Author: humbedooh
Date: Fri Mar 20 19:16:51 2015
New Revision: 1668120
URL: http://svn.apache.org/r1668120
Log:
use the web server's auth scheme, fetch the remote_user and look for that in
steve.cfg for karma
Modified:
steve/trunk/pytest/www/cgi-bin/rest_admin.py
Modified: steve/trunk/pytest/www/cgi-bin/rest_admin.py
URL:
http://svn.apache.org/viewvc/steve/trunk/pytest/www/cgi-bin/rest_admin.py?rev=1668120&r1=1668119&r2=1668120&view=diff
==============================================================================
--- steve/trunk/pytest/www/cgi-bin/rest_admin.py (original)
+++ steve/trunk/pytest/www/cgi-bin/rest_admin.py Fri Mar 20 19:16:51 2015
@@ -41,285 +41,290 @@ homedir = config.get("general", "homedir
pathinfo = os.environ['PATH_INFO'] if 'PATH_INFO' in os.environ else None
form = cgi.FieldStorage();
+whoami = os.environ['REMOTE_USER'] if 'REMOTE_USER' in os.environ else None
-
-# TODO: Authentication goes here
-karma = 5 # assume admin karma for now
-
-# Figure out what to do and where
-if pathinfo:
- l = pathinfo.split("/")
- if l[0] == "":
- l.pop(0)
- action = l[0]
- election = l[1] if len(l) > 1 else None
-
-
- # Set up new election?
- if action == "setup":
- if karma >= 5: # karma of 5 required to set up an election base
- if election:
- if os.path.isdir(os.path.join(homedir, "issues", election)):
- response.respond(403, {'message': "Election already
exists!"})
- else:
- try:
- required = ['title','owner','monitors']
- xr = required
- for i in required:
- if not form.getvalue(i):
- raise Exception("Required fields missing: %s"
% ", ".join(xr))
- else:
- xr.pop(0)
- elpath = os.path.join(homedir, "issues", election)
- os.mkdir(elpath)
- with open(elpath + "/basedata.json", "w") as f:
- f.write(json.dumps({
- 'title': form.getvalue('title'),
- 'owner': form.getvalue('owner'),
- 'monitors':
form.getvalue('monitors').split(","),
- 'starts': form.getvalue('starts'),
- 'ends': form.getvalue('ends'),
- 'hash': hashlib.sha512("%f-stv-%s" %
(time.time(), os.environ['REMOTE_ADDR'])).hexdigest()
- }))
- f.close()
- response.respond(201, {'message': 'Created!', 'id':
election})
- except Exception as err:
- response.respond(500, {'message': "Could not create
election: %s" % err})
- else:
- response.respond(400, {'message': "No election name
specified!"})
- else:
- response.respond(403, {'message': 'You do not have enough karma
for this'})
-
- # Create an issue in an election
- elif action == "create":
- if karma >= 4: # karma of 4 required to set up an issue for the
election
- if election:
- issue = l[2] if len(l) > 2 else None
- if not issue:
- response.respond(400, {'message': 'No issue ID specified'})
- else:
- issuepath = os.path.join(homedir, "issues", election,
issue)
- if os.path.isfile(issuepath + ".json"):
- response.respond(400, {'message': 'An issue with this
ID already exists'})
+if not whoami:
+ response.respond(403, {'message': 'Could not verify your identity: No auth
scheme found'})
+elif not config.has_option('karma', whoami):
+ response.respond(403, {'message': 'Could not verify your identity: No such
user: %s' % whoami})
+else:
+
+ karma = int(config.get("karma", whoami))
+
+ # Figure out what to do and where
+ if pathinfo:
+ l = pathinfo.split("/")
+ if l[0] == "":
+ l.pop(0)
+ action = l[0]
+ election = l[1] if len(l) > 1 else None
+
+
+ # Set up new election?
