roundup-tracker
diff --git a/‎CHANGES.txt‎
Lines changed: 24 additions & 1 deletion b/‎CHANGES.txt‎
Lines changed: 24 additions & 1 deletion
diff --git a/‎cgi-bin/roundup.cgi‎
Lines changed: 35 additions & 59 deletions b/‎cgi-bin/roundup.cgi‎
Lines changed: 35 additions & 59 deletions
diff --git a/‎roundup-admin‎
Lines changed: 11 additions & 3 deletions b/‎roundup-admin‎
Lines changed: 11 additions & 3 deletions
diff --git a/‎roundup-server‎
Lines changed: 16 additions & 38 deletions b/‎roundup-server‎
Lines changed: 16 additions & 38 deletions
@@ -2,11 +2,34 @@ This file contains the changes to the Roundup system over time. The entries
 are given with the most recent entry first.
 
 2001-??-?? - 0.2.9
+Feature:
+ . roundup-admin create now prompts for property info if none is supplied
+   on the command-line.
+ . hyperdb Class getprops() method may now return only the mutable
+   properties.
+ . CGI interfaces now generate a top-level index of their known instances.
+
+Changed:
+ . Login now uses cookies, which makes it a whole lot more flexible. We can
+   now support anonymous user access (read-only, unless there's an
+   "anonymous" user, in which case write access is permitted). Login
+   handling has been moved into cgi_client.Client.main()
+ . The "extended" schema is now the default in roundup init.
+ . The schemas have had their page headings modified to cope with the new
+   login handling. Existing installations should copy the interfaces.py
+   file from the roundup lib directory to their instance home.
+
 Fixed:
+ . Incorrectly had a Bizar Software copyright on the cgitb.py module from
+   Ping - has been removed.
  . Pretty time interval wasn't handling > 1 month properly.
  . Generation of links to Link/Multilink in indexes. (thanks Hubert Hoegl)
  . AssignedTo wasn't in the "classic" schema's item page.
-
+ . Fixed a whole bunch of places in the CGI interface where we should have
+   been returning Not Found instead of throwing an exception.
+ . Fixed a deviation from the spec: trying to modify the 'id' property of
+   an item now throws an exception.
+ . The plain() template function now html-escapes the content.
 
 2001-08-30 - 0.2.8
 Fixed:
 
@@ -16,7 +16,7 @@
 # BASIS, AND THERE IS NO OBLIGATION WHATSOEVER TO PROVIDE MAINTENANCE,
 # SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
 # 
-# $Id: roundup.cgi,v 1.12 2001-10-01 05:55:41 richard Exp $
+# $Id: roundup.cgi,v 1.13 2001-10-05 02:23:24 richard Exp $
 
 # python version check
 import sys
@@ -59,73 +59,46 @@ except:
     traceback.print_exc(None, s)
     print cgi.escape(s.getvalue()), "</pre>"
 
