Mercurial > farol > farol

comparison farol/main.py @ 7:8f41bb7f4681

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Move the Document management routines to a document Blueprint
author Benoît Allard <benoit.allard@greenbone.net>
date Thu, 25 Sep 2014 17:03:35 +0200
parents 3478e20885fd
children 2ce3676c9b2e
comparison
equal deleted inserted replaced
6:bb7334ff114a 7:8f41bb7f4681
22 # along with this program; if not, write to the Free Software 22 # along with this program; if not, write to the Free Software
23 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 23 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
24 24
25 import os 25 import os
26 26
27 from farolluz.cvrf import (CVRF, CVRFPublisher, CVRFTracking, CVRFTrackingID, 27 from farolluz.cvrf import CVRF, ValidationError
28 CVRFGenerator, CVRFRevision, CVRFReference, CVRFAcknowledgment, CVRFNote, 28 from farolluz.parsers.cvrf import parse
29 ValidationError, CVRFAggregateSeverity)
30 from farolluz.parsers.cvrf import parse, parseVersion, parseDate
31 from farolluz.py2 import urlopen 29 from farolluz.py2 import urlopen
32 from farolluz.renderer import render as render_cvrf 30 from farolluz.renderer import render as render_cvrf
33 from farolluz.utils import utcnow 31 from farolluz.utils import utcnow
34 32
35 from flask import Flask, request, render_template, redirect, url_for, flash, abort 33 from flask import Flask, request, render_template, redirect, url_for, flash
36 from werkzeug import secure_filename 34 from werkzeug import secure_filename
37 35
36 from .document import document
38 from .session import get_current, set_current, has_current, del_current, document_required 37 from .session import get_current, set_current, has_current, del_current, document_required
39 from .vulnerability import vulnerability 38 from .vulnerability import vulnerability
40 from .producttree import producttree 39 from .producttree import producttree
41 from .proxy import ReverseProxied 40 from .proxy import ReverseProxied
42 41
43 app = Flask(__name__, instance_relative_config=True) 42 app = Flask(__name__, instance_relative_config=True)
44 app.config.from_object('farol.config.Config') 43 app.config.from_object('farol.config.Config')
45 app.config.from_pyfile('farol.cfg', silent=True) 44 app.config.from_pyfile('farol.cfg', silent=True)
46 45
46 app.register_blueprint(document, url_prefix='/document')
47 app.register_blueprint(vulnerability, url_prefix='/vulnerability') 47 app.register_blueprint(vulnerability, url_prefix='/vulnerability')
48 app.register_blueprint(producttree, url_prefix='/producttree') 48 app.register_blueprint(producttree, url_prefix='/producttree')
49 49
50 app.wsgi_app = ReverseProxied(app.wsgi_app) 50 app.wsgi_app = ReverseProxied(app.wsgi_app)
51 51
81 81
82 @app.template_filter('secure_filename') 82 @app.template_filter('secure_filename')
83 def makeId(string): 83 def makeId(string):
84 return secure_filename(string) 84 return secure_filename(string)
85 85
86 @app.route('/')
87 def welcome():
88 return render_template('welcome.j2')
89
86 @app.route('/new', methods=['GET', 'POST']) 90 @app.route('/new', methods=['GET', 'POST'])
87 def new(): 91 def new():
88 if request.method != 'POST': 92 if request.method != 'POST':
89 return render_template('new.j2', has_document=has_current(), now=utcnow()) 93 return render_template('new.j2', has_document=has_current(), now=utcnow())
90 94
102 os.remove(fpath) 106 os.remove(fpath)
103 elif 'text' in request.form: 107 elif 'text' in request.form:
104 set_current(parse(request.form['text'].encode('utf-8'))) 108 set_current(parse(request.form['text'].encode('utf-8')))
105 else: 109 else:
106 set_current(CVRF(request.form['title'], request.form['type'])) 110 set_current(CVRF(request.form['title'], request.form['type']))
107 return redirect(url_for('document')) 111 return redirect(url_for('document.view'))
108
109 @app.route('/')
110 @document_required
111 def document():
112 cvrf = get_current()
113 return render_template('doc.j2', cvrf=cvrf)
114
115 @app.route('/title/edit', methods=['GET', 'POST'])
116 @document_required
117 def edit_title():
118 if request.method != 'POST':
119 return render_template('edit_title.j2', title = get_current()._title, _type = get_current()._type)
120
121
122 get_current()._title = request.form['title']
123 get_current()._type = request.form['type']
124 return redirect(url_for('document'))
125
126 @app.route('/publisher/edit', methods=['GET', 'POST'])
127 @document_required
128 def edit_publisher():
129 if request.method != 'POST':