+ if action == "setup":
+ if karma >= 5: # karma of 5 required to set up an election base
+ if election:
+ if os.path.isdir(os.path.join(homedir, "issues",
election)):
+ response.respond(403, {'message': "Election already
exists!"})
else:
try:
- required = ['title','type']
+ required = ['title','owner','monitors']
xr = required
for i in required:
if not form.getvalue(i):
raise Exception("Required fields missing:
%s" % ", ".join(xr))
else:
xr.pop(0)
- valid_types =
['yna','stv1','stv2','stv3','stv4','stv5','stv6','stv7','stv8','stv9']
- if not form.getvalue('type') in valid_types:
- raise Exception('Invalid vote type: %s' %
form.getvalue('type'))
- with open(issuepath + ".json", "w") as f:
- candidates = []
- if form.getvalue('candidates'):
- for name in
form.getvalue('candidates').split("\n"):
- candidates.append({'name': name})
+ elpath = os.path.join(homedir, "issues", election)
+ os.mkdir(elpath)
+ with open(elpath + "/basedata.json", "w") as f:
f.write(json.dumps({
'title': form.getvalue('title'),
- 'description':
form.getvalue('description'),
- 'type': form.getvalue('type'),
- 'candidates': candidates,
- 'seconds': form.getvalue('seconds'),
- 'nominatedby': form.getvalue('nominatedby')
+ 'owner': form.getvalue('owner'),
+ 'monitors':
form.getvalue('monitors').split(","),
+ 'starts': form.getvalue('starts'),
+ 'ends': form.getvalue('ends'),
+ 'hash': hashlib.sha512("%f-stv-%s" %
(time.time(), os.environ['REMOTE_ADDR'])).hexdigest()
}))
f.close()
- response.respond(201, {'message': 'Created!',
'id': issue})
+ response.respond(201, {'message': 'Created!',
'id': election})
except Exception as err:
- response.respond(500, {'message': "Could not
create issue: %s" % err})
- else:
- response.respond(400, {'message': "No election specified!"})
- else:
- response.respond(403, {'message': 'You do not have enough karma
for this'})
-
- # Delete an issue in an election
- elif action == "delete":
- if karma >= 4: # karma of 4 required to set up an issue for the
election
- if election:
- issue = l[2] if len(l) > 2 else None
- if not issue:
- response.respond(400, {'message': 'No issue ID specified'})
+ response.respond(500, {'message': "Could not
create election: %s" % err})
else:
- issuepath = os.path.join(homedir, "issues", election,
issue)
- if os.path.isfile(issuepath + ".json"):
- try:
- os.unlink(issuepath + ".json")
- response.respond(200, {'message': "Issue deleted"})
- except Exception as err:
- response.respond(500, {'message': 'Could not
delete issue: %s' % err})
+ response.respond(400, {'message': "No election name
specified!"})
+ else:
+ response.respond(403, {'message': 'You do not have enough
karma for this'})
+
+ # Create an issue in an election
+ elif action == "create":
+ if karma >= 4: # karma of 4 required to set up an issue for the
election
+ if election:
+ issue = l[2] if len(l) > 2 else None
+ if not issue:
+ response.respond(400, {'message': 'No issue ID
specified'})
else:
- response.respond(404, {'message': "No such issue!"})
+ issuepath = os.path.join(homedir, "issues", election,
issue)
+ if os.path.isfile(issuepath + ".json"):
+ response.respond(400, {'message': 'An issue with
this ID already exists'})
+ else:
+ try:
+ required = ['title','type']
+ xr = required
+ for i in required:
+ if not form.getvalue(i):
+ raise Exception("Required fields
missing: %s" % ", ".join(xr))
+ else:
+ xr.pop(0)
+ valid_types =
['yna','stv1','stv2','stv3','stv4','stv5','stv6','stv7','stv8','stv9']
+ if not form.getvalue('type') in valid_types:
+ raise Exception('Invalid vote type: %s' %
form.getvalue('type'))
+ with open(issuepath + ".json", "w") as f:
+ candidates = []
+ if form.getvalue('candidates'):
+ for name in
form.getvalue('candidates').split("\n"):
+ candidates.append({'name': name})
+ f.write(json.dumps({
+ 'title': form.getvalue('title'),
