Checkpoint checkin so Matt can take over.

lib/python/Products/Sessions/LowConflictConnection.py

+##############################################################################
+# 
+# Zope Public License (ZPL) Version 1.0
+# -------------------------------------
+# 
+# Copyright (c) Digital Creations.  All rights reserved.
+# 
+# This license has been certified as Open Source(tm).
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# 
+# 1. Redistributions in source code must retain the above copyright
+#    notice, this list of conditions, and the following disclaimer.
+# 
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions, and the following disclaimer in
+#    the documentation and/or other materials provided with the
+#    distribution.
+# 
+# 3. Digital Creations requests that attribution be given to Zope
+#    in any manner possible. Zope includes a "Powered by Zope"
+#    button that is installed by default. While it is not a license
+#    violation to remove this button, it is requested that the
+#    attribution remain. A significant investment has been put
+#    into Zope, and this effort will continue if the Zope community
+#    continues to grow. This is one way to assure that growth.
+# 
+# 4. All advertising materials and documentation mentioning
+#    features derived from or use of this software must display
+#    the following acknowledgement:
+# 
+#      "This product includes software developed by Digital Creations
+#      for use in the Z Object Publishing Environment
+#      (http://www.zope.org/)."
+# 
+#    In the event that the product being advertised includes an
+#    intact Zope distribution (with copyright and license included)
+#    then this clause is waived.
+# 
+# 5. Names associated with Zope or Digital Creations must not be used to
+#    endorse or promote products derived from this software without
+#    prior written permission from Digital Creations.
+# 
+# 6. Modified redistributions of any form whatsoever must retain
+#    the following acknowledgment:
+# 
+#      "This product includes software developed by Digital Creations
+#      for use in the Z Object Publishing Environment
+#      (http://www.zope.org/)."
+# 
+#    Intact (re-)distributions of any official Zope release do not
+#    require an external acknowledgement.
+# 
+# 7. Modifications are encouraged but must be packaged separately as
+#    patches to official Zope releases.  Distributions that do not
+#    clearly separate the patches from the original work must be clearly
+#    labeled as unofficial distributions.  Modifications which do not
+#    carry the name Zope may be packaged in any form, as long as they
+#    conform to all of the clauses above.
+# 
+# 
+# Disclaimer
+# 
+#   THIS SOFTWARE IS PROVIDED BY DIGITAL CREATIONS ``AS IS'' AND ANY
+#   EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+#   IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+#   PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL DIGITAL CREATIONS OR ITS
+#   CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+#   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+#   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+#   USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+#   ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+#   OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+#   OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+#   SUCH DAMAGE.
+# 
+# 
+# This software consists of contributions made by Digital Creations and
+# many individuals on behalf of Digital Creations.  Specific
+# attributions are listed in the accompanying credits file.
+# 
+##############################################################################
+
+from ZODB.Connection import Connection
+from ZODB.POSException import ConflictError
+from cPickle import Unpickler
+from cStringIO import StringIO
+from common import DEBUG
+
+class LowConflictConnection(Connection):
+    def setstate(self, object):
+        """
+        Unlike the 'stock' Connection class' setstate, this method
+        doesn't raise ConflictErrors.  This is potentially dangerous
+        for applications that need absolute consistency, but
+        sessioning is not one of those.
+        """
+        oid=object._p_oid
+        invalid = self._invalid
+        if invalid(None):
+            # only raise a conflict if there was
+            # a mass invalidation, but not if we see this
+            # object's oid as invalid
+            raise ConflictError, `oid`
+        p, serial = self._storage.load(oid, self._version)
+        file=StringIO(p)
+        unpickler=Unpickler(file)
+        unpickler.persistent_load=self._persistent_load
+        unpickler.load()
+        state = unpickler.load()
+        if hasattr(object, '__setstate__'):
+            object.__setstate__(state)
+        else:
+            d=object.__dict__
+            for k,v in state.items(): d[k]=v
+        object._p_serial=serial
+
+

