[web2py] Re: Key query support in Google App Engine

[Christian Foster Howes]

Did some more testing today...i left out the corrections for orderby. 
the attached patch includes that bit as well.  sorry for the extra file.


i don't think there are any other clauses that you can put ID in, is 
that correct?


also, if anyone is using GAE development server with sqlite, key queries 
don't work properly there (spent 4 hours trying to figure out what i 
messed up to find out that others reported it as a bug to google).


christian

On 06/09/2010 08:54 PM, Christian Foster Howes wrote:

Hi all,

attached is a patch for gql.py. Please review and Massimo, if people
like this, can we add it to trunk?

what does it do? it allows you to do key queries on Google App Engine.
this means that you can now perform all ID queries on tables in google
app engine. for example:

belongs = db(db.test_tbl.id.belongs([69126,69127])).select()
eq = db(db.test_tbl.id==69126).select()
neq = db(db.test_tbl.id!=69126).select()
lt = db(db.test_tbl.id<69126).select()
gt = db(db.test_tbl.id>69126).select()
lte = db(db.test_tbl.id<=69126).select()
gte = db(db.test_tbl.id>=69126).select()
all = db(db.test_tbl.id>0).select()

it also adds "__key__" to _extra on each row in the result...just in
case you really wanted to see that google key.

if i missed some test cases please let me know and i'll verify them as
well.

thanks!

Christian
diff -r e21076a9427b gluon/contrib/gql.py
--- a/gluon/contrib/gql.py	Thu Jun 10 22:48:53 2010 -0500
+++ b/gluon/contrib/gql.py	Fri Jun 11 00:29:17 2010 -0700
@@ -27,6 +27,7 @@
 import gluon.sql
 from new import classobj
 from google.appengine.ext import db as gae
+from google.appengine.api.datastore_types import Key
 
 MAX_ITEMS = 1000 # GAE main limitation
 
@@ -297,7 +298,7 @@
 
 def __or__(self, other):  # for use in sortby
 assert_filter_fields(self, other)
-return Expression(self.name + '|' + other.name, None, None)
+return Expression(self.name if self.type!='id' else '__key__' + '|' + other.name if other.type!='id' else '__key__', None, None)
 
 def __invert__(self):
 assert_filter_fields(self)
@@ -532,11 +533,24 @@
 assert_filter_fields(left)
 if left.type == 'id':
 try:
-right = long(right or 0)
+if type(right) == list:
+#make this work for belongs
+right = [long(r) for r in right]
+else:
+right = long(right or 0)
 except ValueError:
 raise SyntaxError, 'id value must be integer: %s' % id
-if not (op == '=' or (op == '>' and right == 0)):
-raise RuntimeError, '(field.id  value) is not supported on GAE'
+if op != '=' and not (op == '>' and right == 0):
+#get key (or keys) based on path.  Note if we later support
+# ancesters this will not be the proper key for items with
+# ancesters.
+#in GAE (with no ancesters) the key is base64 encoded
+# "table_name: id=".  GAE decodes the string and compares
+# the id
+if op=='IN':
+right = [Key.from_path(left._tablename, r) for r in right]
+else:
+right = Key.from_path(left._tablename, right)
 elif op=='IN':
 right = [dateobj_to_datetime(obj_represent(r, left.type, left._db)) \
  for r in right]
@@ -634,20 +648,29 @@
 self.where = Query(fields[0].table.id,'>',0)
 for filter in self.where.filters:
 if filter.all():
+#this is id > 0
 continue
 elif filter.one() and filter.right<=0:
+#this is id == 0
 items = []
 elif filter.one():
+#this is id == x
 item = self._db[tablename]._tableobj.get_by_id(filter.right)
 items = (item and [item]) or []
 elif isinstance(items,list):
-(name, op, value) = (filter.left.name, filter.op, filter.right)
+(name, op, value) = \
+   (filter.left.name if filter.left.type!='id' else '__key__',
+filter.op, filter.right)
 if op == '=': op = '=='
 if op == 'IN': op = 'in'
 items = [item for item in items \
  if eval("getattr(item,'%s') %s %s" % (name, op, repr(value)))]
 else:
-(name, op, value) = (filter.left.name, filter.op, filter.right)
+(name, op, value) = \
+   (filter.left.name if filter.left.type!='id' else '__key__',
+filter.op, filter.right)
+if filter.left.type=='id':
+items.order("__key__")

[web2py] Uploading files

[Kenneth]

Hello,

in my application there is a need for users to add there own pages and
an a page you should be able to upload files (Word, Excel), multiple
files.

So instead of defining "Field('picture','upload',default=''))" in my
page table I made a own table just for the files.

First I didn´t have the file uploading feature so the form to make a
new page is made with "form = SQLFORM(db.page, ."

To get the upload file option when creating the page I put
  


  

and
if (request.vars.page_file != ""):
page_file_id = db.page_files.insert(
file = request.vars.page_file,
description = request.vars.file_desc,
page = form.vars.id)

This doesn´t work, the database i populate but wrongly I think.

The problem is I think in the HTML code.

When reading the examples I found this text: "Remember the
upload=URL(...'download'...) statement in the register_dog function.",
but when reading the register_dog function I couldn´t find the
statement.

Any exemples how to do this?


Kenneth

[web2py] Client Tools Application corrupt on web2py Version 1.79.2 ?

[AsmanCom]

Hi,

it seems that Client Tools wont work anymore on web2py Version 1.79.2:

Traceback (most recent call last):
  File "gluon/restricted.py", line 178, in restricted
  File "D:/web2py/applications/clienttools/controllers/default.py",
line 265, in 
  File "gluon/globals.py", line 96, in 
  File "D:/web2py/applications/clienttools/controllers/default.py",
line 147, in jqueryui_slider
  File "D:\web2py\applications\clienttools\modules\clienttools.py",
line 307, in __call__
  File "D:\web2py\applications\clienttools\modules\clienttools.py",
line 292, in __str__
  File "D:\web2py\applications\clienttools\modules\clienttools.py",
line 293, in __str__
  File "D:\web2py\applications\clienttools\modules\clienttools.py",
line 288, in encode
AttributeError: 'function' object has no attribute 'dumps'

Is there any known workaround?

THX

Dieter Asman

[web2py] Re: Decoding problem - UTF8

[Felipe]

Just got the problem solved !

It is kind of cheating but i works..

here is the code

def dic_lista(lista):
for i in range(len(lista)):
for key in lista[i]:
try:
lista[i][key] = lista[i][key].decode('utf8')
except:
#lista[i][key] = lista[i][key]
return lista

when I do a select() in the database, I use the
dic_lista(select_result.as_list())

anyone has a fancier workaround? please tell me !


On Jun 8, 11:43 am, Felipe  wrote:
> I tried with sqlite, just like you now... and I got
>
> test├®
>
> from de database...
>
> On Jun 8, 11:16 am, mdipierro  wrote:
>
>
>
> > I just run this and it works with sqlite. I did not yet have a chance
> > to try it with postgresql.
>
> > # -*- coding: utf-8 -
> > *-
> > db.define_table('test',Field('name'))
> > db.test.insert(name='testé')
> > print db(db.test.id>0).select()
>
> > and it works fine with me. I cannot reproduce your problem which
>
> > On Jun 8, 7:36 am, Felipe  wrote:
>
> > > xmlrpclib.Fault:  > > 'exceptions.UnicodeDecodeError'>:'ascii' codec
> > >  can't decode byte 0xc3 in position 4: ordinal not in range(128)">
>
> > > same problem ...
>
> > > On Jun 7, 3:17 pm, mdipierro  wrote:
>
> > > > hmmm, please try
>
> > > > bd[tab].insert(nome=u'testé')
>
> > > > or
>
> > > > bd[tab].insert(nome='testé'.encode('utf8'))
>
> > > > On Jun 7, 9:49 am, Felipe  wrote:
>
> > > > > Hi,
>
> > > > > I'm having problems with UTF8 words and databases...
>
> > > > > Now I'm using postgres with web2py. I used a xml-rpc script, just for
> > > > > testing, to insert into a table the word 'testé', apparently
> > > > > everything worked well, but when I try to get the info from the table
> > > > > I receive an error, 'cant decode unicode byte ... something', so i
> > > > > went to the postgres comand line and did
>
> > > > > select * from table;
>
> > > > > and i got a testÚ in the table...
>
> > > > > the database is using correct utf8, i know that web2py is also all
> > > > > utf8 and the xml-rpc also used utf8
>
> > > > > here it is come source code
>
> > > > > id = bd[tab].insert(nome='testé')
> > > > >         try:
> > > > >                 bd.commit()
> > > > >                 retorno = 1
> > > > >         except:
> > > > >                 retorno = 0
> > > > >         return retorno

[web2py] checking if table exists in database

[mika]

hi i would like to make my application generate database at startup
(sth like first run) - i mean generating automatically all needed
relations (hardcoded)..
on startup i would like to check if database was prepared before

How to achieve this? what to do with migration?
i though about such code (doesn't work) in db.py


if 'places' in db.tables: #that means db was created before
print "Loading Database..."
GLOBAL_MIGRATE=False #tables already exists
else:
print "This is first run, database is not prepared! Generating
it..." # create tables
GLOBAL_MIGRATE=True
#and below put all necessary data to tables


i use GLOBAL_MIGRATE to set migrate on all tables.

