IntrospectionTool.py 15.7 KB
Newer Older
1
# -*- coding: utf-8 -*-
Ivan Tyagov's avatar
Ivan Tyagov committed
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29
##############################################################################
#
# Copyright (c) 2006 Nexedi SARL and Contributors. All Rights Reserved.
#                    Ivan Tyagov <ivan@nexedi.com>
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsability of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# garantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
#
##############################################################################

30 31
import os
import tempfile
Ivan Tyagov's avatar
Ivan Tyagov committed
32
from AccessControl import ClassSecurityInfo
33
from Products.ERP5Type.Globals import InitializeClass, DTMLFile
Jean-Paul Smets's avatar
Jean-Paul Smets committed
34
from Products.CMFCore.utils import getToolByName
Ivan Tyagov's avatar
Ivan Tyagov committed
35 36 37
from Products.ERP5Type.Tool.BaseTool import BaseTool
from Products.ERP5Type import Permissions
from AccessControl.SecurityManagement import setSecurityManager
Ivan Tyagov's avatar
Ivan Tyagov committed
38
from Products.ERP5 import _dtmldir
Rafael Monnerat's avatar
Rafael Monnerat committed
39
from Products.ERP5.Tool.LogMixin import LogMixin
40
from Products.ERP5Type.Utils import _setSuperSecurityManager
41
from App.config import getConfiguration
42 43
from AccessControl import Unauthorized
from Products.ERP5Type.Cache import CachingMethod
44
from Products.ERP5Type import tarfile
Ivan Tyagov's avatar
Ivan Tyagov committed
45

Jean-Paul Smets's avatar
Jean-Paul Smets committed
46 47
_MARKER = []

Rafael Monnerat's avatar
Rafael Monnerat committed
48
class IntrospectionTool(LogMixin, BaseTool):
Ivan Tyagov's avatar
Ivan Tyagov committed
49
  """
Jean-Paul Smets's avatar
Jean-Paul Smets committed
50
    This tool provides both local and remote introspection.
Ivan Tyagov's avatar
Ivan Tyagov committed
51 52 53 54 55 56 57 58 59 60 61 62
  """

  id = 'portal_introspections'
  title = 'Introspection Tool'
  meta_type = 'ERP5 Introspection Tool'
  portal_type = 'Introspection Tool'

  security = ClassSecurityInfo()

  security.declareProtected(Permissions.ManagePortal, 'manage_overview')
  manage_overview = DTMLFile('explainIntrospectionTool', _dtmldir )

63 64 65
  #
  #   Remote menu management
  #
Jérome Perrin's avatar
Jérome Perrin committed
66 67
  security.declareProtected(Permissions.AccessContentsInformation,
                            'getFilteredActionDict')
Jean-Paul Smets's avatar
Jean-Paul Smets committed
68
  def getFilteredActionDict(self, user_name=_MARKER):
Ivan Tyagov's avatar
Ivan Tyagov committed
69 70 71 72
    """
      Returns menu items for a given user
    """
    portal = self.getPortalObject()
Jean-Paul Smets's avatar
Jean-Paul Smets committed
73 74 75
    is_portal_manager = getToolByName(portal, 
      'portal_membership').checkPermission(Permissions.ManagePortal, self)
    downgrade_authenticated_user = user_name is not _MARKER and is_portal_manager
Ivan Tyagov's avatar
Ivan Tyagov committed
76 77
    if downgrade_authenticated_user:
      # downgrade to desired user
78
      original_security_manager = _setSuperSecurityManager(self, user_name)
Ivan Tyagov's avatar
Ivan Tyagov committed
79 80

    # call the method implementing it
Jean-Paul Smets's avatar
Jean-Paul Smets committed
81
    erp5_menu_dict = getToolByName(portal, 'portal_actions').listFilteredActionsFor(portal)
Ivan Tyagov's avatar
Ivan Tyagov committed
82 83 84 85 86

    if downgrade_authenticated_user:
      # restore original Security Manager
      setSecurityManager(original_security_manager)

