commit | author | age
|
c2c589
|
1 |
import inspect |
CD |
2 |
|
0c29cf
|
3 |
from zope.interface import implementer, provider |
c2c589
|
4 |
|
CD |
5 |
from pyramid.security import NO_PERMISSION_REQUIRED |
0c29cf
|
6 |
from pyramid.csrf import check_csrf_origin, check_csrf_token |
c2c589
|
7 |
from pyramid.response import Response |
CD |
8 |
|
|
9 |
from pyramid.interfaces import ( |
|
10 |
IAuthenticationPolicy, |
|
11 |
IAuthorizationPolicy, |
de3d0c
|
12 |
IDefaultCSRFOptions, |
2160ce
|
13 |
IDefaultPermission, |
c2c589
|
14 |
IDebugLogger, |
CD |
15 |
IResponse, |
|
16 |
IViewMapper, |
|
17 |
IViewMapperFactory, |
52fde9
|
18 |
) |
0c29cf
|
19 |
|
MM |
20 |
from pyramid.compat import is_bound_method, is_unbound_method |
|
21 |
|
|
22 |
from pyramid.exceptions import ConfigurationError |
|
23 |
from pyramid.httpexceptions import HTTPForbidden |
|
24 |
from pyramid.util import object_description, takes_one_arg |
2fbeb4
|
25 |
from pyramid.view import render_view_to_response |
c2c589
|
26 |
from pyramid import renderers |
CD |
27 |
|
|
28 |
|
|
29 |
def view_description(view): |
|
30 |
try: |
|
31 |
return view.__text__ |
|
32 |
except AttributeError: |
|
33 |
# custom view mappers might not add __text__ |
|
34 |
return object_description(view) |
|
35 |
|
0c29cf
|
36 |
|
c2c589
|
37 |
def requestonly(view, attr=None): |
CD |
38 |
return takes_one_arg(view, attr=attr, argname='request') |
0c29cf
|
39 |
|
c2c589
|
40 |
|
CD |
41 |
@implementer(IViewMapper) |
|
42 |
@provider(IViewMapperFactory) |
|
43 |
class DefaultViewMapper(object): |
|
44 |
def __init__(self, **kw): |
|
45 |
self.attr = kw.get('attr') |
|
46 |
|
|
47 |
def __call__(self, view): |
|
48 |
if is_unbound_method(view) and self.attr is None: |
0c29cf
|
49 |
raise ConfigurationError( |
MM |
50 |
( |
a54bc1
|
51 |
'Unbound method calls are not supported, please set the ' |
MM |
52 |
'class as your `view` and the method as your `attr`' |
0c29cf
|
53 |
) |
MM |
54 |
) |
c2c589
|
55 |
|
CD |
56 |
if inspect.isclass(view): |
|
57 |
view = self.map_class(view) |
|
58 |
else: |
|
59 |
view = self.map_nonclass(view) |
|
60 |
return view |
|
61 |
|
|
62 |
def map_class(self, view): |
|
63 |
ronly = requestonly(view, self.attr) |
|
64 |
if ronly: |
|
65 |
mapped_view = self.map_class_requestonly(view) |
|
66 |
else: |
|
67 |
mapped_view = self.map_class_native(view) |
|
68 |
mapped_view.__text__ = 'method %s of %s' % ( |
0c29cf
|
69 |
self.attr or '__call__', |
MM |
70 |
object_description(view), |
|
71 |
) |
c2c589
|
72 |
return mapped_view |
CD |
73 |
|
|
74 |
def map_nonclass(self, view): |
|
75 |
# We do more work here than appears necessary to avoid wrapping the |
|
76 |
# view unless it actually requires wrapping (to avoid function call |
|
77 |
# overhead). |
|
78 |
mapped_view = view |
|
79 |
ronly = requestonly(view, self.attr) |
|
80 |
if ronly: |
|
81 |
mapped_view = self.map_nonclass_requestonly(view) |
|
82 |
elif self.attr: |
|
83 |
mapped_view = self.map_nonclass_attr(view) |
|
84 |
if inspect.isroutine(mapped_view): |
|
85 |
# This branch will be true if the view is a function or a method. |
|
86 |
# We potentially mutate an unwrapped object here if it's a |
|
87 |
# function. We do this to avoid function call overhead of |
|
88 |
