def _handle_dropping_privs(self, environ, req_uri):
if environ['tiddlyweb.usersign']['name'] == 'GUEST':
return
http_host, _ = determine_host(environ)
space_name = determine_space(environ, http_host)
if space_name == None:
return
space = Space(space_name)
store = environ['tiddlyweb.store']
container_name = req_uri.split('/')[2]
if req_uri.startswith('/bags/'):
recipe_name = determine_space_recipe(environ, space_name)
space_recipe = store.get(Recipe(recipe_name))
template = recipe_template(environ)
recipe_bags = [bag for bag, _ in space_recipe.get_recipe(template)]
recipe_bags.extend(space.extra_bags())
if environ['REQUEST_METHOD'] == 'GET':
if container_name in recipe_bags:
return
if container_name in ADMIN_BAGS:
return
else:
base_bags = space.list_bags()
# add bags in the recipe which may have been added
# by the recipe mgt. That is: bags which are not
# included and not core.
acceptable_bags = [
bag for bag in recipe_bags
if not (Space.bag_is_public(bag) or Space.bag_is_private(
bag) or Space.bag_is_associate(bag))
]
acceptable_bags.extend(base_bags)
acceptable_bags.extend(ADMIN_BAGS)
if container_name in acceptable_bags:
return
if (req_uri.startswith('/recipes/')
and container_name in space.list_recipes()):
return
self._drop_privs(environ)
return
def _handle_dropping_privs(self, environ, req_uri):
if environ['tiddlyweb.usersign']['name'] == 'GUEST':
return
http_host, _ = determine_host(environ)
space_name = determine_space(environ, http_host)
if space_name == None:
return
space = Space(space_name)
store = environ['tiddlyweb.store']
container_name = req_uri.split('/')[2]
if req_uri.startswith('/bags/'):
recipe_name = determine_space_recipe(environ, space_name)
space_recipe = store.get(Recipe(recipe_name))
template = recipe_template(environ)
recipe_bags = [bag for bag, _ in space_recipe.get_recipe(template)]
recipe_bags.extend(space.extra_bags())
if environ['REQUEST_METHOD'] == 'GET':
if container_name in recipe_bags:
return
if container_name in ADMIN_BAGS:
return
else:
base_bags = space.list_bags()
# add bags in the recipe which may have been added
# by the recipe mgt. That is: bags which are not
# included and not core.
acceptable_bags = [bag for bag in recipe_bags if not (
Space.bag_is_public(bag) or Space.bag_is_private(bag)
or Space.bag_is_associate(bag))]
acceptable_bags.extend(base_bags)
acceptable_bags.extend(ADMIN_BAGS)
if container_name in acceptable_bags:
return
if (req_uri.startswith('/recipes/')
and container_name in space.list_recipes()):
return
self._drop_privs(environ)
return
def _handle_core_request(self, environ, req_uri):
"""
Override a core request, adding filters or sending 404s where
necessary to limit the view of entities.
filtering can be disabled with a custom HTTP header X-ControlView set
to false
"""
http_host, host_url = determine_host(environ)
request_method = environ['REQUEST_METHOD']
disable_ControlView = environ.get('HTTP_X_CONTROLVIEW') == 'false'
if http_host != host_url and not disable_ControlView:
space_name = determine_space(environ, http_host)
if space_name == None:
return
recipe_name = determine_space_recipe(environ, space_name)
store = environ['tiddlyweb.store']
try:
recipe = store.get(Recipe(recipe_name))
except NoRecipeError, exc:
raise HTTP404('No recipe for space: %s', exc)
space = Space(space_name)
template = recipe_template(environ)
bags = space.extra_bags()
for bag, _ in recipe.get_recipe(template):
bags.append(bag)
bags.extend(ADMIN_BAGS)
filter_string = None
if req_uri.startswith('/recipes') and req_uri.count('/') == 1:
filter_string = 'oom=name:'
if recipe_name == space.private_recipe():
filter_parts = space.list_recipes()
else:
filter_parts = [space.public_recipe()]
filter_string += ','.join(filter_parts)
elif req_uri.startswith('/bags') and req_uri.count('/') == 1:
filter_string = 'oom=name:'
filter_parts = bags
filter_string += ','.join(filter_parts)
elif req_uri.startswith('/search') and req_uri.count('/') == 1:
filter_string = 'oom=bag:'
filter_parts = bags
filter_string += ','.join(filter_parts)
else:
entity_name = req_uri.split('/')[2]
if '/recipes/' in req_uri:
valid_recipes = space.list_recipes()
if entity_name not in valid_recipes:
raise HTTP404('recipe %s not found' % entity_name)
else:
if entity_name not in bags:
raise HTTP404('bag %s not found' % entity_name)
if filter_string:
filters, _ = parse_for_filters(filter_string)
for single_filter in filters:
environ['tiddlyweb.filters'].insert(0, single_filter)
def _handle_core_request(self, environ, req_uri, start_response):
"""
Override a core request, adding filters or sending 404s where
necessary to limit the view of entities.
