def default(self, eid, *args, **kwargs):
apikey = kwargs.get("apikey", None)
user = self.getUser() if apikey is None else self.auth_api(apikey)
if user is None:
user = self._db["users"].find_one({
"session":
kwargs.pop("server_cookie", "nonexistant_session")
})
now = datetime.datetime.now()
if user is None:
raise HTTPError("401 Unauthorized")
self._db["log"].insert({
"addr": "datasrv/*",
"time": now,
"eid": eid,
"user": user["_id"] if user is not None else None,
"args": args,
"kwargs": kwargs
})
event = self._db["eqs"].find_one({"_id": eid})
gev = self._db["eqs"].find_one({"id": eid}, sort=[("timestamp", -1)])
evs = self._db["evtsets"].find_one({"_id": eid})
if evs is not None:
if self.check_access(evs, user):
return self.serve_eventset(evs, *args, **kwargs)
raise HTTPError("403 Forbidden.")
if event is not None:
if self.check_access(event, user):
return self.serve_event(event, *args, **kwargs)
raise HTTPError("403 Forbidden.")
if gev is not None:
if self.check_access(gev, user):
return self.serve_event(gev, *args, **kwargs)
raise HTTPError("403 Forbidden.")
raise HTTPError("404 Event(set) does not exist.")
def serve_product(self, event, product, **kwargs):
print("S: %s [%s]" %
(product, ",".join(["%s=%s" % x for x in kwargs.items()])))
serve = None
fnk = None
res = None
file = os.path.join(self.event_resultsdir(event["_id"]), product)
for pro in self._products:
if pro["file"] == product:
serve = pro["serve"]
break
if serve is not None:
try:
fnk = self.__getattribute__("serve_" + serve)
except AttributeError:
pass
if fnk is None:
self.set_cookie_with_event(event, "not available")
raise HTTPError("404 Product not available.")
self.set_cookie_with_event(event, "something wrong")
res = fnk(event, product, file, **kwargs)
if res is None:
raise HTTPError("404 Product could not be created.")
self.set_cookie_with_event(event, "success")
return res
def event(self, *vpath, **params):
if len(vpath) > 0:
uuid_string = vpath[0]
# check if it is a uuid
# check the mode
make_file = params.get('file', None)
if make_file == '':
cherrypy.response.headers[
'Content-Type'] = 'application/x-download'
cherrypy.response.headers[
"Content-Disposition"] = 'attachment; filename=Event_{0}_STIX.xml'.format(
uuid_string)
else:
cherrypy.response.headers['Content-Type'] = 'text/xml'
try:
UUID(uuid_string, version=4)
except ValueError as error:
print error
raise HTTPError(
400,
'The provided uuid "{0}" is not valid'.format(uuid_string))
try:
event = self.event_controller.get_event_by_uuid(uuid_string)
return self.stix_mapper.map_ce1sus_event(
event, self.get_user())
except ControllerNothingFoundException as error:
raise HTTPError(404, '{0}'.format(error.message))
else:
raise HTTPError(400, 'Cannot be called without a uuid')
def default(self, job_id, task_id):
try:
job = self.job_pool.get_job_by_id(job_id)
except KeyError:
raise HTTPError(404)
try:
task = job.task_graph.get_task(task_id)
except KeyError:
raise HTTPError(404)
task_string = '<html><head><title>Task Browser</title></head>'
task_string += '<body><table>'
task_string += table_row('ID', task.task_id)
task_string += table_row('State', TASK_STATE_NAMES[task.state])
for worker in task.get_workers():
task_string += table_row('Worker', worker.netloc)
task_string += span_row('Dependencies')
for local_id, ref in task.dependencies.items():
task_string += table_row(local_id, ref_link(job, ref))
task_string += span_row('Outputs')
for i, output_id in enumerate(task.expected_outputs):
task_string += table_row(i, ref_id_link(job, output_id))
task_string += span_row('History')
for t, name in task.history:
task_string += table_row(time.mktime(t.timetuple()) + t.microsecond / 1e6, name)
if len(task.children) > 0:
task_string += span_row('Children')
for i, child in enumerate(task.children):
task_string += table_row(i, '%s</td><td>%s</td><td>%s' % (task_link(job, child), child.handler, TASK_STATE_NAMES[child.state]))
task_string += '</table></body></html>'
return task_string
def event(self, *vpath, **params):
if len(vpath) > 0:
uuid_string = vpath[0]
# check if it is a uuid
# check the mode
make_file = params.get('file', None)
if make_file == '':
