new permission system

8 files changed, 72 insertions, 62 deletions

diff --git a/module/HookManager.py b/module/HookManager.py
index fd51242fc..2a40d18a2 100644
--- a/module/HookManager.py
+++ b/module/HookManager.py
@@ -80,12 +80,12 @@ class HookManager():
                 self.core.log.error(_("Error executing hooks: %s") % str(e))
                 if self.core.debug:
                     traceback.print_exc()
-            
-            self.core.scheduler.addJob(plugin.interval, wrapPeriodical, args=[plugin])
+
+            self.core.scheduler.addJob(plugin.interval, wrapPeriodical, args=[plugin], threaded=False)
         
         for plugin in self.plugins:
             if plugin.isActivated():
-                self.core.scheduler.addJob(0, wrapPeriodical, args=[plugin])
+                self.core.scheduler.addJob(0, wrapPeriodical, args=[plugin], threaded=False)
 
     
     @try_catch
diff --git a/module/Scheduler.py b/module/Scheduler.py
index c145b1582..5837dec9e 100644
--- a/module/Scheduler.py
+++ b/module/Scheduler.py
@@ -19,31 +19,21 @@
 
 from time import time
 from heapq import heappop, heappush
-from threading import Thread, Lock
+from thread import start_new_thread
+from threading import Lock
 
 class AlreadyCalled(Exception):
     pass
 
-def callInThread(f, *args, **kwargs):
-    class FThread(Thread):
-        def run(self):
-            f(*args, **kwargs)
-    t = FThread()
-    t.start()
 
 class Deferred():
     def __init__(self):
         self.call = []
         self.result = ()
-    
+
     def addCallback(self, f, *cargs, **ckwargs):
         self.call.append((f, cargs, ckwargs))
-        if self.result:
-            args, kwargs = self.result
-            args.extend(cargs)
-            kwargs.update(ckwargs)
-            callInThread(f, *args, **kwargs)
-    
+
     def callback(self, *args, **kwargs):
         if self.result:
             raise AlreadyCalled
@@ -51,7 +41,7 @@ class Deferred():
         for f, cargs, ckwargs in self.call:
             args+=tuple(cargs)
             kwargs.update(ckwargs)
-            callInThread(f, *args, **kwargs)
+            f(*args **kwargs)
 
 class Scheduler():
     def __init__(self, core):
@@ -59,10 +49,10 @@ class Scheduler():
         
         self.queue = PriorityQueue()
     
-    def addJob(self, t, call, args=[], kwargs={}):
+    def addJob(self, t, call, args=[], kwargs={}, threaded=True):
         d = Deferred()
         t += time()
-        j = Job(t, call, args, kwargs, d)
+        j = Job(t, call, args, kwargs, d, threaded)
         self.queue.put((t, j))
         return d
     
@@ -78,24 +68,27 @@ class Scheduler():
                     self.queue.put((t, j))
                     break
 
-class Job(Thread):
-    def __init__(self, time, call, args=[], kwargs={}, deferred=None):
-        Thread.__init__(self)
+class Job():
+    def __init__(self, time, call, args=[], kwargs={}, deferred=None, threaded=True):
         self.time = float(time)
         self.call = call
-        self.deferred = deferred
         self.args = args
         self.kwargs = kwargs
-    
+        self.deferred = deferred
+        self.threaded = threaded
+
     def run(self):
         ret = self.call(*self.args, **self.kwargs)
         if self.deferred is None:
             return
-        if ret is None:
-            self.deferred.callback()
         else:
             self.deferred.callback(ret)
 
+    def start(self):
+        if self.threaded:
+            start_new_thread(self.run, ())
+        else:
+            self.run()
 
 class PriorityQueue():
     """ a non blocking priority queue """
diff --git a/module/database/UserDatabase.py b/module/database/UserDatabase.py
index 6137581ed..d2809fcea 100644
--- a/module/database/UserDatabase.py
+++ b/module/database/UserDatabase.py
@@ -84,7 +84,7 @@ class UserMethods():
     
     @style.queue
     def removeUser(db, user):
-        c.execute('DELETE FROM users WHERE name=?', (user, ))
+        db.c.execute('DELETE FROM users WHERE name=?', (user, ))
     
 
 DatabaseBackend.registerSub(UserMethods)
diff --git a/module/plugins/Hook.py b/module/plugins/Hook.py
index 4bbf6e33a..56541f7fe 100644
--- a/module/plugins/Hook.py
+++ b/module/plugins/Hook.py
@@ -18,6 +18,12 @@
     @interface-version: 0.2
 """
 
