Fix E713 with stricter pep8 error checker

[cascardo/ipsilon.git] / ipsilon / util / page.py
diff --git a/ipsilon/util/page.py b/ipsilon/util/page.py

index 0da0e37..1968009 100755 (executable)
--- a/ipsilon/util/page.py
+++ b/ipsilon/util/page.py
@@ -21,17 +21,29 @@ from ipsilon.util.user import UserSession
  import cherrypy
  
  
+def admin_protect(fn):
+
+    def check(*args, **kwargs):
+        if UserSession().get_user().is_admin:
+            return fn(*args, **kwargs)
+
+        raise cherrypy.HTTPError(403)
+
+    return check
+
+
  def protect():
      UserSession().remote_login()
  
  
  class Page(object):
-    def __init__(self, site):
-        if not 'template_env' in site:
+    def __init__(self, site, form=False):
+        if 'template_env' not in site:
              raise ValueError('Missing template environment')
          self._site = site
          self.basepath = cherrypy.config.get('base.mount', "")
          self.user = None
+        self.form = form
  
      def __call__(self, *args, **kwargs):
          # pylint: disable=star-args
@@ -42,17 +54,51 @@ class Page(object):
              if callable(op) and getattr(self, args[0]+'.exposed', None):
                  return op(*args[1:], **kwargs)
          else:
-            op = getattr(self, 'root', None)
-            if callable(op):
-                return op(*args, **kwargs)
+            if self.form:
+                self._debug("method: %s" % cherrypy.request.method)
+                op = getattr(self, cherrypy.request.method, None)
+                if callable(op):
+                    # Basic CSRF protection
+                    if cherrypy.request.method != 'GET':
+                        if 'referer' not in cherrypy.request.headers:
+                            return cherrypy.HTTPError(403)
+                        referer = cherrypy.request.headers['referer']
+                        url = cherrypy.url(relative=False)
+                        if referer != url:
+                            return cherrypy.HTTPError(403)
+                    return op(*args, **kwargs)
+            else:
+                op = getattr(self, 'root', None)
+                if callable(op):
+                    return op(*args, **kwargs)
  
          return self.default(*args, **kwargs)
  
+    def _template_model(self):
+        model = dict()
+        model['basepath'] = self.basepath
+        model['title'] = 'IPSILON'
+        model['user'] = self.user
+        return model
+
      def _template(self, *args, **kwargs):
+        # pylint: disable=star-args
          t = self._site['template_env'].get_template(args[0])
-        return t.render(basepath=self.basepath, user=self.user, **kwargs)
+        m = self._template_model()
+        m.update(kwargs)
+        return t.render(**m)
+
+    def _debug(self, fact):
+        if cherrypy.config.get('debug', False):
+            cherrypy.log(fact)
  
      def default(self, *args, **kwargs):
          raise cherrypy.HTTPError(404)
  
+    def add_subtree(self, name, page):
+        self.__dict__[name] = page
+
+    def del_subtree(self, name):
+        del self.__dict__[name]
+
      exposed = True