def main(client_id, user_arguments_dict):
"""Main function used by front end"""
(configuration, logger, output_objects, op_name) = \
initialize_main_variables(client_id)
client_dir = client_id_dir(client_id)
status = returnvalues.OK
defaults = signature()[1]
(validate_status, accepted) = validate_input_and_cert(
user_arguments_dict,
defaults,
output_objects,
client_id,
configuration,
allow_rejects=False,
)
if not validate_status:
return (accepted, returnvalues.CLIENT_ERROR)
if not safe_handler(configuration, 'post', op_name, client_id,
get_csrf_limit(configuration), accepted):
output_objects.append({
'object_type':
'error_text',
'text':
'''Only accepting
CSRF-filtered POST requests to prevent unintended updates'''
})
return (output_objects, returnvalues.CLIENT_ERROR)
if not configuration.site_enable_jobs:
output_objects.append({
'object_type':
'error_text',
'text':
'''Job execution is not enabled on this system'''
})
return (output_objects, returnvalues.SYSTEM_ERROR)
external_dict = get_keywords_dict(configuration)
mrsl = fields_to_mrsl(configuration, user_arguments_dict, external_dict)
tmpfile = None
# save to temporary file
try:
(filehandle, real_path) = tempfile.mkstemp(text=True)
relative_path = os.path.basename(real_path)
os.write(filehandle, mrsl)
os.close(filehandle)
except Exception, err:
output_objects.append({
'object_type':
'error_text',
'text':
'Failed to write temporary mRSL file: %s' % err
})
return (output_objects, returnvalues.SYSTEM_ERROR)
def run_command(
command_list,
target_path,
crontab_entry,
configuration,
):
"""Run backend command built from command_list on behalf of user from
crontab_entry and with args mapped to the backend variables.
"""
pid = multiprocessing.current_process().pid
client_id = crontab_entry['run_as']
command_str = ' '.join(command_list)
logger.info('(%s) run command for %s: %s' % (pid, target_path,
command_list))
# logger.debug('(%s) run %s on behalf of %s' % (pid, command_str,
# client_id))
(function, user_arguments_dict) = parse_command_args(configuration,
command_list)
form_method = 'post'
target_op = "%s" % function
csrf_limit = get_csrf_limit(configuration)
csrf_token = make_csrf_token(configuration, form_method, target_op,
client_id, csrf_limit)
user_arguments_dict[csrf_field] = [csrf_token]
# logger.debug('(%s) import main from %s' % (pid, function))
main = id
txt_format = id
try:
exec 'from shared.functionality.%s import main' % function
exec 'from shared.output import txt_format'
# logger.debug('(%s) run %s on %s for %s' % \
# (pid, function, user_arguments_dict, client_id))
# Fake HTTP POST manually setting fields required for CSRF check
os.environ['HTTP_USER_AGENT'] = 'grid cron daemon'
os.environ['PATH_INFO'] = '%s.py' % function
os.environ['REQUEST_METHOD'] = form_method.upper()
# We may need a REMOTE_ADDR for gdplog call even if not really enabled
os.environ['REMOTE_ADDR'] = '127.0.0.1'
(output_objects, (ret_code, ret_msg)) = main(client_id,
user_arguments_dict)
except Exception, exc:
logger.error('(%s) failed to run %s main on %s: %s' %
(pid, function, user_arguments_dict, exc))
import traceback
logger.info('traceback:\n%s' % traceback.format_exc())
raise exc
def main(client_id, user_arguments_dict):
"""Main function used by front end"""
(configuration, logger, output_objects, op_name) = \
initialize_main_variables(client_id, op_header=False)
client_dir = client_id_dir(client_id)
defaults = signature()[1]
(validate_status, accepted) = validate_input_and_cert(
user_arguments_dict,
defaults,
output_objects,
client_id,
configuration,
allow_rejects=False,
)
if not validate_status:
return (accepted, returnvalues.CLIENT_ERROR)
if not configuration.site_enable_jobs:
output_objects.append({
'object_type':
'error_text',
'text':
'''Job execution is not enabled on this system'''
})
return (output_objects, returnvalues.SYSTEM_ERROR)
status = returnvalues.OK
title_entry = find_entry(output_objects, 'title')
title_entry['text'] = 'Job Manager'
user_settings = title_entry.get('user_settings', {})
title_entry['style'] = css_tmpl(configuration, user_settings)
csrf_map = {}
method = 'post'
limit = get_csrf_limit(configuration)
for target_op in csrf_backends:
csrf_map[target_op] = make_csrf_token(configuration, method, target_op,
client_id, limit)
(add_import, add_init, add_ready) = js_tmpl_parts(csrf_map)
title_entry['script']['advanced'] += add_import
title_entry['script']['init'] += add_init
title_entry['script']['ready'] += add_ready
output_objects.append({'object_type': 'header', 'text': 'Job Manager'})
output_objects.append({
'object_type': 'table_pager',
'entry_name': 'jobs',
'default_entries': default_pager_entries,
'form_append': pager_append()
})
output_objects.append({'object_type': 'html_form', 'text': html_post()})
return (output_objects, status)
def openid_autologout_url(
configuration,
openid_identity,
client_id,
return_url,
return_query_dict=None,
):
"""Generates OpenID logout URL.
OpenID logout consists of two steps:
1) OpenID server: expire session
2) OpenID server: redirect after session expire
The OpenID server always returns to autologout.py which then redirects
to *return_url*.
"""
_logger = configuration.logger
# Add CSRF trust token to query_dict, needed at autologout.py for URL and
# query args validation
if return_query_dict is None:
csrf_query_dict = {}
else:
csrf_query_dict = return_query_dict.copy()
csrf_limit = get_csrf_limit(configuration)
trust_token = make_csrf_trust_token(configuration, 'get', return_url,
csrf_query_dict, client_id,
csrf_limit)
csrf_query_dict[csrf_field] = ['%s' % trust_token]
encoded_redirect_to = base32urlencode(configuration, return_url,
csrf_query_dict)
# OpenID server always returns to autologout.py which then redirects
# to return_url
oid_return_to = '%s/%s?redirect_to=%s' \
% (return_url[:return_url.rfind('/')], 'autologout.py',
encoded_redirect_to)
oid_logout_url = \
os.path.join(os.path.dirname(os.path.dirname(openid_identity)),
'logout?return_to=%s' % oid_return_to)
return oid_logout_url
def main(client_id, user_arguments_dict):
"""Main function used by front end"""
(configuration, logger, output_objects, op_name) = \
initialize_main_variables(client_id)
output_objects.append({
'object_type': 'text',
'text': '--------- Trying to STOP store ----------'
})
defaults = signature()[1]
(validate_status, accepted) = validate_input_and_cert(
user_arguments_dict,
defaults,
output_objects,
client_id,
configuration,
allow_rejects=False,
)
if not validate_status:
return (accepted, returnvalues.CLIENT_ERROR)
unique_resource_name = accepted['unique_resource_name'][-1]
store_name_list = accepted['store_name']
all = accepted['all'][-1].lower() == 'true'
parallel = accepted['parallel'][-1].lower() == 'true'
if not safe_handler(configuration, 'post', op_name, client_id,
get_csrf_limit(configuration), accepted):
output_objects.append({
'object_type':
'error_text',
'text':
'''Only accepting
CSRF-filtered POST requests to prevent unintended updates'''
})
return (output_objects, returnvalues.CLIENT_ERROR)
if not is_owner(client_id, unique_resource_name,
configuration.resource_home, logger):
output_objects.append({
'object_type':
'error_text',
'text':
'Failure: You must be an owner of ' + unique_resource_name +
' to stop the store!'
})
return (output_objects, returnvalues.CLIENT_ERROR)
exit_status = returnvalues.OK
if all:
store_name_list = get_all_store_names(unique_resource_name)
# take action based on supplied list of stores
if len(store_name_list) == 0:
output_objects.append({
'object_type':
'text',
'text':
"No stores specified and 'all' argument not set to true: Nothing to do!"
})
workers = []
for store_name in store_name_list:
task = Worker(target=stop_resource_store,
args=(unique_resource_name, store_name,
configuration.resource_home, logger))
workers.append((store_name, [task]))
task.start()
if not parallel:
task.join()
for (store_name, task_list) in workers:
(status, msg) = task_list[0].finish()
output_objects.append({'object_type': 'header', 'text': 'Stop store'})
if not status:
output_objects.append({
'object_type': 'error_text',
'text': 'Problems stopping store: %s' % msg
})
exit_status = returnvalues.SYSTEM_ERROR
else:
output_objects.append({
'object_type': 'text',
'text': 'Stop store success: %s' % msg
})
return (output_objects, exit_status)
def main(client_id, user_arguments_dict):
"""Main function used by front end"""
(configuration, logger, output_objects, op_name) = \
initialize_main_variables(client_id, op_header=False)
client_dir = client_id_dir(client_id)
defaults = signature()[1]
title_entry = find_entry(output_objects, 'title')
label = "%s" % configuration.site_vgrid_label
title_entry['text'] = "Add/Update %s Trigger" % label
output_objects.append({
'object_type': 'header',
'text': 'Add/Update %s Trigger' % label
})
(validate_status, accepted) = validate_input_and_cert(
user_arguments_dict,
defaults,
output_objects,
client_id,
configuration,
allow_rejects=False,
)
if not validate_status:
return (accepted, returnvalues.CLIENT_ERROR)
# NOTE: strip leftmost slashes from all fields used in file paths to avoid
# interference with os.path.join calls. Furthermore we strip and normalize
# the path variable first to make sure it does not point outside the vgrid.
# In practice any such directory traversal attempts will generally be moot
# since the grid_events daemon only starts a listener for each top-level
# vgrid and in there only reacts to events that match trigger rules from
# that particular vgrid. Thus only subvgrid access to parent vgrids might
# be a concern and still of limited consequence.
# NOTE: merge multi args into one string and split again to get flat array
rule_id = accepted['rule_id'][-1].strip()
vgrid_name = accepted['vgrid_name'][-1].strip().lstrip(os.sep)
path = os.path.normpath(accepted['path'][-1].strip()).lstrip(os.sep)
changes = [i.strip() for i in ' '.join(accepted['changes']).split()]
action = accepted['action'][-1].strip()
arguments = [
i.strip() for i in shlex.split(' '.join(accepted['arguments']))
]
rate_limit = accepted['rate_limit'][-1].strip()
settle_time = accepted['settle_time'][-1].strip()
match_files = accepted['match_files'][-1].strip() == 'True'
match_dirs = accepted['match_dirs'][-1].strip() == 'True'
match_recursive = accepted['match_recursive'][-1].strip() == 'True'
rank_str = accepted['rank'][-1]
try:
rank = int(rank_str)
except ValueError:
rank = None
logger.debug("addvgridtrigger with args: %s" % user_arguments_dict)
if not safe_handler(configuration, 'post', op_name, client_id,
get_csrf_limit(configuration), accepted):
output_objects.append({
'object_type':
'error_text',
'text':
'''Only accepting
CSRF-filtered POST requests to prevent unintended updates'''
})
return (output_objects, returnvalues.CLIENT_ERROR)
# Please note that base_dir must end in slash to avoid access to other
# user dirs when own name is a prefix of another user name
base_dir = os.path.abspath(
os.path.join(configuration.user_home, client_dir)) + os.sep
# we just use a high res timestamp as automatic rule_id
if rule_id == keyword_auto:
rule_id = "%d" % (time.time() * 1E8)
if action == keyword_auto:
action = valid_trigger_actions[0]
if any_state in changes:
changes = valid_trigger_changes
logger.info("addvgridtrigger %s" % vgrid_name)
# Validity of user and vgrid names is checked in this init function so
# no need to worry about illegal directory traversal through variables
(ret_val, msg, ret_variables) = \
init_vgrid_script_add_rem(vgrid_name, client_id,
rule_id, 'trigger',
configuration)
if not ret_val:
output_objects.append({'object_type': 'error_text', 'text': msg})
return (output_objects, returnvalues.CLIENT_ERROR)
elif msg:
# In case of warnings, msg is non-empty while ret_val remains True
output_objects.append({'object_type': 'warning', 'text': msg})
# if we get here user is either vgrid owner or allowed to add rule
# don't add if already in vgrid or parent vgrid - but update if owner
update_id = None
if vgrid_is_trigger(vgrid_name, rule_id, configuration):
if vgrid_is_trigger_owner(vgrid_name, rule_id, client_id,
configuration):
update_id = 'rule_id'
else:
output_objects.append({
'object_type':
'error_text',
'text':
'%s is already a trigger owned by somebody else in the %s' %
(rule_id, label)
})
return (output_objects, returnvalues.CLIENT_ERROR)
# don't add if already in subvgrid
(list_status, subvgrids) = vgrid_list_subvgrids(vgrid_name, configuration)
if not list_status:
output_objects.append({
'object_type':
'error_text',
'text':
'Error getting list of sub%ss: %s' % (label, subvgrids)
})
return (output_objects, returnvalues.SYSTEM_ERROR)
for subvgrid in subvgrids:
if vgrid_is_trigger(subvgrid, rule_id, configuration, recursive=False):
output_objects.append({
'object_type': 'error_text',
'text': '''%(rule_id)s is already in a
sub-%(vgrid_label)s (%(subvgrid)s). Please remove the trigger from the
sub-%(vgrid_label)s and try again''' % {
'rule_id': rule_id,
'subvgrid': subvgrid,
'vgrid_label': label
}
})
return (output_objects, returnvalues.CLIENT_ERROR)
if not action in valid_trigger_actions:
output_objects.append({
'object_type': 'error_text',
'text': "invalid action value %s" % action
})
return (output_objects, returnvalues.CLIENT_ERROR)
if keyword_all in changes:
changes = valid_trigger_changes
for change in changes:
if not change in valid_trigger_changes:
output_objects.append({
'object_type':
'error_text',
'text':
"found invalid change value %s" % change
})
return (output_objects, returnvalues.CLIENT_ERROR)
# Check if we should load saved trigger for rank change or update
rule_dict = None
if rank is not None or update_id is not None:
(load_status, all_triggers) = vgrid_triggers(vgrid_name, configuration)
if not load_status:
output_objects.append({
'object_type':
'error_text',
'text':
'Failed to load triggers for %s: %s' %
(vgrid_name, all_triggers)
})
return (output_objects, returnvalues.SYSTEM_ERROR)
for saved_dict in all_triggers:
if saved_dict['rule_id'] == rule_id:
rule_dict = saved_dict
break
if rule_dict is None:
output_objects.append({
'object_type':
'error_text',
'text':
'No such trigger %s for %s: %s' %
(rule_id, vgrid_name, all_triggers)
})
return (output_objects, returnvalues.CLIENT_ERROR)
elif not path:
# New trigger with missing path
output_objects.append({
'object_type': 'error_text',
'text': '''Either path or rank must
be set.'''
})
return (output_objects, returnvalues.CLIENT_ERROR)
elif action == "submit" and not arguments:
# New submit trigger with missing mrsl arguments
output_objects.append({
'object_type':
'error_text',
'text':
'''Submit triggers must give
a job description file path as argument.'''
})
return (output_objects, returnvalues.CLIENT_ERROR)
# Handle create and update (i.e. new, update all or just refresh mRSL)
if rank is None:
# IMPORTANT: we save the job template contents to avoid potential abuse
# Otherwise someone else in the VGrid could tamper with the template
# and make the next trigger execute arbitrary code on behalf of the
# rule owner.
templates = []
# Merge current and saved values
req_dict = {
'rule_id': rule_id,
'vgrid_name': vgrid_name,
'path': path,
'changes': changes,
'run_as': client_id,
'action': action,
'arguments': arguments,
'rate_limit': rate_limit,
'settle_time': settle_time,
'match_files': match_files,
'match_dirs': match_dirs,
'match_recursive': match_recursive,
'templates': templates
}
if rule_dict is None:
rule_dict = req_dict
else:
for field in user_arguments_dict:
if req_dict.has_key(field):
rule_dict[field] = req_dict[field]
# Now refresh template contents
if rule_dict['action'] == "submit":
for rel_path in rule_dict['arguments']:
# IMPORTANT: path must be expanded to abs for proper chrooting
abs_path = os.path.abspath(os.path.join(base_dir, rel_path))
try:
if not valid_user_path(configuration, abs_path, base_dir,
True):
logger.warning(
'%s tried to %s restricted path %s ! (%s)' %
(client_id, op_name, abs_path, rel_path))
raise ValueError('invalid submit path argument: %s' %
rel_path)
temp_fd = open(abs_path)
templates.append(temp_fd.read())
temp_fd.close()
except Exception, err:
logger.error("read submit argument file failed: %s" % err)
output_objects.append({
'object_type':
'error_text',
'text':
'failed to read submit argument file "%s"' % rel_path
})
return (output_objects, returnvalues.CLIENT_ERROR)
# Save updated template contents here
rule_dict['templates'] = templates
def build_useritem_object_from_user_dict(configuration, client_id,
visible_user_id, user_home, user_dict,
allow_vgrids):
"""Build a user object based on input user_dict"""
profile_specs = get_profile_specs()
user_specs = get_settings_specs()
user_item = {
'object_type': 'user_info',
'user_id': visible_user_id,
'fields': [],
}
if visible_user_id.find('@') != -1:
show_user_id = pretty_format_user(visible_user_id)
else:
show_user_id = visible_user_id
user_item['fields'].append(('Public user ID', show_user_id))
public_image = user_dict[CONF].get('PUBLIC_IMAGE', [])
public_image = [
rel_path for rel_path in public_image
if os.path.exists(os.path.join(user_home, rel_path))
]
img_html = '<div class="public_image">'
if not public_image:
img_html += '<span class="anonymous-profile-img"></span>'
for rel_path in public_image:
img_path = os.path.join(user_home, rel_path)
img_data = inline_image(configuration, img_path)
img_html += '<img alt="portrait" class="profile-img" src="%s">' % \
img_data
img_html += '</div>'
public_profile = user_dict[CONF].get('PUBLIC_PROFILE', [])
if not public_profile:
public_profile = ['No public information provided']
profile_html = ''
profile_html += '<br/>'.join(public_profile)
profile_html += ''
public_html = '<div class="">\n%s\n</div>' % profile_html
profile_html += '<div class="clear"></div>'
public_html += '<div class="public_frame">\n%s\n</div>' % img_html
profile_html += '<div class="clear"></div>'
user_item['fields'].append(('Public information', public_html))
vgrids_allow_email = user_dict[CONF].get('VGRIDS_ALLOW_EMAIL', [])
vgrids_allow_im = user_dict[CONF].get('VGRIDS_ALLOW_IM', [])
hide_email = user_dict[CONF].get('HIDE_EMAIL_ADDRESS', True)
hide_im = user_dict[CONF].get('HIDE_IM_ADDRESS', True)
if hide_email:
email_vgrids = []
elif any_vgrid in vgrids_allow_email:
email_vgrids = allow_vgrids
else:
email_vgrids = set(vgrids_allow_email).intersection(allow_vgrids)
if hide_im:
im_vgrids = []
elif any_vgrid in vgrids_allow_im:
im_vgrids = allow_vgrids
else:
im_vgrids = set(vgrids_allow_im).intersection(allow_vgrids)
show_contexts = ['notify']
for (key, val) in user_specs:
proto = key.lower()
if not val['Context'] in show_contexts:
continue
saved = user_dict[CONF].get(key, None)
if val['Type'] != 'multiplestrings':
saved = [saved]
entry = ''
if not email_vgrids and key == 'EMAIL':
show_address = ' (email address hidden)'
elif not im_vgrids and key != 'EMAIL':
show_address = '(IM address hidden)'
else:
show_address = ', '.join(saved)
if saved:
form_method = 'post'
csrf_limit = get_csrf_limit(configuration)
target_op = 'sendrequestaction'
csrf_token = make_csrf_token(configuration, form_method, target_op,
client_id, csrf_limit)
js_name = 'send%s%s' % (proto, hexlify(visible_user_id))
helper = html_post_helper(
js_name, '%s.py' % target_op, {
'cert_id': visible_user_id,
'request_type': 'plain',
'protocol': proto,
'request_text': '',
csrf_field: csrf_token
})
entry += helper
link = 'send%slink' % proto
link_obj = {
'object_type':
'link',
'destination':
"javascript: confirmDialog(%s, '%s', '%s');" %
(js_name, 'Send %s message to %s' %
(proto, visible_user_id), 'request_text'),
'class':
link,
'title':
'Send %s message to %s' % (proto, visible_user_id),
'text':
show_address
}
entry += "%s " % html_link(link_obj)
user_item['fields'].append((val['Title'], entry))
return user_item
def main(client_id, user_arguments_dict):
"""Main function used by front end"""
(configuration, logger, output_objects, op_name) = \
initialize_main_variables(client_id, op_header=False)
defaults = signature()[1]
title_entry = find_entry(output_objects, 'title')
title_entry['text'] = "Show freeze"
(validate_status, accepted) = validate_input_and_cert(
user_arguments_dict,
defaults,
output_objects,
client_id,
configuration,
allow_rejects=False,
)
if not validate_status:
return (accepted, returnvalues.CLIENT_ERROR)
freeze_id = accepted['freeze_id'][-1]
flavor = accepted['flavor'][-1]
checksum_list = [i for i in accepted['checksum'] if i]
operation = accepted['operation'][-1]
if not flavor in freeze_flavors.keys():
output_objects.append({
'object_type': 'error_text',
'text': 'Invalid freeze flavor: %s' % flavor
})
return (output_objects, returnvalues.CLIENT_ERROR)
title = freeze_flavors[flavor]['showfreeze_title']
title_entry['text'] = title
output_objects.append({'object_type': 'header', 'text': title})
sorted_algos = supported_hash_algos()
sorted_algos.sort()
for checksum in checksum_list:
if not checksum in sorted_algos:
output_objects.append({
'object_type':
'error_text',
'text':
'Invalid checksum algo(s): %s' % checksum
})
return (output_objects, returnvalues.CLIENT_ERROR)
if not configuration.site_enable_freeze:
output_objects.append({
'object_type':
'error_text',
'text':
'''Freezing archives is disabled on this site.