+from thread import start_new_thread
+
+def threaded(f):
+    def run(*args,**kwargs):
+        return start_new_thread(f, args, kwargs)
+    return run
 
 class Hook():
     __name__ = "Hook"
@@ -39,7 +45,7 @@ class Hook():
         self.setup()
 
     def __repr__(self):
-        return self.__name__
+        return "<Hook %s>" % self.__name__
                
     def setup(self):
         """ more init stuff if needed"""
diff --git a/module/plugins/hooks/UpdateManager.py b/module/plugins/hooks/UpdateManager.py
index 70fd15fad..887aedbd1 100644
--- a/module/plugins/hooks/UpdateManager.py
+++ b/module/plugins/hooks/UpdateManager.py
@@ -20,7 +20,7 @@
 from os.path import join
 
 from module.network.RequestFactory import getURL
-from module.plugins.Hook import Hook
+from module.plugins.Hook import threaded, Hook
 
 class UpdateManager(Hook):
     __name__ = "UpdateManager"
@@ -35,6 +35,7 @@ class UpdateManager(Hook):
         self.interval = self.getConfig("interval") * 60
         self.updated = False
 
+    @threaded
     def periodical(self):
         update = self.checkForUpdate()
         if not update:
diff --git a/module/web/json_app.py b/module/web/json_app.py
index 8eb2dbbfe..a654b8ce8 100644
--- a/module/web/json_app.py
+++ b/module/web/json_app.py
@@ -26,7 +26,7 @@ def get_sort_key(item):
 
 @route("/json/status")
 @route("/json/status", method="POST")
-@login_required('can_see_dl')
+@login_required('see_downloads')
 def status():
     try:
         status = PYLOAD.status_server()
@@ -38,7 +38,7 @@ def status():
 
 @route("/json/links")
 @route("/json/links", method="POST")
-@login_required('can_see_dl')
+@login_required('see_downloads')
 def links():
     try:
         links = PYLOAD.status_downloads()
@@ -62,7 +62,7 @@ def links():
         return HTTPError()
 
 @route("/json/queue")
-@login_required('can_see_dl')
+@login_required('see_downloads')
 def queue():
     try:
         return PYLOAD.get_queue()
@@ -72,7 +72,7 @@ def queue():
 
 
 @route("/json/pause")
-@login_required('can_change_satus')
+@login_required('status')
 def pause():
     try:
         return PYLOAD.pause_server()
@@ -82,7 +82,7 @@ def pause():
 
 
 @route("/json/unpause")
-@login_required('can_change_status')
+@login_required('status')
 def unpause():
     try:
         return PYLOAD.unpause_server()
@@ -92,7 +92,7 @@ def unpause():
 
 
 @route("/json/cancel")
-@login_required('can_change_status')
+@login_required('status')
 def cancel():
     try:
         return PYLOAD.stop_downloads()
@@ -100,7 +100,7 @@ def cancel():
         return HTTPError()
 
 @route("/json/packages")
-@login_required('can_see_dl')
+@login_required('see_downloads')
 def packages():
     try:
         data = PYLOAD.get_queue()
@@ -117,7 +117,7 @@ def packages():
 
 @route("/json/package/:id")
 @validate(id=int)
-@login_required('pyload.can_see_dl')
+@login_required('see_downloads')
 def package(id):
     try:
         data = PYLOAD.get_package_data(id)
@@ -147,7 +147,7 @@ def package(id):
         return HTTPError()
 
 @route("/json/package_order/:ids")
-@login_required('can_add')
+@login_required('add')
 def package_order(ids):
     try:
         pid, pos = ids.split("|")
@@ -158,7 +158,7 @@ def package_order(ids):
 
 @route("/json/link/:id")
 @validate(id=int)
-@login_required('can_see_dl')
+@login_required('see_downloads')
 def link(id):
     try:
         data = PYLOAD.get_file_info(id)
@@ -168,7 +168,7 @@ def link(id):
 
 @route("/json/remove_link/:id")
 @validate(id=int)
-@login_required('can_delete')
+@login_required('delete')
 def remove_link(id):
     try:
         PYLOAD.del_links([id])
@@ -178,7 +178,7 @@ def remove_link(id):
 
 @route("/json/restart_link/:id")
 @validate(id=int)
-@login_required('can_add')
+@login_required('add')
 def restart_link(id):
     try:
         PYLOAD.restart_file(id)
@@ -188,7 +188,7 @@ def restart_link(id):
 
 @route("/json/abort_link/:id")
 @validate(id=int)
-@login_required('can_delete')
+@login_required('delete')
 def abort_link(id):
     try:
         PYLOAD.stop_download("link", id)
@@ -197,7 +197,7 @@ def abort_link(id):
         return HTTPError()
 
 @route("/json/link_order/:ids")
-@login_required('can_add')
+@login_required('add')
 def link_order(ids):
     try:
         pid, pos = ids.split("|")
@@ -208,7 +208,7 @@ def link_order(ids):
 
 @route("/json/add_package")
 @route("/json/add_package", method="POST")
-@login_required('can_add')
+@login_required('add')
 def add_package():
     name = request.forms.get("add_name", "New Package")
     queue = int(request.forms['add_dest'])
@@ -246,7 +246,7 @@ def add_package():
 
 @route("/json/remove_package/:id")
 @validate(id=int)
-@login_required('can_delete')
+@login_required('delete')
 def remove_package(id):
     try:
         PYLOAD.del_packages([id])
@@ -256,7 +256,7 @@ def remove_package(id):
 
 @route("/json/restart_package/:id")
 @validate(id=int)
-@login_required('can_add')
+@login_required('add')
 def restart_package(id):
     try:
         PYLOAD.restart_package(id)
@@ -267,7 +267,7 @@ def restart_package(id):
 