[web2py] fresh from http://code.google.com/p/web2py/

[szimszon]

validators.py:
376: groupby = self.groupby or reduce(lambda a,b:a|b,self.fields)


Traceback (most recent call last):
  File "/home/szimszon/fejlesztes/sajat/web2py/gluon/restricted.py",
line 178, in restricted
exec ccode in environment
  File "/home/szimszon/fejlesztes/sajat/web2py/applications/test/
controllers/appadmin.py", line 410, in 
  File "/home/szimszon/fejlesztes/sajat/web2py/gluon/globals.py", line
96, in 
self._caller = lambda f: f()
  File "/home/szimszon/fejlesztes/sajat/web2py/applications/test/
controllers/appadmin.py", line 124, in insert
form = SQLFORM(db[table], ignore_rw=ignore_rw)
  File "/home/szimszon/fejlesztes/sajat/web2py/gluon/sqlhtml.py", line
696, in __init__
inp = self.widgets.options.widget(field, default)
  File "/home/szimszon/fejlesztes/sajat/web2py/gluon/sqlhtml.py", line
187, in widget
options = requires[0].options()
  File "/home/szimszon/fejlesztes/sajat/web2py/gluon/validators.py",
line 394, in options
self.build_set()
  File "/home/szimszon/fejlesztes/sajat/web2py/gluon/validators.py",
line 376, in build_set
groupby = self.groupby or reduce(lambda a,b:a|b,self.fields)
  File "/home/szimszon/fejlesztes/sajat/web2py/gluon/validators.py",
line 376, in 
groupby = self.groupby or reduce(lambda a,b:a|b,self.fields)
TypeError: unsupported operand type(s) for |: 'str' and 'str'

[web2py] problem in processing form fields in array

[lameck.kassana]

Hi, Everybody
I was working on one of my application, and I need to create the form
in which user can add fields ( in row of table dynamically) .I did
manage to implement it by javascript  and user can delete and add
fields in form dyanmically.
Then my problem comes in my controller how to read this form from
list( or array).

Example I can heve

   
   


Please can any ine help me!!

[web2py] Re: Support for conversation?

[pierreth]

On 11 juin, 01:14, mdipierro  wrote:
> yes but people don't just navigate by submitting forms. they also
> navigate by clicking links. The only way to keep a conversation would
> be to store a token in request.args(0) and keep it there in all links.
> Still the conversation is fragile and ends if the user types in a url
> without the token.
>

The navigation of a conversation is made with forms using posts and
redirects so there are no arguments used because there is no get. If
the user click a link or enter a new url he can return to the
conversation using the back button (the page must comes from the
browser's cache to get the value of the hidden field). If the user
returns to the conversation by typing the url of the page of the
conversation he has left, then the hidden field is not there to tell
which conversation is active. In that case, the user is redirect to
the first page of the conversation. There he can start a brand new
conversation or he can continue an older conversation if the page
lists all the available  conversations to join in.

If the user close a window during a conversation, a Javascript call
may end the conversation.


> On Jun 11, 12:04 am, Thadeus Burgess  wrote:
>
> > That is where the hidden input field with a custom hash comes into
> > play I think?

Yes, this is the purpose of the hidden field.

[web2py] Re: Uploading files

[mdipierro]

Why not use the web2py way...

in controller

form=crud.create(db.page)
return dict(form=form)

and in view

   {{=form}}

You code does not work because:

- request.vars.file contains a cgi.FieldStorage object and you cannot
put that id the database
- the the actual file has to be streamed in, safely renamed to avoid
directory traversals, stored on file, the name only goes in the
database
- you use form.vars.id. That is only created by web2py after calling
the form.accepts function, i.e. after insert.

On Jun 11, 3:28 am, Kenneth  wrote:
> Hello,
>
> in my application there is a need for users to add there own pages and
> an a page you should be able to upload files (Word, Excel), multiple
> files.
>
> So instead of defining "Field('picture','upload',default=''))" in my
> page table I made a own table just for the files.
>
> First I didn´t have the file uploading feature so the form to make a
> new page is made with "form = SQLFORM(db.page, ."
>
> To get the upload file option when creating the page I put
>   
>     
>      type="file" />
>   
>
> and
>         if (request.vars.page_file != ""):
>             page_file_id = db.page_files.insert(
>                 file = request.vars.page_file,
>                 description = request.vars.file_desc,
>                 page = form.vars.id)
>
> This doesn´t work, the database i populate but wrongly I think.
>
> The problem is I think in the HTML code.
>
> When reading the examples I found this text: "Remember the
> upload=URL(...'download'...) statement in the register_dog function.",
> but when reading the register_dog function I couldn´t find the
> statement.
>
> Any exemples how to do this?
>
> Kenneth

[web2py] Re: Support for conversation?

[szimszon]

This conversation thing could be handy for my inventory app... I just
made use of session but the user starting new conversations to get the
info to continue the original... after that we can't trust the info in
session. ... :-o

On jún. 11, 15:10, pierreth  wrote:
> On 11 juin, 01:14, mdipierro  wrote:
>
> > yes but people don't just navigate by submitting forms. they also
> > navigate by clicking links. The only way to keep a conversation would
> > be to store a token in request.args(0) and keep it there in all links.
> > Still the conversation is fragile and ends if the user types in a url
> > without the token.
>
> The navigation of a conversation is made with forms using posts and
> redirects so there are no arguments used because there is no get. If
> the user click a link or enter a new url he can return to the
> conversation using the back button (the page must comes from the
> browser's cache to get the value of the hidden field). If the user
> returns to the conversation by typing the url of the page of the
> conversation he has left, then the hidden field is not there to tell
> which conversation is active. In that case, the user is redirect to
> the first page of the conversation. There he can start a brand new
> conversation or he can continue an older conversation if the page
> lists all the available  conversations to join in.
>
> If the user close a window during a conversation, a Javascript call
> may end the conversation.
>
> > On Jun 11, 12:04 am, Thadeus Burgess  wrote:
>
> > > That is where the hidden input field with a custom hash comes into
> > > play I think?
>
> Yes, this is the purpose of the hidden field.

[web2py] Re: fresh from http://code.google.com/p/web2py/

[mdipierro]

somewhere you have

orderby='table.field'|'table.field'

 instead of

orderby=db.table.field|db.table.field

On Jun 11, 7:25 am, szimszon  wrote:
> validators.py:
> 376: groupby = self.groupby or reduce(lambda a,b:a|b,self.fields)
>
> Traceback (most recent call last):
>   File "/home/szimszon/fejlesztes/sajat/web2py/gluon/restricted.py",
> line 178, in restricted
>     exec ccode in environment
>   File "/home/szimszon/fejlesztes/sajat/web2py/applications/test/
> controllers/appadmin.py", line 410, in 
>   File "/home/szimszon/fejlesztes/sajat/web2py/gluon/globals.py", line
> 96, in 
>     self._caller = lambda f: f()
>   File "/home/szimszon/fejlesztes/sajat/web2py/applications/test/
> controllers/appadmin.py", line 124, in insert
>     form = SQLFORM(db[table], ignore_rw=ignore_rw)
>   File "/home/szimszon/fejlesztes/sajat/web2py/gluon/sqlhtml.py", line
> 696, in __init__
>     inp = self.widgets.options.widget(field, default)
>   File "/home/szimszon/fejlesztes/sajat/web2py/gluon/sqlhtml.py", line
> 187, in widget
>     options = requires[0].options()
>   File "/home/szimszon/fejlesztes/sajat/web2py/gluon/validators.py",
> line 394, in options
>     self.build_set()
>   File "/home/szimszon/fejlesztes/sajat/web2py/gluon/validators.py",
> line 376, in build_set
>     groupby = self.groupby or reduce(lambda a,b:a|b,self.fields)
>   File "/home/szimszon/fejlesztes/sajat/web2py/gluon/validators.py",
> line 376, in 
>     groupby = self.groupby or reduce(lambda a,b:a|b,self.fields)
> TypeError: unsupported operand type(s) for |: 'str' and 'str'

[web2py] Re: checking if table exists in database

[mdipierro]

if you set migrate=True web2py does the check for you and eventually
creates tables. It can only detect tables if they were created by
web2py itself since it uses metadata for that purpose.

