XMLRPC improvements:

* Add support for actions to XMLRPC interface.
* Provide bridge so user actions may be executed
  either via CGI or XMLRPC.
* Adjust XMLRPC tests to recent work.
* Cleanup.

Author: stefanseefeld

roundup/actions.py

@@ -0,0 +1,68 @@
+#
+# Copyright (C) 2009 Stefan Seefeld
+# All rights reserved.
+# For license terms see the file COPYING.txt.
+#
+
+from roundup.exceptions import *
+from roundup import hyperdb
+from roundup.i18n import _
+
+class Action:
+    def __init__(self, db, translator):
+        self.db = db
+        self.translator = translator
+
+    def handle(self, *args):
+        """Action handler procedure"""
+        raise NotImplementedError
+
+    def execute(self, *args):
+        """Execute the action specified by this object."""
+
+        self.permission(*args)
+        return self.handle(*args)
+
+
+    def permission(self, *args):
+        """Check whether the user has permission to execute this action.
+
+        If not, raise Unauthorised."""
+
+        pass
+
+
+    def gettext(self, msgid):
+        """Return the localized translation of msgid"""
+        return self.translator.gettext(msgid)
+
+
+    _ = gettext
+
+
+class Retire(Action):
+
+    def handle(self, designator):
+
+        classname, itemid = hyperdb.splitDesignator(designator)
+
+        # make sure we don't try to retire admin or anonymous
+        if (classname == 'user' and
+            self.db.user.get(itemid, 'username') in ('admin', 'anonymous')):
+            raise ValueError, self._(
+                'You may not retire the admin or anonymous user')
+
+        # do the retire
+        self.db.getclass(classname).retire(itemid)
+        self.db.commit()
+
+
+    def permission(self, designator):
+
+        classname, itemid = hyperdb.splitDesignator(designator)
+
+        if not self.db.security.hasPermission('Edit', self.db.getuid(),
+                                              classname=classname, itemid=itemid):
+            raise Unauthorised(self._('You do not have permission to '
+                                      '%(action)s the %(classname)s class.')%info)
+            

roundup/cgi/actions.py

@@ -1,8 +1,7 @@
-#$Id: actions.py,v 1.73 2008-08-18 05:04:01 richard Exp $
-
 import re, cgi, StringIO, urllib, time, random, csv, codecs
 
 from roundup import hyperdb, token, date, password
+from roundup.actions import Action as BaseAction
 from roundup.i18n import _
 import roundup.exceptions
 from roundup.cgi import exceptions, templating
@@ -991,4 +990,46 @@ def handle(self):
 
         return '\n'
 
+
+class Bridge(BaseAction):
+    """Make roundup.actions.Action executable via CGI request.
+
+    Using this allows users to write actions executable from multiple frontends.
+    CGI Form content is translated into a dictionary, which then is passed as
+    argument to 'handle()'. XMLRPC requests have to pass this dictionary
+    directly.
+    """
+
+    def __init__(self, *args):
+
+        # As this constructor is callable from multiple frontends, each with
+        # different Action interfaces, we have to look at the arguments to
+        # figure out how to complete construction.
+        if (len(args) == 1 and
+            hasattr(args[0], '__class__') and
+            args[0].__class__.__name__ == 'Client'):
+            self.cgi = True
+            self.execute = self.execute_cgi
+            self.client = args[0]
+            self.form = self.client.form
+        else:
+            self.cgi = False
+
+    def execute_cgi(self):
+        args = {}
+        for key in self.form.keys():
+            args[key] = self.form.getvalue(key)
+        self.permission(args)
+        return self.handle(args)
+
+    def permission(self, args):
+        """Raise Unauthorised if the current user is not allowed to execute
+        this action. Users may override this method."""
+        
+        pass
+
+    def handle(self, args):
+        
+        raise NotImplementedError
+
 # vim: set filetype=python sts=4 sw=4 et si :

roundup/cgi/client.py

@@ -382,7 +382,9 @@ def handle_xmlrpc(self):
         self.determine_user()
 
         # Call the appropriate XML-RPC method.
-        handler = xmlrpc.RoundupDispatcher(self.db, self.userid, self.translator,
+        handler = xmlrpc.RoundupDispatcher(self.db,
+                                           self.instance.actions,
+                                           self.translator,
                                            allow_none=True)
         output = handler.dispatch(input)
         self.db.commit()

roundup/cgi/exceptions.py

@@ -1,20 +1,14 @@
-#$Id: exceptions.py,v 1.6 2004-11-18 14:10:27 a1s Exp $
-'''Exceptions for use in Roundup's web interface.
-'''
+"""Exceptions for use in Roundup's web interface.
+"""
 
 __docformat__ = 'restructuredtext'
 
+from roundup.exceptions import LoginError, Unauthorised
 import cgi
 
 class HTTPException(Exception):
     pass
 
-class LoginError(HTTPException):
-    pass
-
-class Unauthorised(HTTPException):
-    pass
-
 class Redirect(HTTPException):
     pass
 
@@ -50,13 +44,13 @@ class SeriousError(Exception):
     escaped.
     """
     def __str__(self):
-        return '''
+        return """
 <html><head><title>Roundup issue tracker: An error has occurred</title>
  <link rel="stylesheet" type="text/css" href="@@file/style.css">
 </head>
 <body class="body" marginwidth="0" marginheight="0">
  <p class="error-message">%s</p>
 </body></html>
-'''%cgi.escape(self.args[0])
+"""%cgi.escape(self.args[0])
 
 # vim: set filetype=python sts=4 sw=4 et si :

roundup/exceptions.py

@@ -1,19 +1,24 @@
-#$Id: exceptions.py,v 1.1 2004-03-26 00:44:11 richard Exp $
-'''Exceptions for use across all Roundup components.
-'''
+"""Exceptions for use across all Roundup components.
+"""
 
 __docformat__ = 'restructuredtext'
 
+class LoginError(Exception):
+    pass
+
+class Unauthorised(Exception):
+    pass
+
 class Reject(Exception):
-    '''An auditor may raise this exception when the current create or set
+    """An auditor may raise this exception when the current create or set
     operation should be stopped.
 
