commit 8ab32aadf177f6450821f79a52e60a31c97314f7 Author: Jan Pokorny <jpokorny(a)redhat.com&gt; Date: Thu Oct 22 16:35:01 2009 +0200 Securing application prepared, although it have to be tweaked. luci/controllers/cluster.py | 15 +++++++++++++++ luci/controllers/cluster_part/failover.py | 15 +++++++++++++++ luci/controllers/cluster_part/fence.py | 15 +++++++++++++++ luci/controllers/cluster_part/node.py | 15 +++++++++++++++ luci/controllers/cluster_part/service.py | 17 ++++++++++++++++- luci/controllers/global_res.py | 14 ++++++++++++++ 6 files changed, 90 insertions(+), 1 deletions(-) --- diff --git a/luci/controllers/cluster.py b/luci/controllers/cluster.py index 74e9491..bb6ed2f 100644 --- a/luci/controllers/cluster.py +++ b/luci/controllers/cluster.py @@ -41,6 +41,7 @@ from tg import flash, request, redirect, expose, tmpl_context, app_globals from pylons.i18n import ugettext as _, lazy_ugettext as l_ +from repoze.what import predicates from luci.lib.base import SubController, SubControllerApplyMixin, \ ApplyCommands, setApplyCommands @@ -67,6 +68,13 @@ base2CmdCtrl = app_globals.scheme.base2CmdCtrl class ClusterController(SubController): """Subcontroller handling basic requests related with `clusters' part.""" + # TODO: Uncomment this (or replace with more suitable predicate) + # to apply access control. + # For some reason this won't work for me, similar problem discussed at: + # <http://groups.google.com.ar/group/turbogears/browse_thread/thread/28a8b85... + # allow_only = predicates.not_anonymous() + + @forPageShowWithUrlCorrection('luci.templates.cluster') def default(self): """Handle simple clusters listing. @@ -180,6 +188,13 @@ class ClusterApplyCommands(ApplyCommands): class ClusterCmdController(SubController, SubControllerApplyMixin): """Subcontroller handling commands related with `clusters' part.""" + # TODO: Uncomment this (or replace with more suitable predicate) + # to apply access control. + # For some reason this won't work for me, similar problem discussed at: + # <http://groups.google.com.ar/group/turbogears/browse_thread/thread/28a8b85... + # allow_only = predicates.not_anonymous() + + @forPageShowWithUrlCorrection('luci.templates.cluster_forms') def create(self, name=''): """Display form for cluster creation.""" diff --git a/luci/controllers/cluster_part/failover.py b/luci/controllers/cluster_part/failover.py index 4ff7d80..6a8072f 100644 --- a/luci/controllers/cluster_part/failover.py +++ b/luci/controllers/cluster_part/failover.py @@ -49,6 +49,7 @@ """ from tg import flash, redirect, expose, tmpl_context, app_globals from pylons.i18n import ugettext as _, lazy_ugettext as l_ +from repoze.what import predicates from luci.lib.base import SubController, SubControllerApplyMixin, \ ApplyCommands, setApplyCommands @@ -72,6 +73,13 @@ base2CmdCtrl = app_globals.scheme.base2CmdCtrl class FailoverController(SubController): """Subcontroller handling basic requests related with `failovers' part.""" + # TODO: Uncomment this (or replace with more suitable predicate) + # to apply access control. + # For some reason this won't work for me, similar problem discussed at: + # <http://groups.google.com.ar/group/turbogears/browse_thread/thread/28a8b85... + # allow_only = predicates.not_anonymous() + + @forPageShowWithUrlCorrection('luci.templates.cluster_part.failover') def default(self): """Handle simple failovers listing. @@ -202,6 +210,13 @@ class FailoverApplyCommands(ApplyCommands): class FailoverCmdController(SubController, SubControllerApplyMixin): """Subcontroller handling commands related with `failovers' part.""" + # TODO: Uncomment this (or replace with more suitable predicate) + # to apply access control. + # For some reason this won't work for me, similar problem discussed at: + # <http://groups.google.com.ar/group/turbogears/browse_thread/thread/28a8b85... + # allow_only = predicates.not_anonymous() + + @forImmediateRedirect(allowed_methods = ('GET', 'POST')) def default(self, *args, **kwargs): """Handle requests not connected with any of defined method.""" diff --git a/luci/controllers/cluster_part/fence.py b/luci/controllers/cluster_part/fence.py index 2bbb841..35a0a4a 100644 --- a/luci/controllers/cluster_part/fence.py +++ b/luci/controllers/cluster_part/fence.py @@ -42,6 +42,7 @@ """ from tg import flash, redirect, expose, tmpl_context, app_globals from pylons.i18n import ugettext as _, lazy_ugettext as l_ +from repoze.what import predicates from luci.lib.base import SubController, SubControllerApplyMixin, \ ApplyCommands, setApplyCommands @@ -66,6 +67,13 @@ base2CmdCtrl = app_globals.scheme.base2CmdCtrl class FenceController(SubController): """Subcontroller handling basic requests related with `fences' part.""" + # TODO: Uncomment this (or replace with more suitable predicate) + # to apply access control. + # For some reason this won't work for me, similar problem discussed at: + # <http://groups.google.com.ar/group/turbogears/browse_thread/thread/28a8b85... + # allow_only = predicates.not_anonymous() + + @forPageShowWithUrlCorrection('luci.templates.cluster_part.fence') def default(self): """Handle simple fences listing. @@ -192,6 +200,13 @@ class FenceApplyCommands(ApplyCommands): class FenceCmdController(SubController, SubControllerApplyMixin): """Subcontroller handling commands related with `fences' part.""" + # TODO: Uncomment this (or replace with more suitable predicate) + # to apply access control. + # For some reason this won't work for me, similar problem discussed at: + # <http://groups.google.com.ar/group/turbogears/browse_thread/thread/28a8b85... + # allow_only = predicates.not_anonymous() + + @forImmediateRedirect(allowed_methods = ('GET', 'POST')) def default(self, *args, **kwargs): """Handle requests not connected with any of defined method.""" diff --git a/luci/controllers/cluster_part/node.py b/luci/controllers/cluster_part/node.py index d6062d9..556d2a2 100644 --- a/luci/controllers/cluster_part/node.py +++ b/luci/controllers/cluster_part/node.py @@ -42,6 +42,7 @@ """ from tg import flash, redirect, expose, tmpl_context, app_globals from pylons.i18n import ugettext as _, lazy_ugettext as l_ +from repoze.what import predicates from luci.lib.base import SubController, SubControllerApplyMixin, \ ApplyCommands, setApplyCommands @@ -65,6 +66,13 @@ base2CmdCtrl = app_globals.scheme.base2CmdCtrl class NodeController(SubController): """Subcontroller handling basic requests related with `nodes' part.""" + # TODO: Uncomment this (or replace with more suitable predicate) + # to apply access control. + # For some reason this won't work for me, similar problem discussed at: + # <http://groups.google.com.ar/group/turbogears/browse_thread/thread/28a8b85... + # allow_only = predicates.not_anonymous() + + @forPageShowWithUrlCorrection('luci.templates.cluster_part.node') def default(self): """Handle simple nodes listing. @@ -214,6 +222,13 @@ class NodeApplyCommands(ApplyCommands): class NodeCmdController(SubController, SubControllerApplyMixin): """Subcontroller handling commands related with `nodes' part.""" + # TODO: Uncomment this (or replace with more suitable predicate) + # to apply access control. + # For some reason this won't work for me, similar problem discussed at: + # <http://groups.google.com.ar/group/turbogears/browse_thread/thread/28a8b85... + # allow_only = predicates.not_anonymous() + + @forImmediateRedirect(allowed_methods = ('GET', 'POST')) def default(self, *args, **kwargs): """Handle requests not connected with any of defined method.""" diff --git a/luci/controllers/cluster_part/service.py