cherrypy.response.headers[
'Content-Type'] = 'application/x-download'
cherrypy.response.headers[
"Content-Disposition"] = 'attachment; filename=Event_{0}_ce1sus.json'.format(
uuid_string)
complete = params.get('complete', False)
inflated = params.get('inflated', False)
try:
UUID(uuid_string, version=4)
except ValueError as error:
print error
raise HTTPError(
400,
'The provided uuid "{0}" is not valid'.format(uuid_string))
try:
user = self.get_user()
event = self.event_controller.get_event_by_uuid(uuid_string)
event_permissions = self.event_controller.get_event_group_permissions(
event, user)
return json.dumps(
event.to_dict(complete, inflated, event_permissions,
user), )
except ControllerNothingFoundException as error:
raise HTTPError(404, '{0}'.format(error.message))
else:
raise HTTPError(400, 'Cannot be called without a uuid')
def editPayment(self, member_id, year=None, month=None, idPayment='0'):
""" Add or edit a payment to/of a specific user """
if not self.is_admin() and not member_id == self.session.get(
'username'):
raise HTTPError(403, 'Forbidden')
c = TemplateContext()
c.member_id = member_id
c.status_0 = False
c.status_1 = False
c.status_2 = False
# vary form depending on mode (do that over ajax)
if idPayment == '0':
c.payment = Payment()
action = 'Adding'
try:
ParamChecker.checkYear('year', param=True)
ParamChecker.checkMonth('month', param=True)
c.date = str(datetime.date(int(year), int(month), 1))
except:
'''Don't care ... just let the user enter a new date'''
pass
elif not idPayment == '' and IsInt(idPayment) and int(idPayment) > 0:
# @fixme convert IsInt to new class
action = 'Editing'
payment_q = self.db.query(Payment).filter(
Payment.id == int(idPayment))
try:
payment = payment_q.one()
# @TODO allow member editing if not verified???
if payment.verified and not self.is_admin():
raise HTTPError(403, 'Forbidden')
c.payment = payment
setattr(c, 'status_' + str(payment.status), True)
except NoResultFound:
print "oops"
raise HTTPRedirect('/members/index')
else:
raise HTTPRedirect('/members/index')
c.heading = _('%s payment for user %s') % (action, c.member_id)
self.sidebar.append({
'name': _('List payments'),
'args': {
'controller': 'payments',
'action': 'listPayments',
'params': {
'member_id': member_id
}
}
})
return self.render('/payments/editPayment.mako', template_context=c)
def getenvfile(self, workerid, kind, name):
worker = self._db["workers"].find_one({"workerid": workerid})
if worker is not None:
file = self._db["envfiles"].find_one({"kind": kind, "name": name})
if file is not None:
fname = os.path.abspath(
os.path.join(config["simenv"]["envdir"], file["fname"]))
return serve_file(fname, "application/octet-stream",
'attachment', name)
raise HTTPError("404 Not Found")
raise HTTPError("403 Forbidden")
def upload_xml(self, *vpath, **params):
user = None
try:
user = self.user_controller.get_user_by_username(
self.get_user().username)
except ControllerException as error:
self.logger.error(error)
raise HTTPError(400, error.message)
input_json = self.get_json()
filename = input_json['name']
self.logger.info(
'Starting to import xml form file {0}'.format(filename))
data = input_json['data']['data']
complete = params.get('complete', False)
inflated = params.get('inflated', False)
xml_string = base64.b64decode(data)
# STIX wants lxml instead of xml
xml = etree.fromstring(xml_string)
stix_package = STIXPackage.from_xml(xml)
try:
event = self.stix_mapper.map_stix_package(stix_package, user)
event.properties.is_validated = False
self.event_controller.insert_event(user, event, True, True)
event_permissions = self.event_controller.get_event_user_permissions(
event, user)
cherrypy.response.headers[
'Content-Type'] = 'application/json; charset=UTF-8'
return json.dumps(
event.to_dict(complete, inflated, event_permissions, user))
except ControllerIntegrityException as error:
self.logger.debug(error)
event = self.stix_mapper.map_stix_package(stix_package, user,
False, True)
local_event = self.event_controller.get_event_by_uuid(event.uuid)
event_permissions = self.event_controller.get_event_user_permissions(
event, user)
merged_event = self.merger.merge_event(local_event, event, user,
