def MKCOL(self, REQUEST, RESPONSE):
"""Create a new collection resource."""
self.dav__init(REQUEST, RESPONSE)
if REQUEST.get('BODY', ''):
raise UnsupportedMediaType('Unknown request body.')
name = self.__name__
parent = self.__parent__
if hasattr(aq_base(parent), name):
raise MethodNotAllowed('The name %s is in use.' % name)
if not isDavCollection(parent):
raise Forbidden('Cannot create collection at this location.')
ifhdr = REQUEST.get_header('If', '')
if IWriteLock.providedBy(parent) and parent.wl_isLocked():
if ifhdr:
parent.dav__simpleifhandler(REQUEST, RESPONSE, col=1)
else:
raise Locked
elif ifhdr:
# There was an If header, but the parent is not locked
raise PreconditionFailed
# Add hook for webdav MKCOL (Collector #2254) (needed for CMF)
mkcol_handler = getattr(parent, 'MKCOL_handler',
parent.manage_addFolder)
mkcol_handler(name)
RESPONSE.setStatus(201)
RESPONSE.setBody('')
return RESPONSE
def _handleDelete(self):
adapter = queryMultiAdapter((aq_inner(self.context), self.request),
ISWORDEditIRI)
if adapter is None:
raise MethodNotAllowed(
"Method DELETE is not supported in this context")
return adapter()
def __call__(self):
if self.request.method != 'POST':
raise MethodNotAllowed()
if not IAnnotations(
self.context)[PDF_SAVE_TOKEN_KEY] == self.get_opaque_id():
raise Unauthorized
return super(ReceiveDocumentPDF, self).__call__()
def __call__(self):
if self.request.method != 'POST':
raise MethodNotAllowed()
self.model = self.context.model
self.committee = self.model.committee.oguid.resolve_object()
return super(ReceiveZipPdf, self).__call__()
def _handleGet(self):
""" Lookup EditIRI adapter, call it to get a deposit receipt. """
adapter = queryMultiAdapter((aq_inner(self.context), self.request),
ISWORDEditIRI)
if adapter is None:
adapter = queryMultiAdapter((self.context, self.request),
ISWORDListCollection)
if adapter is None:
raise MethodNotAllowed("Method GET is not supported for %s" % \
self.request['PATH_INFO'])
return adapter._handleGet()
def __call__(self):
method = self.request.get('REQUEST_METHOD')
if method == 'POST':
return self._handlePost()
elif method == 'GET':
return self._handleGet()
elif method == 'PUT':
return self._handlePut()
elif method == 'DELETE':
return self._handleDelete()
else:
raise MethodNotAllowed("Method %s not supported" % method)
def PUT(self, REQUEST, RESPONSE):
""" Create a new non-collection resource, deleting the LockNull
object from the container before putting the new object in. """
self.dav__init(REQUEST, RESPONSE)
name = self.__name__
parent = self.aq_parent
parenturl = parent.absolute_url()
ifhdr = REQUEST.get_header('If', '')
# Since a Lock null resource is always locked by definition, all
# operations done by an owner of the lock that affect the resource
# MUST have the If header in the request
if not ifhdr:
raise PreconditionFailed('No If-header')
# First we need to see if the parent of the locknull is locked, and
# if the user owns that lock (checked by handling the information in
# the If header).
if IWriteLock.providedBy(parent) and parent.wl_isLocked():
itrue = parent.dav__simpleifhandler(REQUEST,
RESPONSE,
'PUT',
col=1,
url=parenturl,
refresh=1)
if not itrue:
raise PreconditionFailed(
'Condition failed against resources parent')
# Now we need to check the If header against our own lock state
itrue = self.dav__simpleifhandler(REQUEST, RESPONSE, 'PUT', refresh=1)
if not itrue:
raise PreconditionFailed(
'Condition failed against locknull resource')