On Jun 11, 7:25 am, mika  wrote:
> hi i would like to make my application generate database at startup
> (sth like first run) - i mean generating automatically all needed
> relations (hardcoded)..
> on startup i would like to check if database was prepared before
>
> How to achieve this? what to do with migration?
> i though about such code (doesn't work) in db.py
>
> if 'places' in db.tables: #that means db was created before
>     print "Loading Database..."
>     GLOBAL_MIGRATE=False #tables already exists
> else:
>     print "This is first run, database is not prepared! Generating
> it..." # create tables
>     GLOBAL_MIGRATE=True
>     #and below put all necessary data to tables
>
> i use GLOBAL_MIGRATE to set migrate on all tables.

[web2py] Permission Denied error when updating field

[Aaron Crowe]

I'm working on an application that takes a Turtle Art (.ta) file, runs
it, creates a .png of the result, and displays it in a table. So far I
can create the .png and it's placed in the uploads folder with the
same name as the original .ta file but when i try to run

session.new_image = form.vars.file
session.new_image_title = form.vars.title

file_name_length = len(session.new_image)
os.system('python applications/turtle_art_images/modules/
PngGenerator.py applications/turtle_art_images/
uploads/'+session.new_image)
 
db(db.comment.title==session.new_image_title).update(newimage=os.system('applications/
turtle_art_images/uploads/'+session.new_image[0:(file_name_length-2)]
+'png'))
return dict()

where form.vars.file is the uploaded .ta file

I get the errors:

ERROR:Rocket.Errors.ThreadPool:Traceback (most recent call last):
  File "/home/acrowe/lib/python/web2py/gluon/rocket.py", line 297, in
start
listeners = [poll_dict[x[0]] for x in poll.poll(POLL_TIMEOUT)]
IOError: [Errno 4] Interrupted system call

sh: applications/turtle_art_images/uploads/
comment.file.b6b8aa42563d3b8c.747572746c65617274746573742e7461.png:
Permission denied
ERROR:Rocket.Errors.ThreadPool:Traceback (most recent call last):
  File "/home/acrowe/lib/python/web2py/gluon/rocket.py", line 297, in
start
listeners = [poll_dict[x[0]] for x in poll.poll(POLL_TIMEOUT)]
IOError: [Errno 4] Interrupted system call


and I'm totally lost as to why. Any ideas?

[web2py] Re: Uploading files

[Kenneth]

> in controller
> form=crud.create(db.page)
> return dict(form=form)

Is this possible with two tables? I have two tables, page and
page_files, the page is stored in page and all files in page_files as
one page can have many files.

> - you use form.vars.id. That is only created by web2py after calling
> the form.accepts function, i.e. after insert.

It worked nicely because I did the testing while editing the page not
adding. But nice to know.

[web2py] Re: Client Tools Application corrupt on web2py Version 1.79.2 ?

[mr.freeze]

I think you're using an older version. Can you clear your browser
cache and try again. My apache cache rules may not be working
properly.

On Jun 11, 4:32 am, AsmanCom  wrote:
> Hi,
>
> it seems that Client Tools wont work anymore on web2py Version 1.79.2:
>
> Traceback (most recent call last):
>   File "gluon/restricted.py", line 178, in restricted
>   File "D:/web2py/applications/clienttools/controllers/default.py",
> line 265, in 
>   File "gluon/globals.py", line 96, in 
>   File "D:/web2py/applications/clienttools/controllers/default.py",
> line 147, in jqueryui_slider
>   File "D:\web2py\applications\clienttools\modules\clienttools.py",
> line 307, in __call__
>   File "D:\web2py\applications\clienttools\modules\clienttools.py",
> line 292, in __str__
>   File "D:\web2py\applications\clienttools\modules\clienttools.py",
> line 293, in __str__
>   File "D:\web2py\applications\clienttools\modules\clienttools.py",
> line 288, in encode
> AttributeError: 'function' object has no attribute 'dumps'
>
> Is there any known workaround?
>
> THX
>
> Dieter Asman

[web2py] Re: Uploading files

[mdipierro]

If I understand the question... you can have two or more forms

form1=crud.create(db.table)
form2=crud.create(db.table_file)
return dict(form1=form1,form2=form2)

as long as the forms are about different tables. Else you have to use
SQLFORM and in accept give the forms different formname(s).


On Jun 11, 9:15 am, Kenneth  wrote:
> > in controller
> >         form=crud.create(db.page)
> >         return dict(form=form)
>
> Is this possible with two tables? I have two tables, page and
> page_files, the page is stored in page and all files in page_files as
> one page can have many files.
>
> > - you use form.vars.id. That is only created by web2py after calling
> > the form.accepts function, i.e. after insert.
>
> It worked nicely because I did the testing while editing the page not
> adding. But nice to know.

Re: [web2py] Permission Denied error when updating field

[Doug Warren]

As mentioned in irc, you're trying to execute the image as a command,
from the python os.system documentation:
os.system(command)

Execute the command (a string) in a subshell. This is implemented
by calling the Standard C function system(), and has the same
limitations. Changes to sys.stdin, etc. are not reflected in the
environment of the executed command.

I believe you just want
db(db.comment.title==session.new_image_title).update(newimage =
'applications/turtle_art_images/uplodates/%s.png' %
session.new_image[:-3])


On Fri, Jun 11, 2010 at 7:00 AM, Aaron Crowe  wrote:
> I'm working on an application that takes a Turtle Art (.ta) file, runs
> it, creates a .png of the result, and displays it in a table. So far I
> can create the .png and it's placed in the uploads folder with the
> same name as the original .ta file but when i try to run
>
>    session.new_image = form.vars.file
>    session.new_image_title = form.vars.title
>
>    file_name_length = len(session.new_image)
>    os.system('python applications/turtle_art_images/modules/
> PngGenerator.py applications/turtle_art_images/
> uploads/'+session.new_image)
>
> db(db.comment.title==session.new_image_title).update(newimage=os.system('applications/
> turtle_art_images/uploads/'+session.new_image[0:(file_name_length-2)]
> +'png'))
>    return dict()
>
> where form.vars.file is the uploaded .ta file
>
> I get the errors:
>
> ERROR:Rocket.Errors.ThreadPool:Traceback (most recent call last):
>  File "/home/acrowe/lib/python/web2py/gluon/rocket.py", line 297, in
> start
>    listeners = [poll_dict[x[0]] for x in poll.poll(POLL_TIMEOUT)]
> IOError: [Errno 4] Interrupted system call
>
> sh: applications/turtle_art_images/uploads/
> comment.file.b6b8aa42563d3b8c.747572746c65617274746573742e7461.png:
> Permission denied
> ERROR:Rocket.Errors.ThreadPool:Traceback (most recent call last):
>  File "/home/acrowe/lib/python/web2py/gluon/rocket.py", line 297, in
> start
>    listeners = [poll_dict[x[0]] for x in poll.poll(POLL_TIMEOUT)]
> IOError: [Errno 4] Interrupted system call
>
>
> and I'm totally lost as to why. Any ideas?

Re: [web2py] Re: simplejson -- wasn't this resolved?

[Thadeus Burgess]

Sure.

Worked.

Installed simplejson with

sudo easy_install simplejson

Then get this traceback

It seems that the version in contrib is importing from simplejson
expecting its local version of the files, but instead it is pulling it
down from the site-packages.