Please contact the site admins %s if you think it should be enabled.
''' % configuration.admin_email
})
return (output_objects, returnvalues.OK)
if not operation in allowed_operations:
output_objects.append({
'object_type':
'error_text',
'text':
'''Operation must be one of %s.''' % ', '.join(allowed_operations)
})
return (output_objects, returnvalues.OK)
# We don't generally know checksum and edit status until AJAX returns
hide_elems = {'edit': 'hidden', 'update': 'hidden', 'register': 'hidden'}
for algo in sorted_algos:
hide_elems['%ssum' % algo] = 'hidden'
if operation in show_operations:
# jquery support for tablesorter and confirmation dialog
# table initially sorted by col. 0 (filename)
refresh_call = 'ajax_showfreeze("%s", "%s", %s, "%s", "%s", "%s", "%s")' % \
(freeze_id, flavor, checksum_list, keyword_updating,
keyword_final, configuration.site_freeze_doi_url,
configuration.site_freeze_doi_url_field)
table_spec = {
'table_id': 'frozenfilestable',
'sort_order': '[[0,0]]',
'refresh_call': refresh_call
}
(add_import, add_init,
add_ready) = man_base_js(configuration, [table_spec])
if operation == "show":
add_ready += '%s;' % refresh_call
# Only show requested checksums
for algo in sorted_algos:
if algo in checksum_list:
add_ready += """
$('.%ssum').show();
""" % checksum
else:
add_ready += """
$('.%ssum').hide();
""" % algo
title_entry['script']['advanced'] += add_import
title_entry['script']['init'] += add_init
title_entry['script']['ready'] += add_ready
output_objects.append({
'object_type': 'html_form',
'text': man_base_html(configuration)
})
output_objects.append({
'object_type': 'table_pager',
'entry_name': 'frozen files',
'default_entries': default_pager_entries,
'refresh_button': False
})
# Helper form for removes
form_method = 'post'
csrf_limit = get_csrf_limit(configuration)
target_op = 'deletefreeze'
csrf_token = make_csrf_token(configuration, form_method, target_op,
client_id, csrf_limit)
helper = html_post_helper(
'delfreeze', '%s.py' % target_op, {
'freeze_id': '__DYNAMIC__',
'flavor': '__DYNAMIC__',
'path': '__DYNAMIC__',
'target': TARGET_PATH,
csrf_field: csrf_token
})
output_objects.append({'object_type': 'html_form', 'text': helper})
# NB: the restrictions on freeze_id prevents illegal directory traversal
if not is_frozen_archive(client_id, freeze_id, configuration):
logger.error("%s: invalid freeze '%s': %s" %
(op_name, client_id, freeze_id))
output_objects.append({
'object_type':
'error_text',
'text':
"'%s' is not an existing frozen archive!" % freeze_id
})
return (output_objects, returnvalues.CLIENT_ERROR)
if operation in list_operations:
(load_status,
freeze_dict) = get_frozen_archive(client_id, freeze_id, configuration,
checksum_list)
if not load_status:
logger.error("%s: load failed for '%s': %s" %
(op_name, freeze_id, freeze_dict))
output_objects.append({
'object_type':
'error_text',
'text':
'Could not read details for "%s"' % freeze_id
})
return (output_objects, returnvalues.SYSTEM_ERROR)
if freeze_dict.get('FLAVOR', 'freeze') != flavor:
logger.error("%s: flavor mismatch for '%s': %s vs %s" %
(op_name, freeze_id, flavor, freeze_dict))
output_objects.append({
'object_type':
'error_text',
'text':
'No such %s archive "%s"' % (flavor, freeze_id)
})
return (output_objects, returnvalues.CLIENT_ERROR)
# Allow edit if not in updating/final state and allow request DOI if
# finalized and not a backup archive.
freeze_state = freeze_dict.get('STATE', keyword_final)
if freeze_state == keyword_updating:
hide_elems['update'] = ''
elif freeze_state != keyword_final:
hide_elems['edit'] = ''
elif flavor != 'backup' and configuration.site_freeze_doi_url and \
freeze_dict.get('PUBLISH_URL', ''):
hide_elems['register'] = ''
logger.debug("%s: build obj for '%s': %s" %
(op_name, freeze_id, brief_freeze(freeze_dict)))
output_objects.append(
build_freezeitem_object(configuration, freeze_dict))
if operation == "show":
# insert dummy placeholder to build table
output_objects.append({
'object_type': 'frozenarchive',
'id': freeze_id,
'creator': client_id,
'flavor': flavor,
'frozenfiles': [],
'name': 'loading ...',
'description': 'loading ...',
'created': 'loading ...',
'state': 'loading ...'
})
if operation in show_operations:
output_objects.append({
'object_type':
'html_form',
'text':
"""<p>
Show archive with file checksums - might take quite a while to calculate:
</p>"""
})
for algo in sorted_algos:
output_objects.append({'object_type': 'html_form', 'text': '<p>'})
output_objects.append({
'object_type':
'link',
'destination':
"showfreeze.py?freeze_id=%s;flavor=%s;checksum=%s" %
(freeze_id, flavor, algo),
'class':
'infolink iconspace genericbutton',
'title':
'View archive with %s checksums' % algo.upper(),
'text':
'Show with %s checksums' % algo.upper()
})
output_objects.append({'object_type': 'html_form', 'text': '</p>'})
# We don't know state of archive in this case until AJAX returns
# so we hide the section and let AJAX show it if relevant
output_objects.append({
'object_type':
'html_form',
'text':
"""
<div class='updatearchive %(update)s'>
<p class='warn_message'>
Archive is currently in the process of being updated. No further changes can be
applied until running archive operations are completed.
</p>
</div>
<div class='editarchive %(edit)s'>
<p>
You can continue inspecting and changing your archive until you're satisfied,
then finalize it for actual persistent freezing.
</p>
<p>""" % hide_elems
})
output_objects.append({
'object_type':
'link',
'destination':
"adminfreeze.py?freeze_id=%s;flavor=%s" % (freeze_id, flavor),
'class':
'editarchivelink iconspace genericbutton',
'title':
'Further modify your pending %s archive' % flavor,
'text':
'Edit archive'
})
output_objects.append({'object_type': 'html_form', 'text': '</p>'})
form_method = 'post'
target_op = 'createfreeze'
csrf_limit = get_csrf_limit(configuration)
csrf_token = make_csrf_token(configuration, form_method, target_op,
client_id, csrf_limit)
helper = html_post_helper(
'createfreeze', '%s.py' % target_op, {
'freeze_id': freeze_id,
'flavor': flavor,
'freeze_state': keyword_final,
csrf_field: csrf_token
})
output_objects.append({'object_type': 'html_form', 'text': helper})
output_objects.append({
'object_type':
'link',
'destination':
"javascript: confirmDialog(%s, '%s');" %
('createfreeze', 'Really finalize %s?' % freeze_id),
'class':
'finalizearchivelink iconspace genericbutton',
'title':
'Finalize %s archive to prevent further changes' % flavor,
'text':
'Finalize archive',
})
output_objects.append({
'object_type':
'html_form',
'text':
"""
</div>
<div class='registerarchive %(register)s'>
<p>
You can register a <a href='http://www.doi.org/index.html'>Digital Object
Identifier (DOI)</a> for finalized archives. This may be useful in case you
want to reference the contents in a publication.
</p>
""" % hide_elems
})
form_method = 'post'
target_op = 'registerfreeze'
csrf_limit = get_csrf_limit(configuration)
csrf_token = make_csrf_token(configuration, form_method, target_op,
client_id, csrf_limit)
helper = html_post_helper(
'registerfreeze', configuration.site_freeze_doi_url, {
'freeze_id': freeze_id,
'freeze_author': client_id,
configuration.site_freeze_doi_url_field: '__DYNAMIC__',
'callback_url': "%s.py" % target_op,
csrf_field: csrf_token
})
output_objects.append({'object_type': 'html_form', 'text': helper})
output_objects.append({
'object_type': 'html_form',
'text': configuration.site_freeze_doi_text
})
output_objects.append({
'object_type':
'link',
'destination':
"javascript: confirmDialog(%s, '%s');" %
('registerfreeze', 'Really request DOI for %s?' % freeze_id),
'class':
'registerarchivelink iconspace genericbutton',
'title':
'Register a DOI for %s archive %s' % (flavor, freeze_id),
'text':
'Request archive DOI',
})
output_objects.append({
'object_type': 'html_form',
'text': """
</div>"""
})
output_objects.append({
'object_type':
'html_form',
'text':
"""
<div class='vertical-spacer'></div>"""
})
return (output_objects, returnvalues.OK)
def main(client_id, user_arguments_dict):
"""Main function used by front end"""
(configuration, logger, output_objects, op_name) = \
initialize_main_variables(client_id, op_header=False)
client_dir = client_id_dir(client_id)
defaults = signature()[1]
(validate_status, accepted) = validate_input_and_cert(
user_arguments_dict,
defaults,
output_objects,
client_id,
configuration,
allow_rejects=False,
)
if not validate_status:
return (accepted, returnvalues.CLIENT_ERROR)
logger.debug("User: %s executing %s" % (client_id, op_name))
if not configuration.site_enable_cloud:
output_objects.append({
'object_type':
'error_text',
'text':
'The cloud service is not enabled on the system'
})
return (output_objects, returnvalues.SYSTEM_ERROR)
output_objects.append({
'object_type': 'header',
'text': 'Cloud Instance Management'
})
user_map = get_full_user_map(configuration)
user_dict = user_map.get(client_id, None)
# Optional limitation of cload access vgrid permission
if not user_dict or not cloud_access_allowed(configuration, user_dict):
output_objects.append({
'object_type':
'error_text',
'text':
"You don't have permission to access the cloud facilities on "
"this site"
})
return (output_objects, returnvalues.CLIENT_ERROR)
return_status = returnvalues.OK
action = accepted['action'][-1]
# NOTE: instance_X may be empty list - fall back to empty string
instance_id = ([''] + accepted['instance_id'])[-1]
instance_label = ([''] + accepted['instance_label'])[-1]
instance_image = ([''] + accepted['instance_image'])[-1]
accept_terms = (([''] + accepted['accept_terms'])[-1] in ('yes', 'on'))
cloud_id = accepted['service'][-1]
service = {
k: v
for options in configuration.cloud_services
for k, v in options.items() if options['service_name'] == cloud_id
}
if not service:
valid_services = [
options['service_name'] for options in configuration.cloud_services
]
output_objects.append({
'object_type':
'error_text',
'text':
'%s is not among the valid cloud services: %s' %
(cloud_id, ', '.join(valid_services))
})
return (output_objects, returnvalues.CLIENT_ERROR)
valid_service = valid_cloud_service(configuration, service)
if not valid_service:
output_objects.append({
'object_type':
'error_text',
'text':
'The service %s appears to be misconfigured, '
'please contact a system administrator about this issue' % cloud_id
})
return (output_objects, returnvalues.SYSTEM_ERROR)
service_title = service['service_title']
if not action in valid_actions:
output_objects.append({
'object_type':
'error_text',
'text':
'%s is not a valid action '
'allowed actions include %s' % (action, ', '.join(valid_actions))
})
return (output_objects, returnvalues.CLIENT_ERROR)
elif action in cloud_edit_actions:
if not safe_handler(configuration, 'post', op_name, client_id,
get_csrf_limit(configuration), accepted):
output_objects.append({
'object_type':
'error_text',
'text':
'''Only accepting
CSRF-filtered POST requests to prevent unintended updates'''
})
return (output_objects, returnvalues.CLIENT_ERROR)
cloud_flavor = service.get("service_flavor", "openstack")
user_home_dir = os.path.join(configuration.user_home, client_dir)
client_email = extract_field(client_id, 'email')
if not client_email:
logger.error("could not extract client email for %s!" % client_id)
output_objects.append({
'object_type': 'error_text',
'text': "No client ID found - can't continue"
})
return (output_objects, returnvalues.SYSTEM_ERROR)
ssh_auth_msg = "Login requires your private key for your public key:"
instance_missing_msg = "Found no '%s' instance at %s. Please contact a " \
+ "site administrator if it should be there."
_label = instance_label
if instance_id and not _label:
_, _label, _ = cloud_split_instance_id(configuration, client_id,
instance_id)
if "create" == action:
if not accept_terms:
logger.error("refusing create without accepting terms for %s!" %
client_id)
output_objects.append({
'object_type':
'error_text',
'text':
"You MUST accept the cloud user terms to create instances"
})
return (output_objects, returnvalues.CLIENT_ERROR)
# Load all instances and make sure none contains label in ID
saved_instances = cloud_load_instance(configuration, client_id,
cloud_id, keyword_all)
for (saved_id, instance) in saved_instances.items():
if instance_label == instance.get('INSTANCE_LABEL', saved_id):
logger.error("Refused %s re-create %s cloud instance %s!" %
(client_id, cloud_id, instance_label))
output_objects.append({
'object_type':
'error_text',
'text':
"You already have an instance with the label '%s'!" %
instance_label
})
return (output_objects, returnvalues.CLIENT_ERROR)
max_instances = lookup_user_service_value(
configuration, client_id, service, 'service_max_user_instances')
max_user_instances = int(max_instances)
# NOTE: a negative max value means unlimited but 0 or more is enforced
if max_user_instances >= 0 and \
len(saved_instances) >= max_user_instances:
logger.error("Refused %s create additional %s cloud instances!" %
(client_id, cloud_id))
output_objects.append({
'object_type':
'error_text',
'text':
"You already have the maximum allowed %s instances (%d)!" %
(service_title, max_user_instances)
})
return (output_objects, returnvalues.CLIENT_ERROR)
if not instance_label:
logger.error("Refused %s create unlabelled %s cloud instance!" %
(client_id, cloud_id))
output_objects.append({
'object_type': 'error_text',
'text': "No instance label provided!"
})
return (output_objects, returnvalues.CLIENT_ERROR)
# Lookup user-specific allowed images (colon-separated image names)
allowed_images = allowed_cloud_images(configuration, client_id,
cloud_id, cloud_flavor)
if not allowed_images:
output_objects.append({
'object_type':
'error_text',
'text':
"No valid / allowed cloud images found!"
})
return (output_objects, returnvalues.CLIENT_ERROR)
if not instance_image:
instance_image = allowed_images[0]
logger.info("No image specified - using first for %s in %s: %s" %
(client_id, cloud_id, instance_image))
image_id = None
for (img_name, img_id, img_alias) in allowed_images:
if instance_image == img_name:
image_id = img_id
break
if not image_id:
logger.error("No matching image ID found for %s in %s: %s" %
(client_id, cloud_id, instance_image))
output_objects.append({
'object_type':
'error_text',
'text':
"No such image found: %s" % instance_image
})
return (output_objects, returnvalues.CLIENT_ERROR)
# TODO: remove this direct key injection if we can delay it
cloud_settings = load_cloud(client_id, configuration)
raw_keys = cloud_settings.get('authkeys', '').split('\n')
auth_keys = [i.split('#', 1)[0].strip() for i in raw_keys]
auth_keys = [i for i in auth_keys if i]
if not auth_keys:
logger.error("No cloud pub keys setup for %s - refuse create" %
client_id)
output_objects.append({
'object_type':
'error_text',
'text':
"""
You haven't provided any valid ssh pub key(s) for cloud instance login, which
is stricly required for all use. Please do so before you try again.
"""
})
output_objects.append({
'object_type': 'link',
'destination': 'setup.py?topic=cloud',
'text': 'Open cloud setup',
'class': 'cloudsetuplink iconspace',
'title': 'open cloud setup',
'target': '_blank'
})
return (output_objects, returnvalues.CLIENT_ERROR)
logger.debug("Continue create for %s with auth_keys: %s" %
(client_id, auth_keys))
# Create a new internal keyset and session id
(priv_key, pub_key) = generate_ssh_rsa_key_pair(encode_utf8=True)
session_id = generate_random_ascii(session_id_bytes,
charset='0123456789abcdef')
# We make sure to create instance with a globally unique ID on the
# cloud while only showing the requested instance_label to the user.
instance_id = cloud_build_instance_id(configuration, client_email,
instance_label, session_id)
# TODO: make more fields flexible/conf
cloud_dict = {
'INSTANCE_ID': instance_id,
'INSTANCE_LABEL': instance_label,
'INSTANCE_IMAGE': instance_image,
'IMAGE_ID': image_id,
'AUTH_KEYS': auth_keys,
'USER_CERT': client_id,
'INSTANCE_PRIVATE_KEY': priv_key,
'INSTANCE_PUBLIC_KEY': pub_key,
# don't need fraction precision, also not all systems provide fraction
# precision.
'CREATED_TIMESTAMP': int(time.time()),
# Init unset ssh address and leave for floating IP assigment below
'INSTANCE_SSH_IP': '',
'INSTANCE_SSH_PORT': 22,
}
(action_status,
action_msg) = create_cloud_instance(configuration, client_id,
cloud_id, cloud_flavor,
instance_id, image_id, auth_keys)
if not action_status:
logger.error(
"%s %s cloud instance %s for %s failed: %s" %
(action, cloud_id, instance_id, client_id, action_msg))
output_objects.append({
'object_type':
'error_text',
'text':
'Your %s instance %s at %s did not succeed: %s' %
(action, instance_label, service_title, action_msg)
})
return (output_objects, returnvalues.SYSTEM_ERROR)
# On success the action_msg contains the assigned floating IP address
instance_ssh_fqdn = action_msg
cloud_dict['INSTANCE_SSH_IP'] = instance_ssh_fqdn
if not cloud_save_instance(configuration, client_id, cloud_id,
instance_id, cloud_dict):
logger.error("save new %s cloud instance %s for %s failed" %
(cloud_id, instance_id, client_id))
output_objects.append({
'object_type':
'error_text',
'text':
'Error saving your %s cloud instance setup' % service_title
})
return (output_objects, returnvalues.SYSTEM_ERROR)
output_objects.append({
'object_type':
'text',
'text':
"%s instance %s at %s: %s" %
(action, instance_label, service_title, "success")
})
output_objects.append({
'object_type':
'html_form',
'text':
_ssh_help(configuration, client_id, cloud_id, cloud_dict,
instance_id)
})
elif "delete" == action:
saved_instance = cloud_load_instance(configuration, client_id,
cloud_id, instance_id)
if not saved_instance:
logger.error("no saved %s cloud instance %s for %s to delete" %
(cloud_id, instance_id, client_id))
output_objects.append({
'object_type':
'error_text',
'text':
instance_missing_msg % (_label, service_title)
})
return (output_objects, returnvalues.CLIENT_ERROR)
(action_status,
action_msg) = delete_cloud_instance(configuration, client_id,
cloud_id, cloud_flavor,
instance_id)
if not action_status:
logger.error(
"%s %s cloud instance %s for %s failed: %s" %
(action, cloud_id, instance_id, client_id, action_msg))
output_objects.append({
'object_type':
'error_text',
'text':
'Your %s instance %s at %s did not succeed: %s' %
(action, _label, service_title, action_msg)
})
return (output_objects, returnvalues.SYSTEM_ERROR)
if not cloud_purge_instance(configuration, client_id, cloud_id,
instance_id):
logger.error("purge %s cloud instance %s for %s failed" %
(cloud_id, instance_id, client_id))
output_objects.append({
'object_type':
'error_text',
'text':
'Error deleting your %s cloud instance setup' % service_title
})
return (output_objects, returnvalues.SYSTEM_ERROR)
output_objects.append({
'object_type':
'text',
'text':
"%s instance %s at %s: %s" %
(action, _label, service_title, "success")
})
elif "status" == action:
saved_instance = cloud_load_instance(configuration, client_id,
cloud_id, instance_id)
if not saved_instance:
logger.error("no saved %s cloud instance %s for %s to query" %
(cloud_id, instance_id, client_id))
output_objects.append({
'object_type':
'error_text',
'text':
instance_missing_msg % (_label, service_title)
})
return (output_objects, returnvalues.CLIENT_ERROR)
(action_status,
action_msg) = status_of_cloud_instance(configuration, client_id,
cloud_id, cloud_flavor,
instance_id)
if not action_status:
logger.error(
"%s %s cloud instance %s for %s failed: %s" %
(action, cloud_id, instance_id, client_id, action_msg))
output_objects.append({
'object_type':
'error_text',
'text':
'Your %s instance %s at %s did not succeed: %s' %
(action, _label, service_title, action_msg)
})
return (output_objects, returnvalues.SYSTEM_ERROR)
output_objects.append({
'object_type':
'text',
'text':
"%s instance %s at %s: %s" %
(action, _label, service_title, action_msg)
})
# Show instance access details if running
if action_msg in ('ACTIVE', 'RUNNING'):
# Only include web console if explicitly configured
if configuration.user_cloud_console_access:
(console_status, console_msg) = web_access_cloud_instance(
configuration, client_id, cloud_id, cloud_flavor,
instance_id)
if not console_status:
logger.error(
"%s cloud instance %s console for %s failed: %s" % \
(cloud_id, instance_id, client_id, console_msg))
output_objects.append({
'object_type':
'error_text',
'text':
'Failed to get instance %s at %s console: %s' %
(_label, service_title, console_msg)
})
return (output_objects, returnvalues.SYSTEM_ERROR)
logger.info("%s cloud instance %s console for %s: %s" %
(cloud_id, instance_id, client_id, console_msg))
output_objects.append({
'object_type': 'link',
'destination': console_msg,
'text': 'Open web console',
'class': 'consolelink iconspace',
'title': 'open web console',
'target': '_blank'
})
output_objects.append({'object_type': 'text', 'text': ''})
output_objects.append({
'object_type':
'html_form',
'text':
_ssh_help(configuration, client_id, cloud_id, saved_instance,
instance_id)
})
output_objects.append({'object_type': 'text', 'text': ''})
elif "start" == action:
saved_instance = cloud_load_instance(configuration, client_id,
cloud_id, instance_id)
if not saved_instance:
logger.error("no saved %s cloud instance %s for %s to start" %
(cloud_id, instance_id, client_id))
output_objects.append({
'object_type':
'error_text',
'text':
instance_missing_msg % (_label, service_title)
})
return (output_objects, returnvalues.CLIENT_ERROR)
(action_status,
action_msg) = start_cloud_instance(configuration, client_id, cloud_id,
cloud_flavor, instance_id)
if not action_status:
logger.error(
"%s %s cloud instance %s for %s failed: %s" %
(action, cloud_id, instance_id, client_id, action_msg))
output_objects.append({
'object_type':
'error_text',
'text':
'Your %s instance %s at %s did not succeed: %s' %
(action, _label, service_title, action_msg)
})
return (output_objects, returnvalues.SYSTEM_ERROR)
output_objects.append({
'object_type':
'text',
'text':
"%s instance %s at %s: %s" %
(action, _label, service_title, "success")
})
output_objects.append({
'object_type':
'html_form',
'text':
_ssh_help(configuration, client_id, cloud_id, saved_instance,
instance_id)
})
elif action in ("softrestart", "hardrestart"):
boot_strength = action.replace("restart", "").upper()
saved_instance = cloud_load_instance(configuration, client_id,
cloud_id, instance_id)
if not saved_instance:
logger.error("no saved %s cloud instance %s for %s to restart" %
(cloud_id, instance_id, client_id))
output_objects.append({
'object_type':
'error_text',
'text':
instance_missing_msg % (_label, service_title)
})
return (output_objects, returnvalues.CLIENT_ERROR)
(action_status,
action_msg) = restart_cloud_instance(configuration, client_id,
cloud_id, cloud_flavor,
instance_id, boot_strength)
if not action_status:
logger.error(
"%s %s cloud instance %s for %s failed: %s" %
(action, cloud_id, instance_id, client_id, action_msg))
output_objects.append({
'object_type':
'error_text',
'text':
'Your %s instance %s at %s did not succeed: %s' %
(action, _label, service_title, action_msg)
})
return (output_objects, returnvalues.SYSTEM_ERROR)
output_objects.append({
'object_type':
'text',
'text':
"%s instance %s at %s: %s" %
(action, _label, service_title, "success")
})
output_objects.append({
'object_type':
'html_form',
'text':
_ssh_help(configuration, client_id, cloud_id, saved_instance,
instance_id)
})
elif "stop" == action:
saved_instance = cloud_load_instance(configuration, client_id,
cloud_id, instance_id)
if not saved_instance:
logger.error("no saved %s cloud instance %s for %s to %s" %
(cloud_id, instance_id, client_id, action))
output_objects.append({
'object_type':
'error_text',
'text':
instance_missing_msg % (_label, service_title)
})
return (output_objects, returnvalues.CLIENT_ERROR)
(action_status,
action_msg) = stop_cloud_instance(configuration, client_id, cloud_id,
cloud_flavor, instance_id)
if not action_status:
logger.error(
"%s %s cloud instance %s for %s failed: %s" %
(action, cloud_id, instance_id, client_id, action_msg))
output_objects.append({
'object_type':
'error_text',
'text':
'Your %s instance %s at %s did not succeed: %s' %
(action, _label, service_title, action_msg)
})
return (output_objects, returnvalues.SYSTEM_ERROR)
output_objects.append({
'object_type':
'text',
'text':
"%s instance %s at %s: %s" %
(action, _label, service_title, "success")
})
elif "webaccess" == action:
saved_instance = cloud_load_instance(configuration, client_id,
cloud_id, instance_id)
if not saved_instance:
logger.error("no saved %s cloud instance %s for %s to query" %
(cloud_id, instance_id, client_id))
output_objects.append({
'object_type':
'error_text',
'text':
instance_missing_msg % (_label, service_title)
})
return (output_objects, returnvalues.CLIENT_ERROR)
if not configuration.user_cloud_console_access:
logger.error("web console not enabled in conf!")
