# HG changeset patch # User Goffi # Date 1448279968 -3600 # Node ID ad733b670cc3398f38564e1e87b74d8befa0d7b1 # Parent 03ccd68a6dab3f590ea415cfb7d96e6e659196fd server side: fixed params, and removed self.authorized_params as authorisation is handled by the backend diff -r 03ccd68a6dab -r ad733b670cc3 src/browser/sat_browser/menu.py --- a/src/browser/sat_browser/menu.py Sun Nov 22 21:28:06 2015 +0100 +++ b/src/browser/sat_browser/menu.py Mon Nov 23 12:59:28 2015 +0100 @@ -147,7 +147,7 @@ body.setCloseCb(_dialog.close) _dialog.setSize('80%', '80%') _dialog.show() - self.host.bridge.call('getParamsUI', gotParams) + self.host.bridge.getParamsUI(profile=C.PROF_KEY_NONE, callback=gotParams) def removeItemParams(self): """Remove the Parameters item from the Settings menu bar.""" diff -r 03ccd68a6dab -r ad733b670cc3 src/server/server.py --- a/src/server/server.py Sun Nov 22 21:28:06 2015 +0100 +++ b/src/server/server.py Mon Nov 23 12:59:28 2015 +0100 @@ -35,7 +35,6 @@ from sat_frontends.bridge.DBus import DBusBridgeFrontend, BridgeExceptionNoService, const_TIMEOUT as BRIDGE_TIMEOUT from sat.core.i18n import _, D_ from sat.core import exceptions -from sat.tools.xml_tools import paramsXML2XMLUI from sat.tools import utils import re @@ -46,7 +45,6 @@ import shutil import uuid from zope.interface import Interface, Attribute, implements -from xml.dom import minidom from httplib import HTTPS_PORT import libervia @@ -179,7 +177,6 @@ def __init__(self, sat_host): JSONRPCMethodManager.__init__(self, sat_host) - self.authorized_params = None def render(self, request): self.session = request.getSession() @@ -628,25 +625,7 @@ def jsonrpc_getParamsUI(self): """Return the parameters XML for profile""" profile = ISATSession(self.session).profile - d = self.asyncBridgeCall("getParams", C.SECURITY_LIMIT, C.APP_NAME, profile) - - def setAuthorizedParams(params_xml): - if self.authorized_params is None: - self.authorized_params = {} - for cat in minidom.parseString(params_xml.encode('utf-8')).getElementsByTagName("category"): - params = cat.getElementsByTagName("param") - params_list = [param.getAttribute("name") for param in params] - self.authorized_params[cat.getAttribute("name")] = params_list - if self.authorized_params: - return params_xml - else: - return None - - d.addCallback(setAuthorizedParams) - - d.addCallback(lambda params_xml: paramsXML2XMLUI(params_xml) if params_xml else "") - - return d + return self.asyncBridgeCall("getParamsUI", C.SECURITY_LIMIT, C.APP_NAME, profile) def jsonrpc_asyncGetParamA(self, param, category, attribute="value"): """Return the parameter value for profile""" @@ -656,11 +635,7 @@ def jsonrpc_setParam(self, name, value, category): profile = ISATSession(self.session).profile - if category in self.authorized_params and name in self.authorized_params[category]: - return self.sat_host.bridge.setParam(name, value, category, C.SECURITY_LIMIT, profile) - else: - log.warning(u"Trying to set parameter '%s' in category '%s' without authorization!!!" - % (name, category)) + return self.sat_host.bridge.setParam(name, value, category, C.SECURITY_LIMIT, profile) def jsonrpc_launchAction(self, callback_id, data): #FIXME: any action can be launched, this can be a huge security issue if callback_id can be guessed