--
Thadeus





On Fri, Jun 11, 2010 at 12:55 AM, mdipierro  wrote:
> it is not the same problem. Can you help debug?
>
> On Jun 11, 12:38 am, Thadeus Burgess  wrote:
>> Traceback (most recent call last):
>>   File "/home/thadeusb/sites/thadeusb.com/subdomains/odyssey/wsgihandler.py",
>> line 27, in 
>>     import gluon.main
>>   File "gluon/main.py", line 34, in 
>>     from globals import Request, Response, Session
>>   File "gluon/globals.py", line 18, in 
>>     from compileapp import run_view_in
>>   File "gluon/compileapp.py", line 28, in 
>>     from sql import SQLDB, SQLField, DAL, Field
>>   File "gluon/sql.py", line 43, in 
>>     from serializers import json
>>   File "gluon/serializers.py", line 9, in 
>>     import contrib.simplejson as simplejson
>>   File "gluon/contrib/simplejson/__init__.py", line 238, in 
>>     _default_decoder = JSONDecoder(encoding=None, object_hook=None)
>>   File "gluon/contrib/simplejson/decoder.py", line 322, in __init__
>>     self.scan_once = make_scanner(self)
>> AttributeError: 'JSONDecoder' object has no attribute 'object_pairs_hook'
>>
>> I have to have simplejson installed in the system wide site-packages.
>>
>> --
>> Thadeus
>

[web2py] Re: Support for conversation?

[pierreth]

On 11 juin, 09:42, szimszon  wrote:
> This conversation thing could be handy for my inventory app... I just
> made use of session but the user starting new conversations to get the
> info to continue the original... after that we can't trust the info in
> session. ... :-o

Yes, it is exactly the problem it solves.

[web2py] Re: Support for conversation?

[pierreth]

On 11 juin, 01:14, mdipierro  wrote:
> The only way to keep a conversation would
> be to store a token in request.args(0) and keep it there in all links.
> Still the conversation is fragile and ends if the user types in a url
> without the token.

An url parameter of a get request with the session id could be a way
to return to a conversation after the display of a popup window (to
give the user some info for example). This a useful feature to support
while using a conversation.

[web2py] Apache or routes.py rewrite across domains

[Doug Warren]

I have a rather interesting situation that came up yesterday.

An OAuth callback is statically set to domain2.com/appname however all
other web2py apps are hosted out of http://web2py.domain1.com/appname

So I have an Apache config like:


DocumentRoot "/home/domain1"
ServerName web2py.domain1.com

ProxyPass / http://127.0.0.1:8000/
ProxyPassReverse / /

that's been around for months, and to this I added:



DocumentRoot "/home/domain2"
ServerName mail.domain2.com
ServerAlias www.domain2.com domain2.com

ProxyPass /appname http://127.0.0.1:8000/appname
ProxyPassReverse /appname http://127.0.0.1:8000/appname


The problem came from what happens when I hit an error, the link to
the cookie when I'm logged in looks something like:
http://www.domain2.com/admin/appadmin/...
But the /admin app isn't mapped to domain2.com.  What's a simple
rewrite I can do to get it back to
http://web2py.domain1.com/admin/appadmin/ ?

[web2py] Re: upload file -- lot of file in one directory

[weheh]

Once assigned, the user_id that my app creates is never changed. I
would use the auth.user.id field, but I don't like the fact that it's
sequential and therefore, easily guessed. I doubt that uploads can be
hacked easily since you did such a good job with security.
Nevertheless, I prefer to have an additional layer of obfuscation by
having an encrypted user_id.

On Jun 10, 11:32 pm, mdipierro  wrote:
> The problem with this is that the, I assume, tha database links the
> uploaded filename to the user_id and therefore you need to access the
> database to locate the file. That is ok until the database changes and
> somebody edits the user_id. Than you can no longer locate the file.
>
> On Jun 10, 7:36 am, weheh  wrote:
>
>
>
> > I think I'm dealing with the same situation, however, I'm going about
> > it a little differently. I'm storing files in
>
> > uploads/users/user_id/filename
>
> > My user_id is a cypher of characters [A-Z][a-z][0-9] with a length
> > anywhere from 8 to 12 characters or so. The filename is another cypher
> > created automatically by web2py, following the table.field approach.
>
> > One thing I'm thinking about is taking the user/user_id/filename
> > structure entirely outside of web2py. The reason is that my server has
> > 2 disk partitions and I might want to have these files resident under
> > C:/ or D:/   Another reason is that I might want to gradually move
> > these files to the cloud or another server. I'm wondering whether this
> > is reasonable and even possible to do from within a web2py app working
> > around the web2py way.- Hide quoted text -
>
> - Show quoted text -

[web2py] possible bug in new IS_IN_DB groupby

[mr.freeze]

I get this on an app that worked before (running trunk):

Traceback (most recent call last):
  File "C:\Users\freeze\workspace\web2py\gluon\restricted.py", line
178, in restricted
exec ccode in environment
  File "C:/Users/freeze/workspace/web2py/applications/widgets/
controllers/default.py", line 129, in 
  File "C:\Users\freeze\workspace\web2py\gluon\globals.py", line 96,
in 
self._caller = lambda f: f()
  File "C:/Users/freeze/workspace/web2py/applications/widgets/
controllers/default.py", line 40, in autocomplete_local
form = SQLFORM(db.things)
  File "C:\Users\freeze\workspace\web2py\gluon\sqlhtml.py", line 696,
in __init__
inp = self.widgets.options.widget(field, default)
  File "C:\Users\freeze\workspace\web2py\gluon\sqlhtml.py", line 187,
in widget
options = requires[0].options()
  File "C:\Users\freeze\workspace\web2py\gluon\validators.py", line
394, in options
self.build_set()
  File "C:\Users\freeze\workspace\web2py\gluon\validators.py", line
376, in build_set
groupby = self.groupby or reduce(lambda a,b:a|b,self.fields)
  File "C:\Users\freeze\workspace\web2py\gluon\validators.py", line
376, in 
groupby = self.groupby or reduce(lambda a,b:a|b,self.fields)
TypeError: unsupported operand type(s) for |: 'str' and 'str'

[web2py] error in trunk

[Jose]

Hello,

The next model is broken by a change in the trunk.

db.define_table('TA',
Field('f1'),
Field('f2'),
format='%(f1)s'
)

db.define_table('TB',
Field('f1'),
Field('f2', db.TA),
)

controller:

def test():
   form=crud.create(db.TB)

error:

Traceback (most recent call last):
  File "/usr/home/jose/web2py/gluon/restricted.py", line 178, in
restricted
exec ccode in environment
  File "/usr/home/jose/web2py/applications/py_ccu/controllers/
appadmin.py", line 410, in 
  File "/usr/home/jose/web2py/gluon/globals.py", line 96, in 
self._caller = lambda f: f()
  File "/usr/home/jose/web2py/applications/py_ccu/controllers/
appadmin.py", line 124, in insert
form = SQLFORM(db[table], ignore_rw=ignore_rw)
  File "/usr/home/jose/web2py/gluon/sqlhtml.py", line 696, in __init__
inp = self.widgets.options.widget(field, default)
  File "/usr/home/jose/web2py/gluon/sqlhtml.py", line 187, in widget
options = requires[0].options()
  File "/usr/home/jose/web2py/gluon/validators.py", line 394, in
options
self.build_set()
  File "/usr/home/jose/web2py/gluon/validators.py", line 376, in
build_set
groupby = self.groupby or reduce(lambda a,b:a|b,self.fields)
  File "/usr/home/jose/web2py/gluon/validators.py", line 376, in

groupby = self.groupby or reduce(lambda a,b:a|b,self.fields)
TypeError: unsupported operand type(s) for |: 'str' and 'str'

[web2py] Internal error

[Cory Coager]

Getting this on an initial setup of web2py trying to load the welcome
application.  Not much in the logs...

[Fri Jun 11 12:45:39 2010] [notice] mod_python (pid=3793,
interpreter='example.com'): Importing module '/path/to/
modpythonhandler.py'
[Fri Jun 11 12:45:39 2010] [notice] mod_python (pid=3793,
interpreter='example.com'): Importing module '/path/to/
web2py_modpython.py'
  File "/path/to/applications/welcome/models/db.py", line 15, in ?

Re: [web2py] Re: upload file -- lot of file in one directory

[Thadeus Burgess]

@auth.requires_login()
def download():


problem solved.