output_objects.append({
'object_type':
'error_text',
'text':
'Site does not expose cloud web console!'
})
return (output_objects, returnvalues.CLIENT_ERROR)
(action_status,
action_msg) = web_access_cloud_instance(configuration, client_id,
cloud_id, cloud_flavor,
instance_id)
if not action_status:
logger.error(
"%s %s cloud instance %s for %s failed: %s" %
(action, service_title, instance_id, client_id, action_msg))
output_objects.append({
'object_type':
'error_text',
'text':
'Your %s instance %s at %s did not succeed: %s' %
(action, _label, service_title, action_msg)
})
return (output_objects, returnvalues.SYSTEM_ERROR)
output_objects.append({
'object_type':
'text',
'text':
"%s instance %s at %s" % (action, _label, service_title)
})
output_objects.append({
'object_type': 'link',
'destination': action_msg,
'text': 'Open web console',
'class': 'consolelink iconspace',
'title': 'open web console',
'target': '_blank'
})
output_objects.append({'object_type': 'text', 'text': ''})
output_objects.append({
'object_type':
'html_form',
'text':
_ssh_help(configuration, client_id, cloud_id, saved_instance,
instance_id)
})
elif "updatekeys" == action:
saved_instance = cloud_load_instance(configuration, client_id,
cloud_id, instance_id)
if not saved_instance:
logger.error("no saved %s cloud instance %s for %s to update" %
(cloud_id, instance_id, client_id))
output_objects.append({
'object_type':
'error_text',
'text':
instance_missing_msg % (_label, service_title)
})
return (output_objects, returnvalues.CLIENT_ERROR)
cloud_settings = load_cloud(client_id, configuration)
auth_keys = cloud_settings.get('authkeys', '').split('\n')
(action_status,
action_msg) = update_cloud_instance_keys(configuration, client_id,
cloud_id, cloud_flavor,
instance_id, auth_keys)
if not action_status:
logger.error(
"%s %s cloud instance %s for %s failed: %s" %
(action, cloud_id, instance_id, client_id, action_msg))
output_objects.append({
'object_type':
'error_text',
'text':
'Your %s instance %s at %s did not succeed: %s' %
(action, _label, service_title, action_msg)
})
return (output_objects, returnvalues.SYSTEM_ERROR)
output_objects.append({
'object_type':
'text',
'text':
"%s instance %s at %s: %s" %
(action, _label, service_title, "success")
})
output_objects.append({
'object_type':
'html_form',
'text':
_ssh_help(configuration, client_id, cloud_id, saved_instance,
instance_id)
})
output_objects.append({'object_type': 'text', 'text': ssh_auth_msg})
for pub_key in auth_keys:
output_objects.append({'object_type': 'text', 'text': pub_key})
else:
output_objects.append({
'object_type': 'error_text',
'text': 'Unknown action: %s' % action
})
return_status = returnvalues.CLIENT_ERROR
output_objects.append({
'object_type': 'link',
'destination': 'cloud.py',
'class': 'backlink iconspace',
'title': 'Go back to cloud management',
'text': 'Back to cloud management'
})
return (output_objects, return_status)
def main(client_id, user_arguments_dict):
"""Main function used by front end"""
(configuration, logger, output_objects, op_name) = \
initialize_main_variables(client_id, op_header=False)
defaults = signature()[1]
title_entry = find_entry(output_objects, 'title')
label = "%s" % configuration.site_vgrid_label
title_entry['text'] = "Add %s Member" % label
output_objects.append({'object_type': 'header', 'text':
'Add %s Member(s)' % label})
status = returnvalues.OK
(validate_status, accepted) = validate_input_and_cert(
user_arguments_dict,
defaults,
output_objects,
client_id,
configuration,
allow_rejects=False,
)
if not validate_status:
return (accepted, returnvalues.CLIENT_ERROR)
vgrid_name = accepted['vgrid_name'][-1].strip()
cert_id_list = accepted['cert_id']
request_name = unhexlify(accepted['request_name'][-1])
rank_list = accepted['rank'] + ['' for _ in cert_id_list]
if not safe_handler(configuration, 'post', op_name, client_id,
get_csrf_limit(configuration), accepted):
output_objects.append(
{'object_type': 'error_text', 'text': '''Only accepting
CSRF-filtered POST requests to prevent unintended updates'''
})
return (output_objects, returnvalues.CLIENT_ERROR)
user_map = get_full_user_map(configuration)
user_dict = user_map.get(client_id, None)
# Optional site-wide limitation of manage vgrid permission
if not user_dict or \
not vgrid_manage_allowed(configuration, user_dict):
logger.warning("user %s is not allowed to manage vgrids!" % client_id)
output_objects.append(
{'object_type': 'error_text', 'text':
'Only privileged users can manage %ss' % label})
return (output_objects, returnvalues.CLIENT_ERROR)
# make sure vgrid settings allow this owner to edit members
(allow_status, allow_msg) = allow_members_adm(configuration, vgrid_name,
client_id)
if not allow_status:
output_objects.append({'object_type': 'error_text', 'text': allow_msg})
return (output_objects, returnvalues.CLIENT_ERROR)
cert_id_added = []
for (cert_id, rank_str) in zip(cert_id_list, rank_list):
cert_id = cert_id.strip()
cert_dir = client_id_dir(cert_id)
try:
rank = int(rank_str)
except ValueError:
rank = None
# Allow openid alias as subject if openid with alias is enabled
if configuration.user_openid_providers and configuration.user_openid_alias:
cert_id = expand_openid_alias(cert_id, configuration)
# Validity of user and vgrid names is checked in this init function so
# no need to worry about illegal directory traversal through variables
(ret_val, msg, _) = \
init_vgrid_script_add_rem(vgrid_name, client_id, cert_id,
'member', configuration)
if not ret_val:
output_objects.append({'object_type': 'error_text', 'text':
msg})
status = returnvalues.CLIENT_ERROR
continue
# don't add if already an owner
if vgrid_is_owner(vgrid_name, cert_id, configuration):
output_objects.append(
{'object_type': 'error_text', 'text':
'%s is already an owner of %s or a parent %s.' %
(cert_id, vgrid_name, label)})
status = returnvalues.CLIENT_ERROR
continue
# don't add if already a member unless rank is given
if rank is None and vgrid_is_member(vgrid_name, cert_id, configuration):
output_objects.append(
{'object_type': 'error_text', 'text':
'''%s is already a member of %s or a parent %s. Please remove
the person first and then try this operation again.''' %
(cert_id, vgrid_name, label)
})
status = returnvalues.CLIENT_ERROR
continue
# owner or member of subvgrid?
(list_status, subvgrids) = vgrid_list_subvgrids(vgrid_name,
configuration)
if not list_status:
output_objects.append({'object_type': 'error_text', 'text':
'Error getting list of sub%ss: %s' %
(label, subvgrids)})
status = returnvalues.SYSTEM_ERROR
continue
# TODO: we DO allow ownership of sub vgrids with parent membership so we
# should support the (cumbersome) relinking of vgrid shares here. Leave it
# to user to do it manually for now with temporary removal of ownership
skip_entity = False
for subvgrid in subvgrids:
if vgrid_is_owner(subvgrid, cert_id, configuration, recursive=False):
output_objects.append(
{'object_type': 'error_text', 'text':
"""%(cert_id)s is already an owner of a
sub-%(vgrid_label)s ('%(subvgrid)s'). While we DO support members being owners
of sub-%(vgrid_label)ss, we do not support adding parent %(vgrid_label)s
members at the moment. Please (temporarily) remove the person as owner of all
sub-%(vgrid_label)ss first and then try this operation again.""" %
{'cert_id': cert_id, 'subvgrid': subvgrid,
'vgrid_label': label}})
status = returnvalues.CLIENT_ERROR
skip_entity = True
break
if vgrid_is_member(subvgrid, cert_id, configuration, recursive=False):
output_objects.append(
{'object_type': 'error_text', 'text':
"""%s is already a member of a sub-%s ('%s'). Please
remove the person first and then try this operation again.""" %
(cert_id, label, subvgrid)})
status = returnvalues.CLIENT_ERROR
skip_entity = True
break
if skip_entity:
continue
# Check if only rank change was requested and apply if so
if rank is not None:
(add_status, add_msg) = vgrid_add_members(configuration,
vgrid_name,
[cert_id], rank=rank)
if not add_status:
output_objects.append(
{'object_type': 'error_text', 'text': add_msg})
status = returnvalues.SYSTEM_ERROR
else:
output_objects.append({'object_type': 'text', 'text':
'changed %s to member %d' % (cert_id,
rank)})
# No further action after rank change as everything else exists
continue
# Getting here means cert_id is neither owner or member of any parent or
# sub-vgrids.
# Please note that base_dir must end in slash to avoid access to other
# vgrid dirs when own name is a prefix of another name
base_dir = os.path.abspath(os.path.join(configuration.vgrid_home,
vgrid_name)) + os.sep
user_dir = os.path.abspath(os.path.join(configuration.user_home,
cert_dir)) + os.sep
# make sure all dirs can be created (that a file or directory with the same
# name do not exist prior to adding the member)
if os.path.exists(user_dir + vgrid_name):
output_objects.append(
{'object_type': 'error_text', 'text':
'''Could not add member, a file or directory in the home
directory called %s exists! (%s)''' % (vgrid_name, user_dir + vgrid_name)})
status = returnvalues.CLIENT_ERROR
continue
# Add
(add_status, add_msg) = vgrid_add_members(configuration, vgrid_name,
[cert_id])
if not add_status:
output_objects.append(
{'object_type': 'error_text', 'text': add_msg})
status = returnvalues.SYSTEM_ERROR
continue
vgrid_name_parts = vgrid_name.split('/')
is_subvgrid = len(vgrid_name_parts) > 1
if is_subvgrid:
try:
# vgrid_name = IMADA/STUD/BACH
# vgrid_name_last_fragment = BACH
vgrid_name_last_fragment = \
vgrid_name_parts[len(vgrid_name_parts)
- 1].strip()
# vgrid_name_without_last_fragment = IMADA/STUD/
vgrid_name_without_last_fragment = \
('/'.join(vgrid_name_parts[0:len(vgrid_name_parts)
- 1]) + os.sep).strip()
# create dirs if they do not exist
dir1 = user_dir + vgrid_name_without_last_fragment
if not os.path.isdir(dir1):
os.makedirs(dir1)
except Exception, exc:
# out of range? should not be possible due to is_subvgrid check
output_objects.append(
{'object_type': 'error_text', 'text':
('Could not create needed dirs on %s server! %s'
% (configuration.short_title, exc))})
logger.error('%s when looking for dir %s.' % (exc, dir1))
status = returnvalues.SYSTEM_ERROR
continue
# create symlink from users home directory to vgrid file directory
link_src = os.path.abspath(configuration.vgrid_files_home + os.sep
+ vgrid_name) + os.sep
link_dst = user_dir + vgrid_name
# create symlink to vgrid files
if not make_symlink(link_src, link_dst, logger):
output_objects.append({'object_type': 'error_text', 'text':
'Could not create link to %s files!' %
label
})
logger.error('Could not create link to %s files! (%s -> %s)' %
(label, link_src, link_dst))
status = returnvalues.SYSTEM_ERROR
continue
cert_id_added.append(cert_id)
def main(client_id, user_arguments_dict):
"""Main function used by front end"""
(configuration, logger, output_objects, op_name) = \
initialize_main_variables(client_id, op_header=False)
client_dir = client_id_dir(client_id)
status = returnvalues.OK
defaults = signature()[1]
# IMPORTANT: the CGI front end forces the input extraction to be delayed
# We must manually extract and parse input here to avoid memory explosion
# for huge files!
# TODO: explosions still happen sometimes!
# Most likely because of Apache SSL renegotiations which have
# no other way of storing input
extract_input = user_arguments_dict.get('__DELAYED_INPUT__', dict)
logger.info('Extracting input in %s' % op_name)
form = extract_input()
logger.info('After extracting input in %s' % op_name)
file_item = None
file_name = ''
user_arguments_dict = {}
if form.has_key('fileupload'):
file_item = form['fileupload']
file_name = file_item.filename
user_arguments_dict['fileupload'] = ['true']
user_arguments_dict['path'] = [file_name]
if form.has_key('path'):
user_arguments_dict['path'] = [form['path'].value]
if form.has_key('restrict'):
user_arguments_dict['restrict'] = [form['restrict'].value]
else:
user_arguments_dict['restrict'] = defaults['restrict']
logger.info('Filtered input is: %s' % user_arguments_dict)
# Now validate parts as usual
(validate_status, accepted) = validate_input_and_cert(
user_arguments_dict,
defaults,
output_objects,
client_id,
configuration,
allow_rejects=False,
)
if not validate_status:
return (accepted, returnvalues.CLIENT_ERROR)
flags = ''.join(accepted['flags'])
path = accepted['path'][-1]
restrict = accepted['restrict'][-1]
if not safe_handler(configuration, 'post', op_name, client_id,
get_csrf_limit(configuration), accepted):
output_objects.append({
'object_type':
'error_text',
'text':
'''Only accepting
CSRF-filtered POST requests to prevent unintended updates'''
})
return (output_objects, returnvalues.CLIENT_ERROR)
if not configuration.site_enable_griddk:
output_objects.append({
'object_type':
'text',
'text':
'''Grid.dk features are disabled on this site.
Please contact the site admins %s if you think they should be enabled.
''' % configuration.admin_email
})
return (output_objects, returnvalues.OK)
logger.info('Filtered input validated with result: %s' % accepted)
# Please note that base_dir must end in slash to avoid access to other
# user dirs when own name is a prefix of another user name
base_dir = os.path.abspath(
os.path.join(configuration.user_home, client_dir)) + os.sep
if verbose(flags):
for flag in flags:
output_objects.append({
'object_type': 'text',
'text': '%s using flag: %s' % (op_name, flag)
})
output_objects.append({'object_type': 'header', 'text': 'Uploading file'})
# Check directory traversal attempts before actual handling to avoid
# leaking information about file system layout while allowing consistent
# error messages
real_path = os.path.realpath(os.path.join(base_dir, path))
# Implicit destination
if os.path.isdir(real_path):
real_path = os.path.join(real_path, os.path.basename(file_name))
if not valid_user_path(configuration, real_path, base_dir, True):
logger.warning('%s tried to %s restricted path %s ! (%s)' %
(client_id, op_name, real_path, path))
output_objects.append({
'object_type':
'error_text',
'text':
"Invalid destination (%s expands to an illegal path)" % path
})
return (output_objects, returnvalues.CLIENT_ERROR)
if not os.path.isdir(os.path.dirname(real_path)):
output_objects.append({
'object_type':
'error_text',
'text':
"cannot write: no such file or directory: %s)" % path
})
return (output_objects, returnvalues.CLIENT_ERROR)