-def main(instance, out):
-    from roundup import cgi_client
-    db = instance.open('admin')
-    auth = os.environ.get("HTTP_CGI_AUTHORIZATION", None)
-    message = 'Unauthorised'
-    if auth:
-        import binascii
-        l = binascii.a2b_base64(auth.split(' ')[1]).split(':')
-        user = l[0]
-        password = None
-        if len(l) > 1:
-            password = l[1]
-        try:
-            uid = db.user.lookup(user)
-        except KeyError:
-            auth = None
-            message = 'Username not recognised'
-        else:
-            if password != db.user.get(uid, 'password'):
-                message = 'Incorrect password'
-                auth = None
-    if not auth:
-        out.write('Content-Type: text/html\n')
-        out.write('Status: 401\n')
-        out.write('WWW-Authenticate: basic realm="Roundup"\n\n')
-        keys = os.environ.keys()
-        keys.sort()
-        out.write(message)
-        return
-    client = instance.Client(out, db, os.environ, user)
-    try:
-        client.main()
-    except cgi_client.Unauthorised:
-        out.write('Content-Type: text/html\n')
-        out.write('Status: 403\n\n')
-        out.write('Unauthorised')
-
-def index(out):
-    ''' Print up an index of the available instances
-    '''
-    import urllib
-    w = out.write
-    w("Content-Type: text/html\n\n")
-    w('<html><head><title>Roundup instances index</title><head>\n')
-    w('<body><h1>Roundup instances index</h1><ol>\n')
-    for instance in ROUNDUP_INSTANCE_HOMES.keys():
-        w('<li><a href="%s/index">%s</a>\n'%(urllib.quote(instance),
-            instance))
-    w('</ol></body></html>')
-
-#
-# Now do the actual CGI handling
-# 
-out, err = sys.stdout, sys.stderr
-try:
-    sys.stdout = sys.stderr = LOG
+def main(out, err):
     import os, string
     import roundup.instance
     path = string.split(os.environ['PATH_INFO'], '/')
     instance = path[1]
+    os.environ['INSTANCE_NAME'] = instance
     os.environ['PATH_INFO'] = string.join(path[2:], '/')
     if ROUNDUP_INSTANCE_HOMES.has_key(instance):
         instance_home = ROUNDUP_INSTANCE_HOMES[instance]
         instance = roundup.instance.open(instance_home)
-        main(instance, out)
+        from roundup import cgi_client
+        client = instance.Client(instance, out, os.environ)
+        try:
+            client.main()
+        except cgi_client.Unauthorised:
+            out.write('Content-Type: text/html\n')
+            out.write('Status: 403\n\n')
+            out.write('Unauthorised')
+        except cgi_client.NotFound:
+            out.write('Content-Type: text/html\n')
+            out.write('Status: 404\n\n')
+            out.write('Not found: %s'%client.path)
     else:
-        index(out)
+        import urllib
+        w = out.write
+        w("Content-Type: text/html\n\n")
+        w('<html><head><title>Roundup instances index</title><head>\n')
+        w('<body><h1>Roundup instances index</h1><ol>\n')
+        for instance in ROUNDUP_INSTANCE_HOMES.keys():
+            w('<li><a href="%s/index">%s</a>\n'%(urllib.quote(instance),
+                instance))
+        w('</ol></body></html>')
+
+#
+# Now do the actual CGI handling
+# 
+out, err = sys.stdout, sys.stderr
+try:
+    sys.stdout = sys.stderr = LOG
+    main(out, err)
 except:
     sys.stdout, sys.stderr = out, err
     out.write('Content-Type: text/html\n\n')
@@ -135,6 +108,9 @@ sys.stdout, sys.stderr = out, err
 
 #
 # $Log: not supported by cvs2svn $
+# Revision 1.12  2001/10/01 05:55:41  richard
+# Fixes to the top-level index
+#
 # Revision 1.11  2001/09/29 13:27:00  richard
 # CGI interfaces now spit up a top-level index of all the instances they can
 # serve.
 
@@ -16,7 +16,7 @@
 # BASIS, AND THERE IS NO OBLIGATION WHATSOEVER TO PROVIDE MAINTENANCE,
 # SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
 # 
-# $Id: roundup-admin,v 1.20 2001-10-04 02:12:42 richard Exp $
+# $Id: roundup-admin,v 1.21 2001-10-05 02:23:24 richard Exp $
 
 import sys
 if int(sys.version[0]) < 2:
@@ -119,9 +119,9 @@ def do_init(instance_home, args):
     if template not in templates:
         print 'Templates:', ', '.join(templates)
     while template not in templates:
-        template = raw_input('Select template [classic]: ').strip()
+        template = raw_input('Select template [extended]: ').strip()
         if not template:
-            template = 'classic'
+            template = 'extended'
 
     import roundup.backends
     backends = roundup.backends.__all__
@@ -449,6 +449,14 @@ if __name__ == '__main__':
 
 #
 # $Log: not supported by cvs2svn $
+# Revision 1.20  2001/10/04 02:12:42  richard
+# Added nicer command-line item adding: passing no arguments will enter an
+# interactive more which asks for each property in turn. While I was at it, I
+# fixed an implementation problem WRT the spec - I wasn't raising a
+# ValueError if the key property was missing from a create(). Also added a
+# protected=boolean argument to getprops() so we can list only the mutable
+# properties (defaults to yes, which lists the immutables).
+#
 # Revision 1.19  2001/10/01 06:40:43  richard
 # made do_get have the args in the correct order
 #
 
@@ -20,7 +20,7 @@
 
 Based on CGIHTTPServer in the Python library.
 
