1 files changed, 46 insertions, 77 deletions

diff --git a/module/web/utils.py b/module/web/utils.py
index a89c87558..967fc3412 100644
--- a/module/web/utils.py
+++ b/module/web/utils.py
@@ -12,104 +12,80 @@
     See the GNU General Public License for more details.
 
     You should have received a copy of the GNU General Public License
-    along with this plrogram; if not, see <http://www.gnu.org/licenses/>.
+    along with this program; if not, see <http://www.gnu.org/licenses/>.
 
     @author: RaNaN
 """
+import re
 from bottle import request, HTTPError, redirect, ServerAdapter
 
-from webinterface import env, TEMPLATE
-
-from module.Api import has_permission, PERMS, ROLE
+from webinterface import env, TEMPLATE, PYLOAD
 
+# TODO: useful but needs a rewrite, too
 def render_to_response(name, args={}, proc=[]):
     for p in proc:
         args.update(p())
-
-    t = env.get_template(TEMPLATE + "/" + name)
+    if is_mobile():
+        t = env.get_or_select_template(("mobile/" + name,))
+    else:
+        t = env.get_or_select_template((TEMPLATE + "/" + name, "default/" + name))
     return t.render(**args)
 
 
-def parse_permissions(session):
-    perms = dict([(x, False) for x in dir(PERMS) if not x.startswith("_")])
-    perms["ADMIN"] = False
-    perms["is_admin"] = False
-
-    if not session.get("authenticated", False):
-        return perms
-
-    if session.get("role") == ROLE.ADMIN:
-        for k in perms.iterkeys():
-            perms[k] = True
-
-    elif session.get("perms"):
-        p = session.get("perms")
-        get_permission(perms, p)
-
-    return perms
-
-
-def permlist():
-    return [x for x in dir(PERMS) if not x.startswith("_") and x != "ALL"]
-
-
-def get_permission(perms, p):
-    """Returns a dict with permission key
-
-    :param perms: dictionary
-    :param p:  bits
-    """
-    for name in permlist():
-        perms[name] = has_permission(p, getattr(PERMS, name))
-
-
-def set_permission(perms):
-    """generates permission bits from dictionary
-
-    :param perms: dict
-    """
-    permission = 0
-    for name in dir(PERMS):
-        if name.startswith("_"): continue
-
-        if name in perms and perms[name]:
-            permission |= getattr(PERMS, name)
-
-    return permission
-
-
-def set_session(request, info):
+def set_session(request, user):
     s = request.environ.get('beaker.session')
-    s["authenticated"] = True
-    s["user_id"] = info["id"]
-    s["name"] = info["name"]
-    s["role"] = info["role"]
-    s["perms"] = info["permission"]
-    s["template"] = info["template"]
+    s["uid"] = user.uid
     s.save()
-
     return s
 
-
-def parse_userdata(session):
-    return {"name": session.get("name", "Anonymous"),
-            "is_admin": True if session.get("role", 1) == 0 else False,
-            "is_authenticated": session.get("authenticated", False)}
+def get_user_api(s):
+    uid = s.get("uid", None)
+    if uid is not None:
+        api = PYLOAD.withUserContext(uid)
+        return api
+    return None
+
+def is_mobile():
+    if request.get_cookie("mobile"):
+        if request.get_cookie("mobile") == "True":
+            return True
+        else:
+            return False
+    mobile_ua = request.headers.get('User-Agent', '').lower()
+    if mobile_ua.find('opera mini') > 0:
+        return True
+    if mobile_ua.find('windows') > 0:
+        return False
+    if request.headers.get('Accept', '').lower().find('application/vnd.wap.xhtml+xml') > 0:
+        return True
+    if re.search('(up.browser|up.link|mmp|symbian|smartphone|midp|wap|phone|android)', mobile_ua) is not None:
+        return True
+    mobile_ua = mobile_ua[:4]
+    mobile_agents = ['w3c ','acs-','alav','alca','amoi','audi','avan','benq','bird','blac','blaz','brew','cell','cldc','cmd-',
+                     'dang','doco','eric','hipt','inno','ipaq','java','jigs','kddi','keji','leno','lg-c','lg-d','lg-g','lge-',
+                     'maui','maxo','midp','mits','mmef','mobi','mot-','moto','mwbp','nec-','newt','noki','palm','pana','pant',
+                     'phil','play','port','prox','qwap','sage','sams','sany','sch-','sec-','send','seri','sgh-','shar','sie-',
+                     'siem','smal','smar','sony','sph-','symb','t-mo','teli','tim-','tosh','tsm-','upg1','upsi','vk-v','voda',
+                     'wap-','wapa','wapi','wapp','wapr','webc','winw','winw','xda ','xda-']
+    if mobile_ua in mobile_agents:
+        return True
+    return False
 
 
 def login_required(perm=None):
     def _dec(func):
         def _view(*args, **kwargs):
             s = request.environ.get('beaker.session')
-            if s.get("name", None) and s.get("authenticated", False):
+            api = get_user_api(s)
+            if api is not None:
                 if perm:
-                    perms = parse_permissions(s)
-                    if perm not in perms or not perms[perm]:
+                    if api.user.hasPermission(perm):
                         if request.headers.get('X-Requested-With') == 'XMLHttpRequest':
                             return HTTPError(403, "Forbidden")
                         else:
                             return redirect("/nopermission")
 
+                kwargs["api"] = api
                 return func(*args, **kwargs)
             else:
                 if request.headers.get('X-Requested-With') == 'XMLHttpRequest':
@@ -122,13 +98,6 @@ def login_required(perm=None):
     return _dec
 
 
-def toDict(obj):
-    ret = {}
-    for att in obj.__slots__:
-        ret[att] = getattr(obj, att)
-    return ret
-
-
 class CherryPyWSGI(ServerAdapter):
     def run(self, handler):
         from wsgiserver import CherryPyWSGIServer