--
Thadeus





On Fri, Jun 11, 2010 at 2:11 PM, weheh  wrote:
> Once assigned, the user_id that my app creates is never changed. I
> would use the auth.user.id field, but I don't like the fact that it's
> sequential and therefore, easily guessed. I doubt that uploads can be
> hacked easily since you did such a good job with security.
> Nevertheless, I prefer to have an additional layer of obfuscation by
> having an encrypted user_id.
>
> On Jun 10, 11:32 pm, mdipierro  wrote:
>> The problem with this is that the, I assume, tha database links the
>> uploaded filename to the user_id and therefore you need to access the
>> database to locate the file. That is ok until the database changes and
>> somebody edits the user_id. Than you can no longer locate the file.
>>
>> On Jun 10, 7:36 am, weheh  wrote:
>>
>>
>>
>> > I think I'm dealing with the same situation, however, I'm going about
>> > it a little differently. I'm storing files in
>>
>> > uploads/users/user_id/filename
>>
>> > My user_id is a cypher of characters [A-Z][a-z][0-9] with a length
>> > anywhere from 8 to 12 characters or so. The filename is another cypher
>> > created automatically by web2py, following the table.field approach.
>>
>> > One thing I'm thinking about is taking the user/user_id/filename
>> > structure entirely outside of web2py. The reason is that my server has
>> > 2 disk partitions and I might want to have these files resident under
>> > C:/ or D:/   Another reason is that I might want to gradually move
>> > these files to the cloud or another server. I'm wondering whether this
>> > is reasonable and even possible to do from within a web2py app working
>> > around the web2py way.- Hide quoted text -
>>
>> - Show quoted text -
>

[web2py] Re: possible bug in new IS_IN_DB groupby

[mdipierro]

fixed now.

On 11 Giu, 14:31, "mr.freeze"  wrote:
> I get this on an app that worked before (running trunk):
>
> Traceback (most recent call last):
>   File "C:\Users\freeze\workspace\web2py\gluon\restricted.py", line
> 178, in restricted
>     exec ccode in environment
>   File "C:/Users/freeze/workspace/web2py/applications/widgets/
> controllers/default.py", line 129, in 
>   File "C:\Users\freeze\workspace\web2py\gluon\globals.py", line 96,
> in 
>     self._caller = lambda f: f()
>   File "C:/Users/freeze/workspace/web2py/applications/widgets/
> controllers/default.py", line 40, in autocomplete_local
>     form = SQLFORM(db.things)
>   File "C:\Users\freeze\workspace\web2py\gluon\sqlhtml.py", line 696,
> in __init__
>     inp = self.widgets.options.widget(field, default)
>   File "C:\Users\freeze\workspace\web2py\gluon\sqlhtml.py", line 187,
> in widget
>     options = requires[0].options()
>   File "C:\Users\freeze\workspace\web2py\gluon\validators.py", line
> 394, in options
>     self.build_set()
>   File "C:\Users\freeze\workspace\web2py\gluon\validators.py", line
> 376, in build_set
>     groupby = self.groupby or reduce(lambda a,b:a|b,self.fields)
>   File "C:\Users\freeze\workspace\web2py\gluon\validators.py", line
> 376, in 
>     groupby = self.groupby or reduce(lambda a,b:a|b,self.fields)
> TypeError: unsupported operand type(s) for |: 'str' and 'str'

[web2py] Re: error in trunk

[mdipierro]

fixed

On 11 Giu, 14:39, Jose  wrote:
> Hello,
>
> The next model is broken by a change in the trunk.
>
> db.define_table('TA',
>     Field('f1'),
>     Field('f2'),
>     format='%(f1)s'
> )
>
> db.define_table('TB',
>     Field('f1'),
>     Field('f2', db.TA),
> )
>
> controller:
>
> def test():
>    form=crud.create(db.TB)
>
> error:
>
> Traceback (most recent call last):
>   File "/usr/home/jose/web2py/gluon/restricted.py", line 178, in
> restricted
>     exec ccode in environment
>   File "/usr/home/jose/web2py/applications/py_ccu/controllers/
> appadmin.py", line 410, in 
>   File "/usr/home/jose/web2py/gluon/globals.py", line 96, in 
>     self._caller = lambda f: f()
>   File "/usr/home/jose/web2py/applications/py_ccu/controllers/
> appadmin.py", line 124, in insert
>     form = SQLFORM(db[table], ignore_rw=ignore_rw)
>   File "/usr/home/jose/web2py/gluon/sqlhtml.py", line 696, in __init__
>     inp = self.widgets.options.widget(field, default)
>   File "/usr/home/jose/web2py/gluon/sqlhtml.py", line 187, in widget
>     options = requires[0].options()
>   File "/usr/home/jose/web2py/gluon/validators.py", line 394, in
> options
>     self.build_set()
>   File "/usr/home/jose/web2py/gluon/validators.py", line 376, in
> build_set
>     groupby = self.groupby or reduce(lambda a,b:a|b,self.fields)
>   File "/usr/home/jose/web2py/gluon/validators.py", line 376, in
> 
>     groupby = self.groupby or reduce(lambda a,b:a|b,self.fields)
> TypeError: unsupported operand type(s) for |: 'str' and 'str'

[web2py] Re: Script to generate schema (models) from mysql

[mdipierro]

I will take a look tonight.

On 11 Giu, 14:45, Álvaro Justen  wrote:
> Hello Alexandre, nice work.
> I did it in past for SQLite and made it integrated to DAL
> I think we can union the implementations and try to get more databases
> working with this code.
>
> The email I sent to Massimo talking about my work (in the end of 2009)
> is copied and my code is attached:
>
> Note: I think we should discuss it in web2py-dev list.
>
> --
>
> Hi Massimo,
> Some weeks ago I had an idea: db.discover_tables() - a function that
> will search DB and map it into web2py's DAL.
> Today a user asked about it in mail list, so I decided to try: and my
> first result is good, I think.
>
> My implementation only have support to SQLite, but we can add all
> databases with a little effort - I think you could help me in this
> task.
>
> I modified that simple 'news' app an gluon/sql.py. My modification is
> NOT based on SVN, it is based in 1.62 rc1.
> To test: modify db.py, uncomment define_table and comment
> discover_tables. So, web2py will create tables. Enter in appadmin and
> populate them. After that, comment all define_table and uncomment
> discover_tables. So, enter in:
>
> http://localhost:8000/news/appadmin/select/db?query=db.authors.id%3E0http://localhost:8000/news/appadmin/select/db?query=db.news.id%3E0http://localhost:8000/news/default/testhttp://localhost:8000/news/default/create_code
>
> In gluon/sql.py I added:
>  - method discover_tables in class SQLDB.
>  - some code in __init__ in class SQLDB.
>  - keys 'show_tables' and 'table_fields' in SQL_DIALECTS['sqlite'] ->
> please add keys to other databases and test if you could.
>
> I'm sure that this code can be optimized.
>
> What do you think?
>
> --
> Álvaro Justen - Turicas
>  http://blog.justen.eng.br/
>  21 9898-0141
>
>  newcoolfeatureautodiscovertables.zip
> 101KVisualizzaScarica

[web2py] Re: upload file -- lot of file in one directory

[mdipierro]

Field('name','upload',authorize=f)

where

def f(row):
 if auth.user and auth.user.id is allowed to download row.id
return True else return False

the authorize function is called automatically (if declared) when
somebody attempts to download an uploaded document.

On 11 Giu, 14:11, weheh  wrote:
> Once assigned, the user_id that my app creates is never changed. I
> would use the auth.user.id field, but I don't like the fact that it's
> sequential and therefore, easily guessed. I doubt that uploads can be
> hacked easily since you did such a good job with security.
> Nevertheless, I prefer to have an additional layer of obfuscation by
> having an encrypted user_id.
>
> On Jun 10, 11:32 pm, mdipierro  wrote:
>
> > The problem with this is that the, I assume, tha database links the
> > uploaded filename to the user_id and therefore you need to access the
> > database to locate the file. That is ok until the database changes and
> > somebody edits the user_id. Than you can no longer locate the file.
>
> > On Jun 10, 7:36 am, weheh  wrote:
>
> > > I think I'm dealing with the same situation, however, I'm going about
> > > it a little differently. I'm storing files in
>
> > > uploads/users/user_id/filename
>
> > > My user_id is a cypher of characters [A-Z][a-z][0-9] with a length
> > > anywhere from 8 to 12 characters or so. The filename is another cypher
> > > created automatically by web2py, following the table.field approach.
>
> > > One thing I'm thinking about is taking the user/user_id/filename
> > > structure entirely outside of web2py. The reason is that my server has
> > > 2 disk partitions and I might want to have these files resident under
> > > C:/ or D:/   Another reason is that I might want to gradually move
> > > these files to the cloud or another server. I'm wondering whether this
> > > is reasonable and even possible to do from within a web2py app working
> > > around the web2py way.- Hide quoted text -
>
> > - Show quoted text -

[web2py] routes with file extensions

[NickFranceschina]

I know file extensions are optional... but you do have some nice
functionality in there that allows passing file extensions on to the
view... so if I were to request "app/controller/function.html" I would
get the matching (or generic) .html template... but if I were to
request "app/controller/function.json" I could get the matching (or
generic) .json template... and so on and so forth

problem is that when I try to use routes.py ... and I enter in the
defaults suggested in the documentation

routes_in = (
  ('/$c/$f', '/init/$c/$f'),
)


this ends up building a regular expression that won't match a
"function" part of the URL if it has an extension... so it only works
if the URL looks like this:
   app/controller/function
not this
   app/controller/function.html


I had to modify my route to look like this:
   ('/$c/$f(\\.\\w+)?', '/init/$c/$f')

now it works... but this should really be put into the framework (have
to change the way you're doing the compile_re() inside of rewrite.py)

didn't know how else to notify the guys in charge of the code... so
just writing it here...