# We fork off here and redirect the user to a progress page for user
# friendly output and to avoid cgi timeouts from killing the upload.
# We use something like the Active State python recipe for daemonizing
# to properly detach from the CGI process and continue in the background.
# Please note that we only close stdio file descriptors to avoid closing
# the fileupload.
file_item.file.seek(0, 2)
total_size = file_item.file.tell()
file_item.file.seek(0, 0)
try:
pid = os.fork()
if pid == 0:
os.setsid()
pid = os.fork()
if pid == 0:
os.chdir('/')
os.umask(0)
for fno in range(3):
try:
os.close(fno)
except OSError:
pass
else:
os._exit(0)
except OSError, ose:
output_objects.append({
'object_type':
'error_text',
'text':
'%s upload could not background! (%s)' %
(path, str(ose).replace(base_dir, ''))
})
return (output_objects, returnvalues.SYSTEM_ERROR)
def main(client_id, user_arguments_dict):
"""Main function used by front end"""
(configuration, logger, output_objects, op_name) = \
initialize_main_variables(client_id)
client_dir = client_id_dir(client_id)
status = returnvalues.OK
defaults = signature()[1]
(validate_status, accepted) = validate_input_and_cert(
user_arguments_dict,
defaults,
output_objects,
client_id,
configuration,
allow_rejects=False,
)
if not validate_status:
return (accepted, returnvalues.CLIENT_ERROR)
flags = ''.join(accepted['flags'])
size = int(accepted['size'][-1])
pattern_list = accepted['path']
if not safe_handler(configuration, 'post', op_name, client_id,
get_csrf_limit(configuration), accepted):
output_objects.append({
'object_type':
'error_text',
'text':
'''Only accepting
CSRF-filtered POST requests to prevent unintended updates'''
})
return (output_objects, returnvalues.CLIENT_ERROR)
# Please note that base_dir must end in slash to avoid access to other
# user dirs when own name is a prefix of another user name
base_dir = os.path.abspath(
os.path.join(configuration.user_home, client_dir)) + os.sep
if verbose(flags):
for flag in flags:
output_objects.append({
'object_type': 'text',
'text': '%s using flag: %s' % (op_name, flag)
})
if size < 0:
output_objects.append({
'object_type': 'error_text',
'text': 'size must be non-negative'
})
return (output_objects, returnvalues.CLIENT_ERROR)
for pattern in pattern_list:
# Check directory traversal attempts before actual handling to avoid
# leaking information about file system layout while allowing
# consistent error messages
unfiltered_match = glob.glob(base_dir + pattern)
match = []
for server_path in unfiltered_match:
# IMPORTANT: path must be expanded to abs for proper chrooting
abs_path = os.path.abspath(server_path)
if not valid_user_path(configuration, abs_path, base_dir, True):
# out of bounds - save user warning for later to allow
# partial match:
# ../*/* is technically allowed to match own files.
logger.warning('%s tried to %s restricted path %s ! (%s)' %
(client_id, op_name, abs_path, pattern))
continue
match.append(abs_path)
# Now actually treat list of allowed matchings and notify if no
# (allowed) match
if not match:
output_objects.append({
'object_type': 'file_not_found',
'name': pattern
})
status = returnvalues.FILE_NOT_FOUND
for abs_path in match:
relative_path = abs_path.replace(base_dir, '')
if verbose(flags):
output_objects.append({
'object_type': 'file',
'name': relative_path
})
if not check_write_access(abs_path):
logger.warning('%s called without write access: %s' % \
(op_name, abs_path))
output_objects.append(
{'object_type': 'error_text', 'text':
'cannot truncate "%s": inside a read-only location!' % \
pattern})
status = returnvalues.CLIENT_ERROR
continue
try:
fd = open(abs_path, 'r+')
fd.truncate(size)
fd.close()
logger.info('%s %s %s done' % (op_name, abs_path, size))
except Exception, exc:
output_objects.append({
'object_type':
'error_text',
'text':
"%s: '%s': %s" % (op_name, relative_path, exc)
})
logger.error("%s: failed on '%s': %s" %
(op_name, relative_path, exc))
status = returnvalues.SYSTEM_ERROR
continue
def main(client_id, user_arguments_dict):
"""Main function used by front end"""
(configuration, logger, output_objects, op_name) = \
initialize_main_variables(client_id, op_header=False,
op_menu=client_id)
client_dir = client_id_dir(client_id)
status = returnvalues.OK
defaults = signature()[1]
(validate_status, accepted) = validate_input(
user_arguments_dict,
defaults,
output_objects,
allow_rejects=False,
)
if not validate_status:
return (accepted, returnvalues.CLIENT_ERROR)
flags = ''.join(accepted['flags'])
patterns = accepted['path']
current_dir = accepted['current_dir']
share_id = accepted['share_id'][-1]
if not safe_handler(configuration, 'post', op_name, client_id,
get_csrf_limit(configuration), accepted):
output_objects.append(
{'object_type': 'error_text', 'text': '''Only accepting
CSRF-filtered POST requests to prevent unintended updates'''
})
return (output_objects, returnvalues.CLIENT_ERROR)
# Either authenticated user client_id set or sharelink ID
if client_id:
user_id = client_id
target_dir = client_id_dir(client_id)
base_dir = configuration.user_home
id_query = ''
page_title = 'Remove User Directory'
userstyle = True
widgets = True
elif share_id:
try:
(share_mode, _) = extract_mode_id(configuration, share_id)
except ValueError, err:
logger.error('%s called with invalid share_id %s: %s' % \
(op_name, share_id, err))
output_objects.append({'object_type': 'error_text', 'text'
: 'Invalid sharelink ID: %s' % share_id})
return (output_objects, returnvalues.CLIENT_ERROR)
# TODO: load and check sharelink pickle (currently requires client_id)
user_id = 'anonymous user through share ID %s' % share_id
if share_mode == 'read-only':
logger.error('%s called without write access: %s' % \
(op_name, accepted))
output_objects.append({'object_type': 'error_text', 'text'
: 'No write access!'})
return (output_objects, returnvalues.CLIENT_ERROR)
target_dir = os.path.join(share_mode, share_id)
base_dir = configuration.sharelink_home
id_query = '?share_id=%s' % share_id
page_title = 'Remove Shared Directory'
userstyle = False
widgets = False
def main(client_id, user_arguments_dict):
"""Main function used by front end"""
(configuration, logger, output_objects, op_name) = \
initialize_main_variables(client_id, op_header=False)
defaults = signature()[1]
title_entry = find_entry(output_objects, 'title')
label = "%s" % configuration.site_vgrid_label
title_entry['text'] = "Remove %s Trigger" % label
output_objects.append({'object_type': 'header', 'text'
: 'Remove %s Trigger' % label})
(validate_status, accepted) = validate_input_and_cert(
user_arguments_dict,
defaults,
output_objects,
client_id,
configuration,
allow_rejects=False,
)
if not validate_status:
return (accepted, returnvalues.CLIENT_ERROR)
vgrid_name = accepted['vgrid_name'][-1]
rule_id = accepted['rule_id'][-1]
if not safe_handler(configuration, 'post', op_name, client_id,
get_csrf_limit(configuration), accepted):
output_objects.append(
{'object_type': 'error_text', 'text': '''Only accepting
CSRF-filtered POST requests to prevent unintended updates'''
})
return (output_objects, returnvalues.CLIENT_ERROR)
logger.info("rmvgridtrigger %s %s" % (vgrid_name, rule_id))
# Validity of user and vgrid names is checked in this init function so
# no need to worry about illegal directory traversal through variables
(ret_val, msg, ret_variables) = \
init_vgrid_script_add_rem(vgrid_name, client_id,
rule_id, 'trigger',
configuration)
if not ret_val:
output_objects.append({'object_type': 'error_text', 'text': msg})
return (output_objects, returnvalues.CLIENT_ERROR)
elif msg:
# In case of warnings, msg is non-empty while ret_val remains True
output_objects.append({'object_type': 'warning', 'text': msg})
# if we get here user is either vgrid owner or has rule ownership
# can't remove if not a participant
if not vgrid_is_trigger(vgrid_name, rule_id, configuration, recursive=False):
output_objects.append({'object_type': 'error_text', 'text':
'%s is not a trigger in %s %s.' % \
(rule_id, vgrid_name, label)})
return (output_objects, returnvalues.CLIENT_ERROR)
# remove
(rm_status, rm_msg) = vgrid_remove_triggers(configuration, vgrid_name,
[rule_id])
if not rm_status:
logger.error('%s failed to remove trigger: %s' % (client_id, rm_msg))
output_objects.append({'object_type': 'error_text', 'text': rm_msg})
output_objects.append({'object_type': 'error_text', 'text':
'''%(rule_id)s might be listed as a trigger of
this %(vgrid_label)s because it is a trigger of a parent %(vgrid_label)s.
Removal must be performed from the most significant %(vgrid_label)s
possible.''' % {'rule_id': rule_id, 'vgrid_label': label}})
return (output_objects, returnvalues.SYSTEM_ERROR)
logger.info('%s removed trigger: %s' % (client_id, rule_id))
output_objects.append({'object_type': 'text', 'text':
'Trigger %s successfully removed from %s %s!'
% (rule_id, vgrid_name, label)})
output_objects.append({'object_type': 'link', 'destination':
'vgridworkflows.py?vgrid_name=%s' % vgrid_name,
'text': 'Back to workflows for %s' % vgrid_name})
return (output_objects, returnvalues.OK)
def main(client_id, user_arguments_dict):
"""Main function used by front end"""
(configuration, logger, output_objects, op_name) = \
initialize_main_variables(client_id)
client_dir = client_id_dir(client_id)
defaults = signature()[1]
(validate_status, accepted) = validate_input_and_cert(
user_arguments_dict,
defaults,
output_objects,
client_id,
configuration,
allow_rejects=False,
)
if not validate_status:
return (accepted, returnvalues.CLIENT_ERROR)
patterns = accepted['job_id']
if not safe_handler(configuration, 'post', op_name, client_id,
get_csrf_limit(configuration), accepted):
output_objects.append({
'object_type':
'error_text',
'text':
'''Only accepting
CSRF-filtered POST requests to prevent unintended updates'''
})
return (output_objects, returnvalues.CLIENT_ERROR)
if not configuration.site_enable_jobs:
output_objects.append({
'object_type':
'error_text',
'text':
'''Job execution is not enabled on this system'''
})
return (output_objects, returnvalues.SYSTEM_ERROR)
# Please note that base_dir must end in slash to avoid access to other
# user dirs when own name is a prefix of another user name
base_dir = \
os.path.abspath(os.path.join(configuration.mrsl_files_dir,
client_dir)) + os.sep
status = returnvalues.OK
filelist = []
for pattern in patterns:
pattern = pattern.strip()
# Backward compatibility - all_jobs keyword should match all jobs
if pattern == all_jobs:
pattern = '*'
# Check directory traversal attempts before actual handling to avoid
# leaking information about file system layout while allowing
# consistent error messages
unfiltered_match = glob.glob(base_dir + pattern + '.mRSL')
match = []
for server_path in unfiltered_match:
# IMPORTANT: path must be expanded to abs for proper chrooting
abs_path = os.path.abspath(server_path)
if not valid_user_path(configuration, abs_path, base_dir, True):
# out of bounds - save user warning for later to allow
# partial match:
# ../*/* is technically allowed to match own files.
logger.warning('%s tried to %s restricted path %s ! (%s)' %
(client_id, op_name, abs_path, pattern))
continue
# Insert valid job files in filelist for later treatment
match.append(abs_path)
# Now actually treat list of allowed matchings and notify if no
# (allowed) match
if not match:
output_objects.append({
'object_type':
'error_text',
'text':
'%s: You do not have any matching job IDs!' % pattern
})
status = returnvalues.CLIENT_ERROR
else:
filelist += match
# job schedule is hard on the server, limit
if len(filelist) > 100:
output_objects.append({
'object_type':
'error_text',
'text':
'Too many matching jobs (%s)!' % len(filelist)
})
return (output_objects, returnvalues.CLIENT_ERROR)
saveschedulejobs = []
for filepath in filelist:
# Extract job_id from filepath (replace doesn't modify filepath)
mrsl_file = filepath.replace(base_dir, '')
job_id = mrsl_file.replace('.mRSL', '')
saveschedulejob = {'object_type': 'saveschedulejob', 'job_id': job_id}
dict = unpickle(filepath, logger)
if not dict:
saveschedulejob['message'] = \
('The file containing the information' \
' for job id %s could not be opened!' \
' You can only read schedule for ' \
'your own jobs!') % job_id
saveschedulejobs.append(saveschedulejob)
status = returnvalues.CLIENT_ERROR
continue
saveschedulejob['oldstatus'] = dict['STATUS']
# Is the job status pending?
possible_schedule_states = ['QUEUED', 'RETRY', 'FROZEN']
if not dict['STATUS'] in possible_schedule_states:
saveschedulejob['message'] = \
'You can only read schedule for jobs with status: %s.'\
% ' or '.join(possible_schedule_states)
saveschedulejobs.append(saveschedulejob)
continue
# notify queue
if not send_message_to_grid_script('JOBSCHEDULE ' + job_id + '\n',
logger, configuration):
output_objects.append({
'object_type':
'error_text',
'text':
'Error sending message to grid_script, update may fail.'
})
status = returnvalues.SYSTEM_ERROR
continue
saveschedulejobs.append(saveschedulejob)
savescheduleinfo = """Please find any available job schedule status in
verbose job status output."""
output_objects.append({
'object_type': 'saveschedulejobs',
'saveschedulejobs': saveschedulejobs,
'savescheduleinfo': savescheduleinfo
})
return (output_objects, status)
def main(client_id, user_arguments_dict):
"""Main function used by front end"""
(configuration, logger, output_objects, op_name) = \
initialize_main_variables(client_id, op_header=False)
defaults = signature()[1]
(validate_status, accepted) = validate_input_and_cert(
user_arguments_dict,
defaults,
output_objects,
client_id,
configuration,
allow_rejects=False,
)
if not validate_status:
return (accepted, returnvalues.CLIENT_ERROR)
atjobs = accepted['atjobs']
cronjobs = accepted['crontab']
output_status = returnvalues.OK
title_entry = find_entry(output_objects, 'title')
title_entry['text'] = 'Add Scheduled Tasks'
header_entry = {'object_type': 'header', 'text': 'Schedule Tasks'}
output_objects.append(header_entry)
if not configuration.site_enable_crontab:
output_objects.append({
'object_type':
'text',
'text':
'''
Scheduled tasks are disabled on this site.
Please contact the site admins %s if you think they should be enabled.
''' % configuration.admin_email
})
return (output_objects, returnvalues.OK)
logger.info('%s from %s' % (op_name, client_id))
#logger.debug('%s from %s: %s' % (op_name, client_id, accepted))
if not atjobs and not cronjobs:
output_objects.append({
'object_type': 'error_text',
'text': 'No cron/at jobs provided!'
})
return (output_objects, returnvalues.CLIENT_ERROR)
if not safe_handler(configuration, 'post', op_name, client_id,
get_csrf_limit(configuration), accepted):
output_objects.append({
'object_type':
'error_text',
'text':
'''Only accepting
CSRF-filtered POST requests to prevent unintended updates'''
})
return (output_objects, returnvalues.CLIENT_ERROR)
if cronjobs:
crontab_contents = load_crontab(client_id, configuration)
crontab_contents += '''
%s
''' % '\n'.join(cronjobs)
(parse_status,
parse_msg) = parse_and_save_crontab(crontab_contents, client_id,
configuration)
if not parse_status:
output_objects.append({
'object_type':
'error_text',
'text':
'Error parsing and saving crontab: %s' % parse_msg
})
output_status = returnvalues.CLIENT_ERROR
else:
if parse_msg:
output_objects.append({
'object_type':
'html_form',
'text':
'<p class="warningtext">%s</p>' % parse_msg
})
else:
output_objects.append({
'object_type': 'text',
'text': 'Added repeating task schedule'
})
if atjobs:
atjobs_contents = load_atjobs(client_id, configuration)
atjobs_contents += '''
%s
''' % '\n'.join(atjobs)
(parse_status,
parse_msg) = parse_and_save_atjobs(atjobs_contents, client_id,
configuration)
if not parse_status:
output_objects.append({
'object_type':
'error_text',
'text':
'Error parsing and saving atjobs: %s' % parse_msg
})
output_status = returnvalues.CLIENT_ERROR
else:
if parse_msg:
output_objects.append({
'object_type':
'html_form',
'text':
'<p class="warningtext">%s</p>' % parse_msg
})
else:
output_objects.append({
'object_type': 'text',
'text': 'Added one-time task schedule'
})
output_objects.append({
'object_type': 'link',
'destination': 'crontab.py',
'text': 'Schedule task overview'
})
return (output_objects, output_status)
'Failed to remove saved request for %s in %s!' %
(vgrid_name, request_name)})
if cert_id_added:
output_objects.append(
{'object_type': 'html_form', 'text':
'New member(s)<br />%s<br />successfully added to %s %s!''' %
('<br />'.join(cert_id_added), vgrid_name, label)
})
cert_id_fields = ''
for cert_id in cert_id_added:
cert_id_fields += """<input type=hidden name=cert_id value='%s' />
""" % cert_id
form_method = 'post'
csrf_limit = get_csrf_limit(configuration)
fill_helpers = {'vgrid_name': vgrid_name, 'cert_id': cert_id,
'protocol': any_protocol,
'short_title': configuration.short_title,
'vgrid_label': label,
'cert_id_fields': cert_id_fields,
'form_method': form_method,
'csrf_field': csrf_field,
'csrf_limit': csrf_limit}
target_op = 'sendrequestaction'
csrf_token = make_csrf_token(configuration, form_method, target_op,
client_id, csrf_limit)
fill_helpers.update({'target_op': target_op, 'csrf_token': csrf_token})
output_objects.append({'object_type': 'html_form', 'text': """
<form method='%(form_method)s' action='%(target_op)s.py'>
<input type='hidden' name='%(csrf_field)s' value='%(csrf_token)s' />
def main(client_id, user_arguments_dict):
"""Main function used by front end"""
(configuration, logger, output_objects, op_name) = \
initialize_main_variables(client_id, op_header=False)
output_objects.append({'object_type': 'header', 'text':
'%s Request Virtual Machine' % \
configuration.short_title})
status = returnvalues.OK
defaults = signature()[1]
(validate_status, accepted) = validate_input_and_cert(
user_arguments_dict,
defaults,
output_objects,
client_id,
configuration,
allow_rejects=False,
)
if not validate_status:
return (accepted, returnvalues.CLIENT_ERROR)
title_entry = find_entry(output_objects, 'title')
title_entry['text'] = 'Virtual Machines'
if not configuration.site_enable_vmachines:
output_objects.append({
'object_type':
'text',
'text':
'''Virtual machines are disabled on this site.
Please contact the site admins %s if you think they should be enabled.
''' % configuration.admin_email
})
return (output_objects, returnvalues.OK)
form_method = 'post'
csrf_limit = get_csrf_limit(configuration)
fill_helpers = {
'form_method': form_method,
'csrf_field': csrf_field,
'csrf_limit': csrf_limit
}
target_op = 'vmachines'
csrf_token = make_csrf_token(configuration, form_method, target_op,
client_id, csrf_limit)
fill_helpers.update({'target_op': target_op, 'csrf_token': csrf_token})
build_form = '''
<form method="%(form_method)s" action="%(target_op)s.py">
<input type="hidden" name="%(csrf_field)s" value="%(csrf_token)s" />
<input type="hidden" name="output_format" value="html">
<input type="hidden" name="action" value="create">
''' % fill_helpers
build_form += '''
<table style="margin: 0px; width: 100%;">
<tr>
<td style="width: 20%;">Machine name</td>
<td>
<input type="text" name="machine_name" size="30" value="MyVirtualDesktop">
</td>
</tr>
</table>
<fieldset>
<legend><input type="radio" name="machine_type" value="pre" checked="checked">Prebuilt</legend>
<table>
<tr>
<td style="width: 20%;">Choose a OS version</td>
<td>
<select name="os">
'''
for os in vms.available_os_list(configuration):
build_form += '<option value="%s">%s</option>\n' % \
(os, os.capitalize())
build_form += '''
</select>
</td>
</tr>
<tr>
<td>Choose a machine image</td>
<td>
<select name="flavor">
'''
for flavor in vms.available_flavor_list(configuration):
build_form += '<option value="%s">%s</option>\n' % \
(flavor, flavor.capitalize())
build_form += """
</select>
</td>
</tr>
<tr>
<td>Select a runtime environment providing the chosen OS and
flavor combination.
For Ubuntu systems you can typically just use a runtime env from the same year,
like VBOX3.1-IMAGES-2010-1 for ubuntu-10.* versions.</td>
<td>
<input type="hidden" name="hypervisor_re" value="%s">
<select name="sys_re">
""" % configuration.vm_default_hypervisor_re
for sys_re in vms.available_sys_re_list(configuration):
build_form += '<option value="%s">%s</option>\n' % \
(sys_re, sys_re)
build_form += '''
</select>
</td>
</tr>
</table>
</fieldset>
<fieldset>
<legend><input type="radio" name="machine_type" value="custom" disabled>Custom:</legend>
<span class="warningtext">Custom builds are currently unavailable.</span>
<table>
<tr>
<td style="width: 20%;">Software</td>
<td>
<input type=text size=80 name="machine_software" readonly
value="iptables acpid x11vnc xorg gdm xfce4 gcc make netsurf python-openssl" />
</td>
</tr>
</table>
</fieldset>
<input type="submit" value="Submit machine request!">
</form>
'''
output_objects.append({'object_type': 'html_form', 'text': build_form})
return (output_objects, status)
def main(client_id, user_arguments_dict):
"""Main function used by front end"""
(configuration, logger, output_objects, op_name) = \
initialize_main_variables(client_id, op_header=False)
output_objects.append({'object_type': 'header', 'text'
: '%s external certificate sign up' % \
configuration.short_title })
defaults = signature()[1]
(validate_status, accepted) = validate_input_and_cert(user_arguments_dict,
defaults,
output_objects,
client_id,
configuration,
allow_rejects=False,
require_user=False)
if not validate_status:
logger.warning('%s invalid input: %s' % (op_name, accepted))
return (accepted, returnvalues.CLIENT_ERROR)
admin_email = configuration.admin_email
smtp_server = configuration.smtp_server
user_pending = os.path.abspath(configuration.user_pending)
cert_id = accepted['cert_id'][-1].strip()
# force name to capitalized form (henrik karlsen -> Henrik Karlsen)
# please note that we get utf8 coded bytes here and title() treats such
# chars as word termination. Temporarily force to unicode.
raw_name = accepted['cert_name'][-1].strip()
try:
cert_name = force_utf8(force_unicode(raw_name).title())
except Exception:
cert_name = raw_name.title()
country = accepted['country'][-1].strip().upper()
state = accepted['state'][-1].strip().title()
org = accepted['org'][-1].strip()
# lower case email address
email = accepted['email'][-1].strip().lower()
# keep comment to a single line
comment = accepted['comment'][-1].replace('\n', ' ')
# single quotes break command line format - remove
comment = comment.replace("'", ' ')
if not safe_handler(configuration, 'post', op_name, client_id,
get_csrf_limit(configuration), accepted):
output_objects.append({
'object_type':
'error_text',
'text':
'''Only accepting
CSRF-filtered POST requests to prevent unintended updates'''
})
return (output_objects, returnvalues.CLIENT_ERROR)
is_diku_email = False
is_diku_org = False
if email.find('@diku.dk') != -1:
is_diku_email = True
if 'DIKU' == org.upper():
# Consistent upper casing
org = org.upper()
is_diku_org = True
if is_diku_org != is_diku_email:
output_objects.append({
'object_type':
'error_text',
'text':
'''Illegal email and organization combination:
Please read and follow the instructions in red on the request page!
If you are a DIKU student with only a @*.ku.dk address please just use KU as
organization.
As long as you state that you want the certificate for DIKU purposes in the
comment field, you will be given access to the necessary resources anyway.
'''
})
return (output_objects, returnvalues.CLIENT_ERROR)
try:
distinguished_name_to_user(cert_id)
except:
output_objects.append({
'object_type':
'error_text',
'text':
'''Illegal Distinguished name:
Please note that the distinguished name must be a valid certificate DN with
multiple "key=val" fields separated by "/".