b/luci/controllers/cluster_part/service.py index 3c68cba..2e22599 100644 --- a/luci/controllers/cluster_part/service.py +++ b/luci/controllers/cluster_part/service.py @@ -42,6 +42,7 @@ """ from tg import flash, redirect, expose, tmpl_context, app_globals from pylons.i18n import ugettext as _, lazy_ugettext as l_ +from repoze.what import predicates from luci.lib.base import SubController, SubControllerApplyMixin, \ ApplyCommands, setApplyCommands @@ -66,6 +67,13 @@ base2CmdCtrl = app_globals.scheme.base2CmdCtrl class ServiceController(SubController): """Subcontroller handling basic requests related with `services' part.""" + # TODO: Uncomment this (or replace with more suitable predicate) + # to apply access control. + # For some reason this won't work for me, similar problem discussed at: + # <http://groups.google.com.ar/group/turbogears/browse_thread/thread/28a8b85... + # allow_only = predicates.not_anonymous() + + @forPageShowWithUrlCorrection('luci.templates.cluster_part.service') def default(self): """Handle simple services listing. @@ -131,7 +139,7 @@ class _CertainServiceController(SubController): base_url=cluster_url + cluster_scheme.SERVICES, cmd_url=cluster_url + base2CmdCtrl(cluster_scheme.SERVICES), globalres_url=relativeUrlList2Str(scheme.APP_PREFIX, - scheme.GLOBAL_RES), + scheme.GLOBAL_RES), apply_cmds=ServiceApplyCommands) @@ -194,6 +202,13 @@ class ServiceApplyCommands(ApplyCommands): class ServiceCmdController(SubController, SubControllerApplyMixin): """Subcontroller handling commands related with `services' part.""" + # TODO: Uncomment this (or replace with more suitable predicate) + # to apply access control. + # For some reason this won't work for me, similar problem discussed at: + # <http://groups.google.com.ar/group/turbogears/browse_thread/thread/28a8b85... + # allow_only = predicates.not_anonymous() + + @forImmediateRedirect(allowed_methods = ('GET', 'POST')) def default(self, *args, **kwargs): """Handle requests not connected with any of defined method.""" diff --git a/luci/controllers/global_res.py b/luci/controllers/global_res.py index dc4820e..a8f01e9 100644 --- a/luci/controllers/global_res.py +++ b/luci/controllers/global_res.py @@ -38,6 +38,7 @@ from tg import flash, request, redirect, expose, tmpl_context, app_globals from pylons.i18n import ugettext as _, lazy_ugettext as l_ +from repoze.what import predicates from luci.lib.base import SubController, SubControllerApplyMixin, \ ApplyCommands, setApplyCommands @@ -62,6 +63,13 @@ base2CmdCtrl = app_globals.scheme.base2CmdCtrl class GlobalResController(SubController): """Subcontroller handling basic requests related with `global resources' part.""" + # TODO: Uncomment this (or replace with more suitable predicate) + # to apply access control. + # For some reason this won't work for me, similar problem discussed at: + # <http://groups.google.com.ar/group/turbogears/browse_thread/thread/28a8b85... + # allow_only = predicates.not_anonymous() + + @forPageShowWithUrlCorrection('luci.templates.global_res') def default(self): """Handle simple global resources listing. @@ -180,6 +188,12 @@ class GlobalResApplyCommands(ApplyCommands): class GlobalResCmdController(SubController, SubControllerApplyMixin): """Subcontroller handling commands related with `global resources' part.""" + # TODO: Uncomment this (or replace with more suitable predicate) + # to apply access control. + # For some reason this won't work for me, similar problem discussed at: + # <http://groups.google.com.ar/group/turbogears/browse_thread/thread/28a8b85... + # allow_only = predicates.not_anonymous() + @forImmediateRedirect(allowed_methods = ('GET', 'POST')) def default(self, *args, **kwargs): """Handle requests not connected with any of defined method."""