dh7 needs --with config-package
[invirt/packages/invirt-web.git] / code / view.py
index 1765ddf..51f19a5 100644 (file)
@@ -7,13 +7,15 @@ import simplejson
 import datetime, decimal
 from StringIO import StringIO
 from invirt.config import structs as config
+import invirt.database
 from webcommon import State
 
 
 class MakoHandler(cherrypy.dispatch.LateParamPageHandler):
     """Callable which processes a dictionary, returning the rendered body."""
     
-    def __init__(self, template, next_handler, content_type='text/html; charset=utf-8'):
+    def __init__(self, template, next_handler,
+                 content_type='text/html; charset=utf-8'):
         self.template = template
         self.next_handler = next_handler
         self.content_type = content_type
@@ -51,10 +53,11 @@ class MakoLoader(object):
     def __call__(self, filename, directories, module_directory=None,
                  collection_size=-1, content_type='text/html; charset=utf-8',
                  imports=[]):
-        cherrypy.request.lookup = lookup = self.get_lookup(directories, module_directory,
-                                                           collection_size, imports)
+        cherrypy.request.lookup = lookup = self.get_lookup(
+            directories, module_directory, collection_size, imports)
         cherrypy.request.template = t = lookup.get_template(filename)
-        cherrypy.request.handler = MakoHandler(t, cherrypy.request.handler, content_type)
+        cherrypy.request.handler = MakoHandler(
+            t, cherrypy.request.handler, content_type)
 
 cherrypy.tools.mako = cherrypy.Tool('on_start_resource', MakoLoader())
 
@@ -101,7 +104,8 @@ def jsonify_tool_callback(*args, **kwargs):
         response.headers['Content-Type'] = 'text/javascript'
         response.body = JSONEncoder().iterencode(response.body)
 
-cherrypy.tools.jsonify = cherrypy.Tool('before_finalize', jsonify_tool_callback, priority=30)
+cherrypy.tools.jsonify = cherrypy.Tool('before_finalize',
+                                       jsonify_tool_callback, priority=30)
 
 
 def require_login():
@@ -110,7 +114,8 @@ def require_login():
         raise cherrypy.HTTPError(403,
             "You are not authorized to access that resource")
 
-cherrypy.tools.require_login = cherrypy.Tool('on_start_resource', require_login, priority=150)
+cherrypy.tools.require_login = cherrypy.Tool('on_start_resource',
+                                             require_login, priority=150)
 
 
 def require_POST():
@@ -118,8 +123,11 @@ def require_POST():
     if cherrypy.request.method != "POST":
         raise cherrypy.HTTPError(405,
                                  "You must submit this request with POST")
+    if not cherrypy.request.headers.get('Referer', '').startswith('https://' + config.web.hostname):
+        raise cherrypy.HTTPError(403, "This form is only usable when submitted from another page on this site. If you receive this message in error, check your browser's Referer settings.")
 
-cherrypy.tools.require_POST = cherrypy.Tool('on_start_resource', require_POST, priority=150)
+cherrypy.tools.require_POST = cherrypy.Tool('on_start_resource',
+                                            require_POST, priority=150)
 
 
 def remote_user_login():
@@ -145,7 +153,8 @@ failed login, and is left at None if the user attempted no authentication.
     else:
         cherrypy.request.login = user
 
-cherrypy.tools.remote_user_login = cherrypy.Tool('on_start_resource', remote_user_login, priority=50)
+cherrypy.tools.remote_user_login = cherrypy.Tool('on_start_resource',
+                                                 remote_user_login, priority=50)
 
 
 def invirtwebstate_init():
@@ -153,8 +162,13 @@ def invirtwebstate_init():
     if not hasattr(cherrypy.request, "state"):
         cherrypy.request.state = State(cherrypy.request.login)
 
-cherrypy.tools.invirtwebstate = cherrypy.Tool('on_start_resource', invirtwebstate_init, priority=100)
+cherrypy.tools.invirtwebstate = cherrypy.Tool('on_start_resource',
+                                              invirtwebstate_init, priority=100)
+
+
+cherrypy.tools.clear_db_cache = cherrypy.Tool('on_start_resource', invirt.database.clear_cache)
 
 
 class View(object):
-    _cp_config = {'tools.mako.directories': [os.path.join(os.path.dirname(__file__),'templates')]}
+    _cp_config = {'tools.mako.directories':
+                      [os.path.join(os.path.dirname(__file__),'templates')]}