Mercurial > libervia-web
diff src/server/server.py @ 922:16d1084d1371
server (pages): added "None" access (page is not rendered at all) and some HTTP code constants + helper methods to get session data
author | Goffi <goffi@goffi.org> |
---|---|
date | Mon, 03 Apr 2017 01:00:26 +0200 |
parents | cf527974a0fa |
children | edb322c87ea4 |
line wrap: on
line diff
--- a/src/server/server.py Mon Apr 03 00:53:09 2017 +0200 +++ b/src/server/server.py Mon Apr 03 01:00:26 2017 +0200 @@ -1459,12 +1459,16 @@ self.named_pages[name] = self if access is None: access = C.PAGES_ACCESS_PUBLIC - if access != C.PAGES_ACCESS_PUBLIC: - raise NotImplementedError(u"Non public access are not implemented yet") + if access not in (C.PAGES_ACCESS_PUBLIC, C.PAGES_ACCESS_PROFILE, C.PAGES_ACCESS_NONE): + raise NotImplementedError(_(u"{} access is not implemented yet").format(access)) + self.access = access self.parse_url = parse_url self.prepare_render = prepare_render self.template = template self.render_method = render + if access == C.PAGES_ACCESS_NONE: + # none pages just return a 404, no further check is needed + return if template is None: if not callable(render): log.error(_(u"render must be implemented and callable if template is not set")) @@ -1525,7 +1529,7 @@ request.prepath.append(pathElement) return urllib.unquote(pathElement).decode('utf-8') - def pageError(self, request, code=404): + def pageError(self, request, code=C.HTTP_NOT_FOUND): """generate an error page and terminate the request @param request(server.Request): HTTP request @@ -1584,13 +1588,57 @@ """don't raise error on CancelError""" failure_.trap(exceptions.CancelError) + def getProfile(self, request): + """helper method to easily get current profile + + @return (unicode, None): current profile + None if no profile session is started + """ + sat_session = self.host.getSessionData(request, session_iface.ISATSession) + return sat_session.profile + + def getRData(self, request): + """helper method to get request data dict + + this dictionnary if for the request only, it is not saved in session + It is mainly used to pass data between pages/methods called during request workflow + @return (dict): request data + """ + try: + return request.data + except AttributeError: + request.data = {} + return request.data + + def _checkAccess(self, data, request): + """Check access according to self.access + + if access is not granted, show a HTTP_UNAUTHORIZED pageError and stop request, + else return data (so it can be inserted in deferred chain + """ + if self.access == C.PAGES_ACCESS_PUBLIC: + pass + elif self.access == C.PAGES_ACCESS_PROFILE: + profile = self.getProfile(request) + if not profile: + # no session started, access is not granted + self.pageError(request, C.HTTP_UNAUTHORIZED) + + return data + def render_GET(self, request): if not hasattr(request, 'template_data'): request.template_data = {} + + # XXX: here is the code which need to be executed once + # at the beginning of the request hanling if request.postpath and not request.postpath[-1]: # we don't differenciate URLs finishing with '/' or not del request.postpath[-1] + d = defer.Deferred() + d.addCallback(self._checkAccess, request) + if self.parse_url is not None: d.addCallback(self.parse_url, request)