     It is up to the specific interface invoking the create or set to
     handle this exception sanely. For example:
 
     - mailgw will trap and ignore Reject for file attachments and messages
     - cgi will trap and present the exception in a nice format
-    '''
+    """
     pass
 
 class UsageError(ValueError):

roundup/instance.py

@@ -15,19 +15,19 @@
 # BASIS, AND THERE IS NO OBLIGATION WHATSOEVER TO PROVIDE MAINTENANCE,
 # SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
 #
-# $Id: instance.py,v 1.37 2006-12-11 23:36:15 richard Exp $
 
-'''Tracker handling (open tracker).
+"""Tracker handling (open tracker).
 
 Backwards compatibility for the old-style "imported" trackers.
-'''
+"""
 __docformat__ = 'restructuredtext'
 
 import os
 import sys
 from roundup import configuration, mailgw
-from roundup import hyperdb, backends
+from roundup import hyperdb, backends, actions
 from roundup.cgi import client, templating
+from roundup.cgi import actions as cgi_actions
 
 class Vars:
     def __init__(self, vars):
@@ -47,6 +47,7 @@ def __init__(self, tracker_home, optimize=0):
         self.tracker_home = tracker_home
         self.optimize = optimize
         self.config = configuration.CoreConfig(tracker_home)
+        self.actions = {}
         self.cgi_actions = {}
         self.templating_utils = {}
         self.load_interfaces()
@@ -182,7 +183,20 @@ def _load_python(self, file, vars):
         return vars
 
     def registerAction(self, name, action):
-        self.cgi_actions[name] = action
+
+        # The logic here is this:
+        # * if `action` derives from actions.Action,
+        #   it is executable as a generic action.
+        # * if, moreover, it also derives from cgi.actions.Bridge,
+        #   it may in addition be called via CGI
+        # * in all other cases we register it as a CGI action, without
+        #   any check (for backward compatibility).
+        if issubclass(action, actions.Action):
+            self.actions[name] = action
+            if issubclass(action, cgi_actions.Bridge):
+                self.cgi_actions[name] = action
+        else:
+            self.cgi_actions[name] = action
 
     def registerUtil(self, name, function):
         self.templating_utils[name] = function

roundup/scripts/roundup_xmlrpc_server.py

@@ -51,7 +51,10 @@ def authenticate(self, tracker):
 
         if scheme.lower() == 'basic':
             decoded = base64.decodestring(challenge)
-            username, password = decoded.split(':')
+            if ':' in decoded:
+                username, password = decoded.split(':')
+            else:
+                username = decoded
         if not username:
             username = 'anonymous'
         db = tracker.open('admin')
@@ -79,7 +82,7 @@ def do_POST(self):
             tracker = self.get_tracker(tracker_name)
             db = self.authenticate(tracker)
 
-            instance = RoundupInstance(db, None)
+            instance = RoundupInstance(db, tracker.actions, None)
             self.server.register_instance(instance)
             SimpleXMLRPCRequestHandler.do_POST(self)
         except Unauthorised, message:

roundup/xmlrpc.py

@@ -8,6 +8,7 @@
 from roundup.cgi.exceptions import *
 from roundup.exceptions import UsageError
 from roundup.date import Date, Range, Interval
+from roundup import actions
 from SimpleXMLRPCServer import *
 
 def translate(value):
@@ -52,10 +53,10 @@ class RoundupInstance:
     """The RoundupInstance provides the interface accessible through
     the Python XMLRPC mapping."""
 
-    def __init__(self, db, translator):
+    def __init__(self, db, actions, translator):
 
         self.db = db
-        self.userid = db.getuid()
+        self.actions = actions
         self.translator = translator
 
     def list(self, classname, propname=None):
@@ -125,15 +126,30 @@ def set(self, designator, *args):
             raise UsageError, message
 
 
+    builtin_actions = {'retire': actions.Retire}
+
+    def action(self, name, *args):
+        """"""
+        
+        if name in self.actions:
+            action_type = self.actions[name]
+        elif name in self.builtin_actions:
+            action_type = self.builtin_actions[name]
+        else:
+            raise Exception('action "%s" is not supported %s' % (name, ','.join(self.actions.keys())))
+        action = action_type(self.db, self.translator)
+        return action.execute(*args)
+
+
 class RoundupDispatcher(SimpleXMLRPCDispatcher):
     """RoundupDispatcher bridges from cgi.client to RoundupInstance.
     It expects user authentication to be done."""
 
-    def __init__(self, db, userid, translator,
+    def __init__(self, db, actions, translator,
                  allow_none=False, encoding=None):
 
         SimpleXMLRPCDispatcher.__init__(self, allow_none, encoding)
-        self.register_instance(RoundupInstance(db, userid, translator))
+        self.register_instance(RoundupInstance(db, actions, translator))
 
 
     def dispatch(self, input):