+ 'description':
form.getvalue('description'),
+ 'type': form.getvalue('type'),
+ 'candidates': candidates,
+ 'seconds': form.getvalue('seconds'),
+ 'nominatedby':
form.getvalue('nominatedby')
+ }))
+ f.close()
+ response.respond(201, {'message': 'Created!',
'id': issue})
+ except Exception as err:
+ response.respond(500, {'message': "Could not
create issue: %s" % err})
+ else:
+ response.respond(400, {'message': "No election
specified!"})
else:
- response.respond(400, {'message': "No election specified!"})
- else:
- response.respond(403, {'message': 'You do not have enough karma
for this'})
-
-
-
- # Edit an issue or election
- elif action == "edit":
- issue = l[2] if len(l) > 2 else None
- if (issue and karma >= 4) or (karma >= 5 and election):
- if election:
- if not issue:
- elpath = os.path.join(homedir, "issues", election)
- if not os.path.isdir(elpath) or not
os.path.isfile(elpath+"/basedata.json"):
- response.respond(404, {'message': 'No such issue'})
+ response.respond(403, {'message': 'You do not have enough
karma for this'})
+
+ # Delete an issue in an election
+ elif action == "delete":
+ if karma >= 4: # karma of 4 required to set up an issue for the
election
+ if election:
+ issue = l[2] if len(l) > 2 else None
+ if not issue:
+ response.respond(400, {'message': 'No issue ID
specified'})
else:
- try:
- js = {}
- with open(elpath + "/basedata.json", "r") as f:
- js = json.loads(f.read())
- f.close()
- fields =
['title','owner','monitors','starts','ends']
- for field in fields:
- val = form.getvalue(field)
- if val:
- if field == "monitors":
- val = val.split(",")
- js[field] = val
- with open(elpath + "/basedata.json", "w") as f:
- f.write(json.dumps(js))
- f.close()
- response.respond(200, {'message': "Changed saved"})
- except Exception as err:
- response.respond(500, {'message': "Could not edit
election: %s" % err})
+ issuepath = os.path.join(homedir, "issues", election,
issue)
+ if os.path.isfile(issuepath + ".json"):
+ try:
+ os.unlink(issuepath + ".json")
+ response.respond(200, {'message': "Issue
deleted"})
+ except Exception as err:
+ response.respond(500, {'message': 'Could not
delete issue: %s' % err})
+ else:
+ response.respond(404, {'message': "No such
issue!"})
else:
- issuepath = os.path.join(homedir, "issues", election,
issue)
- if not os.path.isfile(issuepath + ".json"):
- response.respond(404, {'message': 'No such issue'})
+ response.respond(400, {'message': "No election
specified!"})
+ else:
+ response.respond(403, {'message': 'You do not have enough
karma for this'})
+
+
+
+ # Edit an issue or election
+ elif action == "edit":
+ issue = l[2] if len(l) > 2 else None
+ if (issue and karma >= 4) or (karma >= 5 and election):
+ if election:
+ if not issue:
+ elpath = os.path.join(homedir, "issues", election)
+ if not os.path.isdir(elpath) or not
os.path.isfile(elpath+"/basedata.json"):
+ response.respond(404, {'message': 'No such issue'})
+ else:
+ try:
+ js = {}
+ with open(elpath + "/basedata.json", "r") as f:
+ js = json.loads(f.read())
+ f.close()
+ fields =
['title','owner','monitors','starts','ends']
+ for field in fields:
+ val = form.getvalue(field)
+ if val:
+ if field == "monitors":
+ val = val.split(",")
+ js[field] = val
+ with open(elpath + "/basedata.json", "w") as f:
+ f.write(json.dumps(js))
+ f.close()
+ response.respond(200, {'message': "Changed
saved"})
+ except Exception as err:
+ response.respond(500, {'message': "Could not
edit election: %s" % err})
else:
- try:
- js = {}
- with open(issuepath + ".json", "r") as f:
- js = json.loads(f.read())
- f.close()
- fields =
['title','description','type','candidates','seconds','nominatedby']
- for field in fields:
- val = form.getvalue(field)
- if val:
- if field == "candidates" or field ==
"seconds":
- xval = val.split("\n")