# injecting another wrapper. However, we must wrap if the |
|
89 |
# function is a bound method because we can't set attributes on a |
|
90 |
# bound method. |
|
91 |
if is_bound_method(view): |
|
92 |
_mapped_view = mapped_view |
0c29cf
|
93 |
|
c2c589
|
94 |
def mapped_view(context, request): |
CD |
95 |
return _mapped_view(context, request) |
0c29cf
|
96 |
|
c2c589
|
97 |
if self.attr is not None: |
CD |
98 |
mapped_view.__text__ = 'attr %s of %s' % ( |
0c29cf
|
99 |
self.attr, |
MM |
100 |
object_description(view), |
|
101 |
) |
c2c589
|
102 |
else: |
CD |
103 |
mapped_view.__text__ = object_description(view) |
|
104 |
return mapped_view |
|
105 |
|
|
106 |
def map_class_requestonly(self, view): |
|
107 |
# its a class that has an __init__ which only accepts request |
|
108 |
attr = self.attr |
0c29cf
|
109 |
|
c2c589
|
110 |
def _class_requestonly_view(context, request): |
CD |
111 |
inst = view(request) |
|
112 |
request.__view__ = inst |
|
113 |
if attr is None: |
|
114 |
response = inst() |
|
115 |
else: |
|
116 |
response = getattr(inst, attr)() |
|
117 |
return response |
0c29cf
|
118 |
|
c2c589
|
119 |
return _class_requestonly_view |
CD |
120 |
|
|
121 |
def map_class_native(self, view): |
|
122 |
# its a class that has an __init__ which accepts both context and |
|
123 |
# request |
|
124 |
attr = self.attr |
0c29cf
|
125 |
|
c2c589
|
126 |
def _class_view(context, request): |
CD |
127 |
inst = view(context, request) |
|
128 |
request.__view__ = inst |
|
129 |
if attr is None: |
|
130 |
response = inst() |
|
131 |
else: |
|
132 |
response = getattr(inst, attr)() |
|
133 |
return response |
0c29cf
|
134 |
|
c2c589
|
135 |
return _class_view |
CD |
136 |
|
|
137 |
def map_nonclass_requestonly(self, view): |
|
138 |
# its a function that has a __call__ which accepts only a single |
|
139 |
# request argument |
|
140 |
attr = self.attr |
0c29cf
|
141 |
|
c2c589
|
142 |
def _requestonly_view(context, request): |
CD |
143 |
if attr is None: |
|
144 |
response = view(request) |
|
145 |
else: |
|
146 |
response = getattr(view, attr)(request) |
|
147 |
return response |
0c29cf
|
148 |
|
c2c589
|
149 |
return _requestonly_view |
CD |
150 |
|
|
151 |
def map_nonclass_attr(self, view): |
|
152 |
# its a function that has a __call__ which accepts both context and |
|
153 |
# request, but still has an attr |
|
154 |
def _attr_view(context, request): |
|
155 |
response = getattr(view, self.attr)(context, request) |
|
156 |
return response |
0c29cf
|
157 |
|
c2c589
|
158 |
return _attr_view |
CD |
159 |
|
|
160 |
|
|
161 |
def wraps_view(wrapper): |
007600
|
162 |
def inner(view, info): |
MM |
163 |
wrapper_view = wrapper(view, info) |
c2c589
|
164 |
return preserve_view_attrs(view, wrapper_view) |
0c29cf
|
165 |
|
c2c589
|
166 |
return inner |
0c29cf
|
167 |
|
c2c589
|
168 |
|
CD |
169 |
def preserve_view_attrs(view, wrapper): |
|
170 |
if view is None: |
|
171 |
return wrapper |
|
172 |
|
|
173 |
if wrapper is view: |
|
174 |
return view |
|
175 |
|
|
176 |
original_view = getattr(view, '__original_view__', None) |
|
177 |
|
|
178 |
if original_view is None: |
|
179 |
original_view = view |
|
180 |
|
|
181 |
wrapper.__wraps__ = view |
|
182 |
wrapper.__original_view__ = original_view |
|
183 |
wrapper.__module__ = view.__module__ |
|
184 |