event_permissions)
self.event_controller.update_event(user, merged_event, True, True)
cherrypy.response.headers[
'Content-Type'] = 'application/json; charset=UTF-8'
return json.dumps(
merged_event.to_dict(complete, inflated, event_permissions,
user))
except ControllerNothingFoundException as error:
self.logger.error(error)
raise HTTPError(404, '{0}'.format(error.message))
except ControllerException as error:
self.logger.error(error)
raise HTTPError(400, '{0}'.format(error.message))
def upload_xml(self, *vpath, **params):
user = None
try:
user = self.user_controller.get_user_by_username(
self.get_user().username)
except ControllerException as error:
self.logger.error(error)
raise HTTPError(400, error.message)
input_json = self.get_json()
filename = input_json['name']
self.logger.info(
'Starting to import xml form file {0}'.format(filename))
data = input_json['data']['data']
complete = params.get('complete', False)
inflated = params.get('inflated', False)
open_ioc_xml_string = base64.b64decode(data)
base_dir, stix_file_path = self.__make_stix_xml_string(
filename, open_ioc_xml_string)
stix_package = STIXPackage.from_xml(stix_file_path)
if not self.dump:
rmtree(base_dir)
try:
event = self.stix_mapper.map_stix_package(stix_package, user)
self.event_controller.insert_event(user, event)
event_permissions = self.event_controller.get_event_user_permissions(
event, user)
cherrypy.response.headers[
'Content-Type'] = 'application/json; charset=UTF-8'
return json.dumps(
event.to_dict(complete, inflated, event_permissions, user))
except (ControllerIntegrityException, BrokerException) as error:
# TODO: merge
event = self.stix_mapper.map_stix_package(stix_package, user,
False, True)
local_event = self.event_controller.get_event_by_uuid(event.uuid)
event_permissions = self.event_controller.get_event_user_permissions(
event, user)
merged_event = self.merger.merge_event(local_event, event, user,
event_permissions)
self.event_controller.update_event(user, merged_event, True, True)
cherrypy.response.headers[
'Content-Type'] = 'application/json; charset=UTF-8'
return json.dumps(
merged_event.to_dict(complete, inflated, event_permissions,
user))
except (ControllerException, BrokerException) as error:
self.logger.error(error)
raise HTTPError(400, '0'.format(error.message))
def serve_eventset(self, evs, *args, **kwargs):
if args != [] and args[0] in evs["evtids"]:
event = self._db["eqs"].find_one({"_id": args[0]})
if event is not None:
return self.serve_event(event, *args[1:], **kwargs)
raise HTTPError("404 Event(set) does not exist.")
return self.serve_event(evs, *args, **kwargs)
def index(self, path=b"", **kwargs):
"""
Delete the repository.
"""
self.assertIsInstance(path, bytes)
_logger.debug("repo delete [%r]", path)
# Check user permissions
repo_obj = self.validate_user_path(path)[0]
# Validate the name
confirm_name = kwargs.get('confirm_name', None)
if confirm_name != repo_obj.display_name:
_logger.info("bad confirmation %r != %r", confirm_name,
repo_obj.display_name)
raise HTTPError(400, "bad confirmation")
# Update the repository encoding
_logger.info("deleting repository [%s]", repo_obj)
repo_obj.delete()
# Refresh repository list
repos = self.app.currentuser.repos
r = self.app.currentuser.get_repo(repo_obj.path)
repos.remove(r.name)
self.app.currentuser.repos = repos
raise HTTPRedirect("/")
def new_f(self, *args, **kwargs):
if 'user' in self.session and self.session[
'user'].is_finance_admin():
return f(self, *args, **kwargs)
raise HTTPError(403,
_('You are not allowed to view this ressource'))
def default(self, job_id):
try:
job = self.job_pool.get_job_by_id(job_id)
except KeyError:
raise HTTPError(404)
job_string = '<html><head><title>Job Browser</title></head>'
job_string += '<body><table>'
job_string += table_row('ID', job.id)
job_string += table_row('Root task', task_link(job, job.root_task))
job_string += table_row('State', JOB_STATE_NAMES[job.state])
job_string += table_row(
'Output ref', ref_id_link(job, job.root_task.expected_outputs[0]))
job_string += span_row('Task states')
for name, state in TASK_STATES.items():
try:
