X-Git-Url: http://git.cascardo.info/?p=cascardo%2Fipsilon.git;a=blobdiff_plain;f=ipsilon%2Futil%2Fpage.py;h=3a0181121c9d77cd8e1de9ba5a669fd2080a1a6f;hp=a7e2035fddff93b5e5da35c651ce39413ee867fc;hb=37ef4b972ea240f085e7d29923aba70787ac1668;hpb=fe98579005973824000edb91e55975f2e7bf39e1

diff --git a/ipsilon/util/page.py b/ipsilon/util/page.py
index a7e2035..3a01811 100755
--- a/ipsilon/util/page.py
+++ b/ipsilon/util/page.py
@@ -17,46 +17,88 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
-from ipsilon.util.user import User
+from ipsilon.util.user import UserSession
 import cherrypy
 
+
+def admin_protect(fn):
+
+    def check(*args, **kwargs):
+        if UserSession().get_user().is_admin:
+            return fn(*args, **kwargs)
+
+        raise cherrypy.HTTPError(403)
+
+    return check
+
+
 def protect():
-    if cherrypy.request.login:
-        user = cherrypy.session.get('user', None)
-        if user == cherrypy.request.login:
-            return
-        else:
-            cherrypy.session.regenerate()
-            cherrypy.session['user'] = cherrypy.request.login
+    UserSession().remote_login()
+
 
 class Page(object):
-    def __init__(self, template_env):
-        self._env = template_env
+    def __init__(self, site, form=False):
+        if not 'template_env' in site:
+            raise ValueError('Missing template environment')
+        self._site = site
         self.basepath = cherrypy.config.get('base.mount', "")
-        self.username = None
         self.user = None
+        self.form = form
 
     def __call__(self, *args, **kwargs):
         # pylint: disable=star-args
-        self.username = cherrypy.session.get('user', None)
-        self.user = User(self.username)
+        self.user = UserSession().get_user()
 
         if len(args) > 0:
             op = getattr(self, args[0], None)
             if callable(op) and getattr(self, args[0]+'.exposed', None):
-                return op(args[1:], **kwargs)
+                return op(*args[1:], **kwargs)
         else:
-            op = getattr(self, 'root', None)
-            if callable(op):
-                return op(**kwargs)
+            if self.form:
+                self._debug("method: %s" % cherrypy.request.method)
+                op = getattr(self, cherrypy.request.method, None)
+                if callable(op):
+                    # Basic CSRF protection
+                    if cherrypy.request.method != 'GET':
+                        if 'referer' not in cherrypy.request.headers:
+                            return cherrypy.HTTPError(403)
+                        referer = cherrypy.request.headers['referer']
+                        url = cherrypy.url(relative=False)
+                        if referer != url:
+                            return cherrypy.HTTPError(403)
+                    return op(*args, **kwargs)
+            else:
+                op = getattr(self, 'root', None)
+                if callable(op):
+                    return op(*args, **kwargs)
 
         return self.default(*args, **kwargs)
 
+    def _template_model(self):
+        model = dict()
+        model['basepath'] = self.basepath
+        model['title'] = 'IPSILON'
+        model['user'] = self.user
+        return model
+
     def _template(self, *args, **kwargs):
-        t = self._env.get_template(args[0])
-        return t.render(basepath=self.basepath, user=self.user, **kwargs)
+        # pylint: disable=star-args
+        t = self._site['template_env'].get_template(args[0])
+        m = self._template_model()
+        m.update(kwargs)
+        return t.render(**m)
+
+    def _debug(self, fact):
+        if cherrypy.config.get('debug', False):
+            cherrypy.log(fact)
 
     def default(self, *args, **kwargs):
         raise cherrypy.HTTPError(404)
 
+    def add_subtree(self, name, page):
+        self.__dict__[name] = page
+
+    def del_subtree(self, name):
+        del self.__dict__[name]
+
     exposed = True