Merge branch 'master' of github.com:sahana/eden

sahana · Jan 7, 2020 · e0f70c6 · e0f70c6
2 parents 3ba12b7 + fd3c654
commit e0f70c6
Show file tree

Hide file tree

Showing 142 changed files with 15,623 additions and 5,030 deletions.
diff --git a/controllers/admin.py b/controllers/admin.py
@@ -58,13 +58,15 @@ def user():
     """ RESTful CRUD controller """
 
     table = auth.settings.table_user
-    sr = auth.get_system_roles()
+    s3_has_role = auth.s3_has_role
 
     # Check for ADMIN first since ADMINs have all roles
-    if s3_has_role(sr.ADMIN):
+    ADMIN = False
+    if s3_has_role("ADMIN"):
+        ADMIN = True
         pe_ids = None
 
-    elif s3_has_role(sr.ORG_ADMIN):
+    elif s3_has_role("ORG_ADMIN"):
         pe_ids = auth.get_managed_orgs()
         if pe_ids is None:
             # OrgAdmin with default realm, but user not affiliated with any org
@@ -94,7 +96,7 @@ def user():
     lappend = list_fields.append
     if len(settings.get_L10n_languages()) > 1:
         lappend("language")
-    if auth.s3_has_role("ADMIN"):
+    if ADMIN:
         if settings.get_auth_admin_sees_organisation():
             lappend("organisation_id")
     elif settings.get_auth_registration_requests_organisation():
@@ -398,7 +400,7 @@ def group():
 
     tablename = "auth_group"
 
-    if not auth.s3_has_role(ADMIN):
+    if not auth.s3_has_role("ADMIN"):
         s3db.configure(tablename,
                        deletable = False,
                        editable = False,

diff --git a/controllers/appadmin.py b/controllers/appadmin.py
@@ -1,5 +1,11 @@
 # -*- coding: utf-8 -*-
 
+#
+# S3 Auth
+#
+if not auth.s3_has_role("ADMIN"):
+    auth.permission.fail()
+
 # ##########################################################
 # ## make sure administrator is on localhost
 # ###########################################################
@@ -45,12 +51,6 @@
 #    redirect(URL('admin', 'default', 'index',
 #                 vars=dict(send=URL(args=request.args, vars=request.vars))))
 
-#
-# S3 Auth
-#
-if not s3_has_role(ADMIN):
-    auth.permission.fail()
-
 # Load all models
 s3db.load_all_models()
 _tables = db.tables

diff --git a/controllers/assess2.py b/controllers/assess2.py
@@ -92,7 +92,7 @@ def assess_tables():
                  organisation_id(widget = S3OrganisationAutocompleteWidget(default_from_profile=True)),
                  person_id("assessor_person_id",
                            label = T("Assessor"),
-                           default = s3_logged_in_person()),
+                           default = auth.s3_logged_in_person()),
                  s3_comments(),
                  ireport_id(),      # Assessment can be linked to an Incident Report
                  *s3_meta_fields())

diff --git a/controllers/br.py b/controllers/br.py
@@ -21,7 +21,7 @@ def index_alt():
     """ Default Module Homepage """
 
     from gluon import current
-    if current.auth.s3_has_permission("read", "pr_person", c="br", f="person"):
+    if auth.s3_has_permission("read", "pr_person", c="br", f="person"):
         # Just redirect to list of current cases
         s3_redirect_default(URL(f="person", vars={"closed": "0"}))
 

diff --git a/controllers/building.py b/controllers/building.py
@@ -574,7 +574,7 @@ def nzseel1():
     table = db[tablename]
 
     # Pre-populate Inspector ID
-    table.person_id.default = s3_logged_in_person()
+    table.person_id.default = auth.s3_logged_in_person()
 
     # Subheadings in forms:
     s3db.configure(tablename,
@@ -649,7 +649,7 @@ def nzseel2():
     table = db[tablename]
 
     # Pre-populate Inspector ID
-    table.person_id.default = s3_logged_in_person()
+    table.person_id.default = auth.s3_logged_in_person()
 
     # Subheadings in forms:
     s3db.configure(tablename,

diff --git a/controllers/climate.py b/controllers/climate.py
@@ -305,13 +305,16 @@ def purchase():
                      vars = {"_next":URL(c="climate",
                                          f="purchase")}))
 
-    if not s3_has_role(ADMIN):
+    if auth.s3_has_role("ADMIN"):
+        ADMIN = True
+    else:
+        ADMIN = False
         table.paid.writable = False
         table.price.writable = False
         s3.filter = (table.created_by == auth.user.id)
 
     def prep(r):
-        if not s3_has_role(ADMIN) and r.record and r.record.paid:
+        if not ADMIN and r.record and r.record.paid:
             for f in table.fields:
                 table[f].writable = False
 