130 return render_template('edit_publisher.j2', publisher = get_current()._publisher or CVRFPublisher(''), types=CVRFPublisher.TYPES)
131
132 publisher = CVRFPublisher(request.form['type'], request.form['vendorid'] or None)
133 publisher.setContact(request.form['contact'] or None)
134 publisher.setAuthority(request.form['authority'] or None)
135 get_current().setPublisher(publisher)
136 return redirect(url_for('document'))
137
138 @app.route('/tracking/edit', methods=['GET', 'POST'])
139 @document_required
140 def edit_tracking():
141 wasNone = False
142 tracking = get_current()._tracking
143 if tracking is None:
144 wasNone = True
145 tracking = CVRFTracking(CVRFTrackingID(''), 'Draft', (0,), utcnow(), utcnow())
146 generator = tracking._generator
147 if not tracking._generator:
148 generator = CVRFGenerator()
149 if request.method != 'POST':
150 return render_template('edit_tracking.j2', tracking=tracking, version='.'.join('%s'%v for v in tracking._version), generator=generator, now=utcnow(), statuses=tracking.STATUSES)
151
152 tracking._identification._id = request.form['id']
153 aliases = []
154 if request.form['id_aliases']:
155 aliases = [a.strip() for a in request.form['id_aliases'].split(',')]
156 tracking._identification._aliases = aliases
157 tracking._status = request.form['status']
158 tracking._version = parseVersion(request.form['version'])
159 tracking._initialDate = parseDate(request.form['initial'])
160 tracking._currentDate = parseDate(request.form['current'])
161 if wasNone:
162 get_current().setTracking(tracking)
163 if (not request.form['gen_engine']) and (not request.form['gen_date']):
164 generator = None
165 else:
166 generator._engine = request.form['gen_engine'] or None
167 if request.form['gen_date']:
168 generator._date = parseDate(request.form['gen_date'])
169 else:
170 generator._date = None
171 tracking.setGenerator(generator)
172 return redirect(url_for('document'))
173
174 @app.route('/revision/<int:index>/edit', methods=['GET', 'POST'])
175 @document_required
176 def edit_revision(index):
177 cvrf = get_current()
178 if cvrf._tracking is None:
179 abort(404)
180 try:
181 revision = cvrf._tracking._history[index]
182 except IndexError:
183 abort(404)
184 if request.method != 'POST':
185 return render_template('edit_revision.j2', number='.'.join('%s'%v for v in revision._number), date=revision._date, description=revision._description, action='Update')
186
187 revision._number = parseVersion(request.form['number'])
188 revision._date = parseDate(request.form['date'])
189 revision._description = request.form['description']
190 return redirect(url_for('document'))
191
192 @app.route('/revision/add', methods=['GET', 'POST'])
193 @document_required
194 def add_revision():
195 tracking = get_current()._tracking
196 if request.method != 'POST':
197 version = tracking._version
198 version = version[:-1] + (version[-1] + 1,)
199 return render_template('edit_revision.j2', number='.'.join("%d"%v for v in version), date=utcnow(), action='Add')
200
201 version = parseVersion(request.form['number'])
202 date = parseDate(request.form['date'])
203 revision = CVRFRevision(version, date, request.form['description'])
204 tracking.addRevision(revision)
205 if 'update_tracking' in request.form:
206 tracking._version = version
207 tracking._currentDate = date
208 return redirect(url_for('document'))
209
210 @app.route('/distribution/edit', methods=['GET', 'POST'])
211 @document_required
212 def edit_distribution():
213 if request.method != 'POST':
214 return render_template('edit_distribution.j2', distribution=get_current()._distribution)
215
216 get_current().setDistribution(request.form['distribution'])
217 return redirect(url_for('document'))
218
219 @app.route('/severity/edit', methods=['GET', 'POST'])
220 @document_required
221 def edit_severity():
222 severity = get_current()._aggregateseverity
223 if severity is None:
224 severity = CVRFAggregateSeverity('')
225 if request.method != 'POST':
226 return render_template('edit_severity.j2', severity=severity)
227 if not request.form['severity']:
228 severity = None
229 else:
230 severity._severity = request.form['severity']
231 severity.setNamespace(request.form['namespace'] or None)
232 get_current().setAggregateSeverity(severity)
233 return redirect(url_for('document'))
234
235 @app.route('/note/<int:ordinal>')
236 @document_required
237 def view_note(ordinal):
238 note = get_current().getNote(ordinal)
239 if note is None:
240 abort(404)
241 return render_template('view_note.j2', note=note)
242
243 @app.route('/note/<int:ordinal>/edit', methods=['GET', 'POST'])
244 @document_required
245 def edit_note(ordinal):