- val = []
- for entry in xval:
- val.append({'name': entry})
- js[field] = val
- with open(issuepath + ".json", "w") as f:
- f.write(json.dumps(js))
- f.close()
- response.respond(200, {'message': "Changed saved"})
- except Exception as err:
- response.respond(500, {'message': "Could not edit
issue: %s" % err})
+ issuepath = os.path.join(homedir, "issues", election,
issue)
+ if not os.path.isfile(issuepath + ".json"):
+ response.respond(404, {'message': 'No such issue'})
+ else:
+ try:
+ js = {}
+ with open(issuepath + ".json", "r") as f:
+ js = json.loads(f.read())
+ f.close()
+ fields =
['title','description','type','candidates','seconds','nominatedby']
+ for field in fields:
+ val = form.getvalue(field)
+ if val:
+ if field == "candidates" or field ==
"seconds":
+ xval = val.split("\n")
+ val = []
+ for entry in xval:
+ val.append({'name': entry})
+ js[field] = val
+ with open(issuepath + ".json", "w") as f:
+ f.write(json.dumps(js))
+ f.close()
+ response.respond(200, {'message': "Changed
saved"})
+ except Exception as err:
+ response.respond(500, {'message': "Could not
edit issue: %s" % err})
+ else:
+ response.respond(400, {'message': "No election
specified!"})
else:
- response.respond(400, {'message': "No election specified!"})
- else:
- response.respond(403, {'message': 'You do not have enough karma
for this'})
-
- # Edit/add a statement
- elif action == "statement":
- issue = l[2] if len(l) > 2 else None
- if (issue and karma >= 4):
- issuepath = os.path.join(homedir, "issues", election, issue)
- if not os.path.isfile(issuepath + ".json"):
- response.respond(404, {'message': 'No such issue'})
+ response.respond(403, {'message': 'You do not have enough
karma for this'})
+
+ # Edit/add a statement
+ elif action == "statement":
+ issue = l[2] if len(l) > 2 else None
+ if (issue and karma >= 4):
+ issuepath = os.path.join(homedir, "issues", election, issue)
+ if not os.path.isfile(issuepath + ".json"):
+ response.respond(404, {'message': 'No such issue'})
+ else:
+ try:
+ js = {}
+ with open(issuepath + ".json", "r") as f:
+ js = json.loads(f.read())
+ f.close()
+
+ cand = form.getvalue('candidate')
+ stat = form.getvalue('statement')
+ found = False
+ for entry in js['candidates']:
+ if entry['name'] == cand:
+ found = True
+ entry['statement'] = stat
+ break
+ if not found:
+ raise Exception("No such candidate: " + cand)
+ with open(issuepath + ".json", "w") as f:
+ f.write(json.dumps(js))
+ f.close()
+ response.respond(200, {'message': "Changed saved"})
+ except Exception as err:
+ response.respond(500, {'message': "Could not edit
issue: %s" % err})
else:
- try:
- js = {}
- with open(issuepath + ".json", "r") as f:
- js = json.loads(f.read())
- f.close()
-
- cand = form.getvalue('candidate')
- stat = form.getvalue('statement')
- found = False
- for entry in js['candidates']:
- if entry['name'] == cand:
- found = True
- entry['statement'] = stat
- break
- if not found:
- raise Exception("No such candidate: " + cand)
- with open(issuepath + ".json", "w") as f:
- f.write(json.dumps(js))
- f.close()
- response.respond(200, {'message': "Changed saved"})
- except Exception as err:
- response.respond(500, {'message': "Could not edit issue:
%s" % err})
- else:
- response.respond(403, {'message': 'You do not have enough karma
for this'})
-
- # Edit/add a statement
- elif action == "addcandidate":
- issue = l[2] if len(l) > 2 else None
- if (issue and karma >= 4):
- issuepath = os.path.join(homedir, "issues", election, issue)
- if not os.path.isfile(issuepath + ".json"):
- response.respond(404, {'message': 'No such issue'})
+ response.respond(403, {'message': 'You do not have enough
karma for this'})
+
+ # Edit/add a statement
+ elif action == "addcandidate":
+ issue = l[2] if len(l) > 2 else None
+ if (issue and karma >= 4):
