PageRenderTime 46ms CodeModel.GetById 18ms RepoModel.GetById 0ms app.codeStats 0ms

/applications/list.py

https://bitbucket.org/viur/server
Python | 280 lines | 278 code | 1 blank | 1 comment | 0 complexity | 4a64352c3bb68f09928a1c2601a96983 MD5 | raw file
Possible License(s): LGPL-3.0 
    

  1. # -*- coding: utf-8 -*-
    2. 

  2. from server.bones import baseBone
    3. 

  3. from server.skeleton import Skeleton
    4. 

  4. from server.skellist import Skellist
    5. 

  5. from server import utils, session,  errors, conf
    6. 

  6. from google.appengine.api import users
    7. 

  7. import logging
    8. 

  8. 

  9. class List( object ):
    10. 

  10. 	adminInfo = {	"name": "BaseApplication", #Name of this modul, as shown in Apex (will be translated at runtime)
    11. 

  11. 				"handler": "list",  #Which handler to invoke
    12. 

  12. 				"icon": "", #Icon for this modul
    13. 

  13. 				}
    14. 

  14. 

  15. 	def __init__( self, modulName, modulPath, *args, **kwargs ):
    16. 

  16. 		super( List, self ).__init__( *args, **kwargs )
    17. 

  17. 		self.modulName = modulName
    18. 

  18. 		self.modulPath = modulPath
    19. 

  19. 		if self.adminInfo:
    20. 

  20. 			rights = ["add", "edit", "view", "delete"]
    21. 

  21. 			for r in rights:
    22. 

  22. 				rightName = "%s-%s" % ( modulName, r )
    23. 

  23. 				if not rightName in conf["viur.accessRights"]:
    24. 

  24. 					conf["viur.accessRights"].append( rightName )
    25. 

  25. 

  26. 	def preview( self, skey, *args, **kwargs ):
    27. 

  27. 		"""
    28. 

  28. 			Renders the viewTemplate with the values given.
    29. 

  29. 			This allows to preview an entry without having to save it first
    30. 

  30. 		"""
    31. 

  31. 		if not self.canPreview( ):
    32. 

  32. 			raise errors.Unauthorized()
    33. 

  33. 		if not utils.validateSecurityKey( skey ):
    34. 

  34. 			raise errors.PreconditionFailed()
    35. 

  35. 		skel = self.viewSkel()
    36. 

  36. 		skel.fromClient( kwargs )
    37. 

  37. 		return( self.render.view( skel ) )
    38. 

  38. 	preview.exposed = True
    39. 

  39. 	
    40. 

  40. 	def view( self, *args, **kwargs ):
    41. 

  41. 		"""
    42. 

  42. 			Prepares and renders a single entry for viewing
    43. 

  43. 		"""
    44. 

  44. 		if "id" in kwargs:
    45. 

  45. 			id = kwargs["id"]
    46. 

  46. 		elif( len( args ) >= 1 ):
    47. 

  47. 			id= args[0]
    48. 

  48. 		else:
    49. 

  49. 			raise errors.NotAcceptable()
    50. 

  50. 		skel = self.viewSkel()
    51. 

  51. 		if "canView" in dir( self ):
    52. 

  52. 			if not self.canView( id ):
    53. 

  53. 				raise errors.Unauthorized()
    54. 

  54. 			if not skel.fromDB( id ):
    55. 

  55. 				raise errors.NotFound()
    56. 

  56. 		else:
    57. 

  57. 			queryObj = utils.buildDBFilter( skel, {"id": id} )
    58. 

  58. 			queryObj = self.listFilter( queryObj ) #Access control
    59. 

  59. 			if not queryObj:
    60. 

  60. 				raise errors.Unauthorized()
    61. 

  61. 			if not skel.fromDB( queryObj ):
    62. 

  62. 				raise errors.NotFound()
    63. 

  63. 		return( self.render.view( skel ) )
    64. 

  64. 	view.exposed = True
    65. 

  65. 	
    66. 

  66. 	def list( self, *args, **kwargs ):
    67. 

