libervia-web: server_side/blog.py annotate

annotate server_side/blog.py @ 215:e830a0c60d32

server side: added the security_limit to setParam - in addition to the check which is done by the core, libervia checks if the param to be modified was really part of the XML that has been returned by getParams with security_limit = 0.

author	souliane <souliane@mailoo.org>
date	Sat, 07 Sep 2013 02:07:07 +0200
parents	b9edfa058786
children	6efd189e8d78

rev	line source
10 c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	1 #!/usr/bin/python
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	2 # -- coding: utf-8 --
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	3
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	4 """
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	5 Libervia: a Salut à Toi frontend
165 9763dec220ed dates update Goffi <goffi@goffi.org> parents: 149 diff changeset	6 Copyright (C) 2011, 2012, 2013 Jérôme Poisson <goffi@goffi.org>
10 c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	7
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	8 This program is free software: you can redistribute it and/or modify
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	9 it under the terms of the GNU Affero General Public License as published by
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	10 the Free Software Foundation, either version 3 of the License, or
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	11 (at your option) any later version.
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	12
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	13 This program is distributed in the hope that it will be useful,
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	14 but WITHOUT ANY WARRANTY; without even the implied warranty of
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	16 GNU Affero General Public License for more details.
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	17
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	18 You should have received a copy of the GNU Affero General Public License
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	19 along with this program. If not, see <http://www.gnu.org/licenses/>.
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	20 """
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	21
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	22 from server_side.html_tools import sanitizeHtml
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	23 from twisted.internet import reactor, defer
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	24 from twisted.web import server
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	25 from twisted.web.resource import Resource
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	26 from twisted.words.protocols.jabber.jid import JID
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	27 from datetime import datetime
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	28
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	29 class MicroBlog(Resource):
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	30 isLeaf = True
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	31
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	32 ERROR_TEMPLATE = """
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	33 <html>
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	34 <head>
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	35 <title>MICROBLOG ERROR</title>
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	36 </head>
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	37 <body>
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	38 <h1 style='text-align: center; color: red;'>%s</h1>
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	39 </body>
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	40 </html>
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	41 """
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	42
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	43 def __init__(self,host):
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	44 self.host = host
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	45 Resource.__init__(self)
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	46 if not host.bridge.isConnected("libervia"): #FIXME: hard coded value for test
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	47 host.bridge.connect("libervia")
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	48
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	49 def render_GET(self, request):
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	50 if not request.postpath:
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	51 return MicroBlog.ERROR_TEMPLATE % "You must indicate a nickname"
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	52 else:
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	53 prof_requested = request.postpath[0]
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	54 #TODO: char check: only use alphanumerical chars + some extra(_,-,...) here
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	55 prof_found = self.host.bridge.getProfileName(prof_requested)
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	56 if not prof_found or prof_found=='libervia':
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	57 return MicroBlog.ERROR_TEMPLATE % "Invalid nickname"
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	58 else:
149 f78761e1be8e server side: fixed public microblog Goffi <goffi@goffi.org> parents: 131 diff changeset	59 def got_jid(pub_jid_s):
f78761e1be8e server side: fixed public microblog Goffi <goffi@goffi.org> parents: 131 diff changeset	60 pub_jid = JID(pub_jid_s)
f78761e1be8e server side: fixed public microblog Goffi <goffi@goffi.org> parents: 131 diff changeset	61 d2 = defer.Deferred()
f78761e1be8e server side: fixed public microblog Goffi <goffi@goffi.org> parents: 131 diff changeset	62 d2.addCallbacks(self.render_html_blog, self.render_error_blog, [request, prof_found], None, [request, prof_found], None)
f78761e1be8e server side: fixed public microblog Goffi <goffi@goffi.org> parents: 131 diff changeset	63 self.host.bridge.getLastGroupBlogs(pub_jid.userhost(), 10, 'libervia', d2.callback, d2.errback)
f78761e1be8e server side: fixed public microblog Goffi <goffi@goffi.org> parents: 131 diff changeset	64
f78761e1be8e server side: fixed public microblog Goffi <goffi@goffi.org> parents: 131 diff changeset	65 d1 = defer.Deferred()
f78761e1be8e server side: fixed public microblog Goffi <goffi@goffi.org> parents: 131 diff changeset	66 JID(self.host.bridge.asyncGetParamA('JabberID', 'Connection', 'value', prof_found, callback=d1.callback, errback=d1.errback))
f78761e1be8e server side: fixed public microblog Goffi <goffi@goffi.org> parents: 131 diff changeset	67 d1.addCallbacks(got_jid)
10 c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	68
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	69 return server.NOT_DONE_YET
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	70
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	71 def render_html_blog(self, mblog_data, request, profile):
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	72 user = sanitizeHtml(profile).encode('utf-8')
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	73 request.write("""
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	74 <html>
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	75 <head>
175 764ca916e56e browser side: fixed charset in public blog page Goffi <goffi@goffi.org> parents: 165 diff changeset	76 <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
10 c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	77 <link rel="stylesheet" type="text/css" href="../css/blog.css" />
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	78 <title>%(user)s's microblog</title>
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	79 </head>
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	80 <body>
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	81 <div class='mblog_title'>%(user)s</div>
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	82 """ % {'user':user})
176 b9edfa058786 server side: fixed public blog items order Goffi <goffi@goffi.org> parents: 175 diff changeset	83 #mblog_data.reverse()
10 c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	84 for entry in mblog_data:
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	85 timestamp = float(entry.get('timestamp',0))
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	86 _datetime = datetime.fromtimestamp(timestamp)
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	87 request.write("<div class='mblog_content'><span class='mblog_timestamp'>%(date)s</span>%(content)s</div>" % {
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	88 'date':_datetime,
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	89 'content':sanitizeHtml(entry['content']).encode('utf-8')})
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	90 request.write('</body></html>')
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	91 request.finish()
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	92
12 513fe9bd0665 server: fixed wrong parameter number in blog resource Goffi <goffi@goffi.org> parents: 10 diff changeset	93 def render_error_blog(self, error, request, profile):
10 c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	94 request.write(MicroBlog.ERROR_TEMPLATE % "Can't access requested data")
c28a4840e1a8 server: microblog resource Goffi <goffi@goffi.org> parents: diff changeset	95 request.finish()

Mercurial > libervia-web

annotate server_side/blog.py @ 215:e830a0c60d32