'''
})
return (output_objects, returnvalues.CLIENT_ERROR)
user_dict = {
'distinguished_name': cert_id,
'full_name': cert_name,
'organization': org,
'state': state,
'country': country,
'email': email,
'password': '',
'comment': '%s: %s' % ('Existing certificate', comment),
'expire': int(time.time() + cert_valid_days * 24 * 60 * 60),
'openid_names': [],
'auth': ['extcert'],
}
fill_distinguished_name(user_dict)
user_id = user_dict['distinguished_name']
if configuration.user_openid_providers and configuration.user_openid_alias:
user_dict['openid_names'] += \
[user_dict[configuration.user_openid_alias]]
logger.info('got extcert request: %s' % user_dict)
# If server allows automatic addition of users with a CA validated cert
# we create the user immediately and skip mail
if configuration.auto_add_cert_user:
fill_user(user_dict)
# Now all user fields are set and we can begin adding the user
db_path = os.path.join(configuration.mig_server_home, user_db_filename)
try:
create_user(user_dict,
configuration.config_file,
db_path,
ask_renew=False)
except Exception, err:
logger.error('Failed to create user with existing cert %s: %s' %
(cert_id, err))
output_objects.append(
{'object_type': 'error_text', 'text'
: '''Could not create the user account for you:
Please report this problem to the grid administrators (%s).''' % \
admin_email})
return (output_objects, returnvalues.SYSTEM_ERROR)
output_objects.append({
'object_type':
'text',
'text':
'''Created the user account for you:
Please use the navigation menu to the left to proceed using it.
'''
})
return (output_objects, returnvalues.OK)
def main(client_id, user_arguments_dict):
"""Main function used by front end"""
(configuration, logger, output_objects, op_name) = \
initialize_main_variables(client_id, op_header=False, op_menu=False)
client_dir = client_id_dir(client_id)
defaults = signature()[1]
(validate_status, accepted) = validate_input(user_arguments_dict,
defaults,
output_objects,
allow_rejects=False)
if not validate_status:
return (accepted, returnvalues.CLIENT_ERROR)
if not configuration.site_enable_openid or \
not 'migoid' in configuration.site_signup_methods:
output_objects.append({
'object_type':
'error_text',
'text':
'''Local OpenID login is not enabled on this site'''
})
return (output_objects, returnvalues.SYSTEM_ERROR)
title_entry = find_entry(output_objects, 'title')
title_entry['text'] = '%s OpenID account request' % \
configuration.short_title
title_entry['skipmenu'] = True
form_fields = [
'full_name', 'organization', 'email', 'country', 'state', 'password',
'verifypassword', 'comment'
]
title_entry['style']['advanced'] += account_css_helpers(configuration)
add_import, add_init, add_ready = account_js_helpers(
configuration, form_fields)
title_entry['script']['advanced'] += add_import
title_entry['script']['init'] += add_init
title_entry['script']['ready'] += add_ready
title_entry['script']['body'] = "class='staticpage'"
header_entry = {
'object_type':
'header',
'text':
'Welcome to the %s OpenID account request page' %
configuration.short_title
}
output_objects.append(header_entry)
output_objects.append({
'object_type':
'html_form',
'text':
'''
<div id="contextual_help">
</div>
'''
})
# Please note that base_dir must end in slash to avoid access to other
# user dirs when own name is a prefix of another user name
base_dir = os.path.abspath(
os.path.join(configuration.user_home, client_dir)) + os.sep
user_fields = {
'full_name': '',
'organization': '',
'email': '',
'state': '',
'country': '',
'password': '',
'verifypassword': ''
}
if not os.path.isdir(base_dir) and client_id:
# Redirect to extcert page with certificate requirement but without
# changing access method (CGI vs. WSGI).
extcert_url = os.environ['REQUEST_URI'].replace('-sid', '-bin')
extcert_url = os.path.join(os.path.dirname(extcert_url), 'extcert.py')
extcert_link = {
'object_type': 'link',
'destination': extcert_url,
'text': 'Sign up with existing certificate (%s)' % client_id
}
output_objects.append({
'object_type':
'warning',
'text':
'''Apparently
you already have a suitable %s certificate that you may sign up with:''' %
configuration.short_title
})
output_objects.append(extcert_link)
output_objects.append({
'object_type':
'warning',
'text':
'''However,
if you want a dedicated %s %s User OpenID you can still request one below:''' %
(configuration.short_title, configuration.user_mig_oid_title)
})
elif client_id:
for entry in (title_entry, header_entry):
entry['text'] = entry['text'].replace('request', 'request / renew')
output_objects.append({
'object_type':
'html_form',
'text':
'''<p>
Apparently you already have valid %s credentials, but if you want to add %s
User OpenID access to the same account you can do so by posting the form below.
Changing fields is <span class="warningtext"> not </span> supported, so all fields
must remain unchanged for it to work.
Otherwise it results in a request for a new account and OpenID without access
to your old files, jobs and privileges. </p>''' %
(configuration.short_title, configuration.user_mig_oid_title)
})
user_fields.update(distinguished_name_to_user(client_id))
# Site policy dictates min length greater or equal than password_min_len
policy_min_len, policy_min_classes = parse_password_policy(configuration)
user_fields.update({
'valid_name_chars':
'%s (and common accents)' % html_escape(valid_name_chars),
'valid_password_chars':
html_escape(valid_password_chars),
'password_min_len':
max(policy_min_len, password_min_len),
'password_max_len':
password_max_len,
'password_min_classes':
max(policy_min_classes, 1),
'site':
configuration.short_title
})
form_method = 'post'
csrf_limit = get_csrf_limit(configuration)
fill_helpers = {
'form_method': form_method,
'csrf_field': csrf_field,
'csrf_limit': csrf_limit
}
target_op = 'reqoidaction'
csrf_token = make_csrf_token(configuration, form_method, target_op,
client_id, csrf_limit)
fill_helpers.update({'target_op': target_op, 'csrf_token': csrf_token})
fill_helpers.update({'site_signup_hint': configuration.site_signup_hint})
fill_helpers.update(user_fields)
html = """
<p class="sub-title">Please enter your information in at least the <span>mandatory</span> fields below and press the Send button to submit the OpenID account request to the %(site)s administrators.</p>
%(site_signup_hint)s
<p class='criticaltext highlight_message'>
IMPORTANT: Please help us verify your identity by providing Organization and
Email data that we can easily validate!
</p>
<hr />
"""
user_country = user_fields.get('country', '')
html += account_request_template(configuration,
default_country=user_country)
# TODO: remove this legacy version?
html += """
<div style="height: 0; visibility: hidden; display: none;">
<!--OLD FORM-->
<form method='%(form_method)s' action='%(target_op)s.py' onSubmit='return validate_form();'>
<input type='hidden' name='%(csrf_field)s' value='%(csrf_token)s' />
<table>
<!-- NOTE: javascript support for unicode pattern matching is lacking so we
only restrict e.g. Full Name to words separated by space here. The
full check takes place in the backend, but users are better of with
sane early warnings than the cryptic backend errors.
-->
<tr><td class='mandatory label'>Full name</td><td><input id='full_name_field' type=text name=cert_name value='%(full_name)s' required pattern='[^ ]+([ ][^ ]+)+' title='Your full name, i.e. two or more names separated by space' /></td><td class=fill_space><br /></td></tr>
<tr><td class='mandatory label'>Email address</td><td><input id='email_field' type=email name=email value='%(email)s' required title='A valid email address that you read' /> </td><td class=fill_space><br /></td></tr>
<tr><td class='mandatory label'>Organization</td><td><input id='organization_field' type=text name=org value='%(organization)s' required pattern='[^ ]+([ ][^ ]+)*' title='Name of your organisation: one or more abbreviations or words separated by space' /></td><td class=fill_space><br /></td></tr>
<tr><td class='mandatory label'>Two letter country-code</td><td><input id='country_field' type=text name=country minlength=2 maxlength=2 value='%(country)s' required pattern='[A-Z]{2}' title='The two capital letters used to abbreviate your country' /></td><td class=fill_space><br /></td></tr>
<tr><td class='optional label'>State</td><td><input id='state_field' type=text name=state value='%(state)s' pattern='([A-Z]{2})?' maxlength=2 title='Leave empty or enter the capital 2-letter abbreviation of your state if you are a US resident' /> </td><td class=fill_space><br /></td></tr>
<tr><td class='mandatory label'>Password</td><td><input id='password_field' type=password name=password minlength=%(password_min_len)d maxlength=%(password_max_len)d value='%(password)s' required pattern='.{%(password_min_len)d,%(password_max_len)d}' title='Password of your choice, see help box for limitations' /> </td><td class=fill_space><br /></td></tr>
<tr><td class='mandatory label'>Verify password</td><td><input id='verifypassword_field' type=password name=verifypassword minlength=%(password_min_len)d maxlength=%(password_max_len)d value='%(verifypassword)s' required pattern='.{%(password_min_len)d,%(password_max_len)d}' title='Repeat your chosen password' /></td><td class=fill_space><br /></td></tr>
<!-- NOTE: we technically allow saving the password on scrambled form hide it by default -->
<tr class='hidden'><td class='optional label'>Password recovery</td><td class=''><input id='passwordrecovery_checkbox' type=checkbox name=passwordrecovery></td>
</td><td class=fill_space><br/></td></tr>
<tr><td class='optional label'>Optional comment or reason why you should<br />be granted a %(site)s account:</td><td><textarea id='comment_field' rows=4 name=comment title='A free-form comment where you can explain what you need the account for' ></textarea></td><td class=fill_space><br /></td></tr>
<tr><td class='label'><!-- empty area --></td><td>
<input id='submit_button' type=submit value=Send /></td><td class=fill_space><br/></td></tr>
</table>
</form>
<hr />
<div class='warn_message'>Please note that if you enable password recovery your password will be saved on encoded format but recoverable by the %(site)s administrators</div>
</div>
<br />
<br />
<!-- Hidden help text -->
<div id='help_text'>
<div id='1full_name_help'>Your full name, restricted to the characters in '%(valid_name_chars)s'</div>
<div id='1organization_help'>Organization name or acronym matching email</div>
<div id='1email_help'>Email address associated with your organization if at all possible</div>
<div id='1country_help'>Country code of your organization and on the form DE/DK/GB/US/.. , <a href='https://en.wikipedia.org/wiki/ISO_3166-1'>help</a></div>
<div id='1state_help'>Optional 2-letter ANSI state code of your organization, please just leave empty unless it is in the US or similar, <a href='https://en.wikipedia.org/wiki/List_of_U.S._state_abbreviations'>help</a></div>
<div id='1password_help'>Password is restricted to the characters:<br/><tt>%(valid_password_chars)s</tt><br/>Certain other complexity requirements apply for adequate strength. For example it must be %(password_min_len)s to %(password_max_len)s characters long and contain at least %(password_min_classes)d different character classes.</div>
<div id='1verifypassword_help'>Please repeat password</div>
<!--<div id='1comment_help'>Optional, but a short informative comment may help us verify your account needs and thus speed up our response. Typically the name of a local collaboration partner or project may be helpful.</div>-->
</div>
"""
output_objects.append({
'object_type': 'html_form',
'text': html % fill_helpers
})
return (output_objects, returnvalues.OK)
def main(client_id, user_arguments_dict):
"""Main function used by front end"""
(configuration, logger, output_objects, op_name) = \
initialize_main_variables(client_id, op_header=False)
title_entry = find_entry(output_objects, 'title')
title_entry['text'] = 'Runtime env support'
output_objects.append({
'object_type': 'header',
'text': 'Test runtime environment support'
})
client_dir = client_id_dir(client_id)
defaults = signature()[1]
(validate_status, accepted) = validate_input_and_cert(
user_arguments_dict,
defaults,
output_objects,
client_id,
configuration,
allow_rejects=False,
)
if not validate_status:
logger.warning('%s invalid input: %s' % (op_name, accepted))
return (accepted, returnvalues.CLIENT_ERROR)
resource_list = accepted['unique_resource_name']
re_name = accepted['re_name'][-1]
status = returnvalues.OK
visible_res = user_visible_res_confs(configuration, client_id)
if not safe_handler(configuration, 'post', op_name, client_id,
get_csrf_limit(configuration), accepted):
output_objects.append({
'object_type':
'error_text',
'text':
'''Only accepting
CSRF-filtered POST requests to prevent unintended updates'''
})
return (output_objects, returnvalues.CLIENT_ERROR)
if not re_name:
output_objects.append({
'object_type':
'error_text',
'text':
'Please specify the name of the runtime environment!'
})
return (output_objects, returnvalues.CLIENT_ERROR)
if not valid_dir_input(configuration.re_home, re_name):
logger.warning(
"possible illegal directory traversal attempt re_name '%s'" %
re_name)
output_objects.append({
'object_type':
'error_text',
'text':
'Illegal runtime environment name: "%s"' % re_name
})
return (output_objects, returnvalues.CLIENT_ERROR)
# Please note that base_dir must end in slash to avoid access to other
# user dirs when own name is a prefix of another user name
base_dir = os.path.abspath(
os.path.join(configuration.user_home, client_dir)) + os.sep
for visible_res_name in resource_list:
if not visible_res_name in visible_res.keys():
logger.warning('User %s not allowed to view %s (%s)' % \
(client_id, visible_res_name, visible_res.keys()))
output_objects.append({'object_type': 'error_text',
'text': 'invalid resource %s' % \
visible_res_name})
status = returnvalues.CLIENT_ERROR
continue
if not is_owner(client_id, visible_res_name,
configuration.resource_home, logger):
output_objects.append({
'object_type':
'error_text',
'text':
'You must be an owner of the resource to validate runtime '
'environment support. (resource %s)' % visible_res_name
})
status = returnvalues.CLIENT_ERROR
continue
(re_dict, re_msg) = get_re_dict(re_name, configuration)
if not re_dict:
output_objects.append({
'object_type': 'error_text',
'text': 'Could not get re_dict %s' % re_msg
})
status = returnvalues.SYSTEM_ERROR
continue
if not testresource_has_re_specified(visible_res_name, re_name,
configuration):
output_objects.append({
'object_type':
'error_text',
'text':
'You must specify the runtime environment in the resource'
'configuration before verifying if it is supported!'
})
status = returnvalues.CLIENT_ERROR
continue
base64string = ''
for stringpart in re_dict['TESTPROCEDURE']:
base64string += stringpart
mrslfile_content = base64.decodestring(base64string)
try:
(filehandle, mrslfile) = tempfile.mkstemp(text=True)
os.write(filehandle, mrslfile_content)
os.close(filehandle)
create_verify_files(['status', 'stdout', 'stderr'], re_name,
re_dict, base_dir, logger)
except Exception, exc:
output_objects.append({
'object_type':
'error_text',
'text':
'Could not write test job for %s: %s' % (visible_res_name, exc)
})
status = returnvalues.SYSTEM_ERROR
continue
forceddestination_dict = {
'UNIQUE_RESOURCE_NAME': visible_res_name,
'RE_NAME': re_name
}
(success, msg) = new_job(mrslfile, client_id, configuration,
forceddestination_dict)
if not success:
output_objects.append({
'object_type':
'error_text',
'text':
'Submit test job failed %s: %s' % (visible_res_name, msg)
})
status = returnvalues.SYSTEM_ERROR
try:
os.remove(mrslfile)
except:
pass
output_objects.append(
{'object_type': 'text', 'text':
'Runtime environment test job for %s successfuly submitted! %s' \
% (visible_res_name, msg)})
except Exception, exc:
output_objects.append({
'object_type':
'error_text',
'text':
'Could not read sandbox database! %s' % exc
})
return (output_objects, returnvalues.SYSTEM_ERROR)
grid_stat = GridStat(configuration, logger)
# If it's a new user, check that the username is free
if newuser == 'on':
if not safe_handler(configuration, 'post', op_name, client_id,
get_csrf_limit(configuration), accepted):
output_objects.append({
'object_type':
'error_text',
'text':
'''Only accepting
CSRF-filtered POST requests to prevent unintended updates'''
})
return (output_objects, returnvalues.CLIENT_ERROR)
if userdb.has_key(username):
output_objects.append({
'object_type':
'error_text',
'text':
'Username is already taken - please go back and choose another one...'
def main(client_id, user_arguments_dict):
"""Main function used by front end"""
(configuration, logger, output_objects, op_name) = \
initialize_main_variables(client_id, op_header=False)
defaults = signature()[1]
title_entry = find_entry(output_objects, 'title')
label = "%s" % configuration.site_vgrid_label
title_entry['text'] = "Administrate %s" % label
# NOTE: Delay header entry here to include vgrid name
(validate_status, accepted) = validate_input_and_cert(
user_arguments_dict,
defaults,
output_objects,
client_id,
configuration,
allow_rejects=False,
)
if not validate_status:
return (accepted, returnvalues.CLIENT_ERROR)
vgrid_name = accepted['vgrid_name'][-1]
# prepare for confirm dialog, tablesort and toggling the views (css/js)
# jquery support for tablesorter and confirmation on request and leave
# requests table initially sorted by 0, 4, 3 (type first, then date and
# with alphabetical client ID last)
# sharelinks table initially sorted by 5, 4 reversed (active first and
# in growing age)
table_specs = [{
'table_id': 'accessrequeststable',
'pager_id': 'accessrequests_pager',
'sort_order': '[[0,0],[4,0],[3,0]]'
}, {
'table_id': 'sharelinkstable',
'pager_id': 'sharelinks_pager',
'sort_order': '[[5,1],[4,1]]'
}]
(add_import, add_init, add_ready) = man_base_js(configuration, table_specs,
{'width': 600})
add_init += '''
var toggleHidden = function(classname) {
// classname supposed to have a leading dot
$(classname).toggleClass("hidden");
};
/* helpers for dynamic form input fields */
function onOwnerInputChange() {
makeSpareFields("#dynownerspares", "cert_id");
}
function onMemberInputChange() {
makeSpareFields("#dynmemberspares", "cert_id");
}
function onResourceInputChange() {
makeSpareFields("#dynresourcespares", "unique_resource_name");
}
'''
add_ready += '''
/* init add owners/member/resource forms with dynamic input fields */
onOwnerInputChange();
$("#dynownerspares").on("blur", "input[name=cert_id]",
function(event) {
//console.debug("in add owner blur handler");
onOwnerInputChange();
}
);
onMemberInputChange();
$("#dynmemberspares").on("blur", "input[name=cert_id]",
function(event) {
//console.debug("in add member blur handler");
onMemberInputChange();
}
);'''
if configuration.site_enable_resources:
add_ready += '''
onResourceInputChange();
$("#dynresourcespares").on("blur", "input[name=unique_resource_name]",
function(event) {
console.debug("in resource blur handler");
onResourceInputChange();
}
);
'''
title_entry['script']['advanced'] += add_import
title_entry['script']['init'] += add_init
title_entry['script']['ready'] += add_ready
output_objects.append({
'object_type': 'html_form',
'text': man_base_html(configuration)
})
form_method = 'post'
csrf_limit = get_csrf_limit(configuration)
fill_helpers = {
'short_title': configuration.short_title,
'vgrid_label': label,
'form_method': form_method,
'csrf_field': csrf_field,
'csrf_limit': csrf_limit
}
output_objects.append({
'object_type': 'header',
'text': "Administrate '%s'" % vgrid_name
})
if not vgrid_is_owner(vgrid_name, client_id, configuration):
output_objects.append({
'object_type':
'error_text',
'text':
'Only owners of %s can administrate it.' % vgrid_name
})
target_op = "sendrequestaction"
csrf_token = make_csrf_token(configuration, form_method, target_op,
client_id, csrf_limit)
js_name = 'reqvgridowner%s' % hexlify(vgrid_name)
helper = html_post_helper(
js_name, '%s.py' % target_op, {
'vgrid_name': vgrid_name,
'request_type': 'vgridowner',
'request_text': '',
csrf_field: csrf_token
})
output_objects.append({'object_type': 'html_form', 'text': helper})
output_objects.append({
'object_type':
'link',
'destination':
"javascript: confirmDialog(%s, '%s', '%s');" %
(js_name, "Request ownership of " + vgrid_name + ":<br/>" +
"\nPlease write a message to the owners below.", 'request_text'),
'class':
'addadminlink iconspace',
'title':
'Request ownership of %s' % vgrid_name,
'text':
'Apply to become an owner'
})
return (output_objects, returnvalues.SYSTEM_ERROR)
for (item, scr) in zip(['owner', 'member', 'resource'],
['vgridowner', 'vgridmember', 'vgridres']):
if item == 'resource' and not configuration.site_enable_resources:
continue
output_objects.append({
'object_type': 'sectionheader',
'text': "%ss" % item.title()
})
(init_status, oobjs) = vgrid_add_remove_table(client_id, vgrid_name,
item, scr, configuration)
if not init_status:
output_objects.extend(oobjs)
return (output_objects, returnvalues.SYSTEM_ERROR)
else:
output_objects.append({
'object_type': 'html_form',
'text': '<div class="div-%s">' % item
})
output_objects.append({
'object_type':
'link',
'destination':
"javascript:toggleHidden('.div-%s');" % item,
'class':
'removeitemlink iconspace',
'title':
'Toggle view',
'text':
'Hide %ss' % item.title()
})
output_objects.extend(oobjs)
output_objects.append({
'object_type':
'html_form',
'text':
'</div><div class="hidden div-%s">' % item
})
output_objects.append({
'object_type':
'link',
'destination':
"javascript:toggleHidden('.div-%s');" % item,
'class':
'additemlink iconspace',
'title':
'Toggle view',
'text':
'Show %ss' % item.title()
})
output_objects.append({
'object_type': 'html_form',
'text': '</div>'
})
# Pending requests
target_op = "addvgridowner"
csrf_token = make_csrf_token(configuration, form_method, target_op,
client_id, csrf_limit)
helper = html_post_helper(
"acceptvgridownerreq", "%s.py" % target_op, {
'vgrid_name': vgrid_name,
'cert_id': '__DYNAMIC__',
'request_name': '__DYNAMIC__',
csrf_field: csrf_token
})
output_objects.append({'object_type': 'html_form', 'text': helper})
target_op = "addvgridmember"
csrf_token = make_csrf_token(configuration, form_method, target_op,
client_id, csrf_limit)
helper = html_post_helper(
"acceptvgridmemberreq", "%s.py" % target_op, {
'vgrid_name': vgrid_name,
'cert_id': '__DYNAMIC__',
'request_name': '__DYNAMIC__',
csrf_field: csrf_token
})
output_objects.append({'object_type': 'html_form', 'text': helper})
target_op = "addvgridres"
csrf_token = make_csrf_token(configuration, form_method, target_op,
client_id, csrf_limit)
helper = html_post_helper(
"acceptvgridresourcereq", "%s.py" % target_op, {
'vgrid_name': vgrid_name,
'unique_resource_name': '__DYNAMIC__',
'request_name': '__DYNAMIC__',
csrf_field: csrf_token
})
output_objects.append({'object_type': 'html_form', 'text': helper})
target_op = "rejectvgridreq"
csrf_token = make_csrf_token(configuration, form_method, target_op,
client_id, csrf_limit)
helper = html_post_helper(
"rejectvgridreq", "%s.py" % target_op, {
'vgrid_name': vgrid_name,
'request_name': '__DYNAMIC__',
csrf_field: csrf_token
})
output_objects.append({'object_type': 'html_form', 'text': helper})
request_dir = os.path.join(configuration.vgrid_home, vgrid_name)
request_list = []
for req_name in list_access_requests(configuration, request_dir):
req = load_access_request(configuration, request_dir, req_name)
if not req:
continue
if not req.get('request_type',
None) in ["vgridowner", "vgridmember", "vgridresource"]:
logger.error("unexpected request_type %(request_type)s" % req)
continue
request_item = build_accessrequestitem_object(configuration, req)
# Convert filename with exotic chars into url-friendly pure hex version
shared_args = {"request_name": hexlify(req["request_name"])}
accept_args, reject_args = {}, {}
accept_args.update(shared_args)
reject_args.update(shared_args)
if req['request_type'] == "vgridresource":
accept_args["unique_resource_name"] = req["entity"]
else:
accept_args["cert_id"] = req["entity"]
request_item['acceptrequestlink'] = {
'object_type':
'link',
'destination':
"javascript: confirmDialog(%s, '%s', %s, %s);" %
("accept%(request_type)sreq" % req,
"Accept %(target)s %(request_type)s request from %(entity)s" %
req, 'undefined', "{%s}" %
', '.join(["'%s': '%s'" % pair for pair in accept_args.items()])),
'class':
'addlink iconspace',
'title':
'Accept %(target)s %(request_type)s request from %(entity)s' % req,
'text':
''
}
request_item['rejectrequestlink'] = {
'object_type':
'link',
'destination':
"javascript: confirmDialog(%s, '%s', %s, %s);" %
("rejectvgridreq",
"Reject %(target)s %(request_type)s request from %(entity)s" %
req, 'undefined', "%s" % reject_args),
'class':
'removelink iconspace',
'title':
'Reject %(target)s %(request_type)s request from %(entity)s' % req,
'text':
''
}
request_list.append(request_item)
output_objects.append({
'object_type': 'sectionheader',
'text': "Pending Requests"
})
output_objects.append({
'object_type': 'table_pager',
'id_prefix': 'accessrequests_',
'entry_name': 'access requests',
'default_entries': default_pager_entries
})
output_objects.append({
'object_type': 'accessrequests',
'accessrequests': request_list
})
# VGrid Share links
# Table columns to skip
skip_list = [
'editsharelink', 'delsharelink', 'invites', 'expire', 'single_file'
]