  67. 		"""
    68. 

  68. 			Renders a list of entries.
    69. 

  69. 			All supplied parameters are interpreted as filters for the elements displayed
    70. 

  70. 			Unlike Tree, Hierarchy or Singleton, access control in this function is realized
    71. 

  71. 			by calling the function listFilter, which updates the query-filter to contain only
    72. 

  72. 			elements which the user is allowed to view.
    73. 

  73. 		"""
    74. 

  74. 		mylist = Skellist( self.viewSkel )
    75. 

  75. 		queryObj = utils.buildDBFilter( self.viewSkel(), kwargs ) #Build the initial one
    76. 

  76. 		queryObj = self.listFilter( queryObj ) #Access control
    77. 

  77. 		if not queryObj:
    78. 

  78. 			raise( errors.Unauthorized() )
    79. 

  79. 		mylist.fromDB( queryObj )
    80. 

  80. 		return( self.render.list( mylist ) )
    81. 

  81. 	list.exposed = True
    82. 

  82. 

  83. 	def edit( self, *args, **kwargs ):
    84. 

  84. 		"""
    85. 

  85. 			Edit the entry with the given id
    86. 

  86. 		"""
    87. 

  87. 		if "skey" in kwargs:
    88. 

  88. 			skey = kwargs["skey"]
    89. 

  89. 		else:
    90. 

  90. 			skey = ""
    91. 

  91. 		if( len( args ) == 1 ):
    92. 

  92. 			id= args[0]
    93. 

  93. 		elif "id" in kwargs:
    94. 

  94. 			id = kwargs["id"]
    95. 

  95. 		else:
    96. 

  96. 			raise errors.NotAcceptable()
    97. 

  97. 		skel = self.editSkel()
    98. 

  98. 		if id == "0":
    99. 

  99. 			return( self.render.edit( skel ) )
    100. 

  100. 		if not self.canEdit( id ):
    101. 

  101. 			raise errors.Unauthorized()
    102. 

  102. 		if not skel.fromDB( id ):
    103. 

  103. 			raise errors.NotAcceptable()
    104. 

  104. 		if len(kwargs)==0 or skey=="" or not skel.fromClient( kwargs ) or ("bounce" in list(kwargs.keys()) and kwargs["bounce"]=="1"):
    105. 

  105. 			return( self.render.edit( skel ) )
    106. 

  106. 		if not utils.validateSecurityKey( skey ):
    107. 

  107. 			raise errors.PreconditionFailed()
    108. 

  108. 		skel.toDB( id )
    109. 

  109. 		self.onItemEdited( id, skel )
    110. 

  110. 		return self.render.editItemSuccess( skel )
    111. 

  111. 	edit.exposed = True
    112. 

  112. 	edit.forceSSL = True
    113. 

  113. 	
    114. 

  114. 	def add( self, *args, **kwargs ):
    115. 

  115. 		"""
    116. 

  116. 			Add a new entry.
    117. 

  117. 		"""
    118. 

  118. 		if "skey" in kwargs:
    119. 

  119. 			skey = kwargs["skey"]
    120. 

  120. 		else:
    121. 

  121. 			skey = ""
    122. 

  122. 		if not self.canAdd( ):
    123. 

  123. 			raise errors.Unauthorized()
    124. 

  124. 		skel = self.addSkel()
    125. 

  125. 		if not skel.fromClient( kwargs ) or len(kwargs)==0 or skey=="" or ("bounce" in list(kwargs.keys()) and kwargs["bounce"]=="1"):
    126. 

  126. 			return( self.render.add( skel ) )
    127. 

  127. 		if not utils.validateSecurityKey( skey ):
    128. 

  128. 			raise errors.PreconditionFailed()
    129. 

  129. 		id = skel.toDB( )
    130. 

  130. 		self.onItemAdded( id, skel )
    131. 

  131. 		return self.render.addItemSuccess( id, skel )
    132. 

  132. 	add.exposed = True
    133. 

  133. 	add.forceSSL = True
    134. 

