Mercurial > libervia-web
annotate server_side/blog.py @ 215:e830a0c60d32
server side: added the security_limit to setParam
- in addition to the check which is done by the core, libervia checks if the param to be modified was really part of the XML that has been returned by getParams with security_limit = 0.
author | souliane <souliane@mailoo.org> |
---|---|
date | Sat, 07 Sep 2013 02:07:07 +0200 |
parents | b9edfa058786 |
children | 6efd189e8d78 |
rev | line source |
---|---|
10 | 1 #!/usr/bin/python |
2 # -*- coding: utf-8 -*- | |
3 | |
4 """ | |
5 Libervia: a Salut à Toi frontend | |
165 | 6 Copyright (C) 2011, 2012, 2013 Jérôme Poisson <goffi@goffi.org> |
10 | 7 |
8 This program is free software: you can redistribute it and/or modify | |
9 it under the terms of the GNU Affero General Public License as published by | |
10 the Free Software Foundation, either version 3 of the License, or | |
11 (at your option) any later version. | |
12 | |
13 This program is distributed in the hope that it will be useful, | |
14 but WITHOUT ANY WARRANTY; without even the implied warranty of | |
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
16 GNU Affero General Public License for more details. | |
17 | |
18 You should have received a copy of the GNU Affero General Public License | |
19 along with this program. If not, see <http://www.gnu.org/licenses/>. | |
20 """ | |
21 | |
22 from server_side.html_tools import sanitizeHtml | |
23 from twisted.internet import reactor, defer | |
24 from twisted.web import server | |
25 from twisted.web.resource import Resource | |
26 from twisted.words.protocols.jabber.jid import JID | |
27 from datetime import datetime | |
28 | |
29 class MicroBlog(Resource): | |
30 isLeaf = True | |
31 | |
32 ERROR_TEMPLATE = """ | |
33 <html> | |
34 <head> | |
35 <title>MICROBLOG ERROR</title> | |
36 </head> | |
37 <body> | |
38 <h1 style='text-align: center; color: red;'>%s</h1> | |
39 </body> | |
40 </html> | |
41 """ | |
42 | |
43 def __init__(self,host): | |
44 self.host = host | |
45 Resource.__init__(self) | |
46 if not host.bridge.isConnected("libervia"): #FIXME: hard coded value for test | |
47 host.bridge.connect("libervia") | |
48 | |
49 def render_GET(self, request): | |
50 if not request.postpath: | |
51 return MicroBlog.ERROR_TEMPLATE % "You must indicate a nickname" | |
52 else: | |
53 prof_requested = request.postpath[0] | |
54 #TODO: char check: only use alphanumerical chars + some extra(_,-,...) here | |
55 prof_found = self.host.bridge.getProfileName(prof_requested) | |
56 if not prof_found or prof_found=='libervia': | |
57 return MicroBlog.ERROR_TEMPLATE % "Invalid nickname" | |
58 else: | |
149
f78761e1be8e
server side: fixed public microblog
Goffi <goffi@goffi.org>
parents:
131
diff
changeset
|
59 def got_jid(pub_jid_s): |
f78761e1be8e
server side: fixed public microblog
Goffi <goffi@goffi.org>
parents:
131
diff
changeset
|
60 pub_jid = JID(pub_jid_s) |
f78761e1be8e
server side: fixed public microblog
Goffi <goffi@goffi.org>
parents:
131
diff
changeset
|
61 d2 = defer.Deferred() |
f78761e1be8e
server side: fixed public microblog
Goffi <goffi@goffi.org>
parents:
131
diff
changeset
|
62 d2.addCallbacks(self.render_html_blog, self.render_error_blog, [request, prof_found], None, [request, prof_found], None) |
f78761e1be8e
server side: fixed public microblog
Goffi <goffi@goffi.org>
parents:
131
diff
changeset
|
63 self.host.bridge.getLastGroupBlogs(pub_jid.userhost(), 10, 'libervia', d2.callback, d2.errback) |
f78761e1be8e
server side: fixed public microblog
Goffi <goffi@goffi.org>
parents:
131
diff
changeset
|
64 |
f78761e1be8e
server side: fixed public microblog
Goffi <goffi@goffi.org>
parents:
131
diff
changeset
|
65 d1 = defer.Deferred() |
f78761e1be8e
server side: fixed public microblog
Goffi <goffi@goffi.org>
parents:
131
diff
changeset
|
66 JID(self.host.bridge.asyncGetParamA('JabberID', 'Connection', 'value', prof_found, callback=d1.callback, errback=d1.errback)) |
f78761e1be8e
server side: fixed public microblog
Goffi <goffi@goffi.org>
parents:
131
diff
changeset
|
67 d1.addCallbacks(got_jid) |
10 | 68 |
69 return server.NOT_DONE_YET | |
70 | |
71 def render_html_blog(self, mblog_data, request, profile): | |
72 user = sanitizeHtml(profile).encode('utf-8') | |
73 request.write(""" | |
74 <html> | |
75 <head> | |
175
764ca916e56e
browser side: fixed charset in public blog page
Goffi <goffi@goffi.org>
parents:
165
diff
changeset
|
76 <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> |
10 | 77 <link rel="stylesheet" type="text/css" href="../css/blog.css" /> |
78 <title>%(user)s's microblog</title> | |
79 </head> | |
80 <body> | |
81 <div class='mblog_title'>%(user)s</div> | |
82 """ % {'user':user}) | |
176
b9edfa058786
server side: fixed public blog items order
Goffi <goffi@goffi.org>
parents:
175
diff
changeset
|
83 #mblog_data.reverse() |
10 | 84 for entry in mblog_data: |
85 timestamp = float(entry.get('timestamp',0)) | |
86 _datetime = datetime.fromtimestamp(timestamp) | |
87 request.write("<div class='mblog_content'><span class='mblog_timestamp'>%(date)s</span>%(content)s</div>" % { | |
88 'date':_datetime, | |
89 'content':sanitizeHtml(entry['content']).encode('utf-8')}) | |
90 request.write('</body></html>') | |
91 request.finish() | |
92 | |
12
513fe9bd0665
server: fixed wrong parameter number in blog resource
Goffi <goffi@goffi.org>
parents:
10
diff
changeset
|
93 def render_error_blog(self, error, request, profile): |
10 | 94 request.write(MicroBlog.ERROR_TEMPLATE % "Can't access requested data") |
95 request.finish() |