# NOTE: Inheritance is a bit tricky for sharelinks because parent shares
# only have relevance if they actually share a path that is a prefix of
# vgrid_name.
(share_status, share_list) = vgrid_sharelinks(vgrid_name, configuration)
sharelinks = []
if share_status:
for share_dict in share_list:
rel_path = share_dict['path'].strip(os.sep)
parent_vgrids = vgrid_list_parents(vgrid_name, configuration)
include_share = False
# Direct sharelinks (careful not to greedy match A/B with A/BCD)
if rel_path == vgrid_name or \
rel_path.startswith(vgrid_name+os.sep):
include_share = True
# Parent vgrid sharelinks that in effect also give access here
for parent in parent_vgrids:
if rel_path == parent:
include_share = True
if include_share:
share_item = build_sharelinkitem_object(
configuration, share_dict)
sharelinks.append(share_item)
else:
logger.warning("failed to load vgrid sharelinks for %s: %s" %
(vgrid_name, share_list))
output_objects.append({
'object_type': 'sectionheader',
'text': "Share Links"
})
output_objects.append({
'object_type':
'html_form',
'text':
'<p>Current share links in %s shared folder</p>' % vgrid_name
})
output_objects.append({
'object_type': 'table_pager',
'id_prefix': 'sharelinks_',
'entry_name': 'share links',
'default_entries': default_pager_entries
})
output_objects.append({
'object_type': 'sharelinks',
'sharelinks': sharelinks,
'skip_list': skip_list
})
# VGrid settings
output_objects.append({'object_type': 'sectionheader', 'text': "Settings"})
(direct_status, direct_dict) = vgrid_settings(vgrid_name,
configuration,
recursive=False,
as_dict=True)
if not direct_status or not direct_dict:
direct_dict = {}
(settings_status, settings_dict) = vgrid_settings(vgrid_name,
configuration,
recursive=True,
as_dict=True)
if not settings_status or not settings_dict:
settings_dict = {}
form_method = 'post'
csrf_limit = get_csrf_limit(configuration)
# Always set these values
settings_dict.update({
'vgrid_name': vgrid_name,
'vgrid_label': label,
'owners': keyword_owners,
'members': keyword_members,
'all': keyword_all,
'form_method': form_method,
'csrf_field': csrf_field,
'csrf_limit': csrf_limit
})
target_op = 'vgridsettings'
csrf_token = make_csrf_token(configuration, form_method, target_op,
client_id, csrf_limit)
settings_dict.update({'target_op': target_op, 'csrf_token': csrf_token})
settings_form = '''
<form method="%(form_method)s" action="%(target_op)s.py">
<fieldset>
<legend>%(vgrid_label)s configuration</legend>
<input type="hidden" name="%(csrf_field)s" value="%(csrf_token)s" />
<input type="hidden" name="vgrid_name" value="%(vgrid_name)s" />
'''
description = settings_dict.get('description', '')
settings_form += '''
<h4>Public description</h4>
<textarea class="fillwidth padspace" name="description" rows=10
>%s</textarea>
''' % description
settings_form += '<br/>'
settings_form += '''<p>All visibility options below can be set to owners,
members or everyone and by default only owners can see participation. In effect
setting visibility to <em>members</em> means that owners and members can see
the corresponding participants. Similarly setting a visibility flag to
<em>everyone</em> means that all %s users can see the participants.</p>
''' % configuration.short_title
visibility_options = [("Owners are visible to", "visible_owners"),
("Members are visible to", "visible_members"),
("Resources are visible to", "visible_resources")]
for (title, field) in visibility_options:
settings_form += '<h4>%s</h4>' % title
if direct_dict.get(field, False):
choices = _valid_visible + _reset_choice
else:
choices = _valid_visible + _keep_choice
for (key, val) in choices:
checked = ''
if settings_dict.get(field, keyword_owners) == val:
checked = "checked"
settings_form += '''
<input type="radio" name="%s" value="%s" %s/> %s
''' % (field, val, checked, key)
settings_form += '<br/>'
field = 'restrict_settings_adm'
restrict_settings_adm = settings_dict.get(field,
default_vgrid_settings_limit)
if direct_dict.get(field, False):
direct_note = _reset_note
else:
direct_note = _keep_note
settings_form += '''
<h4>Restrict Settings</h4>
Restrict changing of these settings to only the first
<input type="number" name="restrict_settings_adm" min=0 max=999
minlength=1 maxlength=3 value=%d required />
owners %s.
''' % (restrict_settings_adm, direct_note)
settings_form += '<br/>'
field = 'restrict_owners_adm'
restrict_owners_adm = settings_dict.get(field,
default_vgrid_settings_limit)
if direct_dict.get(field, False):
direct_note = _reset_note
else:
direct_note = _keep_note
settings_form += '''
<h4>Restrict Owner Administration</h4>
Restrict administration of owners to only the first
<input type="number" name="restrict_owners_adm" min=0 max=999
minlength=1 maxlength=3 value=%d required />
owners %s.
''' % (restrict_owners_adm, direct_note)
settings_form += '<br/>'
field = 'restrict_members_adm'
restrict_members_adm = settings_dict.get(field,
default_vgrid_settings_limit)
if direct_dict.get(field, False):
direct_note = _reset_note
else:
direct_note = _keep_note
settings_form += '''
<h4>Restrict Member Administration</h4>
Restrict administration of members to only the first
<input type="number" name="restrict_members_adm" min=0 max=999
minlength=1 maxlength=3 value=%d required />
owners %s.
''' % (restrict_members_adm, direct_note)
settings_form += '<br/>'
field = 'restrict_resources_adm'
restrict_resources_adm = settings_dict.get(field,
default_vgrid_settings_limit)
if direct_dict.get(field, False):
direct_note = _reset_note
else:
direct_note = _keep_note
settings_form += '''
<h4>Restrict Resource Administration</h4>
Restrict administration of resources to only the first
<input type="number" name="restrict_resources_adm" min=0 max=999
minlength=1 maxlength=3 value=%d required />
owners %s.
''' % (restrict_resources_adm, direct_note)
settings_form += '<br/>'
if vgrid_restrict_write_support(configuration):
settings_form += '''<p>All write access options below can be set to
owners, members or none. By default only owners can write web pages while
owners and members can edit data in the shared folders. In effect setting write
access to <em>members</em> means that owners and members have full access.
Similarly setting a write access flag to <em>owners</em> means that only owners
can modify the data, while members can only read and use it. Finally setting a
write access flag to <em>none</em> means that neither owners nor members can
modify the data there, effectively making it read-only. Some options are not
yet supported and thus are disabled below.
</p>
'''
writable_options = [
("Shared files write access", "write_shared_files",
keyword_members),
("Private web page write access", "write_priv_web",
keyword_owners),
("Public web page write access", "write_pub_web", keyword_owners),
]
else:
writable_options = []
for (title, field, default) in writable_options:
settings_form += '<h4>%s</h4>' % title
if direct_dict.get(field, False):
choices = _valid_write_access + _reset_choice
else:
choices = _valid_write_access + _keep_choice
for (key, val) in choices:
disabled = ''
# TODO: remove these artifical limits once we support changing
# TODO: also add check for vgrid web reshare in sharelink then
if field == 'write_shared_files' and val == keyword_owners:
disabled = 'disabled'
elif field == 'write_priv_web' and val in [
keyword_members, keyword_none
]:
disabled = 'disabled'
elif field == 'write_pub_web' and val in [
keyword_members, keyword_none
]:
disabled = 'disabled'
checked = ''
if settings_dict.get(field, default) == val:
checked = "checked"
settings_form += '''
<input type="radio" name="%s" value="%s" %s %s /> %s
''' % (field, val, checked, disabled, key)
settings_form += '<br/>'
sharelink_options = [("Limit sharelink creation to", "create_sharelink")]
for (title, field) in sharelink_options:
settings_form += '<h4>%s</h4>' % title
if direct_dict.get(field, False):
choices = _valid_sharelink + _reset_choice
else:
choices = _valid_sharelink + _keep_choice
for (key, val) in choices:
checked = ''
if settings_dict.get(field, keyword_owners) == val:
checked = "checked"
settings_form += '''
<input type="radio" name="%s" value="%s" %s/> %s
''' % (field, val, checked, key)
settings_form += '<br/>'
field = 'request_recipients'
request_recipients = settings_dict.get(field, default_vgrid_settings_limit)
if direct_dict.get(field, False):
direct_note = _reset_note
else:
direct_note = _keep_note
settings_form += '''
<h4>Request Recipients</h4>
Notify only first
<input type="number" name="request_recipients" min=0 max=999
minlength=1 maxlength=3 value=%d required />
owners about access requests %s.
''' % (request_recipients, direct_note)
settings_form += '<br/>'
bool_options = [
("Hidden", "hidden"),
]
for (title, field) in bool_options:
settings_form += '<h4>%s</h4>' % title
if direct_dict.get(field, False):
choices = _valid_bool + _reset_choice
else:
choices = _valid_bool + _keep_choice
for (key, val) in choices:
checked, inherit_note = '', ''
if settings_dict.get(field, False) == val:
checked = "checked"
if direct_dict.get(field, False) != \
settings_dict.get(field, False):
inherit_note = ''' <span class="warningtext iconspace">
Forced by a parent %(vgrid_label)s. Please disable there first if you want to
change the value here.</span>''' % settings_dict
settings_form += '''
<input type="radio" name="%s" value="%s" %s /> %s
''' % (field, val, checked, key)
settings_form += '%s<br/>' % inherit_note
settings_form += '<br/>'
settings_form += '''
<input type="submit" value="Save settings" />
</fieldset>
</form>
'''
output_objects.append({
'object_type': 'html_form',
'text': settings_form % settings_dict
})
# Checking/fixing of missing components
output_objects.append({
'object_type': 'sectionheader',
'text': "Repair/Add Components"
})
target_op = 'updatevgrid'
csrf_token = make_csrf_token(configuration, form_method, target_op,
client_id, csrf_limit)
settings_dict.update({'target_op': target_op, 'csrf_token': csrf_token})
output_objects.append({
'object_type':
'html_form',
'text':
'''
<form method="%(form_method)s" action="%(target_op)s.py">
<input type="hidden" name="%(csrf_field)s" value="%(csrf_token)s" />
<input type="hidden" name="vgrid_name" value="%(vgrid_name)s" />
<input type="submit" value="Repair components" />
</form>
''' % settings_dict
})
(owners_status, owners_direct) = vgrid_owners(vgrid_name, configuration,
False)
if not owners_status:
logger.error("failed to load owners for %s: %s" %
(vgrid_name, owners_direct))
return (output_objects, returnvalues.SYSTEM_ERROR)
(members_status, members_direct) = vgrid_members(vgrid_name, configuration,
False)
if not members_status:
logger.error("failed to load members for %s: %s" %
(vgrid_name, members_direct))
return (output_objects, returnvalues.SYSTEM_ERROR)
(resources_status,
resources_direct) = vgrid_resources(vgrid_name, configuration, False)
if not resources_status:
logger.error("failed to load resources for %s: %s" %
(vgrid_name, resources_direct))
return (output_objects, returnvalues.SYSTEM_ERROR)
output_objects.append({
'object_type': 'sectionheader',
'text': "Delete %s " % vgrid_name
})
if len(owners_direct) > 1 or members_direct or resources_direct:
output_objects.append({
'object_type': 'html_form',
'text': '''
To delete <b>%(vgrid)s</b> first remove all resources, members and owners
ending with yourself.
''' % {
'vgrid': vgrid_name
}
})
else:
output_objects.append({
'object_type': 'html_form',
'text': '''
<p>As the last owner you can leave and delete <b>%(vgrid)s</b> including all
associated shared files and components.<br/>
</p>
<p class="warningtext">
You cannot undo such delete operations, so please use with great care!
</p>
''' % {
'vgrid': vgrid_name
}
})
target_op = "rmvgridowner"
csrf_token = make_csrf_token(configuration, form_method, target_op,
client_id, csrf_limit)
js_name = 'rmlastvgridowner'
helper = html_post_helper(
js_name, '%s.py' % target_op, {
'vgrid_name': vgrid_name,
'cert_id': client_id,
'flags': 'f',
csrf_field: csrf_token
})
output_objects.append({'object_type': 'html_form', 'text': helper})
output_objects.append({
'object_type':
'link',
'destination':
"javascript: confirmDialog(%s, '%s');" %
(js_name, 'Really leave and delete %s?' % vgrid_name),
'class':
'removelink iconspace',
'title':
'Leave and delete %s' % vgrid_name,
'text':
'Leave and delete %s' % vgrid_name
})
# Spacing
output_objects.append({
'object_type':
'html_form',
'text':
'''
<div class="vertical-spacer"></div>
'''
})
return (output_objects, returnvalues.OK)
def show_download(configuration, userdb, user, passwd, expert):
"""Shows download form"""
# Download sandbox section
form_method = 'post'
csrf_limit = get_csrf_limit(configuration)
fill_helpers = {
'user': user,
'passwd': passwd,
'toggle_expert': not expert,
'form_method': form_method,
'csrf_field': csrf_field,
'csrf_limit': csrf_limit
}
target_op = 'ssscreateimg'
csrf_token = make_csrf_token(configuration, form_method, target_op, user,
csrf_limit)
fill_helpers.update({'target_op': target_op, 'csrf_token': csrf_token})
html = """
<form method='%(form_method)s' action='%(target_op)s.py'>
<input type='hidden' name='%(csrf_field)s' value='%(csrf_token)s' />
<table class=sandboxcreateimg>
<tr class='title'>
<td class='centertext' colspan='2'>
Download New Sandbox
</td>
</tr>
""" % fill_helpers
html += print_hd_selection()
html += print_mem_selection()
html += print_net_selection()
html += print_os_selection()
html += print_windows_solution_selection()
html += print_expert_settings(configuration, expert)
html += """
<tr>
<td colspan='2'>
<input type='hidden' name='username' value='%(user)s' />
<input type='hidden' name='password' value='%(passwd)s' />
</td>
</tr>
""" % fill_helpers
html += """
<tr>
<td>Press 'Submit' to download - please note that it may take up
to 2 minutes to generate your sandbox</td>
<td><input type='submit' value='Submit' />
</td>
</tr>
</table>
</form>
<br />
"""
target_op = 'sssadmin'
csrf_token = make_csrf_token(configuration, form_method, target_op, user,
csrf_limit)
fill_helpers.update({'target_op': target_op, 'csrf_token': csrf_token})
html += """
<table class=sandboxadmin>
<tr>
<td class='centertext'>
Advanced users may want to fine tune the sandbox to download by
switching to expert mode:
<form method='%(form_method)s' action='%(target_op)s.py'>
<input type='hidden' name='%(csrf_field)s' value='%(csrf_token)s' />
<input type='hidden' name='username' value='%(user)s' />
<input type='hidden' name='password' value='%(passwd)s' />
<input type='hidden' name='expert' value='%(toggle_expert)s' />
<input type='submit' value='Toggle expert mode' />
</form>
</td>
</tr>
</table>
""" % fill_helpers
return html
def main(client_id, user_arguments_dict):
"""Main function used by front end"""
(configuration, logger, output_objects, op_name) = \
initialize_main_variables(client_id, op_header=False)
defaults = signature()[1]
(validate_status, accepted) = validate_input_and_cert(
user_arguments_dict,
defaults,
output_objects,
client_id,
configuration,
allow_rejects=False,
)
if not validate_status:
return (accepted, returnvalues.CLIENT_ERROR)
flavor = accepted['flavor'][-1].strip()
freeze_id = accepted['freeze_id'][-1].strip()
if not flavor in freeze_flavors.keys():
output_objects.append({
'object_type': 'error_text',
'text': 'Invalid freeze flavor: %s' % flavor
})
return (output_objects, returnvalues.CLIENT_ERROR)
title = freeze_flavors[flavor]['adminfreeze_title']
output_objects.append({'object_type': 'header', 'text': title})
title_entry = find_entry(output_objects, 'title')
title_entry['text'] = title
if not configuration.site_enable_freeze:
output_objects.append({
'object_type':
'text',
'text':
'''Freezing archives is disabled on this site.
Please contact the site admins %s if you think it should be enabled.
