Mercurial > libervia-web

diff src/server/server.py @ 605:917e271975d9 frontends_multi_profiles

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
server + browser side: implementation of new getEntitiesData bridge method + added a security check: only a white list of entities can be gotten
author Goffi <goffi@goffi.org>
date Mon, 09 Feb 2015 21:46:15 +0100
parents a5019e62c3e9
children ea27925ef2a8
line wrap: on
line diff
--- a/src/server/server.py	Fri Feb 06 17:53:01 2015 +0100
+++ b/src/server/server.py	Mon Feb 09 21:46:15 2015 +0100
@@ -34,6 +34,7 @@
 log = getLogger(__name__)
 from sat_frontends.bridge.DBus import DBusBridgeFrontend, BridgeExceptionNoService, const_TIMEOUT as BRIDGE_TIMEOUT
 from sat.core.i18n import _, D_
+from sat.core import exceptions
 from sat.tools.xml_tools import paramsXML2XMLUI
 
 import re
@@ -463,23 +464,40 @@
             return
         self.sat_host.bridge.radiocolLaunch(invited, room_jid, profile)
 
+    def jsonrpc_getEntitiesData(self, jids, keys):
+        """Get cached data for several entities at once
+
+        @param jids: list jids from who we wants data, or empty list for all jids in cache
+        @param keys: name of data we want (list)
+        @return: requested data"""
+        if not C.ALLOWED_ENTITY_DATA.issuperset(keys):
+            raise exceptions.PermissionError("Trying to access unallowed data (hack attempt ?)")
+        profile = ISATSession(self.session).profile
+        try:
+            return self.sat_host.bridge.getEntitiesData(jids, keys, profile)
+        except Exception as e:
+            raise Failure(jsonrpclib.Fault(C.ERRNUM_BRIDGE_ERRBACK, unicode(e)))
+
     def jsonrpc_getEntityData(self, jid, keys):
-        """Get cached data for an entit
+        """Get cached data for an entity
+
         @param jid: jid of contact from who we want data
         @param keys: name of data we want (list)
         @return: requested data"""
+        if not C.ALLOWED_ENTITY_DATA.issuperset(keys):
+            raise exceptions.PermissionError("Trying to access unallowed data (hack attempt ?)")
         profile = ISATSession(self.session).profile
         try:
             return self.sat_host.bridge.getEntityData(jid, keys, profile)
         except Exception as e:
             raise Failure(jsonrpclib.Fault(C.ERRNUM_BRIDGE_ERRBACK, unicode(e)))
 
-    def jsonrpc_getCard(self, jid):
+    def jsonrpc_getCard(self, jid_):
         """Get VCard for entiry
-        @param jid: jid of contact from who we want data
+        @param jid_: jid of contact from who we want data
         @return: id to retrieve the profile"""
         profile = ISATSession(self.session).profile
-        return self.sat_host.bridge.getCard(jid, profile)
+        return self.sat_host.bridge.getCard(jid_, profile)
 
     def jsonrpc_getAccountDialogUI(self):
         """Get the dialog for managing user account