-Nick Franceschina

[web2py] Can not send verification email

[pecos1046]

I use the email verification option for new user registration. It
works fine in test mode on the google-appengine sdk. However when I
upload the application to Google and change the smtp server to "gae"
it is unable to send the verification email. The Google GAE log show
the following warning message:

Mail.send failure:May not set empty value for 'attachments'

Here are my settings:

mail=Mail( )
mail.settings.server='gae'# your SMTP server
mail.settings.sender='x...@gmail.com'
mail.settings.tls = True
mail.settings.login='x...@gmail.com:password'
auth.settings.mailer=mail

I appreciate any help and suggestions.

Peter

[web2py] Re: routes with file extensions

[mdipierro]

true. Let me give this some thought.

meanshile you can do

outes_in = (
   ('/$c/$f\.$ext', '/init/$c/$f.$ext'),
)

or

outes_in = (
   ('/$c/$anything', '/init/$c/$anything'),
)


On 11 Giu, 14:41, NickFranceschina  wrote:
> I know file extensions are optional... but you do have some nice
> functionality in there that allows passing file extensions on to the
> view... so if I were to request "app/controller/function.html" I would
> get the matching (or generic) .html template... but if I were to
> request "app/controller/function.json" I could get the matching (or
> generic) .json template... and so on and so forth
>
> problem is that when I try to use routes.py ... and I enter in the
> defaults suggested in the documentation
>
> routes_in = (
>   ('/$c/$f', '/init/$c/$f'),
> )
>
> this ends up building a regular expression that won't match a
> "function" part of the URL if it has an extension... so it only works
> if the URL looks like this:
>    app/controller/function
> not this
>    app/controller/function.html
>
> I had to modify my route to look like this:
>    ('/$c/$f(\\.\\w+)?', '/init/$c/$f')
>
> now it works... but this should really be put into the framework (have
> to change the way you're doing the compile_re() inside of rewrite.py)
>
> didn't know how else to notify the guys in charge of the code... so
> just writing it here...
>
> -Nick Franceschina

[web2py] Re: Hardening web2py on Linux and Windows servers

[Salvor Hardin]

lock-web2py.sh is a fantastic idea!

On Jun 10, 4:28 pm, mdipierro  wrote:
> perhaps we should a web2py/scripts/lock-web2py.sh
>
> On Jun 10, 3:49 pm, Thadeus Burgess  wrote:
>
>
>
> > www-data needs write access to databases/cache/sessions etc. IF a
> > hacker were able to gain access *somehow* and alter the databases
> > files, they can kill your entire system by forcing fake migrations or
> > other issues. Just make sure you have migrate=False and
> > fake_migrate=False and everything *should* be just fine.
>
> > --
> > Thadeus
>
> > On Thu, Jun 10, 2010 at 2:01 PM, mdipierro  wrote:
> > > None of these should be a problem. Mind that you will not be able to
> > > edit/install/uninstall apps using the web interface.
>
> > > On Jun 10, 1:45 pm, Salvor Hardin  wrote:
> > >> We selected web2py over django and pylons to replace RoR.  Luckily,
> > >> that project doesn't require paranoid security (hence our ability to
> > >> use RoR in the past.)
>
> > >> But we're evaluating web2py to replace a Win32 GUI intranet app, and
> > >> preventing hacks on the server side, is pretty high on the priority
> > >> for that project.  For example, we want to prevent user from modifying
> > >> web2py's .py files, etc. by exploiting security flaws in Python or
> > >> python modules.
>
> > >> What are some ways to improve the security of web2py apps on
> > >> production servers?
>
> > >>  * Use mod_security and its Core Rule Set (no web2py compatibility
> > >> issues?)
>
> > >>  * Prevent Apache2 user (www-data) having write access or chmod rights
> > >> to web2py application files?
>
> > >>  * chown/chmod web2py files to require root access to upgrade to newer
> > >> web2py?
>
> > >> I'm not asking for changes to web2py. I'm just looking for best
> > >> practices on projects that value security over certain features like
> > >> web-based upgrades or web-based deployment, etc.  For example,
> > >> requiring root access to upgrade web2py would be seen as a benefit on
> > >> at least one project.

[web2py] Re: Can not send verification email

[mdipierro]

if you use server='gae' you should use login=None
Not sure if this is the problem anyway. Do you get any error?

On 11 Giu, 10:12, pecos1046  wrote:
> I use the email verification option for new user registration. It
> works fine in test mode on the google-appengine sdk. However when I
> upload the application to Google and change the smtp server to "gae"
> it is unable to send the verification email. The Google GAE log show
> the following warning message:
>
> Mail.send failure:May not set empty value for 'attachments'
>
> Here are my settings:
>
> mail=Mail( )
> mail.settings.server='gae'    # your SMTP server
> mail.settings.sender='@gmail.com'
> mail.settings.tls = True
> mail.settings.login='@gmail.com:password'
> auth.settings.mailer=mail
>
> I appreciate any help and suggestions.
>
> Peter

Re: [web2py] Re: upload file -- lot of file in one directory

[Doug Warren]

Should this be a lambda instead so you could specify your own function
completely?  I used to own an ISP and one of the challenges was
running the network news server.  You'd have > 1M files on a 20 gig
drive and have to give them to multiple peers over their lifetime.
One thing that we did for performance was to hack the ext2 filesystem
to recognize a magic pattern of: inode:%d as a filename.  If that
pattern was found then the integer was taken to be the inode number
and the file was never actually looked up in the inode tree.  (The
tree traversal for having >10k files in one directory is what slows
things down.)  If we could just pass a lambda to the table instead
then one could conceivably use the same type of system to solve this
problem.

On Fri, Jun 11, 2010 at 1:20 PM, mdipierro  wrote:
> Field('name','upload',authorize=f)
>
> where
>
> def f(row):
>     if auth.user and auth.user.id is allowed to download row.id
> return True else return False
>
> the authorize function is called automatically (if declared) when
> somebody attempts to download an uploaded document.
>
> On 11 Giu, 14:11, weheh  wrote:
>> Once assigned, the user_id that my app creates is never changed. I
>> would use the auth.user.id field, but I don't like the fact that it's
>> sequential and therefore, easily guessed. I doubt that uploads can be
>> hacked easily since you did such a good job with security.
>> Nevertheless, I prefer to have an additional layer of obfuscation by
>> having an encrypted user_id.
>>
>> On Jun 10, 11:32 pm, mdipierro  wrote:
>>
>> > The problem with this is that the, I assume, tha database links the
>> > uploaded filename to the user_id and therefore you need to access the
>> > database to locate the file. That is ok until the database changes and
>> > somebody edits the user_id. Than you can no longer locate the file.
>>
>> > On Jun 10, 7:36 am, weheh  wrote:
>>
>> > > I think I'm dealing with the same situation, however, I'm going about
>> > > it a little differently. I'm storing files in
>>
>> > > uploads/users/user_id/filename
>>
>> > > My user_id is a cypher of characters [A-Z][a-z][0-9] with a length
>> > > anywhere from 8 to 12 characters or so. The filename is another cypher
>> > > created automatically by web2py, following the table.field approach.
>>
>> > > One thing I'm thinking about is taking the user/user_id/filename
>> > > structure entirely outside of web2py. The reason is that my server has
>> > > 2 disk partitions and I might want to have these files resident under
>> > > C:/ or D:/   Another reason is that I might want to gradually move
>> > > these files to the cloud or another server. I'm wondering whether this
>> > > is reasonable and even possible to do from within a web2py app working
>> > > around the web2py way.- Hide quoted text -
>>
>> > - Show quoted text -