''' % configuration.admin_email
})
return (output_objects, returnvalues.OK)
# Load existing freeze for stepwise construction if requested
freeze_dict = {'ID': freeze_id, 'FLAVOR': flavor}
if freeze_id != keyword_auto:
(load_status, freeze_dict) = get_frozen_archive(client_id,
freeze_id,
configuration,
checksum_list=[])
if not load_status:
logger.error("%s: load failed for '%s': %s" %
(op_name, freeze_id, brief_freeze(freeze_dict)))
output_objects.append({
'object_type':
'error_text',
'text':
'Could not read details for "%s"' % freeze_id
})
return (output_objects, returnvalues.SYSTEM_ERROR)
logger.debug("%s: loaded freeze: %s" %
(op_name, brief_freeze(freeze_dict)))
# Preserve already saved flavor
flavor = freeze_dict.get('FLAVOR', 'freeze')
freeze_state = freeze_dict.get('STATE', keyword_final)
if freeze_state == keyword_final:
logger.error("%s tried to edit finalized %s archive %s" %
(client_id, flavor, freeze_id))
output_objects.append({
'object_type':
'error_text',
'text':
'You cannot edit finalized %s archive %s' % (flavor, freeze_id)
})
output_objects.append({
'object_type':
'link',
'destination':
'showfreeze.py?freeze_id=%s;flavor=%s' % (freeze_id, flavor),
'class':
'viewarchivelink iconspace genericbutton',
'title':
'View details about your %s archive' % flavor,
'text':
'View details',
})
return (output_objects, returnvalues.CLIENT_ERROR)
elif freeze_state == keyword_updating:
logger.error("%s tried to edit %s archive %s under update" %
(client_id, flavor, freeze_id))
output_objects.append({
'object_type':
'error_text',
'text':
'You cannot edit %s archive %s until active update completes' %
(flavor, freeze_id)
})
output_objects.append({
'object_type':
'link',
'destination':
'showfreeze.py?freeze_id=%s;flavor=%s' % (freeze_id, flavor),
'class':
'viewarchivelink iconspace genericbutton',
'title':
'View details about your %s archive' % flavor,
'text':
'View details',
})
return (output_objects, returnvalues.CLIENT_ERROR)
form_method = 'post'
csrf_limit = get_csrf_limit(configuration)
fill_helpers = {
'flavor': flavor,
'form_method': form_method,
'csrf_field': csrf_field,
'csrf_limit': csrf_limit
}
target_op = 'uploadchunked'
csrf_token = make_csrf_token(configuration, form_method, target_op,
client_id, csrf_limit)
fill_helpers.update({'target_op': target_op, 'csrf_token': csrf_token})
lookup_map = {
'freeze_id': 'ID',
'freeze_name': 'NAME',
'freeze_author': 'AUTHOR',
'freeze_description': 'DESCRIPTION'
}
for (key, val) in lookup_map.items():
fill_helpers[key] = freeze_dict.get(val, '')
fill_helpers['publish_value'] = 'no'
if freeze_dict.get('PUBLISH', False):
fill_helpers['publish_value'] = 'yes'
# jquery fancy upload
(add_import, add_init, add_ready) = fancy_upload_js(configuration,
csrf_token=csrf_token)
# We need filechooser deps and dynamic addition of copy/upload fields
add_import += '''
<script type="text/javascript" src="/images/js/jquery.tablesorter.js"></script>
<script type="text/javascript" src="/images/js/jquery.prettyprint.js"></script>
<script type="text/javascript" src="/images/js/jquery.contextmenu.js"></script>
<script type="text/javascript" src="/images/js/jquery.xbreadcrumbs.js"></script>
<!-- The preview image plugin -->
<script type="text/javascript" src="/images/js/preview.js"></script>
<!-- The image manipulation CamanJS plugin used by the preview image plugin -->
<script type="text/javascript" src="/images/lib/CamanJS/dist/caman.full.js"></script>
<!-- The nouislider plugin used by the preview image plugin -->
<script type="text/javascript" src="/images/lib/noUiSlider/jquery.nouislider.all.js"></script>
'''
add_init += '''
Caman.DEBUG = false
var copy_fields = 0;
var upload_fields = 0;
var open_file_chooser;
var open_upload_dialog;
/* default upload destination */
var remote_path = "%s";
var trash_linkname = "%s";
var copy_div_id = "copyfiles";
var upload_div_id = "uploadfiles";
/* for upload_callback */
var field_id, field_name, wrap_id, upload_path, on_remove;
function add_copy() {
var div_id = copy_div_id;
var field_id = "freeze_copy_"+copy_fields;
var field_name = "freeze_copy_"+copy_fields;
var wrap_id = field_id+"_wrap";
var browse_id = field_id+"_browse";
copy_entry = "<span id=\'"+wrap_id+"\'>";
copy_entry += "<input type=\'button\' value=\'Remove\' ";
copy_entry += " onClick=\'remove_field(\"+wrap_id+\");\'/>";
// add browse button to mimic upload field
copy_entry += "<input type=\'button\' id=\'"+browse_id+"\' ";
copy_entry += " value=\'Browse...\' />";
copy_entry += "<input type=\'text\' id=\'"+field_id+"\' ";
copy_entry += " name=\'" + field_name + "\' size=80 /><br / >";
copy_entry += "</span>";
$("#"+div_id).append(copy_entry);
$("#"+field_id).click(function() {
open_file_chooser("Add file or directory (right click to select)",
function(file) {
$("#"+field_id).val(file);
});
});
$("#"+browse_id).click(function() {
$("#"+field_id).click();
});
$("#"+field_id).click();
copy_fields += 1;
}
function upload_callback() {
var div_id = upload_div_id;
console.log("in upload callback");
$(".uploadfileslist > tr > td > p.name > a").each(
function(index) {
console.log("callback for upload item no. "+index);
upload_path = $(this).text();
if ($(this).attr("href") == "") {
console.log("skipping empty (error) upload: "+upload_path);
// Continue to next iteration on errors
return true;
}
console.log("callback for upload path "+upload_path);
field_id = "freeze_move_"+upload_fields;
field_name = "freeze_move_"+upload_fields;
wrap_id = field_id+"_wrap";
if ($("#"+div_id+" > span > input[value=\\""+upload_path+"\\"]").length) {
console.log("skipping duplicate path: "+upload_path);
// Continue to next iteration on errors
return true;
} else {
console.log("adding new path: "+upload_path);
}
on_remove = "";
on_remove += "remove_field("+wrap_id+");";
on_remove += "$.fn.delete_upload(\\""+upload_path+"\\");";
upload_entry = "<span id=\'"+wrap_id+"\'>";
upload_entry += "<input type=\'button\' value=\'Remove\' ";
upload_entry += " onClick=\'"+on_remove+"\'/>";
upload_entry += "<input type=\'text\' id=\'"+field_id+"\' ";
upload_entry += " name=\'" + field_name + "\' size=50 ";
upload_entry += "value=\\""+upload_path+"\\" /><br / >";
upload_entry += "</span>";
$("#"+div_id).append(upload_entry);
console.log("callback added upload: "+upload_entry);
upload_fields += 1;
});
console.log("callback done");
}
function add_upload() {
openFancyUpload("Upload Files", upload_callback, "", remote_path, true,
"", "%s");
}
function remove_field(field_id) {
$(field_id).remove();
}
// init file chooser dialogs with directory selection support
function init_dialogs() {
open_file_chooser = mig_filechooser_init("fm_filechooser",
function(file) {
return;
}, false, "/");
/* We reuse shared init function but use custom actual opener above
to mangle resulting files into archive form. */
initFancyUpload();
/* Alias open_dialog to open_upload_dialog for clarity */
open_upload_dialog = open_dialog;
$("#addfilebutton").click(function() { add_copy(); });
$("#adduploadbutton").click(function() { add_upload(); });
}
function init_page() {
init_dialogs();
}
''' % (upload_tmp_dir, trash_linkname, csrf_token)
add_ready += '''
// do sequenced initialisation (separate function)
init_page();
'''
# TODO: can we update style inline to avoid explicit themed_styles?
title_entry['style'] = themed_styles(
configuration,
base=[
'jquery.contextmenu.css', 'jquery.managers.contextmenu.css',
'jquery.xbreadcrumbs.css', 'jquery.fmbreadcrumbs.css',
'jquery.fileupload.css', 'jquery.fileupload-ui.css'
],
skin=['fileupload-ui.custom.css', 'xbreadcrumbs.custom.css'],
user_settings=title_entry.get('user_settings', {}))
title_entry['script']['advanced'] += add_import
title_entry['script']['init'] += add_init
title_entry['script']['ready'] += add_ready
if flavor == 'freeze':
fill_helpers['freeze_name'] = fill_helpers.get('freeze_name', '')
fill_helpers["archive_header"] = "Freeze Archive Files"
fill_helpers["button_label"] = "Save and Preview"
intro_text = """
Please enter your archive details below and select any files to be included in
the archive.
"""
elif flavor == 'phd':
fill_helpers['freeze_name'] = fill_helpers.get('freeze_name', '')
fill_helpers[
"archive_header"] = "Thesis and Associated Files to Archive"
fill_helpers["button_label"] = "Save and Preview"
intro_text = """
Please enter your PhD details below and select any files associated with your
thesis.
"""
elif flavor == 'backup':
fill_helpers['freeze_name'] = fill_helpers.get('freeze_name', '')
if not fill_helpers['freeze_name']:
now = datetime.datetime.now().isoformat().replace(':', '')
fill_helpers['freeze_name'] = 'backup-%s' % now
fill_helpers["archive_header"] = "Files and folders to Archive"
fill_helpers["button_label"] = "Save and Preview"
intro_text = """
Please select the files and folders to backup below.
"""
else:
output_objects.append({
'object_type': 'error_text',
'text': "unknown flavor: %s" % flavor
})
return (output_objects, returnvalues.SYSTEM_ERROR)
# Only warn here if default state is final and persistent
if freeze_flavors[flavor]['states'][0] == keyword_final and \
flavor in configuration.site_permanent_freeze:
intro_text += """
<p class='warn_message'>Note that frozen archives <em>cannot</em> be changed
after final creation and then they can only be manually removed by management,
so please be careful when filling in the details.
</p>
"""
fill_helpers["fancy_dialog"] = fancy_upload_html(configuration)
files_form = """
<!-- and now this... we do not want to see it, except in a dialog: -->
<div id='fm_filechooser' style='display:none'>
<div class='tree-container container-fluid'>
<div class='tree-row row'>
<div class='tree-header col-3'></div>
<div class='fm_path_breadcrumbs col-6'>
<ul id='fm_xbreadcrumbs' class='xbreadcrumbs'><!-- dynamic --></ul>
</div>
<div class='fm_buttonbar col-3 d-none d-lg-block'>
<ul id='fm_buttons' class='buttonbar'>
<!-- dynamically modified by js to show optional buttons -->
<li class='datatransfersbutton hidden' title='Manage Data Transfers'> </li>
<li class='sharelinksbutton hidden' title='Manage Share Links'> </li>
<li class='parentdirbutton' title='Open Parent Directory'> </li>
<li class='refreshbutton' title='Refresh'> </li>
</ul>
</div>
<div class='fm_buttonbar-big col-6 d-block d-lg-none hidden'>
<ul id='fm_buttons' class='buttonbar'>
<!-- dynamically modified by js to show optional buttons -->
<li class='datatransfersbutton hidden' title='Manage Data Transfers'> </li>
<li class='sharelinksbutton hidden' title='Manage Share Links'> </li>
<li class='parentdirbutton' title='Open Parent Directory'> </li>
<li class='refreshbutton' title='Refresh'> </li>
</ul>
</div>
</div>
</div>
<div class='fm_addressbar'>
<input type='hidden' value='/' name='fm_current_path' />
</div>
<div class='fm_folders'>
<ul class='jqueryFileTree'>
<li class='directory expanded'>
<a>...</a>
</li>
</ul>
</div>
<div class='fm_files'>
<table id='fm_filelisting' style='font-size:13px; border-spacing=0;'>
<thead>
<tr>
<th class='fm_name'>Name</th>
<th class='fm_size'>Size</th>
<th class='fm_type'>Type</th>
<th class='fm_date'>Date Modified</th>
<th class='fm_toolbox'>...</th>
</tr>
</thead>
<tbody>
<!-- this is a placeholder for contents: do not remove! -->
</tbody>
</table>
</div>
<div id='fm_statusbar' class='col-lg-12'>
<div id='fm_statusprogress' class=' col-lg-3'>
<div class='progress-label'>Loading...</div>
</div>
<div id='fm_statusinfo' class='col-lg-9'> </div>
</div>
</div>
<div id='cmd_dialog' title='Command output' style='display: none;'></div>
%(fancy_dialog)s
""" % fill_helpers
target_op = 'createfreeze'
csrf_token = make_csrf_token(configuration, form_method, target_op,
client_id, csrf_limit)
fill_helpers.update({'target_op': target_op, 'csrf_token': csrf_token})
freeze_form = """
<form enctype='multipart/form-data' method='%(form_method)s' action='%(target_op)s.py'>
<input type='hidden' name='%(csrf_field)s' value='%(csrf_token)s' />
<input type='hidden' name='flavor' value='%(flavor)s' />
<input type='hidden' name='freeze_id' value='%(freeze_id)s' />
<b>Name:</b><br />
<input class='fillwidth padspace' type='text' name='freeze_name'
value='%(freeze_name)s' autofocus required pattern='[a-zA-Z0-9_. -]+'
title='unique name for the freeze archive. I.e. letters and digits separated only by spaces, underscores, periods and hyphens' />
"""
if flavor != 'backup':
# TODO: do these make sense to have here or just forced in backend?
freeze_form += """
<input type='hidden' name='freeze_department' value='' />
<input type='hidden' name='freeze_organization' value='' />
<br><b>Author(s):</b><br />
<input class='fillwidth padspace' type='text' name='freeze_author'
value='%(freeze_author)s' title='optional archive author(s) in case archive is created on behalf of one or more people' />
<br /><b>Description:</b><br />
<textarea class='fillwidth padspace' rows='20' name='freeze_description'>%(freeze_description)s</textarea>
<br />
"""
freeze_form += """
<br />
<div id='freezefiles'>
<b>%(archive_header)s:</b><br/>
"""
freeze_form += """
<input type='button' id='addfilebutton' value='Add file/directory' />
"""
if flavor != 'backup':
freeze_form += """
<input type='button' id='adduploadbutton' value='Add upload' />
"""
freeze_form += """
<div id='copyfiles'>
<!-- Dynamically filled -->
</div>
"""
if flavor != 'backup':
freeze_form += """
<div id='uploadfiles'>
<!-- Dynamically filled -->
</div>
"""
freeze_form += """
</div>
<br />
"""
if flavor != 'backup':
freeze_form += """
<div id='freezepublish'>
<b>Make Dataset Publicly Available</b>
"""
for val in ('yes', 'no'):
checked = ''
if fill_helpers['publish_value'] == val:
checked = 'checked="checked"'
freeze_form += """
<input type='radio' name='freeze_publish' value='%s' %s />%s
""" % (val, checked, val)
freeze_form += """
</div>
<br />
"""
freeze_form += """
<input type='submit' value='%(button_label)s' />
</form>
"""
# TODO: consider in-lining showfreeze file table for direct modify instead
# probably requires more AJAX handling of actions.
# for rel_path in frozen_files:
# freeze_form += """%s<br/>""" % rel_path
output_objects.append({'object_type': 'html_form', 'text': intro_text})
output_objects.append({'object_type': 'html_form', 'text': files_form})
output_objects.append({
'object_type': 'html_form',
'text': freeze_form % fill_helpers
})
# Link to view if archive already exists
if freeze_id != keyword_auto:
frozen_files = [
i['name'] for i in freeze_dict.get('FILES', [])
if i['name'] != public_archive_index
]
# Info about contents and spacing before view button otherwise
if frozen_files:
output_objects.append({
'object_type':
'html_form',
'text':
"""
<h3>Previously Added Files</h3>
<p>There are already %d file(s) saved in the archive and you can view and
manage those through the link below e.g. in case you change your mind
about including any of them.
</p>""" % len(frozen_files)
})
else:
output_objects.append({'object_type': 'text', 'text': ''})
output_objects.append({
'object_type':
'link',
'destination':
'showfreeze.py?freeze_id=%s;flavor=%s' % (freeze_id, flavor),
'class':
'viewarchivelink iconspace genericbutton',
'title':
'View details about your %s archive' % flavor,
'text':
'View details',
'target':
'_blank',
})
# Spacing
output_objects.append({
'object_type':
'html_form',
'text':
'''
<div class="vertical-spacer"></div>
'''
})
return (output_objects, returnvalues.OK)
def main(client_id, user_arguments_dict, environ=None):
"""Main function used by front end"""
if environ is None:
environ = os.environ
(configuration, logger, output_objects, op_name) = \
initialize_main_variables(client_id, op_header=False)
logger.info('Extracting input in %s' % op_name)
status = returnvalues.OK
defaults = signature()[1]
logger.info('Extracted input in %s: %s' %
(op_name, user_arguments_dict.keys()))
# All non-file fields must be validated
validate_args = dict([(key, user_arguments_dict.get(key, val))
for (key, val) in user_arguments_dict.items()
if not key in manual_validation])
# IMPORTANT: we must explicitly inlude CSRF token
validate_args[csrf_field] = user_arguments_dict.get(csrf_field, [''])
(validate_status, accepted) = validate_input(
validate_args,
defaults,
output_objects,
allow_rejects=False,
)
if not validate_status:
logger.error('%s validation failed: %s (%s)' %
(op_name, validate_status, accepted))
return (accepted, returnvalues.CLIENT_ERROR)
logger.info('validated input in %s: %s' % (op_name, validate_args.keys()))
action = accepted['action'][-1]
current_dir = os.path.normpath(accepted['current_dir'][-1].lstrip(os.sep))
flags = ''.join(accepted['flags'])
share_id = accepted['share_id'][-1]
output_format = accepted['output_format'][-1]
if action != "status":
if not safe_handler(configuration, 'post', op_name, client_id,
get_csrf_limit(configuration), accepted):
output_objects.append({
'object_type':
'error_text',
'text':
'''Only accepting
CSRF-filtered POST requests to prevent unintended updates'''
})
return (output_objects, returnvalues.CLIENT_ERROR)
reject_write = False
uploaded = []
header_item = {'object_type': 'header', 'text': ''}
# Always include a files reply even if empty
output_objects.append(header_item)
output_objects.append({'object_type': 'uploadfiles', 'files': uploaded})
# Either authenticated user client_id set or sharelink ID
if client_id:
user_id = client_id
target_dir = client_id_dir(client_id)
base_dir = configuration.user_home
redirect_name = configuration.site_user_redirect
redirect_path = redirect_name
id_args = ''
page_title = 'Upload to User Directory: %s' % action
userstyle = True
widgets = True
elif share_id:
try:
(share_mode, _) = extract_mode_id(configuration, share_id)
except ValueError, err:
logger.error('%s called with invalid share_id %s: %s' %
(op_name, share_id, err))
output_objects.append({
'object_type': 'error_text',
'text': 'Invalid sharelink ID: %s' % share_id
})
return (output_objects, returnvalues.CLIENT_ERROR)
# TODO: load and check sharelink pickle (currently requires client_id)
user_id = 'anonymous user through share ID %s' % share_id
# NOTE: we must return uploaded reply so we delay read-only failure
if share_mode == 'read-only':
logger.error('%s called without write access: %s' %
(op_name, accepted))
reject_write = True
target_dir = os.path.join(share_mode, share_id)
base_dir = configuration.sharelink_home
redirect_name = 'share_redirect'
redirect_path = os.path.join(redirect_name, share_id)
id_args = 'share_id=%s;' % share_id
page_title = 'Upload to Shared Directory: %s' % action
userstyle = False
widgets = False
def main(client_id, user_arguments_dict):
"""Main function used by front end"""
(configuration, logger, output_objects, op_name) = \
initialize_main_variables(client_id, op_header=False)
defaults = signature()[1]
title_entry = find_entry(output_objects, 'title')
label = "%s" % configuration.site_vgrid_label
title_entry['text'] = "Remove %s Resource" % label
output_objects.append({
'object_type': 'header',
'text': 'Remove %s Resource' % label
})
(validate_status, accepted) = validate_input_and_cert(
user_arguments_dict,
defaults,
output_objects,
client_id,
configuration,
allow_rejects=False,
)
if not validate_status:
return (accepted, returnvalues.CLIENT_ERROR)
vgrid_name = accepted['vgrid_name'][-1]
unique_resource_name = accepted['unique_resource_name'][-1].lower()
if not safe_handler(configuration, 'post', op_name, client_id,
get_csrf_limit(configuration), accepted):
output_objects.append({
'object_type':
'error_text',
'text':
'''Only accepting
CSRF-filtered POST requests to prevent unintended updates'''
})
return (output_objects, returnvalues.CLIENT_ERROR)
user_map = get_full_user_map(configuration)
user_dict = user_map.get(client_id, None)
# Optional site-wide limitation of manage vgrid permission
if not user_dict or \
not vgrid_manage_allowed(configuration, user_dict):
logger.warning("user %s is not allowed to manage vgrids!" % client_id)
output_objects.append({
'object_type':
'error_text',
'text':
'Only privileged users can manage %ss' % label
})
return (output_objects, returnvalues.CLIENT_ERROR)
# make sure vgrid settings allow this owner to edit resources
(allow_status, allow_msg) = allow_resources_adm(configuration, vgrid_name,
client_id)
if not allow_status:
output_objects.append({'object_type': 'error_text', 'text': allow_msg})
return (output_objects, returnvalues.CLIENT_ERROR)
# Validity of user and vgrid names is checked in this init function so
# no need to worry about illegal directory traversal through variables
(ret_val, msg, ret_variables) = \
init_vgrid_script_add_rem(vgrid_name, client_id,
unique_resource_name, 'resource',
configuration)
if not ret_val:
output_objects.append({'object_type': 'error_text', 'text': msg})
return (output_objects, returnvalues.CLIENT_ERROR)
elif msg:
# In case of warnings, msg is non-empty while ret_val remains True
output_objects.append({'object_type': 'warning', 'text': msg})
if not vgrid_is_owner(vgrid_name, client_id, configuration):
output_objects.append({
'object_type':
'error_text',
'text':
'''You must be an owner of the %s to
remove a resource!''' % label
})
return (output_objects, returnvalues.CLIENT_ERROR)
# don't remove if not a participant
if not vgrid_is_resource(vgrid_name, unique_resource_name, configuration):
output_objects.append({
'object_type':
'error_text',
'text':
'%s is not a resource in %s or a parent %s.' %
(unique_resource_name, vgrid_name, label)
})
return (output_objects, returnvalues.CLIENT_ERROR)
# remove
(rm_status, rm_msg) = vgrid_remove_resources(configuration, vgrid_name,
[unique_resource_name])
if not rm_status:
output_objects.append({'object_type': 'error_text', 'text': rm_msg})
output_objects.append({
'object_type': 'error_text',
'text': '''%(res_name)s might be listed as a resource
of this %(vgrid_label)s because it is a resource of a parent %(vgrid_label)s.
Removal must be performed from the most significant %(vgrid_label)s possible.