job_string += table_row('Tasks ' + name,
job.task_state_counts[state])
except KeyError:
job_string += table_row('Tasks ' + name, 0)
job_string += span_row('Task type/duration', 5)
job_string += table_row('*', str(job.all_tasks.get()),
str(job.all_tasks.min), str(job.all_tasks.max),
str(job.all_tasks.count))
for type, avg in job.all_tasks_by_type.items():
job_string += table_row(type, str(avg.get()), str(avg.min),
str(avg.max), str(avg.count))
job_string += '</table></body></html>'
return job_string
def view_project(self, userid, projectname):
allow(["HEAD", "GET"])
cnx, status = db.connect()
cursor = cnx.cursor()
sql = "SELECT p.projectid FROM project p where p.userid = %s AND p.project_name = %s"
cursor.execute(sql, (userid, projectname))
result = cursor.fetchone()
print result
if not result:
raise HTTPError(404)
result = result[0]
return self.student_project(result)
def default(self, job_id, ref_id):
try:
job = self.job_pool.get_job_by_id(job_id)
except KeyError:
raise HTTPError(404)
try:
ref = job.task_graph.get_reference_info(ref_id).ref
except KeyError:
raise HTTPError(404)
ref_string = '<html><head><title>Task Browser</title></head>'
ref_string += '<body><table>'
ref_string += table_row('ID', ref_id)
ref_string += table_row('Ref type', ref.__class__.__name__)
if isinstance(ref, SWDataValue):
ref_string += table_row('Value', decode_datavalue(ref))
elif hasattr(ref, 'location_hints'):
ref_string += span_row('Locations')
for netloc in ref.location_hints:
ref_string += table_row(netloc, swbs_link(netloc, ref.id))
ref_string += '</table></body></html>'
return ref_string
def upload_xml(self, *vpath, **params):
try:
input_json = self.get_json()
filename = input_json['name']
data = input_json['data']['data']
xml_string = base64.b64decode(data)
complete = params.get('complete', False)
inflated = params.get('inflated', False)
user = self.get_user()
user = self.user_controller.get_user_by_username(user.username)
if 'XML' in filename or 'xml' in filename:
self.logger.info(
'Starting to import xml form file {0}'.format(filename))
self.misp_converter.user = user
event_uuid = self.misp_converter.get_uuid_from_event_xml(
xml_string)
try:
event = self.misp_converter.get_event_from_xml(
xml_string, None)
self.logger.info('Received Event {0}'.format(event.uuid))
self.event_controller.insert_event(user, event, True, True)
except ControllerIntegrityException as error:
local_event = self.event_controller.get_event_by_uuid(
event_uuid)
event = self.misp_converter.get_event_from_xml(
xml_string, local_event)
# merge event with existing event
if self.is_event_viewable(local_event, user):
event_permissions = self.get_event_user_permissions(
event, user)
try:
merged_event = self.merger.merge_event(
local_event, event, user, event_permissions)
except MergingException:
raise MISPAdapterException405()
# raise cherrypy.HTTPError(405)
else:
# TODO log the changes
self.logger.warning(
'user {0} tried to change event {1} but does not have the right to see it'
.format(user.username, event.identifer))
raise HTTPError(403, 'Not authorized')
if merged_event:
self.logger.info('Received Event {0} updates'.format(
merged_event.uuid))
self.event_controller.update_event(
user, merged_event, True, True)
event = merged_event
else:
self.logger.info(
'Received Event {0} did not need to update as it is up to date'
.format(event.uuid))
# Log errors however
self.event_controller.event_broker.do_commit()
event_permissions = self.event_controller.get_event_user_permissions(
event, user)
cherrypy.response.headers[
'Content-Type'] = 'application/json; charset=UTF-8'
return event.to_dict(complete, inflated, event_permissions,
user)
else:
raise HTTPError(409, 'File does not end in xml or XML')
except MispConverterException as error:
self.logger.error(error)
raise HTTPError(409, 'File is not a MISP XML')
except ControllerException as error:
self.logger.error(error)
raise HTTPError(400, '{0}'.format(error.message))
except Exception as error:
self.logger.critical(error)
raise HTTPError(500, '{0}'.format(error.message))
def request(self, **kwargs):
"""The main request processor. This code implements all rendering of metadata.
