diff options
Diffstat (limited to 'module/web/utils.py')
| -rw-r--r-- | module/web/utils.py | 151 |
1 files changed, 51 insertions, 100 deletions
diff --git a/module/web/utils.py b/module/web/utils.py index a89c87558..cbe8f3071 100644 --- a/module/web/utils.py +++ b/module/web/utils.py @@ -1,115 +1,81 @@ #!/usr/bin/env python # -*- coding: utf-8 -*- -""" - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, - or (at your option) any later version. - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. - See the GNU General Public License for more details. +import re +from bottle import request, HTTPError, redirect - You should have received a copy of the GNU General Public License - along with this plrogram; if not, see <http://www.gnu.org/licenses/>. - - @author: RaNaN -""" -from bottle import request, HTTPError, redirect, ServerAdapter - -from webinterface import env, TEMPLATE - -from module.Api import has_permission, PERMS, ROLE +from webinterface import env, TEMPLATE, PYLOAD, SETUP +# TODO: useful but needs a rewrite, too def render_to_response(name, args={}, proc=[]): for p in proc: args.update(p()) - - t = env.get_template(TEMPLATE + "/" + name) + if is_mobile(): + t = env.get_or_select_template(("mobile/" + name,)) + else: + t = env.get_or_select_template((TEMPLATE + "/" + name, "default/" + name, name)) return t.render(**args) -def parse_permissions(session): - perms = dict([(x, False) for x in dir(PERMS) if not x.startswith("_")]) - perms["ADMIN"] = False - perms["is_admin"] = False - - if not session.get("authenticated", False): - return perms - - if session.get("role") == ROLE.ADMIN: - for k in perms.iterkeys(): - perms[k] = True - - elif session.get("perms"): - p = session.get("perms") - get_permission(perms, p) - - return perms - - -def permlist(): - return [x for x in dir(PERMS) if not x.startswith("_") and x != "ALL"] - - -def get_permission(perms, p): - """Returns a dict with permission key - - :param perms: dictionary - :param p: bits - """ - for name in permlist(): - perms[name] = has_permission(p, getattr(PERMS, name)) - - -def set_permission(perms): - """generates permission bits from dictionary - - :param perms: dict - """ - permission = 0 - for name in dir(PERMS): - if name.startswith("_"): continue - - if name in perms and perms[name]: - permission |= getattr(PERMS, name) - - return permission - - -def set_session(request, info): +def set_session(request, user): s = request.environ.get('beaker.session') - s["authenticated"] = True - s["user_id"] = info["id"] - s["name"] = info["name"] - s["role"] = info["role"] - s["perms"] = info["permission"] - s["template"] = info["template"] + s["uid"] = user.uid s.save() - return s - -def parse_userdata(session): - return {"name": session.get("name", "Anonymous"), - "is_admin": True if session.get("role", 1) == 0 else False, - "is_authenticated": session.get("authenticated", False)} +def get_user_api(s): + if s: + uid = s.get("uid", None) + if (uid is not None) and (PYLOAD is not None): + return PYLOAD.withUserContext(uid) + return None + +def is_mobile(): + if request.get_cookie("mobile"): + if request.get_cookie("mobile") == "True": + return True + else: + return False + mobile_ua = request.headers.get('User-Agent', '').lower() + if mobile_ua.find('opera mini') > 0: + return True + if mobile_ua.find('windows') > 0: + return False + if request.headers.get('Accept', '').lower().find('application/vnd.wap.xhtml+xml') > 0: + return True + if re.search('(up.browser|up.link|mmp|symbian|smartphone|midp|wap|phone|android)', mobile_ua) is not None: + return True + mobile_ua = mobile_ua[:4] + mobile_agents = ['w3c ','acs-','alav','alca','amoi','audi','avan','benq','bird','blac','blaz','brew','cell','cldc','cmd-', + 'dang','doco','eric','hipt','inno','ipaq','java','jigs','kddi','keji','leno','lg-c','lg-d','lg-g','lge-', + 'maui','maxo','midp','mits','mmef','mobi','mot-','moto','mwbp','nec-','newt','noki','palm','pana','pant', + 'phil','play','port','prox','qwap','sage','sams','sany','sch-','sec-','send','seri','sgh-','shar','sie-', + 'siem','smal','smar','sony','sph-','symb','t-mo','teli','tim-','tosh','tsm-','upg1','upsi','vk-v','voda', + 'wap-','wapa','wapi','wapp','wapr','webc','winw','winw','xda ','xda-'] + if mobile_ua in mobile_agents: + return True + return False def login_required(perm=None): def _dec(func): def _view(*args, **kwargs): + + # In case of setup, no login methods can be accessed + if SETUP is not None: + redirect("/setup") + s = request.environ.get('beaker.session') - if s.get("name", None) and s.get("authenticated", False): + api = get_user_api(s) + if api is not None: if perm: - perms = parse_permissions(s) - if perm not in perms or not perms[perm]: + if api.user.hasPermission(perm): if request.headers.get('X-Requested-With') == 'XMLHttpRequest': return HTTPError(403, "Forbidden") else: return redirect("/nopermission") + kwargs["api"] = api return func(*args, **kwargs) else: if request.headers.get('X-Requested-With') == 'XMLHttpRequest': @@ -120,18 +86,3 @@ def login_required(perm=None): return _view return _dec - - -def toDict(obj): - ret = {} - for att in obj.__slots__: - ret[att] = getattr(obj, att) - return ret - - -class CherryPyWSGI(ServerAdapter): - def run(self, handler): - from wsgiserver import CherryPyWSGIServer - - server = CherryPyWSGIServer((self.host, self.port), handler) - server.start() |