Jean-Paul Smets's avatar
Jean-Paul Smets committed
87 88 89 90 91 92
    # Unlazyfy URLs and other lazy values so that it can be marshalled
    result = {}
    for key, action_list in erp5_menu_dict.items():
      result[key] = map(lambda action:dict(action), action_list)

    return result
Ivan Tyagov's avatar
Ivan Tyagov committed
93

Jérome Perrin's avatar
Jérome Perrin committed
94 95
  security.declareProtected(Permissions.AccessContentsInformation,
                           'getModuleItemList')
96 97
  def getModuleItemList(self, user_name=_MARKER):
    """
98
      Returns module items for a given user
99 100 101 102 103 104 105
    """
    portal = self.getPortalObject()
    is_portal_manager = getToolByName(portal, 
      'portal_membership').checkPermission(Permissions.ManagePortal, self)
    downgrade_authenticated_user = user_name is not _MARKER and is_portal_manager
    if downgrade_authenticated_user:
      # downgrade to desired user
106
      original_security_manager = _setSuperSecurityManager(self, user_name)
107 108 109 110 111 112 113 114 115 116

    # call the method implementing it
    erp5_module_list = portal.ERP5Site_getModuleItemList()

    if downgrade_authenticated_user:
      # restore original Security Manager
      setSecurityManager(original_security_manager)

    return erp5_module_list

117 118 119
  #
  #   Local file access
  #
120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197
  def _getLocalFile(self, REQUEST, RESPONSE, file_path, 
                         tmp_file_path='/tmp/', compressed=1):
    """
      It should return the local file compacted as tar.gz.
    """
    if file_path.startswith('/'):
      raise IOError, 'The file path must be relative not absolute'
    instance_home = getConfiguration().instancehome
    file_path = os.path.join(instance_home, file_path)
    if not os.path.exists(file_path):
      raise IOError, 'The file: %s does not exist.' % file_path

    if compressed:
      tmp_file_path = tempfile.mktemp(dir=tmp_file_path)
      tmp_file = tarfile.open(tmp_file_path,"w:gz")
      tmp_file.add(file_path)
      tmp_file.close()
      RESPONSE.setHeader('Content-type', 'application/x-tar')
    else:
      tmp_file_path = file_path

    f = open(tmp_file_path)
    try:
      RESPONSE.setHeader('Content-Length', os.stat(tmp_file_path).st_size)
      RESPONSE.setHeader('Content-Disposition', \
                 'attachment;filename="%s.tar.gz"' % file_path.split('/')[-1])
      for data in f:
        RESPONSE.write(data)
    finally:
      f.close()

    if compressed:
      os.remove(tmp_file_path)

    return ''

  security.declareProtected(Permissions.ManagePortal, 'getAccessLog')
  def getAccessLog(self,  compressed=1, REQUEST=None):
    """
      Get the Access Log.
    """
    if REQUEST is not None:
      response = REQUEST.RESPONSE
    else:
      return "FAILED"

    return self._getLocalFile(REQUEST, response, 
                               file_path='log/Z2.log', 
                               compressed=1) 

  security.declareProtected(Permissions.ManagePortal, 'getAccessLog')
  def getEventLog(self,  compressed=1, REQUEST=None):
    """
      Get the Access Log.
    """
    if REQUEST is not None:
      response = REQUEST.RESPONSE
    else:
      return "FAILED"

    return self._getLocalFile(REQUEST, response,
                               file_path='log/event.log',
                               compressed=1)

  security.declareProtected(Permissions.ManagePortal, 'getAccessLog')
  def getDataFs(self,  compressed=1, REQUEST=None):
    """
      Get the Access Log.
    """
    if REQUEST is not None:
      response = REQUEST.RESPONSE
    else:
      return "FAILED"

    return self._getLocalFile(REQUEST, response,
                               file_path='var/Data.fs',
                               compressed=1)

198 199 200
  #
  #   Instance variable definition access
  #
201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234
  security.declareProtected(Permissions.ManagePortal, '_loadExternalConfig')
  def _loadExternalConfig(self):
    """
      Load configuration from one external file, this configuration 
      should be set for security reasons to prevent people access 
      forbidden areas in the system.
    """
    def cached_loadExternalConfig():
      import ConfigParser
      config = ConfigParser.ConfigParser()
      config.readfp(open('/etc/erp5.cfg'))
      return config     

    cached_loadExternalConfig = CachingMethod(cached_loadExternalConfig,
                                id='IntrospectionTool__loadExternalConfig',
                                cache_factory='erp5_content_long')
    return  cached_loadExternalConfig()

  security.declareProtected(Permissions.ManagePortal, '_getZopeConfigurationFile')
  def _getZopeConfigurationFile(self, relative_path="", mode="r"):
    """
     Get a configuration file from the instance using relative path
    """
    if ".." in relative_path or relative_path.startswith("/"):
      raise Unauthorized("In Relative Path, you cannot use .. or startwith / for security reason.")

