24 class SecurityViewMixIn(object): |
24 class SecurityViewMixIn(object): |
25 """display security information for a given schema """ |
25 """display security information for a given schema """ |
26 |
26 |
27 def schema_definition(self, eschema, link=True, access_types=None): |
27 def schema_definition(self, eschema, link=True, access_types=None): |
28 w = self.w |
28 w = self.w |
29 _ = self.req._ |
29 _ = self._cw._ |
30 if not access_types: |
30 if not access_types: |
31 access_types = eschema.ACTIONS |
31 access_types = eschema.ACTIONS |
32 w(u'<table class="schemaInfo">') |
32 w(u'<table class="schemaInfo">') |
33 w(u'<tr><th>%s</th><th>%s</th><th>%s</th></tr>' % ( |
33 w(u'<tr><th>%s</th><th>%s</th><th>%s</th></tr>' % ( |
34 _("permission"), _('granted to groups'), _('rql expressions'))) |
34 _("permission"), _('granted to groups'), _('rql expressions'))) |
35 for access_type in access_types: |
35 for access_type in access_types: |
36 w(u'<tr>') |
36 w(u'<tr>') |
37 w(u'<td>%s</td>' % self.req.__('%s_perm' % access_type)) |
37 w(u'<td>%s</td>' % self._cw.__('%s_perm' % access_type)) |
38 groups = eschema.get_groups(access_type) |
38 groups = eschema.get_groups(access_type) |
39 l = [] |
39 l = [] |
40 groups = [(_(group), group) for group in groups] |
40 groups = [(_(group), group) for group in groups] |
41 for trad, group in sorted(groups): |
41 for trad, group in sorted(groups): |
42 if link: |
42 if link: |
43 # XXX we should get a group entity and call its absolute_url |
43 # XXX we should get a group entity and call its absolute_url |
44 # method |
44 # method |
45 l.append(u'<a href="%s" class="%s">%s</a><br/>' % ( |
45 l.append(u'<a href="%s" class="%s">%s</a><br/>' % ( |
46 self.build_url('cwgroup/%s' % group), group, trad)) |
46 self._cw.build_url('cwgroup/%s' % group), group, trad)) |
47 else: |
47 else: |
48 l.append(u'<div class="%s">%s</div>' % (group, trad)) |
48 l.append(u'<div class="%s">%s</div>' % (group, trad)) |
49 w(u'<td>%s</td>' % u''.join(l)) |
49 w(u'<td>%s</td>' % u''.join(l)) |
50 rqlexprs = eschema.get_rqlexprs(access_type) |
50 rqlexprs = eschema.get_rqlexprs(access_type) |
51 w(u'<td>%s</td>' % u'<br/><br/>'.join(expr.expression for expr in rqlexprs)) |
51 w(u'<td>%s</td>' % u'<br/><br/>'.join(expr.expression for expr in rqlexprs)) |
71 __select__ = EntityView.__select__ & authenticated_user() |
71 __select__ = EntityView.__select__ & authenticated_user() |
72 |
72 |
73 title = _('security') |
73 title = _('security') |
74 |
74 |
75 def call(self): |
75 def call(self): |
76 self.w(u'<div id="progress">%s</div>' % self.req._('validating...')) |
76 self.w(u'<div id="progress">%s</div>' % self._cw._('validating...')) |
77 super(SecurityManagementView, self).call() |
77 super(SecurityManagementView, self).call() |
78 |
78 |
79 def cell_call(self, row, col): |
79 def cell_call(self, row, col): |
80 self.req.add_js('cubicweb.edition.js') |
80 self._cw.add_js('cubicweb.edition.js') |
81 self.req.add_css('cubicweb.acl.css') |
81 self._cw.add_css('cubicweb.acl.css') |
82 entity = self.rset.get_entity(row, col) |
82 entity = self.cw_rset.get_entity(row, col) |
83 w = self.w |
83 w = self.w |
84 _ = self.req._ |
84 _ = self._cw._ |
85 w(u'<h1><span class="etype">%s</span> <a href="%s">%s</a></h1>' |
85 w(u'<h1><span class="etype">%s</span> <a href="%s">%s</a></h1>' |
86 % (entity.dc_type().capitalize(), |
86 % (entity.dc_type().capitalize(), |
87 xml_escape(entity.absolute_url()), |
87 xml_escape(entity.absolute_url()), |
88 xml_escape(entity.dc_title()))) |
88 xml_escape(entity.dc_title()))) |
