Mercurial > libervia-web
comparison libervia_server/__init__.py @ 336:629c99bbd031
browser + server side: refactored menus:
- getMenus is added to Register class, so it can be used before being logged
- dynamic menus are added to main menu bar
- security limit is used
- menus use i18n
| author | Goffi <goffi@goffi.org> |
|---|---|
| date | Tue, 04 Feb 2014 16:49:20 +0100 |
| parents | c01397d18026 |
| children | 2067d6241927 |
comparison
equal
deleted
inserted
replaced
| 335:e8c26e24a6c7 | 336:629c99bbd031 |
|---|---|
| 478 else: | 478 else: |
| 479 warning("Trying to set parameter '%s' in category '%s' without authorization!!!" | 479 warning("Trying to set parameter '%s' in category '%s' without authorization!!!" |
| 480 % (name, category)) | 480 % (name, category)) |
| 481 | 481 |
| 482 def jsonrpc_launchAction(self, callback_id, data): | 482 def jsonrpc_launchAction(self, callback_id, data): |
| 483 #FIXME: any action can be launched, this can be a huge security issue if callback_id can be guessed | |
| 484 # a security system with authorised callback_id must be implemented, similar to the one for authorised params | |
| 483 profile = ISATSession(self.session).profile | 485 profile = ISATSession(self.session).profile |
| 484 d = self.asyncBridgeCall("launchAction", callback_id, data, profile) | 486 d = self.asyncBridgeCall("launchAction", callback_id, data, profile) |
| 485 return d | 487 return d |
| 486 | 488 |
| 487 def jsonrpc_chatStateComposing(self, to_jid_s): | 489 def jsonrpc_chatStateComposing(self, to_jid_s): |
| 538 if request.postpath==['login']: | 540 if request.postpath==['login']: |
| 539 return self.login(request) | 541 return self.login(request) |
| 540 _session = request.getSession() | 542 _session = request.getSession() |
| 541 parsed = jsonrpclib.loads(request.content.read()) | 543 parsed = jsonrpclib.loads(request.content.read()) |
| 542 method = parsed.get("method") | 544 method = parsed.get("method") |
| 543 if method != "isRegistered" and method != "registerParams": | 545 if method not in ['isRegistered', 'registerParams', 'getMenus']: |
| 544 #if we don't call login or isRegistered, we need to be identified | 546 #if we don't call these methods, we need to be identified |
| 545 profile = ISATSession(_session).profile | 547 profile = ISATSession(_session).profile |
| 546 if not profile: | 548 if not profile: |
| 547 #user is not identified, we return a jsonrpc fault | 549 #user is not identified, we return a jsonrpc fault |
| 548 fault = jsonrpclib.Fault(Const.ERRNUM_LIBERVIA, "Not allowed") #FIXME: define some standard error codes for libervia | 550 fault = jsonrpclib.Fault(Const.ERRNUM_LIBERVIA, "Not allowed") #FIXME: define some standard error codes for libervia |
| 549 return jsonrpc.JSONRPC._cbRender(self, fault, request, parsed.get('id'), parsed.get('jsonrpc')) | 551 return jsonrpc.JSONRPC._cbRender(self, fault, request, parsed.get('id'), parsed.get('jsonrpc')) |
| 738 'param_name': Const.ENABLE_UNIBOX_PARAM, | 740 'param_name': Const.ENABLE_UNIBOX_PARAM, |
| 739 'param_label': _(Const.ENABLE_UNIBOX_PARAM) | 741 'param_label': _(Const.ENABLE_UNIBOX_PARAM) |
| 740 } | 742 } |
| 741 | 743 |
| 742 self.sat_host.bridge.paramsRegisterApp(params, Const.SECURITY_LIMIT, Const.APP_NAME) | 744 self.sat_host.bridge.paramsRegisterApp(params, Const.SECURITY_LIMIT, Const.APP_NAME) |
| 745 | |
| 746 def jsonrpc_getMenus(self): | |
| 747 """Return the parameters XML for profile""" | |
| 748 # XXX: we put this method in Register because we get menus before being logged | |
| 749 return self.sat_host.bridge.getMenus('', Const.SECURITY_LIMIT) | |
| 743 | 750 |
| 744 | 751 |
| 745 class SignalHandler(jsonrpc.JSONRPC): | 752 class SignalHandler(jsonrpc.JSONRPC): |
| 746 | 753 |
| 747 def __init__(self, sat_host): | 754 def __init__(self, sat_host): |