[web2py] Re: upload file -- lot of file in one directory

[mdipierro]

you can use a lambda

On Jun 11, 4:32 pm, Doug Warren  wrote:
> Should this be a lambda instead so you could specify your own function
> completely?  I used to own an ISP and one of the challenges was
> running the network news server.  You'd have > 1M files on a 20 gig
> drive and have to give them to multiple peers over their lifetime.
> One thing that we did for performance was to hack the ext2 filesystem
> to recognize a magic pattern of: inode:%d as a filename.  If that
> pattern was found then the integer was taken to be the inode number
> and the file was never actually looked up in the inode tree.  (The
> tree traversal for having >10k files in one directory is what slows
> things down.)  If we could just pass a lambda to the table instead
> then one could conceivably use the same type of system to solve this
> problem.
>
> On Fri, Jun 11, 2010 at 1:20 PM, mdipierro  wrote:
> > Field('name','upload',authorize=f)
>
> > where
>
> > def f(row):
> >     if auth.user and auth.user.id is allowed to download row.id
> > return True else return False
>
> > the authorize function is called automatically (if declared) when
> > somebody attempts to download an uploaded document.
>
> > On 11 Giu, 14:11, weheh  wrote:
> >> Once assigned, the user_id that my app creates is never changed. I
> >> would use the auth.user.id field, but I don't like the fact that it's
> >> sequential and therefore, easily guessed. I doubt that uploads can be
> >> hacked easily since you did such a good job with security.
> >> Nevertheless, I prefer to have an additional layer of obfuscation by
> >> having an encrypted user_id.
>
> >> On Jun 10, 11:32 pm, mdipierro  wrote:
>
> >> > The problem with this is that the, I assume, tha database links the
> >> > uploaded filename to the user_id and therefore you need to access the
> >> > database to locate the file. That is ok until the database changes and
> >> > somebody edits the user_id. Than you can no longer locate the file.
>
> >> > On Jun 10, 7:36 am, weheh  wrote:
>
> >> > > I think I'm dealing with the same situation, however, I'm going about
> >> > > it a little differently. I'm storing files in
>
> >> > > uploads/users/user_id/filename
>
> >> > > My user_id is a cypher of characters [A-Z][a-z][0-9] with a length
> >> > > anywhere from 8 to 12 characters or so. The filename is another cypher
> >> > > created automatically by web2py, following the table.field approach.
>
> >> > > One thing I'm thinking about is taking the user/user_id/filename
> >> > > structure entirely outside of web2py. The reason is that my server has
> >> > > 2 disk partitions and I might want to have these files resident under
> >> > > C:/ or D:/   Another reason is that I might want to gradually move
> >> > > these files to the cloud or another server. I'm wondering whether this
> >> > > is reasonable and even possible to do from within a web2py app working
> >> > > around the web2py way.- Hide quoted text -
>
> >> > - Show quoted text -

[web2py] Re: Hardening web2py on Linux and Windows servers

[mdipierro]

how about this:

chown -R root:root *.py
chown -R root:root gluon
chown -R root:root scripts
chown -R root:root applications/*/modules/
chown -R root:root applications/*/models/
chown -R root:root applications/*/controllers/
chown -R root:root applications/*/views/
chown -R root:root applications/*/static/
chown -R root:root applications/*/cron/
echo "unlock with chown -R www-data:www-data ./"


On Jun 11, 3:24 pm, Salvor Hardin  wrote:
> lock-web2py.sh is a fantastic idea!
>
> On Jun 10, 4:28 pm, mdipierro  wrote:
>
> > perhaps we should a web2py/scripts/lock-web2py.sh
>
> > On Jun 10, 3:49 pm, Thadeus Burgess  wrote:
>
> > > www-data needs write access to databases/cache/sessions etc. IF a
> > > hacker were able to gain access *somehow* and alter the databases
> > > files, they can kill your entire system by forcing fake migrations or
> > > other issues. Just make sure you have migrate=False and
> > > fake_migrate=False and everything *should* be just fine.
>
> > > --
> > > Thadeus
>
> > > On Thu, Jun 10, 2010 at 2:01 PM, mdipierro  
> > > wrote:
> > > > None of these should be a problem. Mind that you will not be able to
> > > > edit/install/uninstall apps using the web interface.
>
> > > > On Jun 10, 1:45 pm, Salvor Hardin  wrote:
> > > >> We selected web2py over django and pylons to replace RoR.  Luckily,
> > > >> that project doesn't require paranoid security (hence our ability to
> > > >> use RoR in the past.)
>
> > > >> But we're evaluating web2py to replace a Win32 GUI intranet app, and
> > > >> preventing hacks on the server side, is pretty high on the priority
> > > >> for that project.  For example, we want to prevent user from modifying
> > > >> web2py's .py files, etc. by exploiting security flaws in Python or
> > > >> python modules.
>
> > > >> What are some ways to improve the security of web2py apps on
> > > >> production servers?
>
> > > >>  * Use mod_security and its Core Rule Set (no web2py compatibility
> > > >> issues?)
>
> > > >>  * Prevent Apache2 user (www-data) having write access or chmod rights
> > > >> to web2py application files?
>
> > > >>  * chown/chmod web2py files to require root access to upgrade to newer
> > > >> web2py?
>
> > > >> I'm not asking for changes to web2py. I'm just looking for best
> > > >> practices on projects that value security over certain features like
> > > >> web-based upgrades or web-based deployment, etc.  For example,
> > > >> requiring root access to upgrade web2py would be seen as a benefit on
> > > >> at least one project.

[web2py] Re: Hardening web2py on Linux and Windows servers

[Yarko Tymciurak]

This would be a security concern:  I do not think you want web
executables / files owned by root.You would then be forced to open
up accessibility to the files (so that something which _is not root_
can run / read them)  --- which would weaken security;   OR  you would
(???) need to run as root (which is _really_ dangerous, and shared
hosting providers will not allow).

On Jun 11, 5:12 pm, mdipierro  wrote:
> how about this:
>
> chown -R root:root *.py
> chown -R root:root gluon
> chown -R root:root scripts
> chown -R root:root applications/*/modules/
> chown -R root:root applications/*/models/
> chown -R root:root applications/*/controllers/
> chown -R root:root applications/*/views/
> chown -R root:root applications/*/static/
> chown -R root:root applications/*/cron/
> echo "unlock with chown -R www-data:www-data ./"
>
> On Jun 11, 3:24 pm, Salvor Hardin  wrote:
>
>
>
> > lock-web2py.sh is a fantastic idea!
>
> > On Jun 10, 4:28 pm, mdipierro  wrote:
>
> > > perhaps we should a web2py/scripts/lock-web2py.sh
>
> > > On Jun 10, 3:49 pm, Thadeus Burgess  wrote:
>
> > > > www-data needs write access to databases/cache/sessions etc. IF a
> > > > hacker were able to gain access *somehow* and alter the databases
> > > > files, they can kill your entire system by forcing fake migrations or
> > > > other issues. Just make sure you have migrate=False and
> > > > fake_migrate=False and everything *should* be just fine.
>
> > > > --
> > > > Thadeus
>
> > > > On Thu, Jun 10, 2010 at 2:01 PM, mdipierro  
> > > > wrote:
> > > > > None of these should be a problem. Mind that you will not be able to
> > > > > edit/install/uninstall apps using the web interface.
>
> > > > > On Jun 10, 1:45 pm, Salvor Hardin  wrote:
> > > > >> We selected web2py over django and pylons to replace RoR.  Luckily,
> > > > >> that project doesn't require paranoid security (hence our ability to
> > > > >> use RoR in the past.)
>
> > > > >> But we're evaluating web2py to replace a Win32 GUI intranet app, and
> > > > >> preventing hacks on the server side, is pretty high on the priority
> > > > >> for that project.  For example, we want to prevent user from 
> > > > >> modifying
> > > > >> web2py's .py files, etc. by exploiting security flaws in Python or
> > > > >> python modules.
>
> > > > >> What are some ways to improve the security of web2py apps on
> > > > >> production servers?
>
> > > > >>  * Use mod_security and its Core Rule Set (no web2py compatibility
> > > > >> issues?)
>
> > > > >>  * Prevent Apache2 user (www-data) having write access or chmod 
> > > > >> rights
> > > > >> to web2py application files?
>
> > > > >>  * chown/chmod web2py files to require root access to upgrade to 
> > > > >> newer
> > > > >> web2py?
>
> > > > >> I'm not asking for changes to web2py. I'm just looking for best
> > > > >> practices on projects that value security over certain features like
> > > > >> web-based upgrades or web-based deployment, etc.  For example,
> > > > >> requiring root access to upgrade web2py would be seen as a benefit on
> > > > >> at least one project.