"""
stats['MD Requests'] += 1
if not self.ready:
raise HTTPError(503, _("Service Unavailable (repository loading)"))
pfx = kwargs.get('pfx', None)
path = kwargs.get('path', None)
content_type = kwargs.get('content_type', None)
# log.debug("MDServer pfx=%s, path=%s, content_type=%s" % (pfx, path, content_type))
def _d(x, do_split=True):
if x is not None:
x = x.strip()
# log.debug("_d(%s,%s)" % (x, do_split))
if x is None or len(x) == 0:
return None, None
if x.startswith("{base64}"):
x = x[8:].decode('base64')
if do_split and '.' in x:
(pth, dot, extn) = x.rpartition('.')
assert (dot == '.')
if extn in _ctypes:
return pth, extn
return x, None
_ctypes = {
'xml': 'application/xml',
'json': 'application/json',
'htm': 'text/html',
'html': 'text/html',
'ds': 'text/html',
's': 'application/json'
}
alias = None
if pfx:
alias = pfx
pfx = self.aliases.get(alias, None)
if pfx is None:
raise NotFound()
path, ext = _d(path, content_type is None)
if pfx and path:
q = "{%s}%s" % (pfx, path)
path = "/%s/%s" % (alias, path)
else:
q = path
if ext is not None:
log.debug("request path: %s.%s, headers: %s" %
(path, ext, cherrypy.request.headers))
else:
log.debug("request path: %s, headers: %s" %
(path, cherrypy.request.headers))
accept = {}
if content_type is None:
if ext is not None and ext in _ctypes:
accept = {_ctypes[ext]: True}
else:
accept = MDServer.MediaAccept()
if ext is not None:
path = "%s.%s" % (path, ext)
else:
accept = {content_type: True}
with self.lock.readlock:
if ext == 'ds':
pdict = dict()
entity_id = kwargs.get('entityID', None)
if entity_id is None:
raise HTTPError(400,
_("400 Bad Request - missing entityID"))
e = self.md.store.lookup(entity_id)
if e is None or len(e) == 0:
raise HTTPError(404)
if len(e) > 1:
raise HTTPError(
400,
_("Bad Request - multiple matches for") +
" %s" % entity_id)
pdict['entity'] = entity_simple_summary(e[0])
if not path:
pdict['search'] = "/search/"
pdict['list'] = "/role/idp.json"
else:
pdict['search'] = u"{}.s".format(path)
pdict['list'] = u"{}.json".format(path)
pdict['storage'] = "/storage/"
cherrypy.response.headers['Content-Type'] = 'text/html'
return render_template(config.ds_template, **pdict)
elif ext == 's':
paged = bool(kwargs.get('paged', False))
query = kwargs.get('query', None)
page = kwargs.get('page', 0)
page_limit = kwargs.get('page_limit', 10)
entity_filter = kwargs.get('entity_filter', None)
related = kwargs.get('related', None)
cherrypy.response.headers['Content-Type'] = 'application/json'
if query is None:
log.debug("empty query - creating one")
query = [cherrypy.request.remote.ip]
# XXX fix this - urlparse is not 3.x and also this way to handle extra info sucks
referrer = cherrypy.request.headers.get('referrer', None)
if referrer is not None:
log.debug("including referrer: %s" % referrer)
url = urlparse.urlparse(referrer)
host = url.netloc
if ':' in url.netloc:
(host, port) = url.netloc.split(':')
for host_part in host.rstrip(
self.psl.get_public_suffix(host)).split('.'):
if host_part is not None and len(host_part) > 0:
query.append(host_part)
log.debug("created query: %s" % ",".join(query))
if paged:
res, more, total = self.md.search(
query,
path=q,
page=int(page),
page_limit=int(page_limit),
entity_filter=entity_filter,
related=related)
# log.debug(dumps({'entities': res, 'more': more, 'total': total}))
return dumps({
'entities': res,
'more': more,
'total': total
})
else:
return dumps(
self.md.search(query,
path=q,
entity_filter=entity_filter,
related=related))
elif accept.get('text/html'):
if not q:
if pfx:
title = pfx
else:
title = _("Metadata By Attributes")
return render_template("index.html",
md=self.md,
samlmd=samlmd,
alias=alias,
aliases=self.aliases,
title=title)
else:
entities = self.md.lookup(q)
if not entities:
raise NotFound()