wrapper.__doc__ = view.__doc__ |
|
185 |
|
|
186 |
try: |
|
187 |
wrapper.__name__ = view.__name__ |
|
188 |
except AttributeError: |
|
189 |
wrapper.__name__ = repr(view) |
|
190 |
|
|
191 |
# attrs that may not exist on "view", but, if so, must be attached to |
|
192 |
# "wrapped view" |
0c29cf
|
193 |
for attr in ( |
MM |
194 |
'__permitted__', |
|
195 |
'__call_permissive__', |
|
196 |
'__permission__', |
|
197 |
'__predicated__', |
|
198 |
'__predicates__', |
|
199 |
'__accept__', |
|
200 |
'__order__', |
|
201 |
'__text__', |
|
202 |
): |
c2c589
|
203 |
try: |
CD |
204 |
setattr(wrapper, attr, getattr(view, attr)) |
|
205 |
except AttributeError: |
|
206 |
pass |
|
207 |
|
|
208 |
return wrapper |
0c29cf
|
209 |
|
c2c589
|
210 |
|
007600
|
211 |
def mapped_view(view, info): |
MM |
212 |
mapper = info.options.get('mapper') |
c2c589
|
213 |
if mapper is None: |
CD |
214 |
mapper = getattr(view, '__view_mapper__', None) |
|
215 |
if mapper is None: |
007600
|
216 |
mapper = info.registry.queryUtility(IViewMapperFactory) |
c2c589
|
217 |
if mapper is None: |
CD |
218 |
mapper = DefaultViewMapper |
|
219 |
|
007600
|
220 |
mapped_view = mapper(**info.options)(view) |
c2c589
|
221 |
return mapped_view |
CD |
222 |
|
0c29cf
|
223 |
|
e4b931
|
224 |
mapped_view.options = ('mapper', 'attr') |
0c29cf
|
225 |
|
e4b931
|
226 |
|
007600
|
227 |
def owrapped_view(view, info): |
e292cc
|
228 |
wrapper_viewname = info.options.get('wrapper') |
MM |
229 |
viewname = info.options.get('name') |
c2c589
|
230 |
if not wrapper_viewname: |
CD |
231 |
return view |
0c29cf
|
232 |
|
c2c589
|
233 |
def _owrapped_view(context, request): |
CD |
234 |
response = view(context, request) |
|
235 |
request.wrapped_response = response |
|
236 |
request.wrapped_body = response.body |
|
237 |
request.wrapped_view = view |
0c29cf
|
238 |
wrapped_response = render_view_to_response( |
MM |
239 |
context, request, wrapper_viewname |
|
240 |
) |
c2c589
|
241 |
if wrapped_response is None: |
CD |
242 |
raise ValueError( |
|
243 |
'No wrapper view named %r found when executing view ' |
0c29cf
|
244 |
'named %r' % (wrapper_viewname, viewname) |
MM |
245 |
) |
c2c589
|
246 |
return wrapped_response |
0c29cf
|
247 |
|
c2c589
|
248 |
return _owrapped_view |
e4b931
|
249 |
|
0c29cf
|
250 |
|
e4b931
|
251 |
owrapped_view.options = ('name', 'wrapper') |
0c29cf
|
252 |
|
c2c589
|
253 |
|
007600
|
254 |
def http_cached_view(view, info): |
MM |
255 |
if info.settings.get('prevent_http_cache', False): |
c2c589
|
256 |
return view |
CD |
257 |
|
007600
|
258 |
seconds = info.options.get('http_cache') |
c2c589
|
259 |
|
CD |
260 |
if seconds is None: |
|
261 |
return view |
|
262 |
|
|
263 |
options = {} |
|
264 |
|
|
265 |
if isinstance(seconds, (tuple, list)): |
|
266 |
try: |
|
267 |
seconds, options = seconds |
|
268 |
except ValueError: |
|
269 |
raise ConfigurationError( |
|
270 |
'If http_cache parameter is a tuple or list, it must be ' |
0c29cf
|
271 |
'in the form (seconds, options); not %s' % (seconds,) |
MM |
272 |
) |
c2c589
|
273 |
|
CD |
274 |
def wrapper(context, request): |
|
275 |
response = view(context, request) |
0c29cf
|
276 |
prevent_caching = getattr( |
MM |
277 |
response.cache_control, 'prevent_auto', False |
|
278 |
) |
c2c589
|
279 |
