def _handle_dropping_privs(self, environ, req_uri): """ Determin if this request is to be considered "in space" or not. If it is not and the current user is not GUEST we need to pretend that the current user is GUEST, effectively "dropping" privileges. """ if environ['tiddlyweb.usersign']['name'] == 'GUEST': return http_host, _ = determine_host(environ) space_name = determine_space(environ, http_host) if space_name is None: return space = Space(space_name) container_name = req_uri.split('/')[2] if (req_uri.startswith('/bags/') and self._valid_bag(environ, space, container_name)): return if (req_uri.startswith('/recipes/') and container_name in space.list_recipes()): return self._drop_privs(environ) return
def _handle_dropping_privs(self, environ, req_uri): if environ['tiddlyweb.usersign']['name'] == 'GUEST': return http_host, _ = determine_host(environ) space_name = determine_space(environ, http_host) if space_name == None: return space = Space(space_name) store = environ['tiddlyweb.store'] container_name = req_uri.split('/')[2] if req_uri.startswith('/bags/'): recipe_name = determine_space_recipe(environ, space_name) space_recipe = store.get(Recipe(recipe_name)) template = recipe_template(environ) recipe_bags = [bag for bag, _ in space_recipe.get_recipe(template)] recipe_bags.extend(space.extra_bags()) if environ['REQUEST_METHOD'] == 'GET': if container_name in recipe_bags: return if container_name in ADMIN_BAGS: return else: base_bags = space.list_bags() # add bags in the recipe which may have been added # by the recipe mgt. That is: bags which are not # included and not core. acceptable_bags = [ bag for bag in recipe_bags if not (Space.bag_is_public(bag) or Space.bag_is_private( bag) or Space.bag_is_associate(bag)) ] acceptable_bags.extend(base_bags) acceptable_bags.extend(ADMIN_BAGS) if container_name in acceptable_bags: return if (req_uri.startswith('/recipes/') and container_name in space.list_recipes()): return self._drop_privs(environ) return
def _handle_dropping_privs(self, environ, req_uri): if environ['tiddlyweb.usersign']['name'] == 'GUEST': return http_host, _ = determine_host(environ) space_name = determine_space(environ, http_host) if space_name == None: return space = Space(space_name) store = environ['tiddlyweb.store'] container_name = req_uri.split('/')[2] if req_uri.startswith('/bags/'): recipe_name = determine_space_recipe(environ, space_name) space_recipe = store.get(Recipe(recipe_name)) template = recipe_template(environ) recipe_bags = [bag for bag, _ in space_recipe.get_recipe(template)] recipe_bags.extend(space.extra_bags()) if environ['REQUEST_METHOD'] == 'GET': if container_name in recipe_bags: return if container_name in ADMIN_BAGS: return else: base_bags = space.list_bags() # add bags in the recipe which may have been added # by the recipe mgt. That is: bags which are not # included and not core. acceptable_bags = [bag for bag in recipe_bags if not ( Space.bag_is_public(bag) or Space.bag_is_private(bag) or Space.bag_is_associate(bag))] acceptable_bags.extend(base_bags) acceptable_bags.extend(ADMIN_BAGS) if container_name in acceptable_bags: return if (req_uri.startswith('/recipes/') and container_name in space.list_recipes()): return self._drop_privs(environ) return
def _handle_core_request(self, environ, req_uri): """ Override a core request, adding filters or sending 404s where necessary to limit the view of entities. filtering can be disabled with a custom HTTP header X-ControlView set to false """ http_host, host_url = determine_host(environ) request_method = environ['REQUEST_METHOD'] disable_ControlView = environ.get('HTTP_X_CONTROLVIEW') == 'false' if http_host != host_url and not disable_ControlView: space_name = determine_space(environ, http_host) if space_name == None: return recipe_name = determine_space_recipe(environ, space_name) store = environ['tiddlyweb.store'] try: recipe = store.get(Recipe(recipe_name)) except NoRecipeError, exc: raise HTTP404('No recipe for space: %s', exc) space = Space(space_name) template = recipe_template(environ) bags = space.extra_bags() for bag, _ in recipe.get_recipe(template): bags.append(bag) bags.extend(ADMIN_BAGS) filter_string = None if req_uri.startswith('/recipes') and req_uri.count('/') == 1: filter_string = 'oom=name:' if recipe_name == space.private_recipe(): filter_parts = space.list_recipes() else: filter_parts = [space.public_recipe()] filter_string += ','.join(filter_parts) elif req_uri.startswith('/bags') and req_uri.count('/') == 1: filter_string = 'oom=name:' filter_parts = bags filter_string += ','.join(filter_parts) elif req_uri.startswith('/search') and req_uri.count('/') == 1: filter_string = 'oom=bag:' filter_parts = bags filter_string += ','.join(filter_parts) else: entity_name = req_uri.split('/')[2] if '/recipes/' in req_uri: valid_recipes = space.list_recipes() if entity_name not in valid_recipes: raise HTTP404('recipe %s not found' % entity_name) else: if entity_name not in bags: raise HTTP404('bag %s not found' % entity_name) if filter_string: filters, _ = parse_for_filters(filter_string) for single_filter in filters: environ['tiddlyweb.filters'].insert(0, single_filter)
