anoopmb
/
frappe
1
0
Çatalla 0
Kod Konular 0 Değişiklik İstekleri 0 Sürümler 0 Wiki Aktivite
25'ten fazla konu seçemezsiniz Konular bir harf veya rakamla başlamalı, kısa çizgiler ('-') içerebilir ve en fazla 35 karakter uzunluğunda olabilir.
30568 İşleme
1 Dal
314 MiB
 
 
 
 
 
 
Ağaç: 1133f40dd2
Dallar Biçim İmleri
${ item.name }
${ searchTerm } dalı oluştur
'1133f40dd2'den
${ noResults }
frappe/frappe/handler.py

228 satır
6.4 KiB
Ham Suçlama Geçmiş 

  1. # Copyright (c) 2015, Frappe Technologies Pvt. Ltd. and Contributors

  2. # MIT License. See license.txt

  3. 

  4. from __future__ import unicode_literals

  5. import frappe

  6. from frappe import _

  7. import frappe.utils

  8. import frappe.sessions

  9. import frappe.desk.form.run_method

  10. from frappe.utils.response import build_response

  11. from frappe.api import validate_auth

  12. from frappe.utils import cint

  13. from frappe.core.doctype.server_script.server_script_utils import run_server_script_api

  14. from werkzeug.wrappers import Response

  15. from six import string_types

  16. 

  17. ALLOWED_MIMETYPES = ('image/png', 'image/jpeg', 'application/pdf', 'application/msword',

  18. 			'application/vnd.openxmlformats-officedocument.wordprocessingml.document',

  19. 			'application/vnd.ms-excel', 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',

  20. 			'application/vnd.oasis.opendocument.text', 'application/vnd.oasis.opendocument.spreadsheet')

  21. 

  22. 

  23. def handle():

  24. 	"""handle request"""

  25. 	validate_auth()

  26. 	cmd = frappe.local.form_dict.cmd

  27. 	data = None

  28. 

  29. 	if cmd!='login':

  30. 		data = execute_cmd(cmd)

  31. 

  32. 	# data can be an empty string or list which are valid responses

  33. 	if data is not None:

  34. 		if isinstance(data, Response):

  35. 			# method returns a response object, pass it on

  36. 			return data

  37. 

  38. 		# add the response to `message` label

  39. 		frappe.response['message'] = data

  40. 

  41. 	return build_response("json")

  42. 

  43. def execute_cmd(cmd, from_async=False):

  44. 	"""execute a request as python module"""

  45. 	for hook in frappe.get_hooks("override_whitelisted_methods", {}).get(cmd, []):

  46. 		# override using the first hook

  47. 		cmd = hook

  48. 		break

  49. 

  50. 	# via server script

  51. 	if run_server_script_api(cmd):

  52. 		return None

  53. 

  54. 	try:

  55. 		method = get_attr(cmd)

  56. 	except Exception as e:

  57. 		if frappe.local.conf.developer_mode:

  58. 			raise e

  59. 		else:

  60. 			frappe.respond_as_web_page(title='Invalid Method', html='Method not found',

  61. 			indicator_color='red', http_status_code=404)

  62. 		return

  63. 

  64. 	if from_async:

  65. 		method = method.queue

  66. 

  67. 	is_whitelisted(method)

  68. 	is_valid_http_method(method)

  69. 

  70. 	return frappe.call(method, **frappe.form_dict)

  71. 

  72. def is_valid_http_method(method):

  73. 	http_method = frappe.local.request.method

  74. 

  75. 	if http_method not in frappe.allowed_http_methods_for_whitelisted_func[method]:

  76. 		frappe.throw(_("Not permitted"), frappe.PermissionError)

  77. 

  78. def is_whitelisted(method):

  79. 	# check if whitelisted

  80. 	if frappe.session['user'] == 'Guest':

  81. 		if (method not in frappe.guest_methods):

  82. 			frappe.throw(_("Not permitted"), frappe.PermissionError)

  83. 

  84. 		if method not in frappe.xss_safe_methods:

  85. 			# strictly sanitize form_dict

  86. 			# escapes html characters like <> except for predefined tags like a, b, ul etc.

  87. 			for key, value in frappe.form_dict.items():

  88. 				if isinstance(value, string_types):

  89. 					frappe.form_dict[key] = frappe.utils.sanitize_html(value)

  90. 

  91. 	else:

  92. 		if not method in frappe.whitelisted:

  93. 			frappe.throw(_("Not permitted"), frappe.PermissionError)

  94. 

  95. @frappe.whitelist(allow_guest=True)

  96. def version():

  97. 	return frappe.__version__

  98. 

  99. @frappe.whitelist()

  100. def runserverobj(method, docs=None, dt=None, dn=None, arg=None, args=None):

  101. 	frappe.desk.form.run_method.runserverobj(method, docs=docs, dt=dt, dn=dn, arg=arg, args=args)

  102. 

  103. @frappe.whitelist(allow_guest=True)

  104. def logout():

  105. 	frappe.local.login_manager.logout()

  106. 	frappe.db.commit()

  107. 

