Author: humbedooh
Date: Fri Mar 20 22:27:29 2015
New Revision: 1668171
URL: http://svn.apache.org/r1668171
Log:
Some updates:
- rearrange some auth checks and JSON grabs, so we can lock off the admin
section
- add auth example to httpd.conf
- add email config to steve.cfg
Modified:
steve/trunk/pytest/httpd.conf
steve/trunk/pytest/steve.cfg
steve/trunk/pytest/www/cgi-bin/rest_admin.py
steve/trunk/pytest/www/cgi-bin/rest_voter.py
steve/trunk/pytest/www/htdocs/edit_election.html
steve/trunk/pytest/www/htdocs/js/steve_rest.js
Modified: steve/trunk/pytest/httpd.conf
URL:
http://svn.apache.org/viewvc/steve/trunk/pytest/httpd.conf?rev=1668171&r1=1668170&r2=1668171&view=diff
==============================================================================
--- steve/trunk/pytest/httpd.conf (original)
+++ steve/trunk/pytest/httpd.conf Fri Mar 20 22:27:29 2015
@@ -19,4 +19,13 @@ ScriptAlias /steve/voter /home/voter/pyt
ScriptAlias /steve/ballot /home/voter/pytest/www/cgi-bin/html_ballot.py
ScriptAlias /steve/election /home/voter/pytest/www/cgi-bin/html_election.py
+<Location /steve/admin>
+ AuthType Basic
+ AuthName "STeVe administration"
+
+ AuthBasicProvider file
+ AuthUserFile /home/voter/.htpasswd
+ Require valid-user
+</Location>
+
</VirtualHost>
Modified: steve/trunk/pytest/steve.cfg
URL:
http://svn.apache.org/viewvc/steve/trunk/pytest/steve.cfg?rev=1668171&r1=1668170&r2=1668171&view=diff
==============================================================================
--- steve/trunk/pytest/steve.cfg (original)
+++ steve/trunk/pytest/steve.cfg Fri Mar 20 22:27:29 2015
@@ -6,3 +6,9 @@ homedir: /home/voter
admin: 5
chairman: 4
monitorperson: 3
+
+
+[email]
+sender: [email protected]
+signature: Apache STEVe
+mta: localhost
Modified: steve/trunk/pytest/www/cgi-bin/rest_admin.py
URL:
http://svn.apache.org/viewvc/steve/trunk/pytest/www/cgi-bin/rest_admin.py?rev=1668171&r1=1668170&r2=1668171&view=diff
==============================================================================
--- steve/trunk/pytest/www/cgi-bin/rest_admin.py (original)
+++ steve/trunk/pytest/www/cgi-bin/rest_admin.py Fri Mar 20 22:27:29 2015
@@ -22,7 +22,8 @@ if sys.hexversion < 0x03000000:
else:
import configparser
version = 3
-
+from os import listdir
+from os.path import isdir, isfile
path = os.path.abspath(os.getcwd())
sys.path.append(path)
@@ -59,7 +60,7 @@ else:
l.pop(0)
action = l[0]
election = l[1] if len(l) > 1 else None
-
+
# Set up new election?
if action == "setup":
@@ -325,6 +326,39 @@ else:
response.respond(500, {'message': "Could not edit
issue: %s" % err})
else:
response.respond(403, {'message': 'You do not have enough
karma for this'})
+ elif action == "view" and karma >= 3:
+ # View a list of issues for an election
+ if election:
+ js = []
+ elpath = os.path.join(homedir, "issues", election)
+ if os.path.isdir(elpath):
+ basedata = {}
+ try:
+ with open(elpath + "/basedata.json", "r") as f:
+ basedata = json.loads(f.read())
+ f.close()
+ issues = [ f for f in listdir(elpath) if
os.path.isfile(os.path.join(elpath,f)) and f != "basedata.json" and f !=
"voters.json" and f.endswith(".json")]
+ for issue in issues:
+ try:
+ with open(elpath + "/" + issue, "r") as f:
+ entry = json.loads(f.read())
+ f.close()
+ entry['id'] = issue.strip(".json")
+ entry['APIURL'] =
"https://%s/steve/voter/view/%s/%s"; % (os.environ['SERVER_NAME'], election,
issue.strip(".json"))
+ entry['prettyURL'] =
"https://%s/steve/ballot?%s/%s"; % (os.environ['SERVER_NAME'], election,
issue.strip(".json"))
+ js.append(entry)
+ except Exception as err:
+ response.respond(500, {'message': 'Could not
load issues: %s' % err})
+ except Exception as err:
+ response.respond(500, {'message': 'Could not load base
data: %s' % err})
+ if 'hash' in basedata:
+ del basedata['hash']
+ response.respond(200, {'base_data': basedata, 'issues':
js, 'baseurl': "https://%s/steve/election?%s"; % (os.environ['SERVER_NAME'],
election)})
+ else:
+ response.respond(404, {'message': 'No such election'})
+ else:
+ response.respond(404, {'message': 'No such election'})
+
else:
