anoopmb
/
frappe
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
34266 Commits
1 Branch
314 MiB
 
 
 
 
 
 
Tree: 816dd709f4
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '816dd709f4'
${ noResults }
frappe/frappe/handler.py

267 lines
6.9 KiB
Raw Blame History 

  1. # Copyright (c) 2015, Frappe Technologies Pvt. Ltd. and Contributors

  2. # License: MIT. See LICENSE

  3. 

  4. from werkzeug.wrappers import Response

  5. 

  6. import frappe

  7. import frappe.utils

  8. import frappe.sessions

  9. from frappe.utils import cint

  10. from frappe import _, is_whitelisted

  11. from frappe.utils.response import build_response

  12. from frappe.utils.csvutils import build_csv_response

  13. from frappe.utils.image import optimize_image

  14. from mimetypes import guess_type

  15. from frappe.core.doctype.server_script.server_script_utils import run_server_script_api

  16. 

  17. 

  18. ALLOWED_MIMETYPES = ('image/png', 'image/jpeg', 'application/pdf', 'application/msword',

  19. 			'application/vnd.openxmlformats-officedocument.wordprocessingml.document',

  20. 			'application/vnd.ms-excel', 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',

  21. 			'application/vnd.oasis.opendocument.text', 'application/vnd.oasis.opendocument.spreadsheet')

  22. 

  23. 

  24. def handle():

  25. 	"""handle request"""

  26. 

  27. 	cmd = frappe.local.form_dict.cmd

  28. 	data = None

  29. 

  30. 	if cmd!='login':

  31. 		data = execute_cmd(cmd)

  32. 

  33. 	# data can be an empty string or list which are valid responses

  34. 	if data is not None:

  35. 		if isinstance(data, Response):

  36. 			# method returns a response object, pass it on

  37. 			return data

  38. 

  39. 		# add the response to `message` label

  40. 		frappe.response['message'] = data

  41. 

  42. 	return build_response("json")

  43. 

  44. def execute_cmd(cmd, from_async=False):

  45. 	"""execute a request as python module"""

  46. 	for hook in frappe.get_hooks("override_whitelisted_methods", {}).get(cmd, []):

  47. 		# override using the first hook

  48. 		cmd = hook

  49. 		break

  50. 

  51. 	# via server script

  52. 	if run_server_script_api(cmd):

  53. 		return None

  54. 

  55. 	try:

  56. 		method = get_attr(cmd)

  57. 	except Exception as e:

  58. 		frappe.throw(_('Failed to get method for command {0} with {1}').format(cmd, e))

  59. 

  60. 	if from_async:

  61. 		method = method.queue

  62. 

  63. 	if method != run_doc_method:

  64. 		is_whitelisted(method)

  65. 		is_valid_http_method(method)

  66. 

  67. 	return frappe.call(method, **frappe.form_dict)

  68. 

  69. def is_valid_http_method(method):

  70. 	http_method = frappe.local.request.method

  71. 

  72. 	if http_method not in frappe.allowed_http_methods_for_whitelisted_func[method]:

  73. 		throw_permission_error()

  74. 

  75. def throw_permission_error():

  76. 	frappe.throw(_("Not permitted"), frappe.PermissionError)

  77. 

  78. @frappe.whitelist(allow_guest=True)

  79. def version():

  80. 	return frappe.__version__

  81. 

  82. @frappe.whitelist(allow_guest=True)

  83. def logout():

  84. 	frappe.local.login_manager.logout()

  85. 	frappe.db.commit()

  86. 

  87. @frappe.whitelist(allow_guest=True)

  88. def web_logout():

  89. 	frappe.local.login_manager.logout()

  90. 	frappe.db.commit()

  91. 	frappe.respond_as_web_page(_("Logged Out"), _("You have been successfully logged out"),

  92. 		indicator_color='green')

  93. 

  94. @frappe.whitelist()

  95. def uploadfile():

  96. 	ret = None

  97. 

  98. 	try:

  99. 		if frappe.form_dict.get('from_form'):

  100. 			try:

  101. 				ret = frappe.get_doc({

  102. 					"doctype": "File",

  103. 					"attached_to_name": frappe.form_dict.docname,

  104. 					"attached_to_doctype": frappe.form_dict.doctype,

  105. 					"attached_to_field": frappe.form_dict.docfield,

  106. 					"file_url": frappe.form_dict.file_url,

  107. 					"file_name": frappe.form_dict.filename,

  108. 					"is_private": frappe.utils.cint(frappe.form_dict.is_private),

  109. 					"content": frappe.form_dict.filedata,

  110. 					"decode": True

  111. 				})

  112. 				ret.save()

  113. 			except frappe.DuplicateEntryError:

  114. 				# ignore pass

  115. 				ret = None

  116. 				frappe.db.rollback()

  117. 		else:

  118. 			if frappe.form_dict.get('method'):

  119. 				method = frappe.get_attr(frappe.form_dict.method)

  120. 				is_whitelisted(method)

  121. 				ret = method()

  122. 	except Exception:

  123. 		frappe.errprint(frappe.utils.get_traceback())

  124. 		frappe.response['http_status_code'] = 500

  125. 		ret = None

  126. 

  127. 	return ret

  128. 