filtering can be disabled with a custom HTTP header X-ControlView set
to false
"""
http_host, host_url = determine_host(environ)
disable_ControlView = environ.get('HTTP_X_CONTROLVIEW') == 'false'
if http_host != host_url and not disable_ControlView:
space_name = determine_space(environ, http_host)
if space_name == None:
return None
recipe_name = determine_space_recipe(environ, space_name)
store = environ['tiddlyweb.store']
try:
recipe = store.get(Recipe(recipe_name))
except NoRecipeError, exc:
raise HTTP404('No recipe for space: %s', exc)
space = Space(space_name)
template = recipe_template(environ)
bags = space.extra_bags()
for bag, _ in recipe.get_recipe(template):
bags.append(bag)
bags.extend(ADMIN_BAGS)
search_string = None
if req_uri.startswith('/recipes') and req_uri.count('/') == 1:
serialize_type, mime_type = get_serialize_type(environ)
serializer = Serializer(serialize_type, environ)
if recipe_name == space.private_recipe():
recipes = space.list_recipes()
else:
recipes = [space.public_recipe()]
def lister():
for recipe in recipes:
yield Recipe(recipe)
return list_entities(environ, start_response, mime_type,
lister, serializer.list_recipes)
elif req_uri.startswith('/bags') and req_uri.count('/') == 1:
serialize_type, mime_type = get_serialize_type(environ)
serializer = Serializer(serialize_type, environ)
def lister():
for bag in bags:
yield Bag(bag)
return list_entities(environ, start_response, mime_type,
lister, serializer.list_bags)
elif req_uri.startswith('/search') and req_uri.count('/') == 1:
search_string = ' OR '.join(['bag:%s' % bag
for bag in bags])
else:
entity_name = urllib.unquote(
req_uri.split('/')[2]).decode('utf-8')
if '/recipes/' in req_uri:
valid_recipes = space.list_recipes()
if entity_name not in valid_recipes:
raise HTTP404('recipe %s not found due to ControlView'
% entity_name)
else:
if entity_name not in bags:
raise HTTP404('bag %s not found due to ControlView'
% entity_name)
if search_string:
search_query = environ['tiddlyweb.query'].get('q', [''])[0]
environ['tiddlyweb.query.original'] = search_query
if search_query:
search_query = '%s AND (%s)' % (search_query,
search_string)
environ['tiddlyweb.query']['q'][0] = search_query
else:
search_query = '(%s)' % search_string
environ['tiddlyweb.query']['q'] = [search_query]
def _handle_core_request(self, environ, req_uri, start_response):
"""
Override a core request, adding filters or sending 404s where
necessary to limit the view of entities.
