Mercurial > libervia-web

--- a/src/browser/sat_browser/menu.py	Sun Nov 22 21:28:06 2015 +0100
+++ b/src/browser/sat_browser/menu.py	Mon Nov 23 12:59:28 2015 +0100
@@ -147,7 +147,7 @@
             body.setCloseCb(_dialog.close)
             _dialog.setSize('80%', '80%')
             _dialog.show()
-        self.host.bridge.call('getParamsUI', gotParams)
+        self.host.bridge.getParamsUI(profile=C.PROF_KEY_NONE, callback=gotParams)

     def removeItemParams(self):
         """Remove the Parameters item from the Settings menu bar."""
--- a/src/server/server.py	Sun Nov 22 21:28:06 2015 +0100
+++ b/src/server/server.py	Mon Nov 23 12:59:28 2015 +0100
@@ -35,7 +35,6 @@
 from sat_frontends.bridge.DBus import DBusBridgeFrontend, BridgeExceptionNoService, const_TIMEOUT as BRIDGE_TIMEOUT
 from sat.core.i18n import _, D_
 from sat.core import exceptions
-from sat.tools.xml_tools import paramsXML2XMLUI
 from sat.tools import utils

 import re
@@ -46,7 +45,6 @@
 import shutil
 import uuid
 from zope.interface import Interface, Attribute, implements
-from xml.dom import minidom
 from httplib import HTTPS_PORT
 import libervia

@@ -179,7 +177,6 @@

     def __init__(self, sat_host):
         JSONRPCMethodManager.__init__(self, sat_host)
-        self.authorized_params = None

     def render(self, request):
         self.session = request.getSession()
@@ -628,25 +625,7 @@
     def jsonrpc_getParamsUI(self):
         """Return the parameters XML for profile"""
         profile = ISATSession(self.session).profile
-        d = self.asyncBridgeCall("getParams", C.SECURITY_LIMIT, C.APP_NAME, profile)
-
-        def setAuthorizedParams(params_xml):
-            if self.authorized_params is None:
-                self.authorized_params = {}
-                for cat in minidom.parseString(params_xml.encode('utf-8')).getElementsByTagName("category"):
-                    params = cat.getElementsByTagName("param")
-                    params_list = [param.getAttribute("name") for param in params]
-                    self.authorized_params[cat.getAttribute("name")] = params_list
-            if self.authorized_params:
-                return params_xml
-            else:
-                return None
-
-        d.addCallback(setAuthorizedParams)
-
-        d.addCallback(lambda params_xml: paramsXML2XMLUI(params_xml) if params_xml else "")
-
-        return d
+        return self.asyncBridgeCall("getParamsUI", C.SECURITY_LIMIT, C.APP_NAME, profile)

     def jsonrpc_asyncGetParamA(self, param, category, attribute="value"):
         """Return the parameter value for profile"""
@@ -656,11 +635,7 @@

     def jsonrpc_setParam(self, name, value, category):
         profile = ISATSession(self.session).profile
-        if category in self.authorized_params and name in self.authorized_params[category]:
-            return self.sat_host.bridge.setParam(name, value, category, C.SECURITY_LIMIT, profile)
-        else:
-            log.warning(u"Trying to set parameter '%s' in category '%s' without authorization!!!"
-                    % (name, category))
+        return self.sat_host.bridge.setParam(name, value, category, C.SECURITY_LIMIT, profile)

     def jsonrpc_launchAction(self, callback_id, data):
         #FIXME: any action can be launched, this can be a huge security issue if callback_id can be guessed