lib/python/Products/Sessions/RAM_DB.py

+##############################################################################
+# 
+# Zope Public License (ZPL) Version 1.0
+# -------------------------------------
+# 
+# Copyright (c) Digital Creations.  All rights reserved.
+# 
+# This license has been certified as Open Source(tm).
+# 
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are
+# met:
+# 
+# 1. Redistributions in source code must retain the above copyright
+#    notice, this list of conditions, and the following disclaimer.
+# 
+# 2. Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions, and the following disclaimer in
+#    the documentation and/or other materials provided with the
+#    distribution.
+# 
+# 3. Digital Creations requests that attribution be given to Zope
+#    in any manner possible. Zope includes a "Powered by Zope"
+#    button that is installed by default. While it is not a license
+#    violation to remove this button, it is requested that the
+#    attribution remain. A significant investment has been put
+#    into Zope, and this effort will continue if the Zope community
+#    continues to grow. This is one way to assure that growth.
+# 
+# 4. All advertising materials and documentation mentioning
+#    features derived from or use of this software must display
+#    the following acknowledgement:
+# 
+#      "This product includes software developed by Digital Creations
+#      for use in the Z Object Publishing Environment
+#      (http://www.zope.org/)."
+# 
+#    In the event that the product being advertised includes an
+#    intact Zope distribution (with copyright and license included)
+#    then this clause is waived.
+# 
+# 5. Names associated with Zope or Digital Creations must not be used to
+#    endorse or promote products derived from this software without
+#    prior written permission from Digital Creations.
+# 
+# 6. Modified redistributions of any form whatsoever must retain
+#    the following acknowledgment:
+# 
+#      "This product includes software developed by Digital Creations
+#      for use in the Z Object Publishing Environment
+#      (http://www.zope.org/)."
+# 
+#    Intact (re-)distributions of any official Zope release do not
+#    require an external acknowledgement.
+# 
+# 7. Modifications are encouraged but must be packaged separately as
+#    patches to official Zope releases.  Distributions that do not
+#    clearly separate the patches from the original work must be clearly
+#    labeled as unofficial distributions.  Modifications which do not
+#    carry the name Zope may be packaged in any form, as long as they
+#    conform to all of the clauses above.
+# 
+# 
+# Disclaimer
+# 
+#   THIS SOFTWARE IS PROVIDED BY DIGITAL CREATIONS ``AS IS'' AND ANY
+#   EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+#   IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+#   PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL DIGITAL CREATIONS OR ITS
+#   CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+#   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+#   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+#   USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+#   ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+#   OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+#   OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+#   SUCH DAMAGE.
+# 
+# 
+# This software consists of contributions made by Digital Creations and
+# many individuals on behalf of Digital Creations.  Specific
+# attributions are listed in the accompanying credits file.
+# 
+##############################################################################
+"""Mounted database support
+
+$Id: RAM_DB.py,v 1.1 2001/10/31 15:36:04 chrism Exp $"""
+__version__='$Revision: 1.1 $'[11:-2]
+
+import Globals
+from ZODB.Mount import MountPoint
+import string
+import OFS
+
+class MountedRAM_DB(MountPoint, OFS.SimpleItem.Item):
+    """
+    A mounted RAM database with a basic interface for displaying the
+    reason the database did not connect.
+    """
+    icon = 'p_/broken'
+    manage_options = ({'label':'Traceback', 'action':'manage_traceback'},)
+    meta_type = 'Broken Mounted RAM Database'
+    
+    def __init__(self, id, params=None):
+        self.id = str(id)
+        MountPoint.__init__(self, path='/', params)
+        
+    manage_traceback = Globals.DTMLFile('mountfail', globals())
+
+    def _createDB(self, db = db):
+        """ Create a mounted RAM database """
+        from SessionStorage import SessionStorage
+        from ZODB.DB import DB
+        from LowConflictConnection import LowConflictConnection
+        db = DB(SessionStorage())
+        db.klass = LowConflictConnection
+        return db
+    
+    def _getMountRoot(self, root):
+        sdc = root.get('folder', None)
+        if sdc is None:
+            sdc = root['folder'] = OFS.Folder.Folder()
+        return sdc
+    
+    def mount_error_(self):
+        return self._v_connect_error
+
+