@@ -363,7 +366,7 @@ def prices():
                     )
                 )
     else:
-        if s3_has_role(ADMIN):
+        if auth.s3_has_role("ADMIN"):
             return s3_rest_controller()
 
 

diff --git a/controllers/cms.py b/controllers/cms.py
@@ -541,8 +541,7 @@ def prep(r):
             elif r.method == "create":
                 pass
                 # @ToDo: deployment_setting
-                #ADMIN = session.s3.system_roles.ADMIN
-                #if (not auth.s3_has_role(ADMIN)):
+                #if not auth.s3_has_role("ADMIN"):
                 #    represent = S3Represent(lookup="cms_series",
                 #                            translate=settings.get_L10n_translate_cms_series())
                 #    field.requires = IS_ONE_OF(db,

diff --git a/controllers/default.py b/controllers/default.py
@@ -210,6 +210,7 @@ def index():
     roles = session.s3.roles
     table = s3db.org_organisation
     has_permission = auth.s3_has_permission
+    AUTHENTICATED = auth.get_system_roles().AUTHENTICATED
     if AUTHENTICATED in roles and has_permission("read", table):
 
         org_items = organisation()
@@ -678,7 +679,7 @@ def person():
     """
 
     # Set to current user
-    user_person_id = str(s3_logged_in_person())
+    user_person_id = str(auth.s3_logged_in_person())
 
     # When request.args = [], set it as user_person_id.
     # When it is not an ajax request and the first argument is not user_person_id, set it.
@@ -1060,7 +1061,7 @@ def about():
 
     # Allow editing of page content from browser using CMS module
     if settings.has_module("cms"):
-        ADMIN = auth.get_system_roles().ADMIN in session.s3.roles
+        ADMIN = auth.s3_has_role("ADMIN")
         table = s3db.cms_post
         ltable = s3db.cms_post_module
         module = "default"
@@ -1288,7 +1289,7 @@ def help():
 
     # Allow editing of page content from browser using CMS module
     if settings.has_module("cms"):
-        ADMIN = auth.get_system_roles().ADMIN in session.s3.roles
+        ADMIN = auth.s3_has_role("ADMIN")
         table = s3db.cms_post
         ltable = s3db.cms_post_module
         module = "default"
@@ -1405,7 +1406,7 @@ def prep(r):
                 # Only Admins should be able to update ticket status
                 status = table.status
                 actions = table.actions
-                if not auth.s3_has_role(ADMIN):
+                if not auth.s3_has_role("ADMIN"):
                     status.writable = False
                     actions.writable = False
                 if r.method != "update":

diff --git a/controllers/delphi.py b/controllers/delphi.py
@@ -97,7 +97,10 @@ def group_rheader(r, tabs = []):
 def group():
     """ Problem Group REST Controller """
 
-    if not s3_has_role("DelphiAdmin"):
+    if auth.s3_has_role("DelphiAdmin"):
+        ADMIN = True
+    else:
+        ADMIN = False
         s3db.configure("delphi_group",
                        deletable = False,
                        # Remove ability to create new Groups
@@ -116,7 +119,7 @@ def prep(r):
                 except:
                     pass
                 s3db.configure(tablename,
-                               deletable = s3_has_role("DelphiAdmin"),
+                               deletable = ADMIN,
                                list_fields = list_fields)
         return True
     s3.prep = prep
@@ -222,7 +225,7 @@ def problem():
     # Filter to just Active Problems
     s3.filter = (table.active == True)
 
-    if not s3_has_role("DelphiAdmin"):
+    if not auth.s3_has_role("DelphiAdmin"):
         s3db.configure(tablename,
                        deletable = False,
                        # Remove ability to create new Problems

diff --git a/controllers/dvi.py b/controllers/dvi.py
@@ -85,7 +85,7 @@ def recreq():
     """ Recovery Requests List """
 
     table = s3db.dvi_recreq
-    table.person_id.default = s3_logged_in_person()
+    table.person_id.default = auth.s3_logged_in_person()
 
     def prep(r):
         if r.interactive and not r.record:

diff --git a/controllers/errors.py b/controllers/errors.py
@@ -56,28 +56,22 @@
 }
 
 def index():
-    ''' default generic error page '''
+    """
+        Default generic error page
+    """
 
     try:
         code = int(request.vars["code"])
         description = defined_status[code]
-    except KeyError:
-        description = "unknown error"
+    except (ValueError, TypeError, KeyError):
         code = "NA"
+        description = "unknown error"
 