  129. @frappe.whitelist(allow_guest=True)

  130. def upload_file():

  131. 	user = None

  132. 	if frappe.session.user == 'Guest':

  133. 		if frappe.get_system_settings('allow_guests_to_upload_files'):

  134. 			ignore_permissions = True

  135. 		else:

  136. 			return

  137. 	else:

  138. 		user = frappe.get_doc("User", frappe.session.user)

  139. 		ignore_permissions = False

  140. 

  141. 	files = frappe.request.files

  142. 	is_private = frappe.form_dict.is_private

  143. 	doctype = frappe.form_dict.doctype

  144. 	docname = frappe.form_dict.docname

  145. 	fieldname = frappe.form_dict.fieldname

  146. 	file_url = frappe.form_dict.file_url

  147. 	folder = frappe.form_dict.folder or 'Home'

  148. 	method = frappe.form_dict.method

  149. 	filename = frappe.form_dict.file_name

  150. 	optimize = frappe.form_dict.optimize

  151. 	content = None

  152. 

  153. 	if 'file' in files:

  154. 		file = files['file']

  155. 		content = file.stream.read()

  156. 		filename = file.filename

  157. 

  158. 		content_type = guess_type(filename)[0]

  159. 		if optimize and content_type.startswith("image/"):

  160. 			args = {

  161. 				"content": content,

  162. 				"content_type": content_type

  163. 			}

  164. 			if frappe.form_dict.max_width:

  165. 				args["max_width"] = int(frappe.form_dict.max_width)

  166. 			if frappe.form_dict.max_height:

  167. 				args["max_height"] = int(frappe.form_dict.max_height)

  168. 			content = optimize_image(**args)

  169. 

  170. 	frappe.local.uploaded_file = content

  171. 	frappe.local.uploaded_filename = filename

  172. 

  173. 	if not file_url and (frappe.session.user == "Guest" or (user and not user.has_desk_access())):

  174. 		filetype = guess_type(filename)[0]

  175. 		if filetype not in ALLOWED_MIMETYPES:

  176. 			frappe.throw(_("You can only upload JPG, PNG, PDF, or Microsoft documents."))

  177. 

  178. 	if method:

  179. 		method = frappe.get_attr(method)

  180. 		is_whitelisted(method)

  181. 		return method()

  182. 	else:

  183. 		ret = frappe.get_doc({

  184. 			"doctype": "File",

  185. 			"attached_to_doctype": doctype,

  186. 			"attached_to_name": docname,

  187. 			"attached_to_field": fieldname,

  188. 			"folder": folder,

  189. 			"file_name": filename,

  190. 			"file_url": file_url,

  191. 			"is_private": cint(is_private),

  192. 			"content": content

  193. 		})

  194. 		ret.save(ignore_permissions=ignore_permissions)

  195. 		return ret

  196. 

  197. 

  198. def get_attr(cmd):

  199. 	"""get method object from cmd"""

  200. 	if '.' in cmd:

  201. 		method = frappe.get_attr(cmd)

  202. 	else:

  203. 		method = globals()[cmd]

  204. 	frappe.log("method:" + cmd)

  205. 	return method

  206. 

  207. @frappe.whitelist(allow_guest=True)

  208. def ping():

  209. 	return "pong"

  210. 

  211. 

  212. def run_doc_method(method, docs=None, dt=None, dn=None, arg=None, args=None):

  213. 	"""run a whitelisted controller method"""

  214. 	import json

  215. 	import inspect

  216. 

  217. 	if not args:

  218. 		args = arg or ""

  219. 

  220. 	if dt: # not called from a doctype (from a page)

  221. 		if not dn:

  222. 			dn = dt # single

  223. 		doc = frappe.get_doc(dt, dn)

  224. 

  225. 	else:

  226. 		doc = frappe.get_doc(json.loads(docs))

  227. 		doc._original_modified = doc.modified

  228. 		doc.check_if_latest()

  229. 

  230. 	if not doc or not doc.has_permission("read"):

  231. 		throw_permission_error()

  232. 

  233. 	try:

  234. 		args = json.loads(args)

  235. 	except ValueError:

  236. 		args = args

  237. 

  238. 	method_obj = getattr(doc, method)

  239. 	fn = getattr(method_obj, '__func__', method_obj)

  240. 	is_whitelisted(fn)

  241. 	is_valid_http_method(fn)

  242. 

  243. 	fnargs = inspect.getfullargspec(method_obj).args

  244. 

  245. 	if not fnargs or (len(fnargs)==1 and fnargs[0]=="self"):

  246. 		response = doc.run_method(method)

  247. 

  248. 	elif "args" in fnargs or not isinstance(args, dict):

  249. 		response = doc.run_method(method, args)

  250. 

  251. 	else:

  252. 		response = doc.run_method(method, **args)

  253. 

  254. 	frappe.response.docs.append(doc)

  255. 	if not response:

  256. 		return

  257. 

  258. 	# build output as csv

  259. 	if cint(frappe.form_dict.get('as_csv')):

  260. 		build_csv_response(response, doc.doctype.replace(' ', ''))

  261. 		return

  262. 

  263. 	frappe.response['message'] = response

  264. 

  265. # for backwards compatibility

  266. runserverobj = run_doc_method