89 # first show permissions defined by the schema |
89 # first show permissions defined by the schema |
90 self.w('<h2>%s</h2>' % _('schema\'s permissions definitions')) |
90 self.w('<h2>%s</h2>' % _('schema\'s permissions definitions')) |
91 self.schema_definition(entity.e_schema) |
91 self.schema_definition(entity.e_schema) |
92 self.w('<h2>%s</h2>' % _('manage security')) |
92 self.w('<h2>%s</h2>' % _('manage security')) |
93 # ownership information |
93 # ownership information |
94 if self.schema.rschema('owned_by').has_perm(self.req, 'add', |
94 if self._cw.schema.rschema('owned_by').has_perm(self._cw, 'add', |
95 fromeid=entity.eid): |
95 fromeid=entity.eid): |
96 self.owned_by_edit_form(entity) |
96 self.owned_by_edit_form(entity) |
97 else: |
97 else: |
98 self.owned_by_information(entity) |
98 self.owned_by_information(entity) |
99 # cwpermissions |
99 # cwpermissions |
100 if 'require_permission' in entity.e_schema.subject_relations(): |
100 if 'require_permission' in entity.e_schema.subject_relations(): |
101 w('<h3>%s</h3>' % _('permissions for this entity')) |
101 w('<h3>%s</h3>' % _('permissions for this entity')) |
102 reqpermschema = self.schema.rschema('require_permission') |
102 reqpermschema = self._cw.schema.rschema('require_permission') |
103 self.require_permission_information(entity, reqpermschema) |
103 self.require_permission_information(entity, reqpermschema) |
104 if reqpermschema.has_perm(self.req, 'add', fromeid=entity.eid): |
104 if reqpermschema.has_perm(self._cw, 'add', fromeid=entity.eid): |
105 self.require_permission_edit_form(entity) |
105 self.require_permission_edit_form(entity) |
106 |
106 |
107 def owned_by_edit_form(self, entity): |
107 def owned_by_edit_form(self, entity): |
108 self.w('<h3>%s</h3>' % self.req._('ownership')) |
108 self.w('<h3>%s</h3>' % self._cw._('ownership')) |
109 msg = self.req._('ownerships have been changed') |
109 msg = self._cw._('ownerships have been changed') |
110 form = self.vreg['forms'].select('base', self.req, entity=entity, |
110 form = self._cw.vreg['forms'].select('base', self._cw, entity=entity, |
111 form_renderer_id='base', submitmsg=msg, |
111 form_renderer_id='base', submitmsg=msg, |
112 form_buttons=[wdgs.SubmitButton()], |
112 form_buttons=[wdgs.SubmitButton()], |
113 domid='ownership%s' % entity.eid, |
113 domid='ownership%s' % entity.eid, |
114 __redirectvid='security', |
114 __redirectvid='security', |
115 __redirectpath=entity.rest_path()) |
115 __redirectpath=entity.rest_path()) |
116 field = guess_field(entity.e_schema, self.schema.rschema('owned_by')) |
116 field = guess_field(entity.e_schema, self._cw.schema.rschema('owned_by')) |
117 form.append_field(field) |
117 form.append_field(field) |
118 self.w(form.form_render(display_progress_div=False)) |
118 self.w(form.form_render(display_progress_div=False)) |
119 |
119 |
120 def owned_by_information(self, entity): |
120 def owned_by_information(self, entity): |
121 ownersrset = entity.related('owned_by') |
121 ownersrset = entity.related('owned_by') |
122 if ownersrset: |
122 if ownersrset: |
123 self.w('<h3>%s</h3>' % self.req._('ownership')) |
123 self.w('<h3>%s</h3>' % self._cw._('ownership')) |
124 self.w(u'<div class="ownerInfo">') |
124 self.w(u'<div class="ownerInfo">') |
125 self.w(self.req._('this entity is currently owned by') + ' ') |
125 self.w(self._cw._('this entity is currently owned by') + ' ') |
126 self.wview('csv', entity.related('owned_by'), 'null') |
126 self.wview('csv', entity.related('owned_by'), 'null') |
127 self.w(u'</div>') |
127 self.w(u'</div>') |