response.respond(400, {'message': "No (or invalid) action
supplied"})
else:
Modified: steve/trunk/pytest/www/cgi-bin/rest_voter.py
URL:
http://svn.apache.org/viewvc/steve/trunk/pytest/www/cgi-bin/rest_voter.py?rev=1668171&r1=1668170&r2=1668171&view=diff
==============================================================================
--- steve/trunk/pytest/www/cgi-bin/rest_voter.py (original)
+++ steve/trunk/pytest/www/cgi-bin/rest_voter.py Fri Mar 20 22:27:29 2015
@@ -44,6 +44,11 @@ form = cgi.FieldStorage();
from lib import response, voter
+whoami = os.environ['REMOTE_USER'] if 'REMOTE_USER' in os.environ else None
+karma = 0
+if whoami and config.has_option("karma", whoami):
+ karma = int(config.get("karma", whoami))
+
# Figure out what to do and where
if pathinfo:
l = pathinfo.split("/")
@@ -54,8 +59,9 @@ if pathinfo:
issue = l[2] if len(l) > 2 else None
voterid = form.getvalue('uid')
- if not voterid:
+ if not voterid and karma < 3:
response.respond(403, {'message': "Voter UID missing"})
+
elif action == "view":
# View a list of issues for an election
if election and not issue:
@@ -67,6 +73,8 @@ if pathinfo:
with open(elpath + "/basedata.json", "r") as f:
basedata = json.loads(f.read())
f.close()
+ if karma < 3 and not voter.get(election, basedata,
voterid):
+ raise Exception("Invalid voter ID presented")
issues = [ f for f in listdir(elpath) if
os.path.isfile(os.path.join(elpath,f)) and f != "basedata.json" and f !=
"voters.json" and f.endswith(".json")]
for issue in issues:
try:
@@ -91,9 +99,16 @@ if pathinfo:
# View a speficic issue
elif election and issue:
js = []
+ elpath = os.path.join(homedir, "issues", election)
issuepath = os.path.join(homedir, "issues", election, issue)
if os.path.isfile(issuepath + ".json"):
+ basedata = {}
try:
+ with open(elpath + "/basedata.json", "r") as f:
+ basedata = json.loads(f.read())
+ f.close()
+ if karma < 3 and not voter.get(election, basedata,
voterid):
+ raise Exception("Invalid voter ID presented")
with open(issuepath + ".json", "r") as f:
entry = json.loads(f.read())
f.close()
Modified: steve/trunk/pytest/www/htdocs/edit_election.html
URL:
http://svn.apache.org/viewvc/steve/trunk/pytest/www/htdocs/edit_election.html?rev=1668171&r1=1668170&r2=1668171&view=diff
==============================================================================
--- steve/trunk/pytest/www/htdocs/edit_election.html (original)
+++ steve/trunk/pytest/www/htdocs/edit_election.html Fri Mar 20 22:27:29 2015
@@ -8,7 +8,7 @@
<script src="js/jquery-ui.js" type="text/javascript"></script>
<title>Edit election</title>
</head>
-<body onload="window.setTimeout(loadElectionData, 1000);">
+<body onload="window.setTimeout(loadAdminElectionData, 1000);">
<div id="popups"></div>
<p style="text-align: center;">
<img src="/images/steve_logo.png"/>
Modified: steve/trunk/pytest/www/htdocs/js/steve_rest.js
URL:
http://svn.apache.org/viewvc/steve/trunk/pytest/www/htdocs/js/steve_rest.js?rev=1668171&r1=1668170&r2=1668171&view=diff
==============================================================================
--- steve/trunk/pytest/www/htdocs/js/steve_rest.js (original)
+++ steve/trunk/pytest/www/htdocs/js/steve_rest.js Fri Mar 20 22:27:29 2015
@@ -136,6 +136,12 @@ function loadElectionData(election) {
getJSON("/steve/voter/view/" + election, election, renderEditElection)
}
+
+function loadAdminElectionData(election) {
+ election = election ? election : document.location.search.substr(1);
+ getJSON("/steve/admin/view/" + election, election, renderEditElection)
+}
+
function changeSTVType(type) {
if (type == "yna") {
document.getElementById('yna').style.display = "block";
@@ -310,7 +316,7 @@ function renderElectionBulk(response, el
// details
if (issue.hasVoted) {
- outer.setAttribute("style", "background:
linear-gradient(to bottom, #d8d8d8 0%,#aaaaaa 100%);")
+ outer.setAttribute("style", "margin-bottom:
15px; background: linear-gradient(to bottom, #d8d8d8 0%,#aaaaaa 100%);")
outer.setAttribute("title", "Notice: You have
already voted once on this issue")
} else {
outer.setAttribute("title", "You have not yet
voted on this issue");
