def _dispatch(self): # locate the controller method try: rule, arguments = self._find_handler(return_rule=True) func = rule.endpoint except werkzeug.exceptions.NotFound as e: return self._handle_exception(e) # check authentication level try: auth_method = self._authenticate(func.routing["auth"]) except Exception as e: return self._handle_exception(e) processing = self._postprocess_args(arguments, rule) if processing: return processing # set and execute handler try: request.set_handler(func, arguments, auth_method) result = request.dispatch() if isinstance(result, Exception): raise result except Exception as e: return self._handle_exception(e) return result
class ir_http(osv.AbstractModel): _name = 'ir.http' _description = "HTTP routing" def _get_converters(self): return {'model': ModelConverter, 'models': ModelsConverter} def _find_handler(self, return_rule=False): return self.routing_map().bind_to_environ( request.httprequest.environ).match(return_rule=return_rule) def _auth_method_user(self): request.uid = request.session.uid if not request.uid: raise http.SessionExpiredException("Session expired") def _auth_method_none(self): request.uid = None def _auth_method_public(self): if not request.session.uid: dummy, request.uid = self.pool[ 'ir.model.data'].get_object_reference(request.cr, openerp.SUPERUSER_ID, 'base', 'public_user') else: request.uid = request.session.uid def _authenticate(self, auth_method='user'): try: if request.session.uid: try: request.session.check_security() # what if error in security.check() # -> res_users.check() # -> res_users.check_credentials() except (openerp.exceptions.AccessDenied, openerp.http.SessionExpiredException): # All other exceptions mean undetermined status (e.g. connection pool full), # let them bubble up request.session.logout(keep_db=True) if request.uid is None: getattr(self, "_auth_method_%s" % auth_method)() except (openerp.exceptions.AccessDenied, openerp.http.SessionExpiredException, werkzeug.exceptions.HTTPException): raise except Exception: _logger.info("Exception during request Authentication.", exc_info=True) raise openerp.exceptions.AccessDenied() return auth_method def _serve_attachment(self): domain = [('type', '=', 'binary'), ('url', '=', request.httprequest.path)] attach = self.pool['ir.attachment'].search_read( request.cr, openerp.SUPERUSER_ID, domain, ['__last_update', 'datas', 'name', 'mimetype', 'checksum'], context=request.context) if attach: wdate = attach[0]['__last_update'] datas = attach[0]['datas'] or '' name = attach[0]['name'] if not datas: if name.startswith(('http://', 'https://', '/')): return werkzeug.utils.redirect(name, 301) else: return werkzeug.wrappers.Response(status=204) # NO CONTENT response = werkzeug.wrappers.Response() server_format = openerp.tools.misc.DEFAULT_SERVER_DATETIME_FORMAT try: response.last_modified = datetime.datetime.strptime( wdate, server_format + '.%f') except ValueError: # just in case we have a timestamp without microseconds response.last_modified = datetime.datetime.strptime( wdate, server_format) response.set_etag(attach[0]['checksum']) response.make_conditional(request.httprequest) if response.status_code == 304: return response response.mimetype = attach[0][ 'mimetype'] or 'application/octet-stream' response.data = datas.decode('base64') return response def _handle_exception(self, exception): # If handle_exception returns something different than None, it will be used as a response # This is done first as the attachment path may # not match any HTTP controller if isinstance( exception, werkzeug.exceptions.HTTPException) and exception.code == 404: attach = self._serve_attachment() if attach: return attach # Don't handle exception but use werkeug debugger if server in --dev mode if openerp.tools.config['dev_mode']: raise try: return request._handle_exception(exception) except openerp.exceptions.AccessDenied: return werkzeug.exceptions.Forbidden() def _dispatch(self): # locate the controller method try: rule, arguments = self._find_handler(return_rule=True) func = rule.endpoint except werkzeug.exceptions.NotFound, e: return self._handle_exception(e) # check authentication level try: auth_method = self._authenticate(func.routing["auth"]) except Exception as e: return self._handle_exception(e) processing = self._postprocess_args(arguments, rule) if processing: return processing # set and execute handler try: request.set_handler(func, arguments, auth_method) result = request.dispatch() if isinstance(result, Exception): raise result except Exception, e: return self._handle_exception(e)
