2018-06-07 15:22:29 +00:00
|
|
|
import json
|
2020-07-01 04:17:38 +00:00
|
|
|
from datasette.utils.asgi import Response, Forbidden
|
2019-06-15 19:41:34 +00:00
|
|
|
from .base import BaseView
|
2020-06-01 01:03:17 +00:00
|
|
|
import secrets
|
2018-06-07 15:22:29 +00:00
|
|
|
|
|
|
|
|
2019-06-15 19:41:34 +00:00
|
|
|
class JsonDataView(BaseView):
|
2019-05-03 20:40:24 +00:00
|
|
|
name = "json_data"
|
|
|
|
|
2020-05-31 01:51:00 +00:00
|
|
|
def __init__(self, datasette, filename, data_callback, needs_request=False):
|
2018-06-07 15:22:29 +00:00
|
|
|
self.ds = datasette
|
|
|
|
self.filename = filename
|
|
|
|
self.data_callback = data_callback
|
2020-05-31 01:51:00 +00:00
|
|
|
self.needs_request = needs_request
|
2018-06-07 15:22:29 +00:00
|
|
|
|
2018-06-15 06:51:23 +00:00
|
|
|
async def get(self, request, as_format):
|
2020-06-11 22:14:51 +00:00
|
|
|
await self.check_permission(request, "view-instance")
|
2020-05-31 01:51:00 +00:00
|
|
|
if self.needs_request:
|
|
|
|
data = self.data_callback(request)
|
|
|
|
else:
|
|
|
|
data = self.data_callback()
|
2018-06-15 06:51:23 +00:00
|
|
|
if as_format:
|
2018-06-07 15:22:29 +00:00
|
|
|
headers = {}
|
|
|
|
if self.ds.cors:
|
|
|
|
headers["Access-Control-Allow-Origin"] = "*"
|
2019-06-24 03:13:09 +00:00
|
|
|
return Response(
|
|
|
|
json.dumps(data),
|
|
|
|
content_type="application/json; charset=utf-8",
|
|
|
|
headers=headers,
|
2018-06-07 15:22:29 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
else:
|
2019-07-06 00:05:56 +00:00
|
|
|
return await self.render(
|
|
|
|
["show_json.html"],
|
|
|
|
request=request,
|
2019-12-05 06:46:39 +00:00
|
|
|
context={
|
|
|
|
"filename": self.filename,
|
|
|
|
"data_json": json.dumps(data, indent=4),
|
|
|
|
},
|
2019-07-06 00:05:56 +00:00
|
|
|
)
|
2020-05-03 03:01:21 +00:00
|
|
|
|
|
|
|
|
|
|
|
class PatternPortfolioView(BaseView):
|
|
|
|
name = "patterns"
|
|
|
|
|
|
|
|
def __init__(self, datasette):
|
|
|
|
self.ds = datasette
|
|
|
|
|
|
|
|
async def get(self, request):
|
2020-06-11 22:14:51 +00:00
|
|
|
await self.check_permission(request, "view-instance")
|
2020-06-01 01:03:17 +00:00
|
|
|
return await self.render(["patterns.html"], request=request)
|
|
|
|
|
|
|
|
|
|
|
|
class AuthTokenView(BaseView):
|
|
|
|
name = "auth_token"
|
|
|
|
|
|
|
|
def __init__(self, datasette):
|
|
|
|
self.ds = datasette
|
|
|
|
|
|
|
|
async def get(self, request):
|
|
|
|
token = request.args.get("token") or ""
|
|
|
|
if not self.ds._root_token:
|
2020-07-01 04:17:38 +00:00
|
|
|
raise Forbidden("Root token has already been used")
|
2020-06-01 01:03:17 +00:00
|
|
|
if secrets.compare_digest(token, self.ds._root_token):
|
|
|
|
self.ds._root_token = None
|
2020-06-09 22:19:37 +00:00
|
|
|
response = Response.redirect("/")
|
2020-06-10 19:39:54 +00:00
|
|
|
response.set_cookie(
|
|
|
|