  134. 	
    135. 

  135. 	def delete( self, id, skey, *args, **kwargs ):
    136. 

  136. 		"""
    137. 

  137. 			Delete an entry.
    138. 

  138. 		"""
    139. 

  139. 		if not self.canDelete( id ):
    140. 

  140. 			raise errors.Unauthorized()
    141. 

  141. 		skel = self.editSkel()
    142. 

  142. 		if not skel.fromDB( id ):
    143. 

  143. 			raise errors.NotFound()
    144. 

  144. 		if not utils.validateSecurityKey( skey ):
    145. 

  145. 			raise errors.PreconditionFailed()
    146. 

  146. 		skel.delete( id )
    147. 

  147. 		self.onItemDeleted( id, skel )
    148. 

  148. 		return self.render.deleteSuccess( skel )
    149. 

  149. 	delete.exposed = True
    150. 

  150. 	delete.forceSSL = True
    151. 

  151. 

  152. 	def listFilter( self, filter ):
    153. 

  153. 		"""
    154. 

  154. 			Changes the db-filter, sothat the result will only include entries the user is allowed to view
    155. 

  155. 			@param filter: Query which should be altered.
    156. 

  156. 			@type filter: ndb.query
    157. 

  157. 			@return: altered ndb.query
    158. 

  158. 		"""
    159. 

  159. 		user = users.get_current_user() #Check the GAE API
    160. 

  160. 		if users.is_current_user_admin():
    161. 

  161. 			return( filter )
    162. 

  162. 		if "user" in dir( conf["viur.mainApp"] ): #Check for our custom user-api
    163. 

  163. 			user = conf["viur.mainApp"].user.getCurrentUser()
    164. 

  164. 			if user and user["access"] \
    165. 

  165. 				and ("%s-view" % self.modulName in user["access"] or "root" in user["access"] ) :
    166. 

  166. 					return( filter )
    167. 

  167. 		return( None )
    168. 

  168. 

  169. 	def canAdd( self ):
    170. 

  170. 		"""
    171. 

  171. 			Checks if the current user has the right to add a new entry
    172. 

  172. 			@returns: True, if hes allowed to do so, False otherwise.
    173. 

  173. 		"""
    174. 

  174. 		user = utils.getCurrentUser()
    175. 

  175. 		if not user:
    176. 

  176. 			return( False )
    177. 

  177. 		if user["access"] and "root" in user["access"]:
    178. 

  178. 			return( True )
    179. 

  179. 		if user and user["access"] and "%s-add" % self.modulName in user["access"]:
    180. 

  180. 			return( True )
    181. 

  181. 		return( False )
    182. 

  182. 

  183. 	def canPreview( self ):
    184. 

  184. 		"""
    185. 

  185. 			Checks if the current user has the right to use the preview function
    186. 

  186. 			@returns: True, if hes allowed to do so, False otherwise.
    187. 

  187. 		"""
    188. 

  188. 		user = utils.getCurrentUser()
    189. 

  189. 		if not user:
    190. 

  190. 			return( False )
    191. 

  191. 		if user["access"] and "root" in user["access"]:
    192. 

  192. 			return( True )
    193. 

  193. 		if user and  user["access"] and ("%s-add" % self.modulName in user["access"] or  "%s-edit" % self.modulName in user["access"] ):
    194. 

  194. 			return( True )
    195. 

  195. 

  196. 	def canEdit( self, id ):
    197. 

  197. 		"""
    198. 

  198. 			Checks if the current user has the right to edit the given entry
    199. 

  199. 			@param id: Urlsafe-key of the entry
    200. 

  200. 			@type id: String
    201. 

  201. 			@returns: True, if hes allowed to do so, False otherwise.
    202. 

  202. 		"""
    203. 

  203. 		user = utils.getCurrentUser()
    204. 

  204. 		if not user:
    205. 

  205. 			return( False )
    206. 

  206. 		if user["access"] and "root" in user["access"]:
    207. 

  207. 			return( True )
    208. 