     # Send a JSON message if non-interactive request
-    request_url = request.vars["request_url"]
-    path = request_url.split("/")
-    ext = [a for a in path if "." in a]
-    if ext:
-        fmt = ext[-1].rsplit(".", 1)[1].lower()
-        if fmt not in ("html", "iframe", "popup"):
-            xml = current.xml
-            code = request.vars["code"]
-            headers = {"Content-Type":"application/json"}
-            raise HTTP(int(code),
-                       body=xml.json_message(False, code, description),
-                       **headers)
+    if s3base.s3_get_extension() not in ("html", "iframe", "popup"):
+        message = current.xml.json_message(False, code, description)
+        headers = {"Content-Type":"application/json"}
+        raise HTTP(code, body=message, **headers)
 
     details = " %s, %s " % (code, description)
     try:
@@ -86,5 +80,10 @@ def index():
         message, suggestions = error_messages["NA"]
 
     # Retain the HTTP status code on error pages
-    response.status = int(code)
-    return dict(res=request.vars, message=message, details=details, suggestions=suggestions, app=appname)
+    response.status = 400 if code == "NA" else code
+    return {"res": request.vars,
+            "message": message,
+            "details": details,
+            "suggestions": suggestions,
+            "app": appname,
+            }
diff --git a/controllers/event.py b/controllers/event.py
@@ -321,7 +321,7 @@ def prep(r):
 
     s3.filter = FS("type").belongs((4,))
 
-    if not auth.s3_has_role(ADMIN):
+    if not auth.s3_has_role("ADMIN"):
         s3.filter &= auth.filter_by_root_org(table)
 
     return s3_rest_controller("hrm")

diff --git a/controllers/gis.py b/controllers/gis.py
@@ -395,7 +395,7 @@ def prep(r, prep_vars):
         if r.interactive and not r.component:
 
             # Restrict access to Polygons to just MapAdmins
-            if settings.get_security_map() and not s3_has_role(MAP_ADMIN):
+            if settings.get_security_map() and not auth.s3_has_role("MAP_ADMIN"):
                 table.gis_feature_type.writable = table.gis_feature_type.readable = False
                 table.wkt.writable = table.wkt.readable = False
             else:
@@ -881,7 +881,7 @@ def s3_gis_location_parents(r, **attr):
     table = r.resource.table
 
     # Check permission
-    if not s3_has_permission("read", table):
+    if not auth.s3_has_permission("read", table):
         r.unauthorised()
 
     if r.representation == "html":
@@ -1125,7 +1125,7 @@ def prep(r):
             if not r.component:
                 s3db.gis_config_form_setup()
                 list_fields = s3db.get_config("gis_config", "list_fields")
-                if auth.s3_has_role(MAP_ADMIN):
+                if auth.s3_has_role("MAP_ADMIN"):
                     list_fields += ["region_location_id",
                                     "default_location_id",
                                     ]
@@ -1291,7 +1291,7 @@ def postp(r, output):
                         "label": str(T("Show")),
                         "_class": "action-btn",
                         }
-                if auth.s3_has_role(MAP_ADMIN):
+                if auth.s3_has_role("MAP_ADMIN"):
                     s3_action_buttons(r, copyable=True)
                     s3.actions.append(show)
                 else:
@@ -1459,7 +1459,7 @@ def prep(r):
 def projection():
     """ RESTful CRUD controller """
 
-    if settings.get_security_map() and not s3_has_role(MAP_ADMIN):
+    if settings.get_security_map() and not auth.s3_has_role("MAP_ADMIN"):
         auth.permission.fail()
 
     return s3_rest_controller()
@@ -1540,7 +1540,7 @@ def inject_enable(output):
 def layer_config():
     """ RESTful CRUD controller """
 
-    if settings.get_security_map() and not s3_has_role(MAP_ADMIN):
+    if settings.get_security_map() and not auth.s3_has_role("MAP_ADMIN"):
         auth.permission.fail()
 
     layer = get_vars.get("layer", None)
@@ -1557,7 +1557,7 @@ def layer_config():
 def layer_entity():
     """ RESTful CRUD controller """
 
-    if settings.get_security_map() and not s3_has_role(MAP_ADMIN):
+    if settings.get_security_map() and not auth.s3_has_role("MAP_ADMIN"):
         auth.permission.fail()
 
     # Custom Method
@@ -2803,7 +2803,7 @@ def postp(r, output):
 def layer_js():
     """ RESTful CRUD controller """
 
-    if settings.get_security_map() and not s3_has_role(MAP_ADMIN):
+    if settings.get_security_map() and not auth.s3_has_role("MAP_ADMIN"):
         auth.permission.fail()
 
     tablename = "%s_%s" % (module, resourcename)
@@ -3065,7 +3065,7 @@ def display_feature():
     gtable = s3db.gis_config
 
     # Check user is authorised to access record
-    if not s3_has_permission("read", table, location_id):
+    if not auth.s3_has_permission("read", table, location_id):
         session.error = T("No access to this record!")
         raise HTTP(401, body=current.xml.json_message(False, 401, session.error))