Re: How to add local web modules for Invenio 1.1.x

Fri, 30 Nov 2012 04:44:45 -0800 

Hi Alexander,

In data venerdì 30 novembre 2012 12:55:25, Alexander Wagner ha scritto:
> Are you sure taht you want to execute a script based on the parameters
> passed on in the req-object? 

I thought Ferran was trying to retrieve the name of the very same script being 
executed, not of a script specified on the request, but maybe I was mistaken!

Meanwhile, since you posted your nice example of code, may I give some advices 
of best practices that might not be obvious, and could be useful to other 
developers wishing to extend Invenio?

> def index(req, f=None, doi=None, c=CFG_SITE_NAME, ln=CFG_SITE_LANG):
>      """
>      This interface should get parameters by URL and return names
>      """
>      uid     = getUid(req)
>      docroot = req.subprocess_env['DOCUMENT_ROOT']
> 
>      # TODO these configs shouldn't live here!
>      perl        = '/usr/bin/perl'
>      scriptpath  = docroot+'/cgi-bin/'

Note that the docroot is always available in invenio.config.CFG_WEBDIR, 
together with other common Invenio paths, such as: CFG_ETCDIR, CFG_PYLIBDIR, 
CFG_TMPDIR, CFG_LOGDIR. CFG_BINDIR, CFG_LOCALEDIR, CFG_CACHEDIR...
 
>      # define functions that are allowed for the f= parameter and give a
>      # full definition on how to call them. Surely, we don't want to
>      # allow a call of any system function ;)
>      functions   = {
>        'GenMetadata.pl' : scriptpath + 'GenMetadata.pl',
>        'AUTISearch.pl'  : scriptpath + 'AUTISearch.pl',
>        'GVKSearch.pl'   : scriptpath + 'GVKSearch.pl'
>      }
> 
>      # require a login, ie a uid > 0 to work
>      # TODO actually we'd like to check if we come from a submit and at
>      # the end of the day we'd like not to allow to many calls from a
>      # single submit either. We do not want to be a relay.
>      result = ''
>      if uid > 0:

Beware that uid > 0 is not a guarantee that your user is authenticated. That 
depends on the variable CFG_WEBSESSION_DIFFERENTIATE_BETWEEN_GUESTS. The best 
way to check if a user is a guest is to use invenio.webuser.isGuestUser(uid) 
or to use the swiss-army-knife invenio.webuser.collect_user_info(req), which 
will return a dictionary with all sorts of information about the user, 
including a key "guest" which will say "1" if the user is guest or "0" 
otherwise (as a string).

Cheers!!
        Sam
-- 
Samuele Kaplun
Invenio Developer ** <http://invenio-software.org/>

Reply via email to