''' % {
'res_name': unique_resource_name,
'vgrid_label': label
}
})
return (output_objects, returnvalues.SYSTEM_ERROR)
output_objects.append({
'object_type':
'text',
'text':
'Resource %s successfully removed from %s %s!' %
(unique_resource_name, vgrid_name, label)
})
output_objects.append({
'object_type': 'link',
'destination': 'adminvgrid.py?vgrid_name=%s' % vgrid_name,
'text': 'Back to administration for %s' % vgrid_name
})
return (output_objects, returnvalues.OK)
def main(client_id, user_arguments_dict):
"""Main function used by front end"""
(configuration, logger, output_objects, op_name) = \
initialize_main_variables(client_id, op_header=False)
client_dir = client_id_dir(client_id)
defaults = signature()[1]
title_entry = find_entry(output_objects, 'title')
label = "%s" % configuration.site_vgrid_label
title_entry['text'] = "Update %s Components" % label
output_objects.append({
'object_type': 'header',
'text': 'Update %s Components' % label
})
(validate_status, accepted) = validate_input_and_cert(
user_arguments_dict,
defaults,
output_objects,
client_id,
configuration,
allow_rejects=False,
)
if not validate_status:
return (accepted, returnvalues.CLIENT_ERROR)
vgrid_name = accepted['vgrid_name'][-1]
if not safe_handler(configuration, 'post', op_name, client_id,
get_csrf_limit(configuration), accepted):
output_objects.append({
'object_type':
'error_text',
'text':
'''Only accepting
CSRF-filtered POST requests to prevent unintended updates'''
})
return (output_objects, returnvalues.CLIENT_ERROR)
if not vgrid_is_owner(vgrid_name, client_id, configuration):
output_objects.append({
'object_type':
'error_text',
'text':
'Only owners of %s can administrate it.' % vgrid_name
})
form_method = 'post'
csrf_limit = get_csrf_limit(configuration)
fill_helpers = {
'vgrid_label': label,
'vgrid_name': vgrid_name,
'form_method': form_method,
'csrf_field': csrf_field,
'csrf_limit': csrf_limit
}
target_op = 'sendrequestaction'
csrf_token = make_csrf_token(configuration, form_method, target_op,
client_id, csrf_limit)
fill_helpers.update({'target_op': target_op, 'csrf_token': csrf_token})
output_objects.append({
'object_type':
'html_form',
'text':
'''
<form method="%(form_method)s" action="%(target_op)s.py">
<input type="hidden" name="%(csrf_field)s" value="%(csrf_token)s" />
<input type="hidden" name="vgrid_name" value="%(vgrid_name)s"/>
<input type="hidden" name="request_type" value="vgridowner"/>
<input type="text" size=50 name="request_text" />
<input type="hidden" name="output_format" value="html" />
<input type="submit" value="Request %(vgrid_label)s access" />
</form>
''' % fill_helpers
})
return (output_objects, returnvalues.SYSTEM_ERROR)
# Please note that base_dir must end in slash to avoid access to other
# user dirs when own name is a prefix of another user name
base_dir = os.path.abspath(
os.path.join(configuration.vgrid_home, vgrid_name)) + os.sep
public_base_dir = \
os.path.abspath(os.path.join(configuration.vgrid_public_base,
vgrid_name)) + os.sep
public_scm_dir = \
os.path.abspath(os.path.join(configuration.vgrid_public_base,
vgrid_name, '.vgridscm')) + os.sep
public_tracker_dir = \
os.path.abspath(os.path.join(configuration.vgrid_public_base,
vgrid_name, '.vgridtracker')) + os.sep
private_base_dir = \
os.path.abspath(os.path.join(configuration.vgrid_private_base,
vgrid_name)) + os.sep
private_scm_dir = \
os.path.abspath(os.path.join(configuration.vgrid_private_base,
vgrid_name, '.vgridscm')) + os.sep
private_tracker_dir = \
os.path.abspath(os.path.join(configuration.vgrid_private_base,
vgrid_name, '.vgridtracker')) + os.sep
private_forum_dir = \
os.path.abspath(os.path.join(configuration.vgrid_private_base,
vgrid_name, '.vgridforum')) + os.sep
vgrid_files_dir = \
os.path.abspath(os.path.join(configuration.vgrid_files_home,
vgrid_name)) + os.sep
vgrid_scm_dir = \
os.path.abspath(os.path.join(configuration.vgrid_files_home,
vgrid_name, '.vgridscm')) + os.sep
vgrid_tracker_dir = \
os.path.abspath(os.path.join(configuration.vgrid_files_home,
vgrid_name, '.vgridtracker')) + os.sep
output_objects.append({'object_type': 'text', 'text':
'Updating %s %s components ...' % \
(label, vgrid_name)})
# Try to create all base directories used for vgrid files
for path in (base_dir, public_base_dir, private_base_dir, vgrid_files_dir):
try:
os.mkdir(path)
except Exception, exc:
pass
def main(client_id, user_arguments_dict):
"""Main function used by front end"""
(configuration, logger, output_objects, op_name) = \
initialize_main_variables(client_id, op_header=False)
defaults = signature()[1]
title_entry = find_entry(output_objects, 'title')
label = "%s" % configuration.site_vgrid_label
title_entry['text'] = "Remove %s Owner" % label
output_objects.append({'object_type': 'header', 'text':
'Remove %s Owner' % label})
(validate_status, accepted) = validate_input_and_cert(
user_arguments_dict,
defaults,
output_objects,
client_id,
configuration,
allow_rejects=False,
)
if not validate_status:
return (accepted, returnvalues.CLIENT_ERROR)
vgrid_name = accepted['vgrid_name'][-1]
flags = ''.join(accepted['flags'])
cert_id = accepted['cert_id'][-1]
cert_dir = client_id_dir(cert_id)
# inherited vgrid membership
inherit_vgrid_member = False
if not safe_handler(configuration, 'post', op_name, client_id,
get_csrf_limit(configuration), accepted):
output_objects.append(
{'object_type': 'error_text', 'text': '''Only accepting
CSRF-filtered POST requests to prevent unintended updates'''
})
return (output_objects, returnvalues.CLIENT_ERROR)
# always allow owner to remove self
if client_id != cert_id:
user_map = get_full_user_map(configuration)
user_dict = user_map.get(client_id, None)
# Optional site-wide limitation of manage vgrid permission
if not user_dict or \
not vgrid_manage_allowed(configuration, user_dict):
logger.warning("user %s is not allowed to manage vgrids!" %
client_id)
output_objects.append(
{'object_type': 'error_text', 'text':
'Only privileged users can manage %ss' % label})
return (output_objects, returnvalues.CLIENT_ERROR)
# make sure vgrid settings allow this owner to edit other owners
(allow_status, allow_msg) = allow_owners_adm(configuration, vgrid_name,
client_id)
if not allow_status:
output_objects.append({'object_type': 'error_text', 'text':
allow_msg})
return (output_objects, returnvalues.CLIENT_ERROR)
# Validity of user and vgrid names is checked in this init function so
# no need to worry about illegal directory traversal through variables
(ret_val, msg, _) = \
init_vgrid_script_add_rem(vgrid_name, client_id, cert_id,
'owner', configuration)
if not ret_val:
output_objects.append({'object_type': 'error_text', 'text': msg})
return (output_objects, returnvalues.CLIENT_ERROR)
# don't remove if not already an owner
if not vgrid_is_owner(vgrid_name, cert_id, configuration):
logger.warning('%s is not allowed to remove owner %s from %s' %
(client_id, cert_id, vgrid_name))
output_objects.append({'object_type': 'error_text', 'text':
'%s is not an owner of %s or a parent %s.' %
(cert_id, vgrid_name, label)})
return (output_objects, returnvalues.CLIENT_ERROR)
# we need the local owners file to detect inherited ownerships
(owners_status, owners_direct) = vgrid_owners(vgrid_name, configuration,
False)
(all_status, owners) = vgrid_owners(vgrid_name, configuration, True)
if not owners_status or not all_status:
logger.error('Error loading owners for %s: %s / %s'
% (vgrid_name, owners_direct, owners))
output_objects.append(
{'object_type': 'error_text', 'text':
'An internal error occurred, error conditions have been logged.'})
output_objects.append({'object_type': 'text', 'text': '''
You can help us fix the problem by notifying the administrators
via mail about what you wanted to do when the error happened.'''})
return (output_objects, returnvalues.CLIENT_ERROR)
logger.info('%s removing owner %s from %s' % (client_id, cert_id,
vgrid_name))
# find out whether to just remove an owner or delete the whole thing.
# ask about delete if last or no direct owners.
if len(owners_direct) > 1:
logger.debug('Removing %s, one of several owners, from %s.' %
(cert_id, vgrid_name))
if not (cert_id in owners_direct):
# the owner owns an upper vgrid, ownership is inherited
# cannot remove, not last (inherited) owner
logger.warning('Cannot delete: Inherited ownership.' +
'\n Owners: %s,\n Direct owners: %s.'
% (owners, owners_direct))
output_objects.append({'object_type': 'error_text', 'text':
'''%s is owner of a parent %s.
Owner removal has to be performed at the topmost vgrid''' %
(cert_id, label)})
return (output_objects, returnvalues.CLIENT_ERROR)
else:
# Remove any tracker admin rights
if configuration.trac_admin_path:
public_tracker_dir = \
os.path.abspath(os.path.join(
configuration.vgrid_public_base, vgrid_name,
'.vgridtracker'))
private_tracker_dir = \
os.path.abspath(os.path.join(
configuration.vgrid_private_base, vgrid_name,
'.vgridtracker'))
vgrid_tracker_dir = \
os.path.abspath(os.path.join(
configuration.vgrid_files_home, vgrid_name,
'.vgridtracker'))
for tracker_dir in [public_tracker_dir, private_tracker_dir,
vgrid_tracker_dir]:
if not rm_tracker_admin(configuration, cert_id,
vgrid_name, tracker_dir,
output_objects):
return (output_objects, returnvalues.SYSTEM_ERROR)
user_dir = os.path.abspath(os.path.join(configuration.user_home,
cert_dir)) + os.sep
# Do not touch vgrid share if still a member of a parent vgrid
if vgrid_is_member(vgrid_name, cert_id, configuration):
# list is in top-down order
parent_vgrids = vgrid_list_parents(vgrid_name, configuration)
inherit_vgrid_member = vgrid_name
for parent in parent_vgrids:
if vgrid_is_member(parent, cert_id, configuration,
recursive=False):
inherit_vgrid_member = parent
break
output_objects.append(
{'object_type': 'text', 'text':
'''NOTE: %s is still a member of parent %s %s.
Preserving access to corresponding %s.''' % (cert_id, label,
inherit_vgrid_member, label)})
else:
(success, msg) = unlink_share(user_dir, vgrid_name)
if not success:
logger.error('Could not remove share link: %s.' % msg)
output_objects.append({'object_type': 'error_text', 'text':
'Could not remove share links: %s.'
% msg})
return (output_objects, returnvalues.SYSTEM_ERROR)
# unlink shared web folders
(success, msg) = unlink_web_folders(user_dir, vgrid_name)
if not success:
logger.error('Could not remove web links: %s.' % msg)
output_objects.append({'object_type': 'error_text', 'text':
'Could not remove web links: %s.'
% msg})
return (output_objects, returnvalues.SYSTEM_ERROR)
# remove user from saved owners list
(rm_status, rm_msg) = vgrid_remove_owners(configuration, vgrid_name,
[cert_id])
if not rm_status:
output_objects.append({'object_type': 'error_text', 'text':
'%s of owners of %s'
% (rm_msg, vgrid_name)})
return (output_objects, returnvalues.SYSTEM_ERROR)
# Any parent vgrid membership is left untouched here as we only
# force a normal refresh in unmap_inheritance
unmap_inheritance(configuration, vgrid_name, cert_id)
output_objects.append({'object_type': 'text', 'text':
'%s successfully removed as owner of %s!'
% (cert_id, vgrid_name)})
output_objects.append({'object_type': 'link', 'destination':
'adminvgrid.py?vgrid_name=%s' % vgrid_name, 'text':
'Back to administration for %s' % vgrid_name})
return (output_objects, returnvalues.OK)
else:
# no more direct owners - we try to remove this VGrid
logger.debug('Leave %s from %s with no more direct owners: delete' %
(vgrid_name, cert_id))
if not force(flags):
output_objects.append({'object_type': 'text', 'text': '''
No more direct owners of %s - leaving will result in the %s getting
deleted. Please use either of the links below to confirm or cancel.
''' % (vgrid_name, label)})
# Reuse csrf token from this request
target_op = 'rmvgridowner'
js_name = target_op
csrf_token = accepted[csrf_field][-1]
helper = html_post_helper(js_name, '%s.py' % target_op,
{'vgrid_name': vgrid_name,
'cert_id': cert_id, 'flags': 'f',
csrf_field: csrf_token})
output_objects.append({'object_type': 'html_form', 'text': helper})
output_objects.append({'object_type': 'link', 'destination':
"javascript: %s();" % js_name, 'class':
'removelink iconspace', 'text':
'Really leave and delete %s' % vgrid_name})
output_objects.append({'object_type': 'text', 'text': ''})
output_objects.append({'object_type': 'link', 'destination':
'adminvgrid.py?vgrid_name=%s' % vgrid_name,
'text': 'Back to administration for %s'
% vgrid_name})
return (output_objects, returnvalues.OK)
# check if any resources participate or sub-vgrids depend on this one
(list_status, subs) = vgrid_list_subvgrids(vgrid_name, configuration)
if not list_status:
logger.error('Error loading sub-vgrid for %s: %s)' % (vgrid_name,
subs))
output_objects.append({'object_type': 'error_text', 'text': '''
An internal error occurred, error conditions have been logged.'''})
output_objects.append({'object_type': 'text', 'text': '''
You can help us fix the problem by notifying the administrators
via mail about what you wanted to do when the error happened.'''})
return (output_objects, returnvalues.CLIENT_ERROR)
if len(subs) > 0:
logger.debug('Cannot delete: still has sub-vgrids: %s' % subs)
output_objects.append(
{'object_type': 'error_text', 'text':
'%s has one or more child %ss and cannot be deleted.' %
(vgrid_name, label)})
output_objects.append(
{'object_type': 'text', 'text': '''To leave (and delete) %s
first remove all its children: %s.''' % (vgrid_name, ', '.join(subs))})
return (output_objects, returnvalues.CLIENT_ERROR)
# we consider the local members and resources here, not inherited ones
(member_status, members_direct) = vgrid_members(vgrid_name,
configuration,
False)
(resource_status, resources_direct) = vgrid_resources(vgrid_name,
configuration,
False)
if not member_status or not resource_status:
logger.warning('failed to load %s members or resources: %s %s'
% (vgrid_name, members_direct, resources_direct))
output_objects.append(
{'object_type': 'error_text', 'text':
'could not load %s members or resources for %s.' %
(label, vgrid_name)})
return (output_objects, returnvalues.SYSTEM_ERROR)
if len(resources_direct) > 0:
logger.debug('Cannot delete: still has direct resources %s.'
% resources_direct)
output_objects.append(
{'object_type': 'error_text', 'text':
'%s still has resources and cannot be deleted.' % vgrid_name})
output_objects.append({'object_type': 'text', 'text': '''
To leave (and delete) %s, first remove the participating resources.'''
% vgrid_name})
return (output_objects, returnvalues.CLIENT_ERROR)
if len(members_direct) > 0:
logger.debug('Cannot delete: still has direct members %s.'
% members_direct)
output_objects.append(
{'object_type': 'error_text', 'text':
'%s still has members and cannot be deleted.' % vgrid_name})
output_objects.append({'object_type': 'text', 'text': '''
To leave (and delete) %s, first remove all members.'''
% vgrid_name})
return (output_objects, returnvalues.CLIENT_ERROR)
# Deleting write restricted VGrid is not allowed
(load_status, saved_settings) = vgrid_settings(vgrid_name,
configuration,
recursive=True,
as_dict=True)
if not load_status:
output_objects.append(
{'object_type': 'error_text', 'text':
'failed to load saved %s settings' % vgrid_name})
return (output_objects, returnvalues.SYSTEM_ERROR)
if saved_settings.get('write_shared_files', keyword_members) != \
keyword_members:
logger.warning("%s can't delete vgrid %s - write limited!"
% (client_id, vgrid_name))
output_objects.append(
{'object_type': 'error_text', 'text': """You can't delete
write-restricted %ss - first remove any write restrictions for shared files
on the admin page and then try again.""" % label})
return (output_objects, returnvalues.CLIENT_ERROR)
# When reaching here, OK to remove the VGrid.
# if top-level: unlink, remove all files and directories,
# in all cases: remove configuration entry for the VGrid
# unlink and move new-style vgrid sub dir to parent
logger.info('Deleting %s and all related data as requested by %s' %
(vgrid_name, cert_id))
if (cert_id in owners_direct):
# owner owns this vgrid, direct ownership
logger.debug('%s looks like a top-level vgrid.' % vgrid_name)
logger.debug('Deleting all related files.')
user_dir = os.path.abspath(os.path.join(configuration.user_home,
cert_dir)) + os.sep
(share_lnk, share_msg) = unlink_share(user_dir, vgrid_name)
(web_lnk, web_msg) = unlink_web_folders(user_dir, vgrid_name)
(files_act, files_msg) = abandon_vgrid_files(vgrid_name,
configuration)
else:
# owner owns some parent vgrid - ownership is only inherited
logger.debug('%s looks like a sub-vgrid, ownership inherited.' %
vgrid_name)
logger.debug('Only removing entry, leaving files in place.')
share_lnk, share_msg = True, ''
web_lnk, web_msg = True, ''
(files_act, files_msg) = inherit_vgrid_files(vgrid_name,
configuration)
(removed, entry_msg) = remove_vgrid_entry(vgrid_name, configuration)
output_objects.append({'object_type': 'text', 'text':
'%s has been removed with last owner.'
% vgrid_name})
output_objects.append({'object_type': 'link',
'destination': 'vgridman.py',
'text': 'Back to the overview.'})
if not share_lnk or not web_lnk or not files_act or not removed:
err = '\n'.join([share_msg, web_msg, files_msg, entry_msg])
logger.error('Errors while removing %s:\n%s.' % (vgrid_name, err))
output_objects.append({'object_type': 'error_text', 'text': '''
An internal error occurred, error conditions have been logged.'''})
output_objects.append({'object_type': 'text', 'text': '''
You can help us fix the problem by notifying the administrators
via mail about what you wanted to do when the error happened.'''})
return (output_objects, returnvalues.CLIENT_ERROR)
else:
# Remove vgrid from vgrid cache (after deleting all)
unmap_vgrid(configuration, vgrid_name)
return (output_objects, returnvalues.OK)
def main(client_id, user_arguments_dict):
"""Main function used by front end"""
(configuration, logger, output_objects, op_name) = \
initialize_main_variables(client_id)
client_dir = client_id_dir(client_id)
status = returnvalues.OK
defaults = signature()[1]
(validate_status, accepted) = validate_input_and_cert(
user_arguments_dict,
defaults,
output_objects,
client_id,
configuration,
allow_rejects=False,
)
if not validate_status:
return (accepted, returnvalues.CLIENT_ERROR)
flags = ''.join(accepted['flags'])
patterns = accepted['path']
if not safe_handler(configuration, 'post', op_name, client_id,
get_csrf_limit(configuration), accepted):
output_objects.append({
'object_type':
'error_text',
'text':
'''Only accepting
CSRF-filtered POST requests to prevent unintended updates'''
})
return (output_objects, returnvalues.CLIENT_ERROR)
if not configuration.site_enable_jobs:
output_objects.append({
'object_type':
'error_text',
'text':
'''Job execution is not enabled on this system'''
})
return (output_objects, returnvalues.SYSTEM_ERROR)
# Please note that base_dir must end in slash to avoid access to other
# user dirs when own name is a prefix of another user name
base_dir = os.path.abspath(
os.path.join(configuration.user_home, client_dir)) + os.sep
if verbose(flags):
for flag in flags:
output_objects.append({
'object_type': 'text',
'text': '%s using flag: %s' % (op_name, flag)
})
for pattern in patterns:
# Check directory traversal attempts before actual handling to avoid
# leaking information about file system layout while allowing
# consistent error messages
unfiltered_match = glob.glob(base_dir + pattern)
match = []
for server_path in unfiltered_match:
# IMPORTANT: path must be expanded to abs for proper chrooting
abs_path = os.path.abspath(server_path)
if not valid_user_path(configuration, abs_path, base_dir, True):
# out of bounds - save user warning for later to allow
# partial match:
# ../*/* is technically allowed to match own files.
logger.warning('%s tried to %s restricted path %s ! (%s)' %
(client_id, op_name, abs_path, pattern))
continue
match.append(abs_path)
# Now actually treat list of allowed matchings and notify if no
# (allowed) match
if not match:
output_objects.append({
'object_type': 'file_not_found',
'name': pattern
})
status = returnvalues.FILE_NOT_FOUND
submitstatuslist = []
for abs_path in match:
output_lines = []
relative_path = abs_path.replace(base_dir, '')
submitstatus = {
'object_type': 'submitstatus',
'name': relative_path
}
try:
(job_status, newmsg, job_id) = new_job(abs_path, client_id,
configuration, False,
True)
except Exception, exc:
logger.error("%s: failed on '%s': %s" %
(op_name, relative_path, exc))
job_status = False
newmsg = "%s failed on '%s' (is it a valid mRSL file?)"\
% (op_name, relative_path)
job_id = None
if not job_status:
submitstatus['status'] = False
submitstatus['message'] = newmsg
status = returnvalues.CLIENT_ERROR
else:
submitstatus['status'] = True
submitstatus['job_id'] = job_id
submitstatuslist.append(submitstatus)
output_objects.append({
'object_type': 'submitstatuslist',
'submitstatuslist': submitstatuslist
})