filtering can be disabled with a custom HTTP header X-ControlView set
to false
"""
http_host, host_url = determine_host(environ)
disable_ControlView = environ.get('HTTP_X_CONTROLVIEW') == 'false'
if http_host != host_url and not disable_ControlView:
space_name = determine_space(environ, http_host)
if space_name == None:
return None
recipe_name = determine_space_recipe(environ, space_name)
store = environ['tiddlyweb.store']
try:
recipe = store.get(Recipe(recipe_name))
except NoRecipeError, exc:
raise HTTP404('No recipe for space: %s', exc)
space = Space(space_name)
template = recipe_template(environ)
bags = space.extra_bags()
for bag, _ in recipe.get_recipe(template):
bags.append(bag)
bags.extend(ADMIN_BAGS)
search_string = None
if req_uri.startswith('/recipes') and req_uri.count('/') == 1:
serialize_type, mime_type = get_serialize_type(environ)
serializer = Serializer(serialize_type, environ)
if recipe_name == space.private_recipe():
recipes = space.list_recipes()
else:
recipes = [space.public_recipe()]
def lister():
for recipe in recipes:
yield Recipe(recipe)
return list_entities(environ, start_response, mime_type,
lister, serializer.list_recipes)
elif req_uri.startswith('/bags') and req_uri.count('/') == 1:
serialize_type, mime_type = get_serialize_type(environ)
serializer = Serializer(serialize_type, environ)
def lister():
for bag in bags:
yield Bag(bag)
return list_entities(environ, start_response, mime_type,
lister, serializer.list_bags)
elif req_uri.startswith('/search') and req_uri.count('/') == 1:
search_string = ' OR '.join(['bag:%s' % bag for bag in bags])
else:
entity_name = urllib.unquote(
req_uri.split('/')[2]).decode('utf-8')
if '/recipes/' in req_uri:
valid_recipes = space.list_recipes()
if entity_name not in valid_recipes:
raise HTTP404(
'recipe %s not found due to ControlView' %
entity_name)
else:
if entity_name not in bags:
raise HTTP404('bag %s not found due to ControlView' %
entity_name)
if search_string:
search_query = environ['tiddlyweb.query'].get('q', [''])[0]
environ['tiddlyweb.query.original'] = search_query
if search_query:
search_query = '%s AND (%s)' % (search_query,
search_string)
environ['tiddlyweb.query']['q'][0] = search_query
else:
search_query = '(%s)' % search_string
environ['tiddlyweb.query']['q'] = [search_query]
def _handle_core_request(self, environ, req_uri):
"""
Override a core request, adding filters or sending 404s where
necessary to limit the view of entities.
filtering can be disabled with a custom HTTP header X-ControlView set
to false
"""
http_host, host_url = determine_host(environ)
request_method = environ['REQUEST_METHOD']
disable_ControlView = environ.get('HTTP_X_CONTROLVIEW') == 'false'
if http_host != host_url and not disable_ControlView:
space_name = determine_space(environ, http_host)
if space_name == None:
return
recipe_name = determine_space_recipe(environ, space_name)
store = environ['tiddlyweb.store']
try:
recipe = store.get(Recipe(recipe_name))
except NoRecipeError, exc:
raise HTTP404('No recipe for space: %s', exc)
space = Space(space_name)
template = recipe_template(environ)
bags = space.extra_bags()
for bag, _ in recipe.get_recipe(template):
bags.append(bag)
bags.extend(ADMIN_BAGS)
filter_string = None
if req_uri.startswith('/recipes') and req_uri.count('/') == 1:
filter_string = 'oom=name:'
if recipe_name == space.private_recipe():
filter_parts = space.list_recipes()
else:
filter_parts = [space.public_recipe()]
filter_string += ','.join(filter_parts)
elif req_uri.startswith('/bags') and req_uri.count('/') == 1:
filter_string = 'oom=name:'
filter_parts = bags
filter_string += ','.join(filter_parts)
elif req_uri.startswith('/search') and req_uri.count('/') == 1:
filter_string = 'oom=bag:'
filter_parts = bags
filter_string += ','.join(filter_parts)
else:
entity_name = req_uri.split('/')[2]
if '/recipes/' in req_uri:
valid_recipes = space.list_recipes()
if entity_name not in valid_recipes:
raise HTTP404('recipe %s not found' % entity_name)
else:
if entity_name not in bags:
raise HTTP404('bag %s not found' % entity_name)
if filter_string:
filters, _ = parse_for_filters(filter_string)
for single_filter in filters:
environ['tiddlyweb.filters'].insert(0, single_filter)
