Merge branch 'v1.0' of git://gitorious.org/pipelet/pipelet into v1.0

f947e7a8 · Betoule Marc · b5a7a6bd · 75dddf8f · f947e7a8 · f947e7a8
Commit f947e7a8 authored Jan 16, 2011 by Betoule Marc
9 changed files
--- a/README.org
+++ b/README.org
--- a/org.css
+++ b/org.css
@@ -55,7 +55,7 @@
  pre {
 	border: 1px solid #555;
 	background: #EEEEEE;
-	font-size: 9pt;
+	font-size: 11pt;
 	padding: 1em;
  }


--- a/pipelet/auth.py
+++ b/pipelet/auth.py
-# Form based authentication for CherryPy. Requires the
-# Session tool to be loaded.
-#
+""" Simple authentication for pipeweb.
+"""

 import cherrypy
 import sqlite3
-def read_access(func):
-    """ Decorator to set read only access to a web page (cherrypy web function)

-    Parameters
-    ----------
-    func: web function
+def check_access(auth_type, access_level):
+    """ Check whether user has sufficient access rights.
+
+    Depending on the configuration passed through auth_type:
+    - grant access without verification
+    - check the access level of an otherwise authenticated user
+    - perform Basic http authentication and check access rights
+    - perform Digest http authentication and check access rights
+    Parameters:
+    -----------
+    auth_type: either 'None', 'ACL', 'Basic', 'Digest'
+    access_level: the required access level.
    """
-    return cherrypy.tools.digest_auth(realm="pipeweb",users=lambda: get_credentials(1))(func)
+    realm = "pipeweb"
+    if auth_type == 'None':
+        #No autorization check required
+        return True

-def write_access(func):
-    """ Decorator to set read only accessto a web page (cherrypy web function)
+    if not 'authorization' in cherrypy.request.headers:
+        return False
+    
+    ah = cherrypy.lib.httpauth.parseAuthorization(cherrypy.request.headers['authorization'])
+    if ah is None:
+        raise cherrypy.HTTPError(400, 'Bad Request')

-    Parameters
-    ----------
-    func: web function
-    """
-    return cherrypy.tools.digest_auth(realm="pipeweb",users=lambda: get_credentials(2))(func)
+    dic = get_credentials(access_level)
+    
+    if auth_type == 'ACL':
+        #Check that otherwise authenticated user has the required
+        #access level
+        if ah['username'] in dic.keys():
+            return True
+        else:
+            return False    
+    password = dic.get(ah["username"], None)
+    encrypt = lambda x:x
+    if cherrypy.lib.httpauth.checkResponse(ah, password, method=cherrypy.request.method,
+                              encrypt=encrypt, realm=realm):
+        cherrypy.request.login = ah["username"]
+        return True
+    
+    cherrypy.request.login = False
+
+    return False

 def get_credentials(access_level=1):
    """ Get users/passwd from pipe data base. 
@@ -49,6 +76,36 @@ def get_credentials(access_level=1):
        conn.close()
    return dic

+
+def ask_auth(auth_type):
+    realm = "pipeweb"
+    if auth_type == "Basic":
+        cherrypy.response.headers['www-authenticate'] = cherrypy.lib.httpauth.basicAuth(realm)
+    elif auth_type == "Digest":
+        cherrypy.response.headers['www-authenticate'] = cherrypy.lib.httpauth.digestAuth(realm)
+
+
+def read_access(auth_type="Digest"):
+    """ Require read only access on a web page
+    """
+    if check_access (auth_type, 1):
+        return
+    ask_auth(auth_type)
+    raise cherrypy.HTTPError(401, "You are not authorized to access that resource") 
+
+def write_access(auth_type="Digest"):
+    """ Require write accessto a web page
+    """
+    if check_access (auth_type, 2):
+        return
+    ask_auth(auth_type)
+    raise cherrypy.HTTPError(401, "You are not authorized to access that resource") 
+
+# Making this module a custom cherrypy toolbox
+pipeauth = cherrypy._cptools.Toolbox('pipeauth')
+pipeauth.read_access = cherrypy.Tool('on_start_resource', read_access)
+pipeauth.write_access = cherrypy.Tool('on_start_resource', write_access)
+
 def acl_setup(db_file):
    """ Set user/passwd table in pipe database.
    

