 'subscribe': (str, ""), 'cookie': (str, "") }) _ = gettext_set_language(argd['ln']) actions = ['DISPLAY', 'REPLY', 'SUBMIT'] uid = getUid(req) # Is site ready to accept comments? if uid == -1 or (not CFG_WEBCOMMENT_ALLOW_COMMENTS and not CFG_WEBCOMMENT_ALLOW_REVIEWS): return page_not_authorized(req, "../comments/add", navmenuid='search') # Is user allowed to post comment? user_info = collect_user_info(req) (auth_code_1, auth_msg_1) = check_user_can_view_comments(user_info, self.recid) (auth_code_2, auth_msg_2) = check_user_can_send_comments(user_info, self.recid) if isGuestUser(uid): cookie = mail_cookie_create_authorize_action( VIEWRESTRCOLL, { 'collection': guess_primary_collection_of_a_record( self.recid) }) # Save user's value in cookie, so that these "POST" # parameters are not lost during login process msg_cookie = mail_cookie_create_common( 'comment_msg', { 'msg': argd['msg'], 'note': argd['note'], 'score': argd['score'], 'editor_type': argd['editor_type'], 'subscribe': argd['subscribe'] }, onetime=True) target = '/youraccount/login' + \ make_canonical_urlargd({'action': cookie, 'ln' : argd['ln'], 'referer' : \ CFG_SITE_URL + user_info['uri'] + '&cookie=' + msg_cookie}, {}) return redirect_to_url(req, target, norobot=True) elif (auth_code_1 or auth_code_2): return page_not_authorized(req, "../", \ text = auth_msg_1 + auth_msg_2) user_info = collect_user_info(req) can_attach_files = False (auth_code, auth_msg) = check_user_can_attach_file_to_comments( user_info, self.recid) if not auth_code and (user_info['email'] != 'guest'): can_attach_files = True warning_msgs = [] added_files = {} if can_attach_files: # User is allowed to attach files. Process the files file_too_big = False formfields = form.get('commentattachment[]', []) if not hasattr(formfields, "__getitem__"): # A single file was uploaded formfields = [formfields] for formfield in formfields[:CFG_WEBCOMMENT_MAX_ATTACHED_FILES]: if hasattr(formfield, "filename") and formfield.filename: filename = formfield.filename dir_to_open = os.path.join(CFG_TMPDIR, 'webcomment', str(uid)) try: assert (dir_to_open.startswith(CFG_TMPDIR)) except AssertionError: register_exception(req=req, prefix='User #%s tried to upload file to forbidden location: %s' \ % (uid, dir_to_open)) if not os.path.exists(dir_to_open): try: os.makedirs(dir_to_open) except: register_exception(req=req, alert_admin=True) ## Before saving the file to disc, wash the filename (in particular ## washing away UNIX and Windows (e.g. DFS) paths): filename = os.path.basename(filename.split('\\')[-1]) filename = filename.strip() if filename != "": # Check that file does not already exist n = 1 while os.path.exists( os.path.join(dir_to_open, filename)): basedir, name, extension = decompose_file(filename) new_name = propose_next_docname(name) filename = new_name + extension fp = open(os.path.join(dir_to_open, filename), "w") # FIXME: temporary, waiting for wsgi handler to be # fixed. Once done, read chunk by chunk ## while formfield.file: ## fp.write(formfield.file.read(10240)) fp.write(formfield.file.read()) fp.close() # Isn't this file too big? file_size = os.path.getsize( os.path.join(dir_to_open, filename)) if CFG_WEBCOMMENT_MAX_ATTACHMENT_SIZE > 0 and \ file_size > CFG_WEBCOMMENT_MAX_ATTACHMENT_SIZE: os.remove(os.path.join(dir_to_open, filename)) # One file is too big: record that, # dismiss all uploaded files and re-ask to # upload again file_too_big = True warning_msgs.append( ('WRN_WEBCOMMENT_MAX_FILE_SIZE_REACHED', cgi.escape(filename), str(file_size / 1024) + 'KB', str(CFG_WEBCOMMENT_MAX_ATTACHMENT_SIZE / 1024) + 'KB')) else: added_files[filename] = os.path.join( dir_to_open, filename) if file_too_big: # One file was too big. Removed all uploaded filed for filepath in added_files.items(): try: os.remove(filepath) except: # File was already removed or does not exist? pass client_ip_address = req.remote_ip check_warnings = [] (ok, problem) = check_recID_is_in_range(self.recid, check_warnings, argd['ln']) if ok: title, description, keywords = websearch_templates.tmpl_record_page_header_content( req, self.recid, argd['ln']) navtrail = create_navtrail_links( cc=guess_primary_collection_of_a_record(self.recid)) if navtrail: navtrail += ' > ' navtrail += '<a class="navtrail" href="%s/record/%s?ln=%s">' % ( CFG_SITE_URL, self.recid, argd['ln']) navtrail += title