if not prevent_caching: |
CD |
280 |
response.cache_expires(seconds, **options) |
|
281 |
return response |
|
282 |
|
|
283 |
return wrapper |
e4b931
|
284 |
|
0c29cf
|
285 |
|
e4b931
|
286 |
http_cached_view.options = ('http_cache',) |
0c29cf
|
287 |
|
c2c589
|
288 |
|
007600
|
289 |
def secured_view(view, info): |
a3db3c
|
290 |
for wrapper in (_secured_view, _authdebug_view): |
MM |
291 |
view = wraps_view(wrapper)(view, info) |
|
292 |
return view |
|
293 |
|
0c29cf
|
294 |
|
a3db3c
|
295 |
secured_view.options = ('permission',) |
0c29cf
|
296 |
|
a3db3c
|
297 |
|
MM |
298 |
def _secured_view(view, info): |
2160ce
|
299 |
permission = explicit_val = info.options.get('permission') |
MM |
300 |
if permission is None: |
|
301 |
permission = info.registry.queryUtility(IDefaultPermission) |
c2c589
|
302 |
if permission == NO_PERMISSION_REQUIRED: |
CD |
303 |
# allow views registered within configurations that have a |
|
304 |
# default permission to explicitly override the default |
|
305 |
# permission, replacing it with no permission at all |
|
306 |
permission = None |
|
307 |
|
|
308 |
wrapped_view = view |
007600
|
309 |
authn_policy = info.registry.queryUtility(IAuthenticationPolicy) |
MM |
310 |
authz_policy = info.registry.queryUtility(IAuthorizationPolicy) |
c2c589
|
311 |
|
e8c66a
|
312 |
# no-op on exception-only views without an explicit permission |
MM |
313 |
if explicit_val is None and info.exception_only: |
|
314 |
return view |
|
315 |
|
c2c589
|
316 |
if authn_policy and authz_policy and (permission is not None): |
0c29cf
|
317 |
|
e8c66a
|
318 |
def permitted(context, request): |
c2c589
|
319 |
principals = authn_policy.effective_principals(request) |
bf40a3
|
320 |
return authz_policy.permits(context, principals, permission) |
0c29cf
|
321 |
|
e8c66a
|
322 |
def secured_view(context, request): |
MM |
323 |
result = permitted(context, request) |
c2c589
|
324 |
if result: |
CD |
325 |
return view(context, request) |
|
326 |
view_name = getattr(view, '__name__', view) |
|
327 |
msg = getattr( |
0c29cf
|
328 |
request, |
MM |
329 |
'authdebug_message', |
|
330 |
'Unauthorized: %s failed permission check' % view_name, |
|
331 |
) |
c2c589
|
332 |
raise HTTPForbidden(msg, result=result) |
0c29cf
|
333 |
|
e8c66a
|
334 |
wrapped_view = secured_view |
MM |
335 |
wrapped_view.__call_permissive__ = view |
|
336 |
wrapped_view.__permitted__ = permitted |
|
337 |
wrapped_view.__permission__ = permission |
c2c589
|
338 |
|
CD |
339 |
return wrapped_view |
0c29cf
|
340 |
|
e4b931
|
341 |
|
a3db3c
|
342 |
def _authdebug_view(view, info): |
c2c589
|
343 |
wrapped_view = view |
007600
|
344 |
settings = info.settings |
2160ce
|
345 |
permission = explicit_val = info.options.get('permission') |
MM |
346 |
if permission is None: |
|
347 |
permission = info.registry.queryUtility(IDefaultPermission) |
007600
|
348 |
authn_policy = info.registry.queryUtility(IAuthenticationPolicy) |
MM |
349 |
authz_policy = info.registry.queryUtility(IAuthorizationPolicy) |
|
350 |
logger = info.registry.queryUtility(IDebugLogger) |
2160ce
|
351 |
|
e8c66a
|
352 |
# no-op on exception-only views without an explicit permission |
MM |
353 |
if explicit_val is None and info.exception_only: |
|
354 |
return view |
|
355 |
|
|
356 |