"ds_actor", self.ds.sign({"a": {"id": "root"}}, "actor")
|
|
|
|
)
|
2020-06-01 01:03:17 +00:00
|
|
|
return response
|
|
|
|
else:
|
2020-07-01 04:17:38 +00:00
|
|
|
raise Forbidden("Invalid token")
|
2020-06-01 05:00:36 +00:00
|
|
|
|
|
|
|
|
2020-06-29 04:17:30 +00:00
|
|
|
class LogoutView(BaseView):
|
|
|
|
name = "logout"
|
|
|
|
|
|
|
|
def __init__(self, datasette):
|
|
|
|
self.ds = datasette
|
|
|
|
|
|
|
|
async def get(self, request):
|
|
|
|
if not request.actor:
|
|
|
|
return Response.redirect("/")
|
|
|
|
return await self.render(["logout.html"], request, {"actor": request.actor},)
|
|
|
|
|
|
|
|
async def post(self, request):
|
|
|
|
response = Response.redirect("/")
|
|
|
|
response.set_cookie("ds_actor", "", expires=0, max_age=0)
|
2020-06-29 18:31:35 +00:00
|
|
|
self.ds.add_message(request, "You are now logged out", self.ds.WARNING)
|
2020-06-29 04:17:30 +00:00
|
|
|
return response
|
|
|
|
|
|
|
|
|
2020-06-01 05:00:36 +00:00
|
|
|
class PermissionsDebugView(BaseView):
|
|
|
|
name = "permissions_debug"
|
|
|
|
|
|
|
|
def __init__(self, datasette):
|
|
|
|
self.ds = datasette
|
|
|
|
|
|
|
|
async def get(self, request):
|
2020-06-11 22:14:51 +00:00
|
|
|
await self.check_permission(request, "view-instance")
|
2020-06-12 00:25:12 +00:00
|
|
|
if not await self.ds.permission_allowed(request.actor, "permissions-debug"):
|
2020-07-01 04:17:38 +00:00
|
|
|
raise Forbidden("Permission denied")
|
2020-06-01 05:00:36 +00:00
|
|
|
return await self.render(
|
|
|
|
["permissions_debug.html"],
|
|
|
|
request,
|
2020-06-02 17:43:50 +00:00
|
|
|
{"permission_checks": reversed(self.ds._permission_checks)},
|
2020-06-01 05:00:36 +00:00
|
|
|
)
|
2020-06-02 21:08:12 +00:00
|
|
|
|
|
|
|
|
|
|
|
class MessagesDebugView(BaseView):
|
|
|
|
name = "messages_debug"
|
|
|
|
|
|
|
|
def __init__(self, datasette):
|
|
|
|
self.ds = datasette
|
|
|
|
|
|
|
|
async def get(self, request):
|
2020-06-11 22:14:51 +00:00
|
|
|
await self.check_permission(request, "view-instance")
|
2020-06-02 21:08:12 +00:00
|
|
|
return await self.render(["messages_debug.html"], request)
|
|
|
|
|
|
|
|
async def post(self, request):
|
2020-06-11 22:14:51 +00:00
|
|
|
await self.check_permission(request, "view-instance")
|
2020-06-02 21:08:12 +00:00
|
|
|
post = await request.post_vars()
|
|
|
|
message = post.get("message", "")
|
|
|
|
message_type = post.get("message_type") or "INFO"
|
|
|
|
assert message_type in ("INFO", "WARNING", "ERROR", "all")
|
|
|
|
datasette = self.ds
|
|
|
|
if message_type == "all":
|
|
|
|
datasette.add_message(request, message, datasette.INFO)
|
|
|
|
datasette.add_message(request, message, datasette.WARNING)
|
|
|
|
datasette.add_message(request, message, datasette.ERROR)
|
|
|
|
else:
|
|
|
|
datasette.add_message(request, message, getattr(datasette, message_type))
|
|
|
|
return Response.redirect("/")
|