class ir_http(osv.AbstractModel): _name = 'ir.http' _description = "HTTP routing" def _get_converters(self): return {'model': ModelConverter, 'models': ModelsConverter} def _find_handler(self, return_rule=False): return self.routing_map().bind_to_environ( request.httprequest.environ).match(return_rule=return_rule) def _auth_method_user(self): request.uid = request.session.uid if not request.uid: if not request.params.get('noredirect'): query = werkzeug.url_encode({ 'redirect': request.httprequest.url, }) response = werkzeug.utils.redirect('/web/login?%s' % query) werkzeug.exceptions.abort(response) raise http.SessionExpiredException("Session expired") def _auth_method_none(self): request.uid = None def _auth_method_public(self): if not request.session.uid: dummy, request.uid = self.pool[ 'ir.model.data'].get_object_reference(request.cr, openerp.SUPERUSER_ID, 'base', 'public_user') else: request.uid = request.session.uid def _authenticate(self, auth_method='user'): try: if request.session.uid: try: request.session.check_security() # what if error in security.check() # -> res_users.check() # -> res_users.check_credentials() except (openerp.exceptions.AccessDenied, openerp.http.SessionExpiredException): # All other exceptions mean undetermined status (e.g. connection pool full), # let them bubble up request.session.logout() getattr(self, "_auth_method_%s" % auth_method)() except (openerp.exceptions.AccessDenied, openerp.http.SessionExpiredException): raise except Exception: _logger.exception("Exception during request Authentication.") raise openerp.exceptions.AccessDenied() return auth_method def _handle_exception(self, exception): # If handle_exception returns something different than None, it will be used as a response return request._handle_exception(exception) def _dispatch(self): # locate the controller method try: rule, arguments = self._find_handler(return_rule=True) func = rule.endpoint except werkzeug.exceptions.NotFound, e: return self._handle_exception(e) # check authentication level try: auth_method = self._authenticate(func.routing["auth"]) except Exception: # force a Forbidden exception with the original traceback return self._handle_exception( convert_exception_to(werkzeug.exceptions.Forbidden)) processing = self._postprocess_args(arguments, rule) if processing: return processing # set and execute handler try: request.set_handler(func, arguments, auth_method) result = request.dispatch() if isinstance(result, Exception): raise result except Exception, e: return self._handle_exception(e)
class ir_http(osv.AbstractModel): _name = 'ir.http' _description = "HTTP routing" def _get_converters(self): return {'model': ModelConverter, 'models': ModelsConverter} def _find_handler(self): return self.routing_map().bind_to_environ( request.httprequest.environ).match() def _auth_method_user(self): request.uid = request.session.uid if not request.uid: raise http.SessionExpiredException("Session expired") def _auth_method_none(self): request.uid = None def _auth_method_public(self): if not request.session.uid: dummy, request.uid = self.pool[ 'ir.model.data'].get_object_reference(request.cr, openerp.SUPERUSER_ID, 'base', 'public_user') else: request.uid = request.session.uid def _authenticate(self, auth_method='user'): if request.session.uid: try: request.session.check_security() # what if error in security.check() # -> res_users.check() # -> res_users.check_credentials() except Exception: request.session.logout() getattr(self, "_auth_method_%s" % auth_method)() return auth_method def _handle_exception(self, exception): # If handle exception return something different than None, it will be used as a response raise def _dispatch(self): # locate the controller method try: func, arguments = self._find_handler() except werkzeug.exceptions.NotFound, e: return self._handle_exception(e) # check authentication level try: auth_method = self._authenticate(func.routing["auth"]) except Exception: # force a Forbidden exception with the original traceback return self._handle_exception( convert_exception_to(werkzeug.exceptions.Forbidden)) processing = self._postprocess_args(arguments) if processing: return processing # set and execute handler try: request.set_handler(func, arguments, auth_method) result = request.dispatch() if isinstance(result, Exception): raise result except Exception, e: return self._handle_exception(e)