128 # else we don't know if this is because entity has no owner or becayse |
128 # else we don't know if this is because entity has no owner or becayse |
129 # user as no access to owner users entities |
129 # user as no access to owner users entities |
130 |
130 |
131 def require_permission_information(self, entity, reqpermschema): |
131 def require_permission_information(self, entity, reqpermschema): |
132 if entity.require_permission: |
132 if entity.require_permission: |
133 w = self.w |
133 w = self.w |
134 _ = self.req._ |
134 _ = self._cw._ |
135 if reqpermschema.has_perm(self.req, 'delete', fromeid=entity.eid): |
135 if reqpermschema.has_perm(self._cw, 'delete', fromeid=entity.eid): |
136 delurl = self.build_url('edit', __redirectvid='security', |
136 delurl = self._cw.build_url('edit', __redirectvid='security', |
137 __redirectpath=entity.rest_path()) |
137 __redirectpath=entity.rest_path()) |
138 delurl = delurl.replace('%', '%%') |
138 delurl = delurl.replace('%', '%%') |
139 # don't give __delete value to build_url else it will be urlquoted |
139 # don't give __delete value to build_url else it will be urlquoted |
140 # and this will replace %s by %25s |
140 # and this will replace %s by %25s |
141 delurl += '&__delete=%s:require_permission:%%s' % entity.eid |
141 delurl += '&__delete=%s:require_permission:%%s' % entity.eid |
142 dellinktempl = u'[<a href="%s" title="%s">-</a>] ' % ( |
142 dellinktempl = u'[<a href="%s" title="%s">-</a>] ' % ( |
155 w(u'<td>%s</td>' % cwperm.view('oneline')) |
155 w(u'<td>%s</td>' % cwperm.view('oneline')) |
156 w(u'<td>%s</td>' % self.view('csv', cwperm.related('require_group'), 'null')) |
156 w(u'<td>%s</td>' % self.view('csv', cwperm.related('require_group'), 'null')) |
157 w(u'</tr>\n') |
157 w(u'</tr>\n') |
158 w(u'</table>') |
158 w(u'</table>') |
159 else: |
159 else: |
160 self.w(self.req._('no associated permissions')) |
160 self.w(self._cw._('no associated permissions')) |
161 |
161 |
162 def require_permission_edit_form(self, entity): |
162 def require_permission_edit_form(self, entity): |
163 newperm = self.vreg['etypes'].etype_class('CWPermission')(self.req) |
163 newperm = self._cw.vreg['etypes'].etype_class('CWPermission')(self._cw) |
164 newperm.eid = self.req.varmaker.next() |
164 newperm.eid = self._cw.varmaker.next() |
165 self.w(u'<p>%s</p>' % self.req._('add a new permission')) |
165 self.w(u'<p>%s</p>' % self._cw._('add a new permission')) |
166 form = self.vreg['forms'].select('base', self.req, entity=newperm, |
166 form = self._cw.vreg['forms'].select('base', self._cw, entity=newperm, |
167 form_buttons=[wdgs.SubmitButton()], |
167 form_buttons=[wdgs.SubmitButton()], |
168 domid='reqperm%s' % entity.eid, |
168 domid='reqperm%s' % entity.eid, |
169 __redirectvid='security', |
169 __redirectvid='security', |
170 __redirectpath=entity.rest_path()) |
170 __redirectpath=entity.rest_path()) |
171 form.form_add_hidden('require_permission', entity.eid, role='object', |
171 form.form_add_hidden('require_permission', entity.eid, role='object', |
172 eidparam=True) |
172 eidparam=True) |
173 permnames = getattr(entity, '__permissions__', None) |
173 permnames = getattr(entity, '__permissions__', None) |
174 cwpermschema = newperm.e_schema |
174 cwpermschema = newperm.e_schema |
175 if permnames is not None: |
175 if permnames is not None: |
176 field = guess_field(cwpermschema, self.schema.rschema('name'), |
176 field = guess_field(cwpermschema, self._cw.schema.rschema('name'), |
177 widget=wdgs.Select({'size': 1}), |
177 widget=wdgs.Select({'size': 1}), |
178 choices=permnames) |
178 choices=permnames) |