if len(entities) > 1:
return render_template("metadata.html",
md=self.md,
samlmd=samlmd,
subheading=q,
entities=entities)
else:
entity = entities[0]
return render_template(
"entity.html",
headline=entity_display_name(entity),
subheading=entity.get('entityID'),
entity_id=entity.get('entityID'),
samlmd=samlmd,
entity=entity_info(entity))
else:
for p in self.plumbings:
state = {
'request': True,
'headers': {
'Content-Type': 'text/xml'
},
'accept': accept,
'url': cherrypy.url(relative=False),
'select': q,
'path': path,
'stats': {}
}
r = p.process(self.md, state=state)
if r is not None:
cache_ttl = state.get('cache', 0)
log.debug("caching for %d seconds" % cache_ttl)
for k, v in state.get('headers', {}).iteritems():
cherrypy.response.headers[k] = v
caching.expires(secs=cache_ttl)
return r
raise NotFound()
def WAYF(self, *args, **kwargs):
raise HTTPError(
400, _("400 Bad Request - shibboleth WAYF protocol not supported"))
def request(self, **kwargs):
"""The main request processor. This code implements all rendering of metadata.
"""
stats['MD Requests'] += 1
if not self.ready:
raise HTTPError(503, "Service Unavailable (repository loading)")
pfx = kwargs.get('pfx', None)
path = kwargs.get('path', None)
content_type = kwargs.get('content_type', None)
def _d(x, do_split=True):
if x is not None:
x = x.strip()
log.debug("_d(%s,%s)" % (x, do_split))
if x is None or len(x) == 0:
return None, None
if x.startswith("{base64}"):
x = x[8:].decode('base64')
if do_split and '.' in x:
(pth, dot, extn) = x.rpartition('.')
assert (dot == '.')
if extn in _ctypes:
return pth, extn
return x, None
_ctypes = {'xml': 'application/xml',
'json': 'application/json',
'htm': 'text/html',
'html': 'text/html',
'ds': 'text/html',
's': 'application/json'}
alias = None
if pfx:
alias = pfx
pfx = self.aliases.get(alias, None)
if pfx is None:
raise NotFound()
path, ext = _d(path, content_type is None)
if pfx and path:
q = "{%s}%s" % (pfx, path)
else:
q = path
if ext is not None:
log.debug("request path: %s.%s, headers: %s" % (path, ext, cherrypy.request.headers))
else:
log.debug("request path: %s, headers: %s" % (path, cherrypy.request.headers))
accept = {}
if content_type is None:
if ext is not None and ext in _ctypes:
accept = {_ctypes[ext]: True}
else:
accept = MDServer.MediaAccept()
if ext is not None:
path = "%s.%s" % (path, ext)
else:
accept = {content_type: True}
with self.lock.readlock:
if ext == 'ds':
pdict = dict()
entity_id = kwargs.get('entityID', None)
if entity_id is None:
raise HTTPError(400, "400 Bad Request - missing entityID")
pdict['sp'] = self.md.sha1_id(entity_id)
e = self.md.store.lookup(entity_id)
if e is None or len(e) == 0:
raise HTTPError(404)
if len(e) > 1:
raise HTTPError(400, "400 Bad Request - multiple matches for %s" % entity_id)
pdict['entity'] = self.md.simple_summary(e[0])
if not path:
pdict['search'] = "/search/"
else:
pdict['search'] = "%s.s" % path
cherrypy.response.headers['Content-Type'] = 'text/html'
return render_template("ds.html", **pdict)
elif ext == 's':
paged = bool(kwargs.get('paged', False))
query = kwargs.get('query', None)
page = kwargs.get('page', 0)
page_limit = kwargs.get('page_limit', 10)
entity_filter = kwargs.get('entity_filter', None)
related = kwargs.get('related', None)
cherrypy.response.headers['Content-Type'] = 'application/json'
if query is None:
log.debug("empty query - creating one")
query = [cherrypy.request.remote.ip]
referrer = cherrypy.request.headers.get('referrer', None)
if referrer is not None:
log.debug("including referrer: %s" % referrer)
url = urlparse.urlparse(referrer)
host = url.netloc
if ':' in url.netloc:
(host, port) = url.netloc.split(':')
for host_part in host.rstrip(self.psl.get_public_suffix(host)).split('.'):
if host_part is not None and len(host_part) > 0:
