X-Git-Url: http://xvm.mit.edu/gitweb/invirt/packages/invirt-web.git/blobdiff_plain/77238c2233002aa1e8256d2eda37ff65dcd5c916..542183dd43e3d9c9260b2ce1313126b7f6535f6c:/code/view.py?ds=sidebyside diff --git a/code/view.py b/code/view.py index 38569ed..d15d53f 100644 --- a/code/view.py +++ b/code/view.py @@ -5,6 +5,8 @@ from mako.template import Template from mako.lookup import TemplateLookup import simplejson import datetime, decimal +from invirt.config import structs as config +from webcommon import State class MakoHandler(cherrypy.dispatch.LateParamPageHandler): """Callable which sets response.body.""" @@ -27,7 +29,8 @@ class MakoLoader(object): self.lookups = {} def __call__(self, filename, directories, module_directory=None, - collection_size=-1, content_type='text/html; charset=utf-8'): + collection_size=-1, content_type='text/html; charset=utf-8', + imports=[]): # Find the appropriate template lookup. key = (tuple(directories), module_directory) try: @@ -39,6 +42,7 @@ class MakoLoader(object): default_filters=['decode.utf8'], input_encoding='utf-8', output_encoding='utf-8', + imports=imports, ) self.lookups[key] = lookup cherrypy.request.lookup = lookup @@ -76,7 +80,42 @@ def require_login(): raise cherrypy.HTTPError(403, "You are not authorized to access that resource") -cherrypy.tools.require_login = cherrypy.Tool('on_start_resource', require_login) +cherrypy.tools.require_login = cherrypy.Tool('on_start_resource', require_login, priority=150) + +def require_POST(): + """If the request isn't a POST request, raise 405 Method Not Allowed""" + if cherrypy.request.method != "POST": + raise cherrypy.HTTPError(405, + "You must submit this request with POST") + +cherrypy.tools.require_POST = cherrypy.Tool('on_start_resource', require_POST, priority=150) + +def remote_user_login(): + """Get the current user based on the SSL or GSSAPI environment variables""" + environ = cherrypy.request.wsgi_environ + user = environ.get('REMOTE_USER') + if user is None: + return + else: + cherrypy.request.login = None # clear what cherrypy put there + + if environ.get('AUTH_TYPE') == 'Negotiate': + # Convert the krb5 principal into a krb4 username + if not user.endswith('@%s' % config.kerberos.realm): + cherrypy.request.login = False # failed to login + else: + cherrypy.request.login = user.split('@')[0].replace('/', '.') + else: + cherrypy.request.login = user + +cherrypy.tools.remote_user_login = cherrypy.Tool('on_start_resource', remote_user_login, priority=50) + +def invirtwebstate_init(): + """Initialize the cherrypy.request.state object from Invirt""" + if not hasattr(cherrypy.request, "state"): + cherrypy.request.state = State(cherrypy.request.login) + +cherrypy.tools.invirtwebstate = cherrypy.Tool('on_start_resource', invirtwebstate_init, priority=100) class View(object): _cp_config = {'tools.mako.directories': [os.path.join(os.path.dirname(__file__),'templates')]}