246 note = get_current().getNote(ordinal)
247 if note is None:
248 abort(404)
249 if request.method != 'POST':
250 return render_template('edit_note.j2', note=note, types = note.TYPES)
251
252 note._type = request.form['type']
253 note._ordinal = int(request.form['ordinal'])
254 note._note = request.form['note']
255 note._title = request.form['title'] or None
256 note._audience = request.form['audience'] or None
257 return redirect(url_for('view_note', ordinal=note._ordinal ))
258
259
260 @app.route('/note/add', methods=['GET', 'POST'])
261 @document_required
262 def add_note():
263 if request.method != 'POST':
264 next_ordinal = 1
265 notes = get_current()._notes
266 if notes:
267 next_ordinal = notes[-1]._ordinal + 1
268 return render_template('edit_note.j2', ordinal=next_ordinal, types=CVRFNote.TYPES, action='Add')
269
270 title = None
271 audience = None
272 title = request.form['title'] or None
273 audience = request.form['audience'] or None
274
275 note = CVRFNote(request.form['type'], int(request.form['ordinal']), request.form['note'], title, audience)
276 get_current().addNote(note)
277 return redirect(url_for('document'))
278
279 @app.route('/reference/<int:index>/edit', methods=['GET', 'POST'])
280 @document_required
281 def edit_reference(index):
282 try:
283 ref = get_current()._references[index]
284 except IndexError:
285 abort(404)
286 if request.method != 'POST':
287 return render_template('edit_reference.j2', _type=ref._type, url=ref._url, description=ref._description, types=('',) + ref.TYPES)
288
289 ref._type = request.form['type'] or None
290 ref._url = request.form['url']
291 ref._description = request.form['description']
292 return redirect(url_for('document'))
293
294
295 @app.route('/reference/add', methods=['GET', 'POST'])
296 @document_required
297 def add_reference():
298 if request.method != 'POST':
299 return render_template('edit_reference.j2', action='Add', types=('',) + CVRFReference.TYPES)
300
301 ref = CVRFReference(request.form['url'], request.form['description'], request.form['type'] or None)
302 get_current().addReference(ref)
303 return redirect(url_for('document'))
304
305 @app.route('/acknowledgment/<int:index>')
306 @document_required
307 def view_acknowledgment(index):
308 try:
309 ack = get_current()._acknowledgments[index]
310 except IndexError:
311 abort(404)
312 return render_template('view_acknowledgment.j2', acknowledgment=ack, index=index, action='Update')
313
314 @app.route('/acknowledgment/<int:index>/edit', methods=['GET', 'POST'])
315 @document_required
316 def edit_acknowledgment(index):
317 try:
318 ack = get_current()._acknowledgments[index]
319 except IndexError:
320 abort(404)
321 if request.method != 'POST':
322 return render_template('edit_acknowledgment.j2', name=ack._name, organization=ack._organization, description=ack._description, url=ack._url, action='Update')
323
324 ack._name = request.form['name'] or None
325 ack._organization = request.form['organization'] or None
326 ack._description = request.form['description'] or None
327 ack._url = request.form['url'] or None
328 return redirect(url_for('document'))
329
330 @app.route('/acknowledgment/add', methods=['GET', 'POST'])
331 @document_required
332 def add_acknowledgment():
333 if request.method != 'POST':
334 return render_template('edit_acknowledgment.j2', action='Add')
335
336 ack = CVRFAcknowledgment()
337 ack._name = request.form['name'] or None
338 ack._organization = request.form['organization'] or None
339 ack._description = request.form['description'] or None
340 ack._url = request.form['url'] or None
341 get_current().addAcknowledgment(ack)
342 return redirect(url_for('document'))
343
344 112
345 @app.route('/render/<format_>') 113 @app.route('/render/<format_>')
346 @document_required 114 @document_required
347 def render(format_): 115 def render(format_):
348 cvrf = get_current() 116 cvrf = get_current()
378 with open(fpath, 'rt') as f: 146 with open(fpath, 'rt') as f:
379 set_current(parse(f)) 147 set_current(parse(f))
380 os.remove(fpath) 148 os.remove(fpath)
381 flash('"%s" has been removed from cache' % element) 149 flash('"%s" has been removed from cache' % element)
382 # Get some kind of id, and load the file. 150 # Get some kind of id, and load the file.
383 return redirect(url_for('document')) 151 return redirect(url_for('document.view'))
384 152
385 @app.route('/about') 153 @app.route('/about')
386 def about(): 154 def about():
387 return render_template('about.j2', instance_dir=app.instance_path) 155 return render_template('about.j2', instance_dir=app.instance_path)
388 156
http://farol.wald.intevation.org