 @route("/json/move_package/:dest/:id")
 @validate(dest=int, id=int)
-@login_required('can_add')
+@login_required('add')
 def move_package(dest, id):
     try:
         PYLOAD.move_package(dest, id)
@@ -276,7 +276,7 @@ def move_package(dest, id):
         return HTTPError()
 
 @route("/json/edit_package", method="POST")
-@login_required('can_add')
+@login_required('add')
 def edit_package():
     try:
         id = int(request.forms.get("pack_id"))
@@ -293,7 +293,7 @@ def edit_package():
 
 @route("/json/set_captcha")
 @route("/json/set_captcha", method="POST")
-@login_required('can_add')
+@login_required('add')
 def set_captcha():
     if request.environ.get('REQUEST_METHOD', "GET") == "POST":
         try:
@@ -313,11 +313,11 @@ def set_captcha():
 
 
 @route("/json/delete_finished")
-@login_required('pyload.can_delete')
+@login_required('delete')
 def delete_finished():
     return {"del": PYLOAD.delete_finished()}
 
 @route("/json/restart_failed")
-@login_required('pyload.can_delete')
+@login_required('delete')
 def restart_failed():
     return PYLOAD.restart_failed()
\ No newline at end of file
diff --git a/module/web/pyload_app.py b/module/web/pyload_app.py
index 643e1e75c..3869fd4cf 100644
--- a/module/web/pyload_app.py
+++ b/module/web/pyload_app.py
@@ -94,6 +94,10 @@ def login():
     else:
         return render_to_response("login.html", proc=[pre_processor])
 
+@route('/nopermission')
+def nopermission():
+    return base([_("You dont have permission to access this page.")])
+
 @route("/login", method="POST")
 def login_post():
     user = request.forms.get("username")
@@ -124,7 +128,7 @@ def logout():
 
 @route("/")
 @route("/home")
-@login_required("can_see_dl")
+@login_required("see_downloads")
 def home():
     try:
         res = PYLOAD.status_downloads()
@@ -141,7 +145,7 @@ def home():
 
 
 @route("/queue")
-@login_required("can_see_dl")
+@login_required("see_downloads")
 def queue():
     queue = PYLOAD.get_queue_info()
 
@@ -151,7 +155,7 @@ def queue():
     return render_to_response('queue.html', {'content': data}, [pre_processor])
 
 @route("/collector")
-@login_required('can_see_dl')
+@login_required('see_downloads')
 def collector():
     queue = PYLOAD.get_collector_info()
 
@@ -161,7 +165,7 @@ def collector():
     return render_to_response('collector.html', {'content': data}, [pre_processor])
 
 @route("/downloads")
-@login_required('can_download')
+@login_required('download')
 def downloads():
     root = PYLOAD.get_conf_val("general", "download_folder")
 
@@ -193,7 +197,7 @@ def downloads():
     return render_to_response('downloads.html', {'files': data}, [pre_processor])
 
 @route("/downloads/get/:path#.+#")
-@login_required("can_download")
+@login_required("download")
 def get_download(path):
     path = unquote(path)
     #@TODO some files can not be downloaded
@@ -210,7 +214,7 @@ def get_download(path):
 
 @route("/settings")
 @route("/settings", method="POST")
-@login_required('can_change_status')
+@login_required('settings')
 def config():
     conf = PYLOAD.get_config()
     plugin = PYLOAD.get_plugin_config()
@@ -325,7 +329,7 @@ def package_ui():
 @route("/pathchooser")
 @route("/filechooser/:file#.+#")
 @route("/pathchooser/:path#.+#")
-@login_required('can_change_status')
+@login_required('status')
 def path(file="", path=""):
     if file:
         type = "file"
@@ -416,7 +420,7 @@ def path(file="", path=""):
 @route("/logs", method="POST")
 @route("/logs/:item")
 @route("/logs/:item", method="POST")
-@login_required('can_see_logs')
+@login_required('status')
 def logs(item=-1):
     s = request.environ.get('beaker.session')
 
@@ -499,6 +503,7 @@ def logs(item=-1):
                               [pre_processor])
 
 @route("/admin")
+@login_required("settings")
 def admin():
     return base(["Comming Soon."])
 
diff --git a/module/web/utils.py b/module/web/utils.py
index 8674fea1c..c76454c1f 100644
--- a/module/web/utils.py
+++ b/module/web/utils.py
@@ -65,8 +65,13 @@ def login_required(perm=None):
             s = request.environ.get('beaker.session')
             if s.get("name", None) and s.get("authenticated", False):
                 if perm:
-                    pass
-                    #print perm
+                    perms = parse_permissions(s)
+                    if not perms.has_key(perm) or not perms[perm]:
+                        if request.header.get('X-Requested-With') == 'XMLHttpRequest':
+                            return HTTPError(403, "Forbidden")
+                        else:
+                            return redirect("/nopermission")
+
                 return func(*args, **kwargs)
             else:
                 if request.header.get('X-Requested-With') == 'XMLHttpRequest':