179 else: |
179 else: |
180 field = guess_field(cwpermschema, self.schema.rschema('name')) |
180 field = guess_field(cwpermschema, self._cw.schema.rschema('name')) |
181 form.append_field(field) |
181 form.append_field(field) |
182 field = guess_field(cwpermschema, self.schema.rschema('label')) |
182 field = guess_field(cwpermschema, self._cw.schema.rschema('label')) |
183 form.append_field(field) |
183 form.append_field(field) |
184 field = guess_field(cwpermschema, self.schema.rschema('require_group')) |
184 field = guess_field(cwpermschema, self._cw.schema.rschema('require_group')) |
185 form.append_field(field) |
185 form.append_field(field) |
186 renderer = self.vreg['formrenderers'].select( |
186 renderer = self._cw.vreg['formrenderers'].select( |
187 'htable', self.req, rset=None, display_progress_div=False) |
187 'htable', self._cw, rset=None, display_progress_div=False) |
188 self.w(form.form_render(renderer=renderer)) |
188 self.w(form.form_render(renderer=renderer)) |
189 |
189 |
190 |
190 |
191 class ErrorView(AnyRsetView): |
191 class ErrorView(AnyRsetView): |
192 """default view when no result has been found""" |
192 """default view when no result has been found""" |
195 |
195 |
196 def page_title(self): |
196 def page_title(self): |
197 """returns a title according to the result set - used for the |
197 """returns a title according to the result set - used for the |
198 title in the HTML header |
198 title in the HTML header |
199 """ |
199 """ |
200 return self.req._('an error occured') |
200 return self._cw._('an error occured') |
201 |
201 |
202 def call(self): |
202 def call(self): |
203 req = self.req.reset_headers() |
203 req = self._cw.reset_headers() |
204 w = self.w |
204 w = self.w |
205 ex = req.data.get('ex')#_("unable to find exception information")) |
205 ex = req.data.get('ex')#_("unable to find exception information")) |
206 excinfo = req.data.get('excinfo') |
206 excinfo = req.data.get('excinfo') |
207 title = self.req._('an error occured') |
207 title = self._cw._('an error occured') |
208 w(u'<h2>%s</h2>' % title) |
208 w(u'<h2>%s</h2>' % title) |
209 if 'errmsg' in req.data: |
209 if 'errmsg' in req.data: |
210 ex = req.data['errmsg'] |
210 ex = req.data['errmsg'] |
211 exclass = None |
211 exclass = None |
212 else: |
212 else: |
213 exclass = ex.__class__.__name__ |
213 exclass = ex.__class__.__name__ |
214 ex = exc_message(ex, req.encoding) |
214 ex = exc_message(ex, req.encoding) |
215 if excinfo is not None and self.config['print-traceback']: |
215 if excinfo is not None and self._cw.config['print-traceback']: |
216 if exclass is None: |
216 if exclass is None: |
217 w(u'<div class="tb">%s</div>' |
217 w(u'<div class="tb">%s</div>' |
218 % xml_escape(ex).replace("\n","<br />")) |
218 % xml_escape(ex).replace("\n","<br />")) |
219 else: |
219 else: |
220 w(u'<div class="tb">%s: %s</div>' |
220 w(u'<div class="tb">%s: %s</div>' |
224 else: |
224 else: |
225 w(u'<div class="tb">%s</div>' % (xml_escape(ex).replace("\n","<br />"))) |
225 w(u'<div class="tb">%s</div>' % (xml_escape(ex).replace("\n","<br />"))) |
226 # if excinfo is not None, it's probably not a bug |
226 # if excinfo is not None, it's probably not a bug |
227 if excinfo is None: |
227 if excinfo is None: |
228 return |
228 return |
229 vcconf = self.config.vc_config() |
229 vcconf = self._cw.config.vc_config() |
230 w(u"<div>") |
230 w(u"<div>") |
231 eversion = vcconf.get('cubicweb', self.req._('no version information')) |
231 eversion = vcconf.get('cubicweb', self._cw._('no version information')) |