query.append(host_part)
log.debug("created query: %s" % ",".join(query))
if paged:
res, more, total = self.md.search(query,
path=q,
page=int(page),
page_limit=int(page_limit),
entity_filter=entity_filter,
related=related)
# log.debug(dumps({'entities': res, 'more': more, 'total': total}))
return dumps({'entities': res, 'more': more, 'total': total})
else:
return dumps(self.md.search(query,
path=q,
entity_filter=entity_filter,
related=related))
elif accept.get('text/html'):
if not q:
if pfx:
title = pfx
else:
title = _("Metadata By Attributes")
return render_template("index.html",
md=self.md,
alias=alias,
aliases=self.aliases,
title=title)
else:
entities = self.md.lookup(q)
if not entities:
raise NotFound()
if len(entities) > 1:
return render_template("metadata.html",
md=self.md,
subheading=q,
entities=entities)
else:
entity = entities[0]
t = html.fragment_fromstring(unicode(xslt_transform(entity, "entity2html.xsl")))
for c_elt in t.findall(".//code[@role='entity']"):
c_txt = dumptree(entity)
parser = etree.XMLParser(remove_blank_text=True)
src = StringIO(c_txt)
tree = etree.parse(src, parser)
c_txt = dumptree(tree, pretty_print=True, xml_declaration=False).decode("utf-8")
p = c_elt.getparent()
p.remove(c_elt)
if p.text is not None:
p.text += c_txt
else:
p.text = c_txt
xml = dumptree(t, xml_declaration=False).decode('utf-8')
return render_template("entity.html",
headline=self.md.display(entity).strip(),
subheading=entity.get('entityID'),
entity_id=entity.get('entityID'),
content=xml)
else:
for p in self.plumbings:
state = {'request': True,
'headers': {'Content-Type': 'text/xml'},
'accept': accept,
'url': cherrypy.url(relative=False),
'select': q,
'path': path,
'stats': {}}
r = p.process(self.md, state=state)
if r is not None:
cache_ttl = state.get('cache', 0)
log.debug("caching for %d seconds" % cache_ttl)
for k, v in state.get('headers', {}).iteritems():
cherrypy.response.headers[k] = v
caching.expires(secs=cache_ttl)
return r
raise NotFound()
def new_f(self, *args, **kwargs):
if self.is_in_group(group) or self.is_in_vgroup(group):
return f(self, *args, **kwargs)
raise HTTPError(
403, _('You are not allowed to view this ressource'))
def listPayments(self, member_id=None, year=None):
""" Show a specific user's payments """
if member_id is None:
if not self.is_admin() and not self.is_finance_admin():
raise HTTPError(403, 'Forbidden')
else:
raise HTTPRedirect('/payments/showOutstanding/?showAll=1')
elif not self.is_admin() and not self.is_finance_admin(
) and not member_id == self.session.get('username'):
raise HTTPError(403, 'Forbidden')
if not year is None:
try:
ParamChecker.checkInt('year', param=True, max_len=4)
if int(year) > 1970 and int(year) < 2222:
year = int(year)
else:
year = datetime.datetime.now().year
except:
pass
if year is None:
try:
ParamChecker.checkUsername('member_id', param=True)
year = self._getLastPayment(member_id).year
except:
pass
if year is None:
year = datetime.datetime.now().year
c = TemplateContext()
c.heading = _('Payments for the year {0}, user {1}'.format(
year, member_id))
c.member_id = member_id
## consider pagination
# http://pylonsbook.com/en/1.1/starting-the-simplesite-tutorial.html#using-pagination
try:
#c.member.leavingDate = date(int(member.leavingDate[:4]),int(member.leavingDate[5:6]),int(member.leavingDate[7:8]))
## ideally, fetch monthly from member and the rest from payment (one to many relation)
## http://www.sqlalchemy.org/docs/05/reference/ext/declarative.html
y_start = datetime.date(year, 1, 1)
y_end = datetime.date(year, 12, 31)
payment_sql = self.db.query(Payment).filter(
Payment.uid == member_id).filter(
Payment.date.between(y_start, y_end)).order_by(
Payment.date.desc()).all()
payments = {}
c.unverifiedPledges = 0