navtrail += '</a>' navtrail += '> <a class="navtrail" href="%s/record/%s/%s/?ln=%s">%s</a>' % ( CFG_SITE_URL, self.recid, self.discussion == 1 and 'reviews' or 'comments', argd['ln'], self.discussion == 1 and _('Reviews') or _('Comments')) if argd['action'] not in actions: argd['action'] = 'DISPLAY' if not argd['msg']: # User had to login in-between, so retrieve msg # from cookie try: (kind, cookie_argd) = mail_cookie_check_common(argd['cookie'], delete=True) argd.update(cookie_argd) except InvenioWebAccessMailCookieDeletedError, e: return redirect_to_url(req, CFG_SITE_URL + '/record/' + \ str(self.recid) + (self.discussion==1 and \ '/reviews' or '/comments')) except InvenioWebAccessMailCookieError, e: # Invalid or empty cookie: continue pass
def register_request(self, req, form): """ Displays all loans of a given user @param ln: language @return the page for inbox """ argd = wash_urlargd( form, { 'ln': (str, ""), 'title': (str, ""), 'authors': (str, ""), 'place': (str, ""), 'publisher': (str, ""), 'year': (str, ""), 'edition': (str, ""), 'isbn': (str, ""), 'period_of_interest_from': (str, ""), 'period_of_interest_to': (str, ""), 'additional_comments': (str, ""), 'conditions': (str, ""), 'only_edition': (str, ""), }) # Check if user is logged uid = getUid(req) if CFG_ACCESS_CONTROL_LEVEL_SITE >= 1: return page_not_authorized(req, "%s/ill/register_request" % \ (CFG_SITE_URL,), navmenuid="ill") elif uid == -1 or isGuestUser(uid): return redirect_to_url( req, "%s/youraccount/login%s" % (CFG_SITE_SECURE_URL, make_canonical_urlargd( { 'referer': "%s/ill/register_request%s" % (CFG_SITE_URL, make_canonical_urlargd(argd, {})), "ln": argd['ln'] }, {})), norobot=True) _ = gettext_set_language(argd['ln']) user_info = collect_user_info(req) if not user_info['precached_useloans']: return page_not_authorized(req, "../", \ text = _("You are not authorized to use ill.")) body = ill_register_request( uid=uid, title=argd['title'], authors=argd['authors'], place=argd['place'], publisher=argd['publisher'], year=argd['year'], edition=argd['edition'], isbn=argd['isbn'], period_of_interest_from=argd['period_of_interest_from'], period_of_interest_to=argd['period_of_interest_to'], additional_comments=argd['additional_comments'], conditions=argd['conditions'], only_edition=argd['only_edition'], request_type='book', ln=argd['ln']) return page(title=_("Interlibrary loan request for books"), body=body, uid=uid, lastupdated=__lastupdated__, req=req, language=argd['ln'], navmenuid="ill")
def add(self, req, form): """ Add a comment (review) to record with id recid where recid>0 Also works for adding a remark to basket with id recid where recid<-99 @param ln: languange @param recid: record id @param action: 'DISPLAY' to display add form 'SUBMIT' to submit comment once form is filled 'REPLY' to reply to an already existing comment @param msg: the body of the comment/review or remark @param score: star score of the review @param note: title of the review @param comid: comment id, needed for replying @param editor_type: the type of editor used for submitting the comment: 'textarea', 'ckeditor'. @param subscribe: if set, subscribe user to receive email notifications when new comment are added to this discussion @return the full html page. """ argd = wash_urlargd( form, { 'action': (str, "DISPLAY"), 'msg': (str, ""), 'note': (str, ''), 'score': (int, 0), 'comid': (int, 0), 'editor_type': (str, ""), 'subscribe': (str, ""), 'cookie': (str, "") }) _ = gettext_set_language(argd['ln']) actions = ['DISPLAY', 'REPLY', 'SUBMIT'] uid = getUid(req) # Is site ready to accept comments? if uid == -1 or (not CFG_WEBCOMMENT_ALLOW_COMMENTS and not CFG_WEBCOMMENT_ALLOW_REVIEWS): return page_not_authorized(req, "../comments/add", navmenuid='search') # Is user allowed to post comment? user_info = collect_user_info(req) (auth_code_1, auth_msg_1) = check_user_can_view_comments(user_info, self.recid) (auth_code_2, auth_msg_2) = check_user_can_send_comments(user_info, self.recid) if isGuestUser(uid): cookie = mail_cookie_create_authorize_action( VIEWRESTRCOLL, { 'collection': guess_primary_collection_of_a_record( self.recid) }) # Save user's value in cookie, so that these "POST" # parameters are not lost during login process msg_cookie = mail_cookie_create_common( 'comment_msg', { 'msg': argd['msg'], 'note': argd['note'], 'score': argd['score'], 