lib/python/Products/Sessions/SessionDataManager.py

+import re, time, string, sys
+import Globals
+from OFS.SimpleItem import Item
+from Acquisition import Implicit, Explicit, aq_base
+from Persistence import Persistent
+from AccessControl.Owned import Owned
+from AccessControl.Role import RoleManager
+from App.Management import Tabs
+from zLOG import LOG, WARNING
+from AccessControl import ClassSecurityInfo
+import SessionInterfaces
+from SessionPermissions import *
+from common import DEBUG
+
+BID_MGR_NAME = 'browser_id_manager'
+
+bad_path_chars_in=re.compile('[^a-zA-Z0-9-_~\,\. \/]').search
+
+class SessionDataManagerErr(Exception): pass
+
+constructSessionDataManagerForm = Globals.DTMLFile('addDataManager', globals())
+
+def constructSessionDataManager(self, id, title='', path=None)
+    """ """
+    ob = SessionDataManager(id, path, title)
+    self._setObject(id, ob)
+    if REQUEST is not None:
+        return self.manage_main(self, REQUEST, update_menu=1)
+
+class SessionDataManager(Item, Implicit, Persistent, RoleManager, Owned, Tabs):
+    """ The Zope default session data manager implementation """
+
+    meta_type = 'Session Data Manager'
+
+    manage_options=(
+        {'label': 'Settings',
+         'action':'manage_sessiondatamgr',
+         },
+        {'label': 'Security',
+         'action':'manage_access',
+         },
+        {'label': 'Ownership',
+         'action':'manage_owner'
+         },
+        )
+
+    security = ClassSecurityInfo()
+
+    security.setDefaultAccess('deny')
+    security.setPermissionDefault(CHANGE_DATAMGR_PERM, ['Manager'])
+    security.setPermissionDefault(MGMT_SCREEN_PERM, ['Manager'])
+    security.setPermissionDefault(ACCESS_CONTENTS_PERM,['Manager','Anonymous'])
+    security.setPermissionDefault(ARBITRARY_SESSIONDATA_PERM,['Manager'])
+    security.setPermissionDefault(ACCESS_SESSIONDATA_PERM,
+                                  ['Manager','Anonymous'])
+
+    icon='misc_/CoreSessionTracking/datamgr.gif'
+
+    __implements__ = (SessionInterfaces.SessionDataManagerInterface, )
+
+    manage_sessiondatamgr = Globals.DTMLFile('manageDataManager', globals())
+
+    # INTERFACE METHODS FOLLOW
+
+    security.declareProtected(ACCESS_SESSIONDATA_PERM, 'getSessionData')
+    def getSessionData(self, create=1):
+        """ """
+        key = self.getBrowserIdManager().getToken(create=create)
+        if key is not None:
+            return self._getSessionDataObject(key)
+
+    security.declareProtected(ACCESS_SESSIONDATA_PERM, 'hasSessionData')
+    def hasSessionData(self):
+        """ """
+        if self.getBrowserIdManager().getToken(create=0):
+            if self._hasSessionDataObject(key):
+                return 1
+
+    security.declareProtected(ARBITRARY_SESSIONDATA_PERM,'getSessionDataByKey')
+    def getSessionDataByKey(self, key):
+        return self._getSessionDataObjectByKey(key)
+    
+    security.declareProtected(ACCESS_CONTENTS_PERM, 'getBrowserIdManager')
+    def getBrowserIdManager(self):
+        """ """
+        mgr = getattr(self, BID_MGR_NAME, None)
+        if mgr is None:
+            raise SessionDataManagerErr,(
+                'No browser id manager named %s could be found.' % BID_MGR_NAME
+                )
+        return mgr
+
+    # END INTERFACE METHODS
+    
+    def __init__(self, id, path=None, title=''):
+        self.id = id
+        self.setContainerPath(path)
+        self.setTitle(title)
+
+    security.declareProtected(CHANGE_DATAMGR_PERM, 'manage_changeSDM')
+    def manage_changeSDM(self, title, path=None, REQUEST=None):
+        """ """
+        self.setContainerPath(path)
+        self.setTitle(title)
+        if REQUEST is not None:
+            return self.manage_sessiondatamgr(self, REQUEST)
+
+    security.declareProtected(CHANGE_DATAMGR_PERM, 'setTitle')
+    def setTitle(self, title):
+        """ """
+        if not title: self.title = ''
+        else: self.title = str(title)
+
+    security.declareProtected(CHANGE_DATAMGR_PERM, 'setContainerPath')
+    def setContainerPath(self, path=None):
+        """ """
+        if not path:
+            self.obpath = None # undefined state
+        elif type(path) is type(''):
+            if bad_path_chars_in(path):
+                raise SessionDataManagerErr, (
+                    'Container path contains characters invalid in a Zope '
+                    'object path'
+                    )
+            self.obpath = string.split(path, '/')
+        elif type(path) in (type([]), type(())):
+            self.obpath = list(path) # sequence
+        else:
+            raise SessionDataManagerErr, ('Bad path value %s' % path)
+            
+    security.declareProtected(MGMT_SCREEN_PERM, 'getContainerPath')
+    def getContainerPath(self):
+        """ """
+        if self.obpath is not None:
+            return string.join(self.obpath, '/')
+        return '' # blank string represents undefined state
+    
+    def _hasSessionDataObject(self, key):
+        """ """
+        c = self._getSessionDataContainer()
+        return c.has_key(key)
+
+    def _getSessionDataObject(self, key):
+        """ returns new or existing session data object """
+        container = self._getSessionDataContainer()
+        ob = container.new_or_existing(key)
+        return ob.__of__(self)
+
+    def _getSessionDataObjectByKey(self, key):
+        """ returns new or existing session data object """
+        container = self._getSessionDataContainer()
+        ob = container.get(key)
+        if ob is not None:
+            return ob.__of__(self)
+
+    def _getSessionDataContainer(self):
+        """ Do not cache the results of this call.  Doing so breaks the
+        transactions for mounted storages. """
+        if self.obpath is None:
+            err = 'Session data container is unspecified in %s' % self.getId()
+            if DEBUG:
+                LOG('Session Tracking', 0, err)
+            raise SessionIdManagerErr, err
+        # return an external data container
+        try:
+            # This should arguably use restrictedTraverse, but it
+            # currently fails for mounted storages.  This might
+            # be construed as a security hole, albeit a minor one.
+            # unrestrictedTraverse is also much faster.
+            if DEBUG and not hasattr(self, '_v_wrote_dc_type'):
+                args = string.join(self.obpath, '/')
+                LOG('Session Tracking', 0,
+                    'External data container at %s in use' % args)
+                self._v_wrote_dc_type = 1
+            return self.unrestrictedTraverse(self.obpath)
+        except:
+            raise SessionDataManagerErr, (
+                "External session data container '%s' not found." %
+                string.join(self.obpath,'/')
+                )
+
+            