# All of the If header tests succeeded, now we need to remove ourselves
# from our parent. We need to transfer lock state to the new object.
locks = self.wl_lockItems()
parent._delObject(name)
# Now we need to go through the regular operations of PUT
body = REQUEST.get('BODY', '')
typ = REQUEST.get_header('content-type', None)
if typ is None:
typ, enc = guess_content_type(name, body)
factory = getattr(parent, 'PUT_factory', self._default_PUT_factory)
ob = factory(name, typ, body) or self._default_PUT_factory(
name, typ, body)
# Verify that the user can create this type of object
try:
parent._verifyObjectPaste(ob.__of__(parent), 0)
except Unauthorized:
raise
except Exception:
raise Forbidden(sys.exc_info()[1])
# Put the locks on the new object
if not IWriteLock.providedBy(ob):
raise MethodNotAllowed('The target object type cannot be locked')
for token, lock in locks:
ob.wl_setLock(token, lock)
# Delegate actual PUT handling to the new object.
ob.PUT(REQUEST, RESPONSE)
parent._setObject(name, ob)
RESPONSE.setStatus(201)
RESPONSE.setBody('')
return RESPONSE
def PUT(self, REQUEST, RESPONSE):
"""
Disable HTTP PUT for preventing upload to dmd without authentication
"""
raise MethodNotAllowed('Method not supported for this resource.')
def PROPFIND(self, REQUEST, RESPONSE):
""" We don't support webdav, at all!
"""
from zExceptions import MethodNotAllowed
raise MethodNotAllowed('Method not supported for this resource.')
def apply(self,
obj,
creator=None,
depth='infinity',
token=None,
result=None,
url=None,
top=1):
""" Apply, built for recursion (so that we may lock subitems
of a collection if requested """
if result is None:
result = StringIO()
url = urlfix(self.request['URL'], 'LOCK')
url = urlbase(url)
iscol = isDavCollection(obj)
if iscol and url[-1] != '/':
url = url + '/'
errmsg = None
exc_ob = None
lock = None
try:
lock = LockItem(creator, self.owner, depth, self.timeout,
self.type, self.scope, token)
if token is None:
token = lock.getLockToken()
except ValueError:
errmsg = "412 Precondition Failed"
exc_ob = HTTPPreconditionFailed()
except Exception:
errmsg = "403 Forbidden"
exc_ob = Forbidden()
try:
if not IWriteLock.providedBy(obj):
if top:
# This is the top level object in the apply, so we
# do want an error
errmsg = "405 Method Not Allowed"
exc_ob = MethodNotAllowed()
else:
# We're in an infinity request and a subobject does
# not support locking, so we'll just pass
pass
elif obj.wl_isLocked():
errmsg = "423 Locked"
exc_ob = ResourceLockedError()
else:
method = getattr(obj, 'wl_setLock')
vld = getSecurityManager().validate(None, obj, 'wl_setLock',
method)
if vld and token and (lock is not None):
obj.wl_setLock(token, lock)
else:
errmsg = "403 Forbidden"
exc_ob = Forbidden()
except Exception:
errmsg = "403 Forbidden"
exc_ob = Forbidden()
if errmsg:
if top and ((depth in (0, '0')) or (not iscol)):
# We don't need to raise multistatus errors
raise exc_ob
elif not result.getvalue():
# We haven't had any errors yet, so our result is empty
# and we need to set up the XML header
result.write('<?xml version="1.0" encoding="utf-8" ?>\n'
'<d:multistatus xmlns:d="DAV:">\n')
result.write('<d:response>\n <d:href>%s</d:href>\n' % url)
result.write(' <d:status>HTTP/1.1 %s</d:status>\n' % errmsg)
result.write('</d:response>\n')
if depth == 'infinity' and iscol:
for ob in obj.objectValues():
if hasattr(obj, '__dav_resource__'):
uri = urljoin(url, absattr(ob.getId()))
self.apply(ob, creator, depth, token, result, uri, top=0)
if not top:
return token, result
if result.getvalue():
# One or more subitems probably failed, so close the multistatus
# element and clear out all succesful locks
result.write('</d:multistatus>')
transaction.abort() # This *SHOULD* clear all succesful locks
return token, result.getvalue()