for p in payment_sql:
if p.verified == 0:
c.unverifiedPledges += 1
payments[p.date.month] = p
c.year = year
c.payments = payments
except AttributeError, e:
return 'This member has made no payments o.O ?!: %s' % e
def new_f(self, member_id, idPayment, date, status):
# @TODO request.params may contain multiple values per key... test & fix
if not self.is_admin() and not member_id == self.session.get(
'username') or (member_id == self.session.get('username')
and ParamChecker.checkInt('idPayment',
param=True,
optional=True)):
print 'checkPayment err0r::', str(
self.isAdmin()), str(member_id), str(
self.session.get('username')), str(
ParamChecker.checkInt('idPayment',
param=True,
optional=True))
raise HTTPError(403, 'Forbidden')
else:
formok = True
errors = []
items = {}
d = None
try:
ParamChecker.checkDate('date', param=True)
d = parser.parse(date)
d = datetime.date(d.year, d.month, 1)
except Exception as e:
print e
formok = False
errors.append(_('Invalid date'))
try:
ParamChecker.checkInt('status', param=True)
items['status'] = int(status)
except:
formok = False
errors.append(_('Invalid payment status'))
try:
ParamChecker.checkInt('idPayment', param=True)
items['idPayment'] = int(idPayment)
except:
items['idPayment'] = 0
if not d is None and items['idPayment'] == 0:
p_count = self.db.query(Payment).filter(
Payment.uid == member_id).filter(
Payment.date == d).count()
if p_count > 0:
formok = False
errors.append(_('That month is already on records!'))
if not formok:
self.session['errors'] = errors
self.session['reqparams'] = {}
# @TODO request.params may contain multiple values per key... test & fix
for k in self.request.params.iterkeys():
self.session['reqparams'][k] = self.request.params[k]
self.session.save()
raise HTTPRedirect(
'/payments/editPayment/?member_id={0}&idPayment={1}'.
format(member_id, items['idPayment']))
else:
items['date'] = d
return f(self, member_id, items)
def doEdit(self):
m = self.mf.getUser(self.session['username'])
if m.validate:
# member locked for validation
raise HTTPError(403, 'Forbidden')
else:
changes = False
if self.request.params['sn'] != m.sn or\
self.request.params['givenName'] != m.givenName or\
self.request.params['homePostalAddress'] != m.homePostalAddress or\
self.request.params['homePhone'] != m.homePhone or\
self.request.params['mobile'] != m.mobile or\
self.request.params['mail'] != m.mail or\
self.request.params['xmppID'] != m.xmppID:
changes = True
if changes:
tm = TmpMember(m.uidNumber)
tm.sn = str(self.request.params['sn'].encode('utf-8'))
tm.gn = str(self.request.params['givenName'].encode('utf-8'))
tm.homePostalAddress = str(
self.request.params['homePostalAddress'].encode('utf-8'))
# @TODO make this more consistent
if self.request.params.get('homePhone',
'') == '' and not m.homePhone == '':
tm.phone = '>>REMOVE<<'
else:
tm.phone = self.request.params['homePhone']
if self.request.params.get('xmppID',
'') == '' and not m.xmppID == '':
tm.xmppID = 'removed'
else:
tm.xmppID = self.request.params['xmppID']
tm.mobile = self.request.params['mobile']
tm.mail = self.request.params['mail']
self.db.add(tm)
self.db.commit()
self.session['flash'] = _('Changes saved!')
self.session['flash_class'] = 'success'
self.mailValidationRequired()
else:
self.session['flash'] = _('Nothing to save!')
self.session['flash_class'] = 'info'
if not self.request.params.get(
'userPassword', ''
) == '' and self.request.params[
'userPassword'] == self.request.params['userPassword2']:
m.setPassword(self.request.params['userPassword'])
self.mf.saveMember(m, is_admin=False)
self.session['secret'] = encodeAES(
self.request.params['userPassword'])
self.session['flash'] = _('Password updated!')
self.session['flash_class'] = 'success'
self.session.save()
raise HTTPRedirect('/profile/index')