lib/python/Products/Sessions/SessionInterfaces.py

 import Interface
 
-class BrowserIdManager(
+class BrowserIdManagerInterface(
     Interface.Base
     ):
     """
@@ -96,7 +96,7 @@ class BrowserIdManager(
         a token key namespace at the time of the call.
         """
 
-class SessionDataManager(
+class SessionDataManagerInterface(
     Interface.Base
     ):
     """
@@ -111,6 +111,8 @@ class SessionDataManager(
         """
         Returns the nearest acquirable browser id manager.
 
+        Raises SessionDataManagerErr if no browser id manager can be found.
+
         Permission required: Access session data
         """
 

lib/python/Products/Sessions/SessionPermissions.py

+CHANGE_DATAMGR_PERM = 'Change Session Data Manager'
+MGMT_SCREEN_PERM = 'View management screens'
+ACCESS_CONTENTS_PERM = 'Access contents information'
+ACCESS_SESSIONDATA_PERM = 'Access session data'
+ARBITRARY_SESSIONDATA_PERM = 'Access arbitrary user session data'
+CHANGE_IDMGR_PERM = 'Change Session Id Manager'
+MANAGE_CONTAINER_PERM = 'Manage Session Data Container'

lib/python/Products/Sessions/common.py

+import os
+DEBUG = os.environ.get('CST_DEBUG', '')

lib/python/Products/Sessions/mountfail.dtml

+<HTML><HEAD><TITLE>Mount Failure Traceback</TITLE>
+</HEAD>
+<BODY BGCOLOR="#FFFFFF" LINK="#000099" VLINK="#555555">
+<dtml-var manage_tabs>
+
+<h3>Mount Failure Traceback</h3>
+
+<dtml-let exc=mount_error_>
+<dtml-if exc>
+<strong>Error type:</strong> <dtml-var "exc[0]" html_quote><br>
+<strong>Error value:</strong> <dtml-var "exc[1]" html_quote><br>
+<pre>
+<dtml-var "exc[2]" html_quote>
+</pre>
+<dtml-else>
+Database not mounted.
+</dtml-if>
+</dtml-let>
+
+</BODY>
+</HTML>