if settings and settings.get('debug_authorization', False): |
0c29cf
|
357 |
|
e8c66a
|
358 |
def authdebug_view(context, request): |
c2c589
|
359 |
view_name = getattr(request, 'view_name', None) |
CD |
360 |
|
|
361 |
if authn_policy and authz_policy: |
|
362 |
if permission is NO_PERMISSION_REQUIRED: |
|
363 |
msg = 'Allowed (NO_PERMISSION_REQUIRED)' |
|
364 |
elif permission is None: |
|
365 |
msg = 'Allowed (no permission registered)' |
|
366 |
else: |
bf40a3
|
367 |
principals = authn_policy.effective_principals(request) |
0c29cf
|
368 |
msg = str( |
MM |
369 |
authz_policy.permits(context, principals, permission) |
|
370 |
) |
c2c589
|
371 |
else: |
CD |
372 |
msg = 'Allowed (no authorization policy in use)' |
|
373 |
|
|
374 |
view_name = getattr(request, 'view_name', None) |
|
375 |
url = getattr(request, 'url', None) |
0c29cf
|
376 |
msg = ( |
MM |
377 |
'debug_authorization of url %s (view name %r against ' |
|
378 |
'context %r): %s' % (url, view_name, context, msg) |
|
379 |
) |
bf40a3
|
380 |
if logger: |
MM |
381 |
logger.debug(msg) |
c2c589
|
382 |
if request is not None: |
CD |
383 |
request.authdebug_message = msg |
|
384 |
return view(context, request) |
0c29cf
|
385 |
|
e8c66a
|
386 |
wrapped_view = authdebug_view |
c2c589
|
387 |
|
CD |
388 |
return wrapped_view |
0c29cf
|
389 |
|
c2c589
|
390 |
|
007600
|
391 |
def rendered_view(view, info): |
c2c589
|
392 |
# one way or another this wrapper must produce a Response (unless |
CD |
393 |
# the renderer is a NullRendererHelper) |
007600
|
394 |
renderer = info.options.get('renderer') |
c2c589
|
395 |
if renderer is None: |
CD |
396 |
# register a default renderer if you want super-dynamic |
|
397 |
# rendering. registering a default renderer will also allow |
|
398 |
# override_renderer to work if a renderer is left unspecified for |
|
399 |
# a view registration. |
|
400 |
def viewresult_to_response(context, request): |
|
401 |
result = view(context, request) |
0c29cf
|
402 |
if result.__class__ is Response: # common case |
c2c589
|
403 |
response = result |
CD |
404 |
else: |
007600
|
405 |
response = info.registry.queryAdapterOrSelf(result, IResponse) |
c2c589
|
406 |
if response is None: |
CD |
407 |
if result is None: |
0c29cf
|
408 |
append = ( |
MM |
409 |
' You may have forgotten to return a value ' |
|
410 |
'from the view callable.' |
|
411 |
) |
c2c589
|
412 |
elif isinstance(result, dict): |
0c29cf
|
413 |
append = ( |
MM |
414 |
' You may have forgotten to define a ' |
|
415 |
'renderer in the view configuration.' |
|
416 |
) |
c2c589
|
417 |
else: |
CD |
418 |
append = '' |
|
419 |
|
0c29cf
|
420 |
msg = ( |
MM |
421 |
'Could not convert return value of the view ' |
|
422 |
'callable %s into a response object. ' |
|
423 |
'The value returned was %r.' + append |
|
424 |
) |
c2c589
|
425 |
|
CD |
426 |
raise ValueError(msg % (view_description(view), result)) |
|
427 |
|
|
428 |
return response |
|
429 |
|
|
430 |
return viewresult_to_response |
|
431 |
|
|
432 |
if renderer is renderers.null_renderer: |
|
433 |
return view |
|
434 |
|
|
435 |
def rendered_view(context, request): |
|
436 |
result = view(context, request) |
0c29cf
|
437 |
if result.__class__ is Response: # potential common case |
c2c589
|
438 |
response = result |
CD |
439 |
else: |
|
440 |