-$Id: roundup-server,v 1.12 2001-09-29 13:27:00 richard Exp $
+$Id: roundup-server,v 1.13 2001-10-05 02:23:24 richard Exp $
 
 """
 import sys
@@ -75,10 +75,12 @@ class RoundupRequestHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
         sys.stdin = self.rfile
         try:
             self.inner_run_cgi()
+        except cgi_client.NotFound:
+            self.send_error(404, self.path)
         except cgi_client.Unauthorised:
             self.wfile.write('Content-Type: text/html\n')
-            self.wfile.write('Status: 403\n')
-            self.wfile.write('Unauthorised')
+            self.wfile.write('Status: 403\n\n')
+            self.wfile.write('You are not authorised to access this URL.')
         except:
             try:
                 reload(cgitb)
@@ -121,12 +123,12 @@ class RoundupRequestHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
         if rest == '/':
             return self.index()
         l_path = string.split(rest, '/')
-        instance = urllib.unquote(l_path[1])
-        if self.ROUNDUP_INSTANCE_HOMES.has_key(instance):
-            instance_home = self.ROUNDUP_INSTANCE_HOMES[instance]
+        instance_name = urllib.unquote(l_path[1])
+        if self.ROUNDUP_INSTANCE_HOMES.has_key(instance_name):
+            instance_home = self.ROUNDUP_INSTANCE_HOMES[instance_name]
             instance = roundup.instance.open(instance_home)
         else:
-            return self.index()
+            raise cgi_client.NotFound
 
         # figure out what the rest of the path is
         if len(l_path) > 2:
@@ -136,6 +138,7 @@ class RoundupRequestHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
 
         # Set up the CGI environment
         env = {}
+        env['INSTANCE_NAME'] = instance_name
         env['REQUEST_METHOD'] = self.command
         env['PATH_INFO'] = urllib.unquote(rest)
         if query:
@@ -176,41 +179,12 @@ class RoundupRequestHandler(SimpleHTTPServer.SimpleHTTPRequestHandler):
         #finally:
         #    del sys.path[0]
 
-        # initialise the roundupdb, check for auth
-        db = instance.open('admin')
-        message = 'Unauthorised'
-        auth = self.headers.getheader('authorization')
-        if auth:
-            l = binascii.a2b_base64(auth.split(' ')[1]).split(':')
-            user = l[0]
-            password = None
-            if len(l) > 1:
-                password = l[1]
-            try:
-                uid = db.user.lookup(user)
-            except KeyError:
-                auth = None
-                message = 'Username not recognised'
-            else:
-                if password != db.user.get(uid, 'password'):
-                    message = 'Incorrect password'
-                    auth = None
-        db.close()
-        del db
-        if not auth:
-            self.send_response(401)
-            self.send_header('Content-Type', 'text/html')
-            self.send_header('WWW-Authenticate', 'basic realm="Roundup"')
-            self.end_headers()
-            self.wfile.write(message)
-            return
-
         self.send_response(200, "Script output follows")
 
         # do the roundup thang
-        db = instance.open(user)
-        client = instance.Client(self.wfile, db, env, user)
+        client = instance.Client(instance, self.wfile, env)
         client.main()
+
     do_POST = run_cgi
 
 nobody = None
@@ -282,6 +256,10 @@ if __name__ == '__main__':
 
 #
 # $Log: not supported by cvs2svn $
+# Revision 1.12  2001/09/29 13:27:00  richard
+# CGI interfaces now spit up a top-level index of all the instances they can
+# serve.
+#
 # Revision 1.11  2001/08/07 00:24:42  richard
 # stupid typo
 #