  208. 		if user and user["access"] and "%s-edit" % self.modulName in user["access"]:
    209. 

  209. 			return( True )
    210. 

  210. 		return( False )
    211. 

  211. 

  212. 	def canDelete( self, id ):
    213. 

  213. 		"""
    214. 

  214. 			Checks if the current user has the right to delete the given entry
    215. 

  215. 			@param id: Urlsafe-key of the entry
    216. 

  216. 			@type id: String
    217. 

  217. 			@returns: True, if hes allowed to do so, False otherwise.
    218. 

  218. 		"""
    219. 

  219. 		user = utils.getCurrentUser()
    220. 

  220. 		if not user:
    221. 

  221. 			return( False )
    222. 

  222. 		if user["access"] and "root" in user["access"]:
    223. 

  223. 			return( True )
    224. 

  224. 		if user and user["access"] and "%s-delete" % self.modulName in user["access"]:
    225. 

  225. 			return( True )
    226. 

  226. 		return( False )
    227. 

  227. 		
    228. 

  228. 	def onItemAdded( self, id, skel ):
    229. 

  229. 		"""
    230. 

  230. 			Hook. Can be overriden to hook the onItemAdded-Event
    231. 

  231. 			@param id: Urlsafe-key of the entry added
    232. 

  232. 			@type id: String
    233. 

  233. 			@param skel: Skeleton with the data which has been added
    234. 

  234. 			@type skel: Skeleton
    235. 

  235. 		"""
    236. 

  236. 		logging.info("Entry added: %s" % id )
    237. 

  237. 		user = utils.getCurrentUser()
    238. 

  238. 		if user:
    239. 

  239. 			logging.info("User: %s (%s)" % (user["name"], user["id"] ) )
    240. 

  240. 	
    241. 

  241. 	def onItemEdited( self, id, skel ):
    242. 

  242. 		"""
    243. 

  243. 			Hook. Can be overriden to hook the onItemEdited-Event
    244. 

  244. 			@param id: Urlsafe-key of the entry edited
    245. 

  245. 			@type id: String
    246. 

  246. 			@param skel: Skeleton with the data which has been edited
    247. 

  247. 			@type skel: Skeleton
    248. 

  248. 		"""
    249. 

  249. 		logging.info("Entry changed: %s" % id )
    250. 

  250. 		user = utils.getCurrentUser()
    251. 

  251. 		if user:
    252. 

  252. 			logging.info("User: %s (%s)" % (user["name"], user["id"] ) )
    253. 

  253. 		
    254. 

  254. 	def onItemViewed( self, id, skel ):
    255. 

  255. 		"""
    256. 

  256. 			Hook. Can be overriden to hook the onItemViewed-Event
    257. 

  257. 			@param id: Urlsafe-key of the entry viewed
    258. 

  258. 			@type id: String
    259. 

  259. 			@param skel: Skeleton with the data which has been viewed
    260. 

  260. 			@type skel: Skeleton
    261. 

  261. 		"""
    262. 

  262. 		pass
    263. 

  263. 	
    264. 

  264. 	def onItemDeleted( self, id, skel ):
    265. 

  265. 		"""
    266. 

  266. 			Hook. Can be overriden to hook the onItemDeleted-Event
    267. 

  267. 			Note: Saving the skeleton again will undo the deletion.
    268. 

  268. 			@param id: Urlsafe-key of the entry deleted
    269. 

  269. 			@type id: String
    270. 

  270. 			@param skel: Skeleton with the data which has been deleted
    271. 

  271. 			@type skel: Skeleton
    272. 

  272. 		"""
    273. 

  273. 		logging.info("Entry deleted: %s" % id )
    274. 

  274. 		user = utils.getCurrentUser()
    275. 

  275. 		if user:
    276. 

  276. 			logging.info("User: %s (%s)" % (user["name"], user["id"] ) )
    277. 

  277. 	
    278. 

  278. List.admin=True
    279. 

  279. List.jinja2=True
    280. 

  280. List.ops=True
    281. 

  281.