# this must adapt, it can't do a simple interface check |
|
441 |
# (avoid trying to render webob responses) |
007600
|
442 |
response = info.registry.queryAdapterOrSelf(result, IResponse) |
c2c589
|
443 |
if response is None: |
CD |
444 |
attrs = getattr(request, '__dict__', {}) |
|
445 |
if 'override_renderer' in attrs: |
|
446 |
# renderer overridden by newrequest event or other |
|
447 |
renderer_name = attrs.pop('override_renderer') |
|
448 |
view_renderer = renderers.RendererHelper( |
|
449 |
name=renderer_name, |
007600
|
450 |
package=info.package, |
0c29cf
|
451 |
registry=info.registry, |
MM |
452 |
) |
c2c589
|
453 |
else: |
CD |
454 |
view_renderer = renderer.clone() |
|
455 |
if '__view__' in attrs: |
|
456 |
view_inst = attrs.pop('__view__') |
|
457 |
else: |
|
458 |
view_inst = getattr(view, '__original_view__', view) |
bf40a3
|
459 |
response = view_renderer.render_view( |
0c29cf
|
460 |
request, result, view_inst, context |
MM |
461 |
) |
c2c589
|
462 |
return response |
CD |
463 |
|
|
464 |
return rendered_view |
|
465 |
|
0c29cf
|
466 |
|
e4b931
|
467 |
rendered_view.options = ('renderer',) |
0c29cf
|
468 |
|
e4b931
|
469 |
|
007600
|
470 |
def decorated_view(view, info): |
MM |
471 |
decorator = info.options.get('decorator') |
c2c589
|
472 |
if decorator is None: |
CD |
473 |
return view |
|
474 |
return decorator(view) |
e4b931
|
475 |
|
0c29cf
|
476 |
|
e4b931
|
477 |
decorated_view.options = ('decorator',) |
0c29cf
|
478 |
|
a3db3c
|
479 |
|
9e9fa9
|
480 |
def csrf_view(view, info): |
de3d0c
|
481 |
explicit_val = info.options.get('require_csrf') |
MM |
482 |
defaults = info.registry.queryUtility(IDefaultCSRFOptions) |
|
483 |
if defaults is None: |
|
484 |
default_val = False |
|
485 |
token = 'csrf_token' |
|
486 |
header = 'X-CSRF-Token' |
|
487 |
safe_methods = frozenset(["GET", "HEAD", "OPTIONS", "TRACE"]) |
17fa5e
|
488 |
callback = None |
de3d0c
|
489 |
else: |
MM |
490 |
default_val = defaults.require_csrf |
|
491 |
token = defaults.token |
|
492 |
header = defaults.header |
|
493 |
safe_methods = defaults.safe_methods |
17fa5e
|
494 |
callback = defaults.callback |
e8c66a
|
495 |
|
de3d0c
|
496 |
enabled = ( |
0c29cf
|
497 |
explicit_val is True |
MM |
498 |
or |
e8c66a
|
499 |
# fallback to the default val if not explicitly enabled |
MM |
500 |
# but only if the view is not an exception view |
0c29cf
|
501 |
(explicit_val is not False and default_val and not info.exception_only) |
de3d0c
|
502 |
) |
MM |
503 |
# disable if both header and token are disabled |
|
504 |
enabled = enabled and (token or header) |
9e9fa9
|
505 |
wrapped_view = view |
de3d0c
|
506 |
if enabled: |
0c29cf
|
507 |
|
9e9fa9
|
508 |
def csrf_view(context, request): |
0c29cf
|
509 |
if request.method not in safe_methods and ( |
MM |
510 |
callback is None or callback(request) |
17fa5e
|
511 |
): |
65dee6
|
512 |
check_csrf_origin(request, raises=True) |
de3d0c
|
513 |
check_csrf_token(request, token, header, raises=True) |
9e9fa9
|
514 |
return view(context, request) |
0c29cf
|
515 |
|
9e9fa9
|
516 |
wrapped_view = csrf_view |
MM |
517 |
return wrapped_view |
|
518 |
|
0c29cf
|
519 |
|
9e9fa9
|
520 |
csrf_view.options = ('require_csrf',) |
MM |
521 |
|
c231d8
|
522 |
VIEW = 'VIEW' |
a3db3c
|
523 |
INGRESS = 'INGRESS' |