+ issuepath = os.path.join(homedir, "issues", election, issue)
+ if not os.path.isfile(issuepath + ".json"):
+ response.respond(404, {'message': 'No such issue'})
+ else:
+ try:
+ js = {}
+ with open(issuepath + ".json", "r") as f:
+ js = json.loads(f.read())
+ f.close()
+
+ cand = form.getvalue('candidate')
+ stat = form.getvalue('statement')
+ found = False
+ for entry in js['candidates']:
+ if entry['name'] == cand:
+ found = True
+ break
+ if found:
+ raise Exception("Candidate already exists: " +
cand)
+ else:
+ js['candidates'].append( {
+ 'name': cand,
+ 'statement': stat
+ })
+ with open(issuepath + ".json", "w") as f:
+ f.write(json.dumps(js))
+ f.close()
+ response.respond(200, {'message': "Changed saved"})
+ except Exception as err:
+ response.respond(500, {'message': "Could not edit
issue: %s" % err})
else:
- try:
- js = {}
- with open(issuepath + ".json", "r") as f:
- js = json.loads(f.read())
- f.close()
-
- cand = form.getvalue('candidate')
- stat = form.getvalue('statement')
- found = False
- for entry in js['candidates']:
- if entry['name'] == cand:
- found = True
- break
- if found:
- raise Exception("Candidate already exists: " + cand)
- else:
- js['candidates'].append( {
- 'name': cand,
- 'statement': stat
- })
- with open(issuepath + ".json", "w") as f:
- f.write(json.dumps(js))
- f.close()
- response.respond(200, {'message': "Changed saved"})
- except Exception as err:
- response.respond(500, {'message': "Could not edit issue:
%s" % err})
- else:
- response.respond(403, {'message': 'You do not have enough karma
for this'})
- elif action == "delcandidate":
- issue = l[2] if len(l) > 2 else None
- if (issue and karma >= 4):
- issuepath = os.path.join(homedir, "issues", election, issue)
- if not os.path.isfile(issuepath + ".json"):
- response.respond(404, {'message': 'No such issue'})
+ response.respond(403, {'message': 'You do not have enough
karma for this'})
+ elif action == "delcandidate":
+ issue = l[2] if len(l) > 2 else None
+ if (issue and karma >= 4):
+ issuepath = os.path.join(homedir, "issues", election, issue)
+ if not os.path.isfile(issuepath + ".json"):
+ response.respond(404, {'message': 'No such issue'})
+ else:
+ try:
+ js = {}
+ with open(issuepath + ".json", "r") as f:
+ js = json.loads(f.read())
+ f.close()
+
+ cand = form.getvalue('candidate')
+ found = False
+ i = 0
+ for entry in js['candidates']:
+ if entry['name'] == cand:
+ js['candidates'].pop(i)
+ found = True
+ break
+ i += 1
+ if not found:
+ raise Exception("Candidate does nost exist: " +
cand)
+ with open(issuepath + ".json", "w") as f:
+ f.write(json.dumps(js))
+ f.close()
+ response.respond(200, {'message': "Changed saved"})
+ except Exception as err:
+ response.respond(500, {'message': "Could not edit
issue: %s" % err})
else:
- try:
- js = {}
- with open(issuepath + ".json", "r") as f:
- js = json.loads(f.read())
- f.close()
-
- cand = form.getvalue('candidate')
- found = False
- i = 0
- for entry in js['candidates']:
- if entry['name'] == cand:
- js['candidates'].pop(i)
- found = True
- break
- i += 1
- if not found:
- raise Exception("Candidate does nost exist: " + cand)
- with open(issuepath + ".json", "w") as f:
- f.write(json.dumps(js))
- f.close()
- response.respond(200, {'message': "Changed saved"})
- except Exception as err:
- response.respond(500, {'message': "Could not edit issue:
%s" % err})
+ response.respond(403, {'message': 'You do not have enough
karma for this'})
else:
- response.respond(403, {'message': 'You do not have enough karma
for this'})
+ response.respond(400, {'message': "No (or invalid) action
supplied"})
else:
- response.respond(400, {'message': "No (or invalid) action supplied"})
-else:
- response.respond(500, {'message': "No path_info supplied"})
+ response.respond(500, {'message': "No path_info supplied"})