def test_list_recipes(): space = Space('cat') assert sorted(space.list_recipes()) == ['cat_private', 'cat_public']
def _handle_core_request(self, environ, req_uri, start_response): """ Override a core request, adding filters or sending 404s where necessary to limit the view of entities. filtering can be disabled with a custom HTTP header X-ControlView set to false """ http_host, host_url = determine_host(environ) disable_ControlView = environ.get('HTTP_X_CONTROLVIEW') == 'false' if http_host != host_url and not disable_ControlView: space_name = determine_space(environ, http_host) if space_name == None: return None recipe_name = determine_space_recipe(environ, space_name) store = environ['tiddlyweb.store'] try: recipe = store.get(Recipe(recipe_name)) except NoRecipeError, exc: raise HTTP404('No recipe for space: %s', exc) space = Space(space_name) template = recipe_template(environ) bags = space.extra_bags() for bag, _ in recipe.get_recipe(template): bags.append(bag) bags.extend(ADMIN_BAGS) search_string = None if req_uri.startswith('/recipes') and req_uri.count('/') == 1: serialize_type, mime_type = get_serialize_type(environ) serializer = Serializer(serialize_type, environ) if recipe_name == space.private_recipe(): recipes = space.list_recipes() else: recipes = [space.public_recipe()] def lister(): for recipe in recipes: yield Recipe(recipe) return list_entities(environ, start_response, mime_type, lister, serializer.list_recipes) elif req_uri.startswith('/bags') and req_uri.count('/') == 1: serialize_type, mime_type = get_serialize_type(environ) serializer = Serializer(serialize_type, environ) def lister(): for bag in bags: yield Bag(bag) return list_entities(environ, start_response, mime_type, lister, serializer.list_bags) elif req_uri.startswith('/search') and req_uri.count('/') == 1: search_string = ' OR '.join(['bag:%s' % bag for bag in bags]) else: entity_name = urllib.unquote( req_uri.split('/')[2]).decode('utf-8') if '/recipes/' in req_uri: valid_recipes = space.list_recipes() if entity_name not in valid_recipes: raise HTTP404('recipe %s not found due to ControlView' % entity_name) else: if entity_name not in bags: raise HTTP404('bag %s not found due to ControlView' % entity_name) if search_string: search_query = environ['tiddlyweb.query'].get('q', [''])[0] environ['tiddlyweb.query.original'] = search_query if search_query: search_query = '%s AND (%s)' % (search_query, search_string) environ['tiddlyweb.query']['q'][0] = search_query else: search_query = '(%s)' % search_string environ['tiddlyweb.query']['q'] = [search_query]
def _handle_core_request(self, environ, req_uri, start_response): """ Override a core request, adding filters or sending 404s where necessary to limit the view of entities. filtering can be disabled with a custom HTTP header X-ControlView set to false """ http_host, host_url = determine_host(environ) disable_ControlView = environ.get('HTTP_X_CONTROLVIEW') == 'false' if http_host != host_url and not disable_ControlView: space_name = determine_space(environ, http_host) if space_name == None: return None recipe_name = determine_space_recipe(environ, space_name) store = environ['tiddlyweb.store'] try: recipe = store.get(Recipe(recipe_name)) except NoRecipeError, exc: raise HTTP404('No recipe for space: %s', exc) space = Space(space_name) template = recipe_template(environ) bags = space.extra_bags() for bag, _ in recipe.get_recipe(template): bags.append(bag) bags.extend(ADMIN_BAGS) search_string = None if req_uri.startswith('/recipes') and req_uri.count('/') == 1: serialize_type, mime_type = get_serialize_type(environ) serializer = Serializer(serialize_type, environ) if recipe_name == space.private_recipe(): recipes = space.list_recipes() else: recipes = [space.public_recipe()] def lister(): for recipe in recipes: yield Recipe(recipe) return list_entities(environ, start_response, mime_type, lister, serializer.list_recipes) elif req_uri.startswith('/bags') and req_uri.count('/') == 1: serialize_type, mime_type = get_serialize_type(environ) serializer = Serializer(serialize_type, environ) def lister(): for bag in bags: yield Bag(bag) return list_entities(environ, start_response, mime_type, lister, serializer.list_bags) elif req_uri.startswith('/search') and req_uri.count('/') == 1: search_string = ' OR '.join(['bag:%s' % bag for bag in bags]) else: entity_name = urllib.unquote( req_uri.split('/')[2]).decode('utf-8') if '/recipes/' in req_uri: valid_recipes = space.list_recipes() if entity_name not in valid_recipes: raise HTTP404( 'recipe %s not found due to ControlView' % entity_name) else: if entity_name not in bags: raise HTTP404('bag %s not found due to ControlView' % entity_name) if search_string: search_query = environ['tiddlyweb.query'].get('q', [''])[0] environ['tiddlyweb.query.original'] = search_query if search_query: search_query = '%s AND (%s)' % (search_query, search_string) environ['tiddlyweb.query']['q'][0] = search_query else: search_query = '(%s)' % search_string environ['tiddlyweb.query']['q'] = [search_query]