[web2py] Re: Hardening web2py on Linux and Windows servers

[Yarko Tymciurak]

if you are looking to prevent access, you should instead be doing
something like this:

chown -R nobody:nobody *.py

... etc.

On Jun 11, 5:41 pm, Yarko Tymciurak 
wrote:
> This would be a security concern:  I do not think you want web
> executables / files owned by root.    You would then be forced to open
> up accessibility to the files (so that something which _is not root_
> can run / read them)  --- which would weaken security;   OR  you would
> (???) need to run as root (which is _really_ dangerous, and shared
> hosting providers will not allow).
>
> On Jun 11, 5:12 pm, mdipierro  wrote:
>
>
>
> > how about this:
>
> > chown -R root:root *.py
> > chown -R root:root gluon
> > chown -R root:root scripts
> > chown -R root:root applications/*/modules/
> > chown -R root:root applications/*/models/
> > chown -R root:root applications/*/controllers/
> > chown -R root:root applications/*/views/
> > chown -R root:root applications/*/static/
> > chown -R root:root applications/*/cron/
> > echo "unlock with chown -R www-data:www-data ./"
>
> > On Jun 11, 3:24 pm, Salvor Hardin  wrote:
>
> > > lock-web2py.sh is a fantastic idea!
>
> > > On Jun 10, 4:28 pm, mdipierro  wrote:
>
> > > > perhaps we should a web2py/scripts/lock-web2py.sh
>
> > > > On Jun 10, 3:49 pm, Thadeus Burgess  wrote:
>
> > > > > www-data needs write access to databases/cache/sessions etc. IF a
> > > > > hacker were able to gain access *somehow* and alter the databases
> > > > > files, they can kill your entire system by forcing fake migrations or
> > > > > other issues. Just make sure you have migrate=False and
> > > > > fake_migrate=False and everything *should* be just fine.
>
> > > > > --
> > > > > Thadeus
>
> > > > > On Thu, Jun 10, 2010 at 2:01 PM, mdipierro  
> > > > > wrote:
> > > > > > None of these should be a problem. Mind that you will not be able to
> > > > > > edit/install/uninstall apps using the web interface.
>
> > > > > > On Jun 10, 1:45 pm, Salvor Hardin  wrote:
> > > > > >> We selected web2py over django and pylons to replace RoR.  Luckily,
> > > > > >> that project doesn't require paranoid security (hence our ability 
> > > > > >> to
> > > > > >> use RoR in the past.)
>
> > > > > >> But we're evaluating web2py to replace a Win32 GUI intranet app, 
> > > > > >> and
> > > > > >> preventing hacks on the server side, is pretty high on the priority
> > > > > >> for that project.  For example, we want to prevent user from 
> > > > > >> modifying
> > > > > >> web2py's .py files, etc. by exploiting security flaws in Python or
> > > > > >> python modules.
>
> > > > > >> What are some ways to improve the security of web2py apps on
> > > > > >> production servers?
>
> > > > > >>  * Use mod_security and its Core Rule Set (no web2py compatibility
> > > > > >> issues?)
>
> > > > > >>  * Prevent Apache2 user (www-data) having write access or chmod 
> > > > > >> rights
> > > > > >> to web2py application files?
>
> > > > > >>  * chown/chmod web2py files to require root access to upgrade to 
> > > > > >> newer
> > > > > >> web2py?
>
> > > > > >> I'm not asking for changes to web2py. I'm just looking for best
> > > > > >> practices on projects that value security over certain features 
> > > > > >> like
> > > > > >> web-based upgrades or web-based deployment, etc.  For example,
> > > > > >> requiring root access to upgrade web2py would be seen as a benefit 
> > > > > >> on
> > > > > >> at least one project.

[web2py] Re: routes with file extensions

[NickFranceschina]

ahh... right, thanks

so you could just leave it as is and just change the documentation.
Or perhaps a "function" really does consist of the "file name +
extension".  if you think that is so, then ya gotta change the code.



On Jun 11, 4:23 pm, mdipierro  wrote:
> true. Let me give this some thought.
>
> meanshile you can do
>
> outes_in = (
>    ('/$c/$f\.$ext', '/init/$c/$f.$ext'),
> )
>
> or
>
> outes_in = (
>    ('/$c/$anything', '/init/$c/$anything'),
> )
>
> On 11 Giu, 14:41, NickFranceschina  wrote:
>
>
>
> > I know file extensions are optional... but you do have some nice
> > functionality in there that allows passing file extensions on to the
> > view... so if I were to request "app/controller/function.html" I would
> > get the matching (or generic) .html template... but if I were to
> > request "app/controller/function.json" I could get the matching (or
> > generic) .json template... and so on and so forth
>
> > problem is that when I try to use routes.py ... and I enter in the
> > defaults suggested in the documentation
>
> > routes_in = (
> >   ('/$c/$f', '/init/$c/$f'),
> > )
>
> > this ends up building a regular expression that won't match a
> > "function" part of the URL if it has an extension... so it only works
> > if the URL looks like this:
> >    app/controller/function
> > not this
> >    app/controller/function.html
>
> > I had to modify my route to look like this:
> >    ('/$c/$f(\\.\\w+)?', '/init/$c/$f')
>
> > now it works... but this should really be put into the framework (have
> > to change the way you're doing the compile_re() inside of rewrite.py)
>
> > didn't know how else to notify the guys in charge of the code... so
> > just writing it here...
>
> > -Nick Franceschina

[web2py] Importing Ning network's content

[GoldenTiger]

Hi I want to write a Web2Py app to import all content from my ning
networks
I have not experience with xml libraries, so before starting I would
like asking advice to users who knows about this:
-which libraries to use?
-possible or predictable problems?
-any similar experience?

I'll thank any help

Thanks a lot

[web2py] Re: upload file -- lot of file in one directory

[weheh]

Massimo, Thadeus:
I'm need to study this carefully, but it sounds really great! I
already implemented a system months ago as per what I wrote above.
However, it seems like there is more native support, now, so I want to
re-implement. Is this thread the only documentation, or is there
something else in writing that you can point me to? An example would
also be great.
Richard

[web2py] Re: Importing Ning network's content

[mdipierro]

http://effbot.org/zone/element-index.htm

comes with Python

On Jun 11, 9:55 pm, GoldenTiger  wrote:
> Hi I want to write a Web2Py app to import all content from my ning
> networks
> I have not experience with xml libraries, so before starting I would
> like asking advice to users who knows about this:
> -which libraries to use?
> -possible or predictable problems?
> -any similar experience?
>
> I'll thank any help
>
> Thanks a lot

[web2py] widgets

[leone]

I coded a widget to use with a Field object.
Because I need some javascript actions i wrote pure html-javascript
code that my widget returns.
It runs, but when I accept the form values are in request.vars, but
not in form.vars.
How can i store values in form.vars without using input widgets
defined by  SQLFORM.widgets...?
Thanks in advance
leone

[web2py] Finding the relation between two sets...

[Jason Brower]

I have it this far..
users_tags = db((db.user_tags.user_id == auth.user.id))
viewed_users_tags = db((db.user_tags.user_id == request.args[0]))
I think it's the right direction... but how do I find the releation
between those two sets.
another things that might be useful is..
auth_user is my auth table of possible users. user_id == auth_user.id
db.tag is my possible tags. tag_id == db.tag.id
I thought it would be a join.  But I am still too novice to know.
I need to find what tag.id's are shared between users_tags and
viewed_users_tags.  Then I suppose I do the join and pickup the db.tag
information.
Best Regards,
Jason Brower

[web2py] injection - realities

[Yarko Tymciurak]

Interesting (FYI):   
http://threatpost.com/en_us/blogs/mass-sql-injection-attack-hits-sites-running-iis-061010