'editor_type': argd['editor_type'], 'subscribe': argd['subscribe'] }, onetime=True) target = CFG_SITE_SECURE_URL + '/youraccount/login' + \ make_canonical_urlargd({'action': cookie, 'ln' : argd['ln'], 'referer' : \ CFG_SITE_SECURE_URL + user_info['uri'] + '&cookie=' + msg_cookie}, {}) return redirect_to_url(req, target, norobot=True) elif (auth_code_1 or auth_code_2): return page_not_authorized(req, "../", \ text = auth_msg_1 + auth_msg_2) if argd['comid']: # If replying to a comment, are we on a record that # matches the original comment user is replying to? if not check_comment_belongs_to_record(argd['comid'], self.recid): return page_not_authorized(req, "../", \ text = _("Specified comment does not belong to this record")) # Is user trying to reply to a restricted comment? Make # sure user has access to it. We will then inherit its # restriction for the new comment (auth_code, auth_msg) = check_user_can_view_comment(user_info, argd['comid']) if auth_code: return page_not_authorized(req, "../", \ text = _("You do not have access to the specified comment")) # Is user trying to reply to a deleted comment? If so, we # let submitted comment go (to not lose possibly submitted # content, if comment is submitted while original is # deleted), but we "reset" comid to make sure that for # action 'REPLY' the original comment is not included in # the reply if is_comment_deleted(argd['comid']): argd['comid'] = 0 user_info = collect_user_info(req) can_attach_files = False (auth_code, auth_msg) = check_user_can_attach_file_to_comments( user_info, self.recid) if not auth_code and (user_info['email'] != 'guest'): can_attach_files = True warning_msgs = [ ] # list of warning tuples (warning_text, warning_color) added_files = {} if can_attach_files: # User is allowed to attach files. Process the files file_too_big = False formfields = form.get('commentattachment[]', []) if not hasattr(formfields, "__getitem__"): # A single file was uploaded formfields = [formfields] for formfield in formfields[:CFG_WEBCOMMENT_MAX_ATTACHED_FILES]: if hasattr(formfield, "filename") and formfield.filename: filename = formfield.filename dir_to_open = os.path.join(CFG_TMPSHAREDDIR, 'webcomment', str(uid)) try: assert (dir_to_open.startswith(CFG_TMPSHAREDDIR)) except AssertionError: register_exception(req=req, prefix='User #%s tried to upload file to forbidden location: %s' \ % (uid, dir_to_open)) if not os.path.exists(dir_to_open): try: os.makedirs(dir_to_open) except: register_exception(req=req, alert_admin=True) ## Before saving the file to disc, wash the filename (in particular ## washing away UNIX and Windows (e.g. DFS) paths): filename = os.path.basename(filename.split('\\')[-1]) filename = filename.strip() if filename != "": # Check that file does not already exist n = 1 while os.path.exists( os.path.join(dir_to_open, filename)): basedir, name, extension = decompose_file(filename) new_name = propose_next_docname(name) filename = new_name + extension fp = open(os.path.join(dir_to_open, filename), "w") # FIXME: temporary, waiting for wsgi handler to be # fixed. Once done, read chunk by chunk ## while formfield.file: ## fp.write(formfield.file.read(10240)) fp.write(formfield.file.read()) fp.close() # Isn't this file too big? file_size = os.path.getsize( os.path.join(dir_to_open, filename)) if CFG_WEBCOMMENT_MAX_ATTACHMENT_SIZE > 0 and \ file_size > CFG_WEBCOMMENT_MAX_ATTACHMENT_SIZE: os.remove(os.path.join(dir_to_open, filename)) # One file is too big: record that, # dismiss all uploaded files and re-ask to # upload again file_too_big = True try: raise InvenioWebCommentWarning( _('The size of file \\"%s\\" (%s) is larger than maximum allowed file size (%s). Select files again.' ) % (cgi.escape(filename), str(file_size / 1024) + 'KB', str(CFG_WEBCOMMENT_MAX_ATTACHMENT_SIZE / 1024) + 'KB')) except InvenioWebCommentWarning, exc: register_exception(stream='warning') warning_msgs.append((exc.message, '')) #warning_msgs.append(('WRN_WEBCOMMENT_MAX_FILE_SIZE_REACHED', cgi.escape(filename), str(file_size/1024) + 'KB', str(CFG_WEBCOMMENT_MAX_ATTACHMENT_SIZE/1024) + 'KB')) else: added_files[filename] = os.path.join( dir_to_open, filename) if file_too_big: # One file was too big. Removed all uploaded filed for filepath in added_files.items(): try: os.remove(filepath) except: # File was already removed or does not exist? pass