  108. @frappe.whitelist(allow_guest=True)

  109. def web_logout():

  110. 	frappe.local.login_manager.logout()

  111. 	frappe.db.commit()

  112. 	frappe.respond_as_web_page(_("Logged Out"), _("You have been successfully logged out"),

  113. 		indicator_color='green')

  114. 

  115. @frappe.whitelist(allow_guest=True)

  116. def run_custom_method(doctype, name, custom_method):

  117. 	"""cmd=run_custom_method&doctype={doctype}&name={name}&custom_method={custom_method}"""

  118. 	doc = frappe.get_doc(doctype, name)

  119. 	if getattr(doc, custom_method, frappe._dict()).is_whitelisted:

  120. 		frappe.call(getattr(doc, custom_method), **frappe.local.form_dict)

  121. 	else:

  122. 		frappe.throw(_("Not permitted"), frappe.PermissionError)

  123. 

  124. @frappe.whitelist()

  125. def uploadfile():

  126. 	ret = None

  127. 

  128. 	try:

  129. 		if frappe.form_dict.get('from_form'):

  130. 			try:

  131. 				ret = frappe.get_doc({

  132. 					"doctype": "File",

  133. 					"attached_to_name": frappe.form_dict.docname,

  134. 					"attached_to_doctype": frappe.form_dict.doctype,

  135. 					"attached_to_field": frappe.form_dict.docfield,

  136. 					"file_url": frappe.form_dict.file_url,

  137. 					"file_name": frappe.form_dict.filename,

  138. 					"is_private": frappe.utils.cint(frappe.form_dict.is_private),

  139. 					"content": frappe.form_dict.filedata,

  140. 					"decode": True

  141. 				})

  142. 				ret.save()

  143. 			except frappe.DuplicateEntryError:

  144. 				# ignore pass

  145. 				ret = None

  146. 				frappe.db.rollback()

  147. 		else:

  148. 			if frappe.form_dict.get('method'):

  149. 				method = frappe.get_attr(frappe.form_dict.method)

  150. 				is_whitelisted(method)

  151. 				ret = method()

  152. 	except Exception:

  153. 		frappe.errprint(frappe.utils.get_traceback())

  154. 		frappe.response['http_status_code'] = 500

  155. 		ret = None

  156. 

  157. 	return ret

  158. 

  159. @frappe.whitelist(allow_guest=True)

  160. def upload_file():

  161. 	user = None

  162. 	if frappe.session.user == 'Guest':

  163. 		if frappe.get_system_settings('allow_guests_to_upload_files'):

  164. 			ignore_permissions = True

  165. 		else:

  166. 			return

  167. 	else:

  168. 		user = frappe.get_doc("User", frappe.session.user)

  169. 		ignore_permissions = False

  170. 

  171. 	files = frappe.request.files

  172. 	is_private = frappe.form_dict.is_private

  173. 	doctype = frappe.form_dict.doctype

  174. 	docname = frappe.form_dict.docname

  175. 	fieldname = frappe.form_dict.fieldname

  176. 	file_url = frappe.form_dict.file_url

  177. 	folder = frappe.form_dict.folder or 'Home'

  178. 	method = frappe.form_dict.method

  179. 	content = None

  180. 	filename = None

  181. 

  182. 	if 'file' in files:

  183. 		file = files['file']

  184. 		content = file.stream.read()

  185. 		filename = file.filename

  186. 

  187. 	frappe.local.uploaded_file = content

  188. 	frappe.local.uploaded_filename = filename

  189. 

  190. 	if frappe.session.user == 'Guest' or (user and not user.has_desk_access()):

  191. 		import mimetypes

  192. 		filetype = mimetypes.guess_type(filename)[0]

  193. 		if filetype not in ALLOWED_MIMETYPES:

  194. 			frappe.throw(_("You can only upload JPG, PNG, PDF, or Microsoft documents."))

  195. 

  196. 	if method:

  197. 		method = frappe.get_attr(method)

  198. 		is_whitelisted(method)

  199. 		return method()

  200. 	else:

  201. 		ret = frappe.get_doc({

  202. 			"doctype": "File",

  203. 			"attached_to_doctype": doctype,

  204. 			"attached_to_name": docname,

  205. 			"attached_to_field": fieldname,

  206. 			"folder": folder,

  207. 			"file_name": filename,

  208. 			"file_url": file_url,

  209. 			"is_private": cint(is_private),

  210. 			"content": content

  211. 		})

  212. 		ret.save(ignore_permissions=ignore_permissions)

  213. 		return ret

  214. 

  215. 

  216. def get_attr(cmd):

  217. 	"""get method object from cmd"""

  218. 	if '.' in cmd:

  219. 		method = frappe.get_attr(cmd)

  220. 	else:

  221. 		method = globals()[cmd]

  222. 	frappe.log("method:" + cmd)

  223. 	return method

  224. 

  225. @frappe.whitelist(allow_guest = True)

  226. def ping():

  227. 	return "pong"