    instance_home = getConfiguration().instancehome
    file_path = os.path.join(instance_home, relative_path)
    if not os.path.exists(file_path):
      raise IOError, 'The file: %s does not exist.' % file_path

    return open(file_path, mode)
    

235 236 237 238 239 240 241 242
  security.declareProtected(Permissions.ManagePortal, 'getSoftwareHome')
  def getSoftwareHome(self):
    """
      EXPERIMENTAL - DEVELOPMENT

      Get the value of SOFTWARE_HOME for zopectl startup script
      or from zope.conf (whichever is most relevant)
    """
243
    return getConfiguration().softwarehome
244 245

  security.declareProtected(Permissions.ManagePortal, 'setSoftwareHome')
246
  def setSoftwareHome(self, relative_path):
247 248 249 250 251 252 253 254 255 256 257 258
    """
      EXPERIMENTAL - DEVELOPMENT

      Set the value of SOFTWARE_HOME for zopectl startup script
      or from zope.conf (whichever is most relevant)

      Rationale: multiple versions of ERP5 / Zope can be present
      at the same time on the same system

      WARNING: the list of possible path should be protected 
      if possible (ex. /etc/erp5/software_home)
    """
259 260
    config = self._loadExternalConfig()
    allowed_path_list = config.get("main", "zopehome").split("\n")
261 262
    base_zope_path = config.get("base", "base_zope_path").split("\n")
    path = "%s/%s/lib/python" % (base_zope_path,relative_path)
263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283
  
    if path not in allowed_path_list:
      raise Unauthorized("You are setting one Unauthorized path as Zope Home.")

    config_file = self._getZopeConfigurationFile("bin/zopectl")
    new_file_list = []
    for line in config_file:
      if line.startswith("SOFTWARE_HOME="):
        # Only comment the line, so it can easily reverted 
        new_file_list.append("#%s" % (line))
        new_file_list.append('SOFTWARE_HOME="%s"\n' % (path))
      else:
        new_file_list.append(line)

    config_file.close()

    # reopen file for write
    config_file = self._getZopeConfigurationFile("bin/zopectl", "w")
    config_file.write("".join(new_file_list))
    config_file.close()
    return 
284 285 286 287 288 289 290

  security.declareProtected(Permissions.ManagePortal, 'getPythonExecutable')
  def getPythonExecutable(self):
    """
      Get the value of PYTHON for zopectl startup script
      or from zope.conf (whichever is most relevant)
    """
291 292 293 294 295 296 297 298 299
    config_file = self._getZopeConfigurationFile("bin/zopectl")
    new_file_list = []
    for line in config_file:
      if line.startswith("PYTHON="):
        return line.replace("PYTHON=","")

    # Not possible get configuration from the zopecl
    return None
    
300 301 302 303 304 305 306 307 308 309 310
  security.declareProtected(Permissions.ManagePortal, 'setPythonExecutable')
  def setPythonExecutable(self, path):
    """
      Set the value of PYTHON for zopectl startup script
      or from zope.conf (whichever is most relevant)

      Rationale: some day Zope will no longer use python2.4

      WARNING: the list of possible path should be protected 
      if possible (ex. /etc/erp5/python)
    """
311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335
    config = self._loadExternalConfig()
    allowed_path_list = config.get("main", "python").split("\n")

    if path not in allowed_path_list:
      raise Unauthorized("You are setting one Unauthorized path as Python.")

    config_file = self._getZopeConfigurationFile("bin/zopectl")
    new_file_list = []
    for line in config_file:
      if line.startswith("PYTHON="):
        # Only comment the line, so it can easily reverted 
        new_file_list.append("#%s" % (line))
        new_file_list.append('PYTHON="%s"\n' % (path))
      else:
        new_file_list.append(line)

    config_file.close()    
    # reopen file for write
    config_file = self._getZopeConfigurationFile("bin/zopectl", "w")
    config_file.write("".join(new_file_list))
    config_file.close()
    return 

  security.declareProtected(Permissions.ManagePortal, 'getProductPathList')
  def getProductPathList(self):
336 337 338 339
    """
      Get the value of SOFTWARE_HOME for zopectl startup script
      or from zope.conf (whichever is most relevant)
    """
340
    return getConfiguration().products
341