--- a/pipelet/web.py
+++ b/pipelet/web.py
@@ -23,7 +23,8 @@ current_dir = os.path.dirname(os.path.abspath(__file__))
 from glob import glob
 import shutil
 from cherrypy.lib.static import serve_file
-from auth import read_access, write_access
+#from auth import read_access, write_access
+import auth
 import re
 import pickle

@@ -103,7 +104,7 @@ class Web:
        return list(set(lst))

    @cherrypy.expose
-    @write_access
+    @auth.pipeauth.write_access()
    def addtag (self, segid, tag):
        """ Add new tag to the database
        
@@ -147,7 +148,7 @@ class Web:
                r = pickle.dump(d,f)

    @cherrypy.expose
-    @write_access
+    @auth.pipeauth.write_access()
    def deltag (self, tag):
        """ Delete tag from the database

@@ -196,7 +197,7 @@ class Web:


    @cherrypy.expose
-    @read_access
+    @auth.pipeauth.read_access()
    def filter (self, tag=None, date=None):
        """ Print the pipeline instances matching tag and date.
        
@@ -229,7 +230,7 @@ class Web:
        return html

    @cherrypy.expose
-    @read_access
+    @auth.pipeauth.read_access()
    def index(self, highlight=None, thumbnail=None):
        """ Pipeline instances tree view

@@ -239,7 +240,6 @@ class Web:
        ---------- 
        highlight: list of segid (optional), filter the printed seg by segid.
        """
-
        conn = sqlite3.connect(self.db_file,check_same_thread=True)
        conn.text_factory=str
        # get all instances
@@ -356,7 +356,7 @@ class Web:
        return html
    
    @cherrypy.expose
-    @read_access
+    @auth.pipeauth.read_access()
    def product(self, segid=None, status=None):
        """ Products index.
        
@@ -468,7 +468,7 @@ class Web:


    @cherrypy.expose
-    @read_access
+    @auth.pipeauth.read_access()
    def code(self, segid=None):
        """ Segment's files index. 
        
@@ -559,7 +559,7 @@ class Web:


    @cherrypy.expose
-    @write_access
+    @auth.pipeauth.write_access()
    def del_lst_seg(self, seglist):
        """ Delete a pipeline instance. 

@@ -586,7 +586,7 @@ class Web:

    
    @cherrypy.expose
-    @write_access
+    @auth.pipeauth.write_access()
    def del_lst_prod(self, segid, taskid):
        """ Delete recursively a list of products. 

@@ -611,7 +611,7 @@ class Web:
        raise cherrypy.HTTPRedirect('/'+self.name+'/',303)

    @cherrypy.expose
-    @read_access
+    @auth.pipeauth.read_access()
    def pipedir(self, segid=None, directory=None):
        """ Print the content of a directory. 

@@ -660,7 +660,7 @@ class Web:


    @cherrypy.expose
-    @read_access
+    @auth.pipeauth.read_access()
    def log(self, logdir):
        """ Print the content of the log directory. 
        """
@@ -674,14 +674,14 @@ class Web:
        return html

    @cherrypy.expose
-    @read_access
+    @auth.pipeauth.read_access()
    def serve_log(self, filename):
        """ Print the content of the log file.
        """
        return serve_file(filename, content_type='text/plain', disposition="inline")

    @cherrypy.expose
-    @write_access
+    @auth.pipeauth.write_access()
    def delete_log(self, logdir):
        """ Delete the content of the log directory.
        """
@@ -706,7 +706,7 @@ class Web:
            return filepath
        
    @cherrypy.expose
-    @read_access
+    @auth.pipeauth.read_access()
    def download(self, segid=None, filepath=None):
        """ Download a file.
        