232 # NOTE: tuple wrapping needed since eversion is itself a tuple |
232 # NOTE: tuple wrapping needed since eversion is itself a tuple |
233 w(u"<b>CubicWeb version:</b> %s<br/>\n" % (eversion,)) |
233 w(u"<b>CubicWeb version:</b> %s<br/>\n" % (eversion,)) |
234 cversions = [] |
234 cversions = [] |
235 for cube in self.config.cubes(): |
235 for cube in self._cw.config.cubes(): |
236 cubeversion = vcconf.get(cube, self.req._('no version information')) |
236 cubeversion = vcconf.get(cube, self._cw._('no version information')) |
237 w(u"<b>Package %s version:</b> %s<br/>\n" % (cube, cubeversion)) |
237 w(u"<b>Package %s version:</b> %s<br/>\n" % (cube, cubeversion)) |
238 cversions.append((cube, cubeversion)) |
238 cversions.append((cube, cubeversion)) |
239 w(u"</div>") |
239 w(u"</div>") |
240 # creates a bug submission link if submit-mail is set |
240 # creates a bug submission link if submit-mail is set |
241 if self.config['submit-mail']: |
241 if self._cw.config['submit-mail']: |
242 form = self.vreg['forms'].select('base', self.req, rset=None, |
242 form = self._cw.vreg['forms'].select('base', self._cw, rset=None, |
243 mainform=False) |
243 mainform=False) |
244 binfo = text_error_description(ex, excinfo, req, eversion, cversions) |
244 binfo = text_error_description(ex, excinfo, req, eversion, cversions) |
245 form.form_add_hidden('description', binfo, |
245 form.form_add_hidden('description', binfo, |
246 # we must use a text area to keep line breaks |
246 # we must use a text area to keep line breaks |
247 widget=wdgs.TextArea({'class': 'hidden'})) |
247 widget=wdgs.TextArea({'class': 'hidden'})) |
279 |
279 |
280 title = _('server information') |
280 title = _('server information') |
281 |
281 |
282 def call(self, **kwargs): |
282 def call(self, **kwargs): |
283 """display server information""" |
283 """display server information""" |
284 vcconf = self.config.vc_config() |
284 vcconf = self._cw.config.vc_config() |
285 req = self.req |
285 req = self._cw |
286 _ = req._ |
286 _ = req._ |
287 # display main information |
287 # display main information |
288 self.w(u'<h3>%s</h3>' % _('Application')) |
288 self.w(u'<h3>%s</h3>' % _('Application')) |
289 self.w(u'<table border="1">') |
289 self.w(u'<table border="1">') |
290 self.w(u'<tr><th align="left">%s</th><td>%s</td></tr>' % ( |
290 self.w(u'<tr><th align="left">%s</th><td>%s</td></tr>' % ( |
291 'CubicWeb', vcconf.get('cubicweb', _('no version information')))) |
291 'CubicWeb', vcconf.get('cubicweb', _('no version information')))) |
292 for pkg in self.config.cubes(): |
292 for pkg in self._cw.config.cubes(): |
293 pkgversion = vcconf.get(pkg, _('no version information')) |
293 pkgversion = vcconf.get(pkg, _('no version information')) |
294 self.w(u'<tr><th align="left">%s</th><td>%s</td></tr>' % ( |
294 self.w(u'<tr><th align="left">%s</th><td>%s</td></tr>' % ( |
295 pkg, pkgversion)) |
295 pkg, pkgversion)) |
296 self.w(u'<tr><th align="left">%s</th><td>%s</td></tr>' % ( |
296 self.w(u'<tr><th align="left">%s</th><td>%s</td></tr>' % ( |
297 _('home'), self.config.apphome)) |
297 _('home'), self._cw.config.apphome)) |
298 self.w(u'<tr><th align="left">%s</th><td>%s</td></tr>' % ( |
298 self.w(u'<tr><th align="left">%s</th><td>%s</td></tr>' % ( |
299 _('base url'), req.base_url())) |
299 _('base url'), req.base_url())) |
300 self.w(u'<tr><th align="left">%s</th><td>%s</td></tr>' % ( |
300 self.w(u'<tr><th align="left">%s</th><td>%s</td></tr>' % ( |
301 _('data directory url'), req.datadir_url)) |
301 _('data directory url'), req.datadir_url)) |
302 self.w(u'</table>') |
302 self.w(u'</table>') |