342
  security.declareProtected(Permissions.ManagePortal, 'setProductPath')
343
  def setProductPath(self, relative_path):
344 345 346 347 348 349 350
    """
      Set the value of SOFTWARE_HOME for zopectl startup script
      or from zope.conf (whichever is most relevant)

      Rationale: multiple versions of Products can be present
      on the same system

351 352 353
      relative_path is usually defined by a number of release 
       (ex. 5.4.2)

354
      WARNING: the list of possible path should be protected 
355
      if possible (ex. /etc/erp5/product)
356
    """
357 358
    config = self._loadExternalConfig()
    allowed_path_list = config.get("main", "products").split("\n")
359 360 361 362
    base_product_path_list = config.get("base", "base_product_path").split("\n")
    if len(base_product_path_list) == 0:
      raise Unauthorized(
             "base_product_path_list is not defined into configuration.")
363

364
    base_product_path = base_product_path_list[0]
365
    path = base_product_path + relative_path
366

367 368 369 370 371
    if path not in allowed_path_list:
      raise Unauthorized(
               "You are setting one Unauthorized path as Product Path (%s)." \
               % (path))

372 373
    if path not in allowed_path_list:
      raise Unauthorized("You are setting one Unauthorized path as Product Path.")
374 375 376 377 378

    config_file = self._getZopeConfigurationFile("etc/zope.conf")
    new_file_list = []
    for line in config_file:
      new_line = line
379
      if line.strip(" ").startswith("products %s" % (base_product_path)):
380
        # Only comment the line, so it can easily reverted 
381
        new_line = "#%s" % (line)
382
      new_file_list.append(new_line)
383 384
    # Append the new line.
    new_file_list.append("products %s\n" % (path))
385 386 387 388 389 390 391
    config_file.close()    

    # reopen file for write
    config_file = self._getZopeConfigurationFile("etc/zope.conf", "w")
    config_file.write("".join(new_file_list))
    config_file.close()
    return 
392 393 394 395 396 397 398 399 400 401 402 403

  security.declareProtected(Permissions.ManagePortal, 'updateSVNProductList')
  def updateSVNProductList(self, path_list, revision=None):
    """
      Allow developers to create local products from the SVN
      in order to play with recent versions of the system

      Rationale: we can not do more than that or we take too
      much risks for security. Large projects should simply use
      buildout installer (server level) and build a complex custom
      software home or product home
    """
404 405 406
    # XXX (rafael) it better use (and extend if needed) the portal_subversions.
    if self.getSystemSignatureDict()["pysvn"] is None:
      raise 
407
    raise NotImplementedError 
408 409 410 411

  #
  #   Library signature
  #
412
  # XXX this function can be cached to prevent disk access.
413 414 415 416 417 418 419 420
  security.declareProtected(Permissions.ManagePortal, 'getSystemSignatureDict')
  def getSystemSignatureDict(self):
    """
      Returns a dictionnary with all versions of installed libraries

      {
         'python': '2.4.3'
       , 'pysvn': '1.2.3'
421
       , 'ERP5' : "5.4.3"       
422
      }
423 424
      NOTE: consider using autoconf / automake tools ?
    """
425 426
    def tuple_to_format_str(t):
       return '.'.join([str(i) for i in t])
427 428 429 430
    from Products import ERP5 as erp5_product
    erp5_product_path =  erp5_product.__file__.split("/")[:-1]
    erp5_version = open("/".join((erp5_product_path) + ["VERSION.txt"])).read().strip()
    zope_version = open(getConfiguration().softwarehome + "/version.txt").read().strip()
431

432 433 434 435 436 437 438 439 440 441 442
    from sys import version_info
    # Get only x.x.x numbers.
    py_version = tuple_to_format_str(version_info)
    try:
      import pysvn
      # Convert tuple to x.x.x format
      pysvn_version =  tuple_to_format_str(pysvn.version)
    except:
      pysvn_version = None
    
    return {
443 444 445 446
            "python" : py_version , 
            "pysvn"  : pysvn_version ,
            "erp5"   : erp5_version.replace("ERP5 ", ""),
            "zope"   : zope_version.replace("Zope ", "")
447
           }
448

Ivan Tyagov's avatar
Ivan Tyagov committed
449
InitializeClass(IntrospectionTool)