@@ -805,7 +805,10 @@ def start(config, config_file):
    from cherrypy.process.plugins import Daemonizer, PIDFile
    cherrypy.config.update(config)
    cherrypy.config.update(config_file)
-    cherrypy.tree.mount(PipeIndex(),"",config)
+    app = cherrypy.tree.mount(PipeIndex(),"",config)
+    if hasattr(app, 'toolboxes'):
+        # CherryPy 3.1+
+        app.toolboxes['pipeauth'] = auth.pipeauth
    d = Daemonizer(cherrypy.engine)
    d.subscribe()
    p = PIDFile(cherrypy.engine, config['global']['server.pidfile'])
@@ -880,6 +883,9 @@ def main():
    parser.add_option('-a', '--access-file',
                      help='Logging file for access when run in daemon mode',
                      default=os.path.expanduser('~/pipelet.access'))
+    parser.add_option('-A', '--authentication-type',
+                      help='What kind of authentication is performed by cherrypy, can be one of ["Digest", "Basic", "ACL", "None"]',
+                      default="Digest")
    parser.add_option('-i', '--pid-file',
                      help='Store the pid in daemon mode',
                      default=os.path.expanduser('~/pipelet.pid'))
@@ -895,21 +901,29 @@ def main():
                        'log.screen':False, 
                        'log.error_file': options.error_file,
                        'log.access_file':options.access_file,
-                        'server.pidfile':options.pid_file}
+                        'server.pidfile':options.pid_file,
+                        'pipeauth.read_access.auth_type':options.authentication_type,
+                        'pipeauth.write_access.auth_type':options.authentication_type}
              }
    
    if options.no_daemon:
        config['global']['log.screen'] = True
        cherrypy.config.update(config)
        cherrypy.config.update(options.config_file)
-        cherrypy.tree.mount(PipeIndex(),"",config)
+        app = cherrypy.tree.mount(PipeIndex(),"",config)
+        if hasattr(app, 'toolboxes'):
+            # CherryPy 3.1+
+            app.toolboxes['pipeauth'] = auth.pipeauth
        cherrypy.engine.start()
        cherrypy.engine.block()
        exit(0)
    if options.krenew:
        cherrypy.config.update(config)
        cherrypy.config.update(options.config_file)
-        cherrypy.tree.mount(PipeIndex(),"",config)
+        app = cherrypy.tree.mount(PipeIndex(),"",config)
+        if hasattr(app, 'toolboxes'):
+            # CherryPy 3.1+
+            app.toolboxes['pipeauth'] = auth.pipeauth
        cherrypy.engine.start()
        cherrypy.engine.block()
        exit(0)

--- a/scripts/pipeweb_autostart.cgi
+++ b/scripts/pipeweb_autostart.cgi
+#!/usr/bin/python
+print "Content-type: text/html\r\n"
+print """<html><head><META HTTP-EQUIV="Refresh" CONTENT="1; URL=/"></head><body>Restarting site ...<a href="/">click here<a></body></html>"""
+import os
+os.system('pipeweb start -H 127.0.0.1')
--- a/setup.py
+++ b/setup.py
@@ -13,5 +13,5 @@ setup(name='pipelet',
                  'pipelet.pipeline','pipelet.tracker', 'pipelet.repository', 'pipelet.launchers',
                  'pipelet.task', 'pipelet.utils', 'pipelet.web'],
      package_data={'pipelet': ['static/*']},
-      scripts=['scripts/pipeweb', 'scripts/pipeutils', 'scripts/pipeletd']
+      scripts=['scripts/pipeweb', 'scripts/pipeutils', 'scripts/pipeletd', 'scripts/pipeweb_autostart.cgi']
      )
--- a/test/multiplex/b.py
+++ b/test/multiplex/b.py
-seg_output = ['aa', 'bb']
+#seg_output = ['aa', 'bb']
+
+print seg_input
+
+seg_output = [(seg_input.values()[0], "pp")]
--- a/test/multiplex/c.py
+++ b/test/multiplex/c.py

-#multiplex cross_prod group_by "b=='aa'"
+#multiplex cross_prod where 'b[0]==a'
 print seg_input


--- a/test/multiplex/main.py
+++ b/test/multiplex/main.py
@@ -12,6 +12,7 @@ b-> c;
 P = pipeline.Pipeline(pipedot, code_dir='./', prefix='./')

 P.push(a=[1,2,3]) 
+P.push(b=[1,2,3]) 

 W,t = launch_interactive(P, log_level=0)
 W.run()