diff --git a/modules/websubmit/lib/websubmit_engine.py b/modules/websubmit/lib/websubmit_engine.py index cfb1dac7e..3957851b2 100644 --- a/modules/websubmit/lib/websubmit_engine.py +++ b/modules/websubmit/lib/websubmit_engine.py @@ -1,1305 +1,1327 @@ ## $Id$ ## CDSware WebSubmit in mod_python. ## This file is part of the CERN Document Server Software (CDSware). ## Copyright (C) 2002 CERN. ## ## The CDSware is free software; you can redistribute it and/or ## modify it under the terms of the GNU General Public License as ## published by the Free Software Foundation; either version 2 of the ## License, or (at your option) any later version. ## ## The CDSware is distributed in the hope that it will be useful, but ## WITHOUT ANY WARRANTY; without even the implied warranty of ## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ## General Public License for more details. ## ## You should have received a copy of the GNU General Public License ## along with CDSware; if not, write to the Free Software Foundation, Inc., ## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA. ## read config variables: #include "config.wml" #include "configbis.wml" ## start Python: ## $Id$ ## DO NOT EDIT THIS FILE! IT WAS AUTOMATICALLY GENERATED FROM CDSware WML SOURCES. """CDSware Submission Web Interface.""" ## fill config variables: pylibdir = "/python" ## import interesting modules: import string import os import sys import time import types import re import MySQLdb import shutil sys.path.append('%s' % pylibdir) from cdsware.config import * from cdsware.dbquery import run_sql from cdsware.access_control_engine import acc_authorize_action from cdsware.access_control_admin import acc_isRole from cdsware.webpage import page, create_error_box from cdsware.webuser import getUid, get_email from cdsware.messages import * from mod_python import apache from cdsware.websubmit_config import * from cdsware.file import * def interface(req,c=cdsname,ln=cdslang, doctype="", act="", startPg=1, indir="", access="",mainmenu="",fromdir="",file="",nextPg="",nbPg="",curpage=1): ln = wash_language(ln) sys.stdout = req # get user ID: try: uid = getUid(req) uid_email = get_email(uid) except MySQLdb.Error, e: return errorMsg(e.value,req) # variable initialisation t = "" field = [] fieldhtml = [] level = [] fullDesc = [] text = [] check = [] select = [] radio = [] upload = [] txt = [] noPage = [] # Preliminary tasks # check that the user is logged in if uid_email == "" or uid_email == "guest": warningMsg("
Sorry, you must log in to perform this action. Please use the top right menu to do so.
",req) # check we have minimum fields if doctype=="" or act=="" or access=="": return errorMsg("invalid parameter",req) # retrieve the action and doctype data if indir == "": res = run_sql("select dir from sbmACTION where sactname=%s",(act,)) if len(res) == 0: return errorMsg("cannot find submission directory",req) else: row = res[0] indir = row[0] res = run_sql("SELECT ldocname FROM sbmDOCTYPE WHERE sdocname=%s",(doctype,)) if len(res) == 0: return errorMsg("unknown document type",req) else: docname = res[0][0] docname = string.replace(docname," "," ") res = run_sql("SELECT lactname FROM sbmACTION WHERE sactname=%s",(act,)) if len(res) == 0: return errorMsg("unknown action",req) else: actname = res[0][0] actname = string.replace(actname," "," ") subname = "%s%s" % (act,doctype) res = run_sql("SELECT nbpg FROM sbmIMPLEMENT WHERE subname=%s", (subname,)) if len(res) == 0: return errorMsg("can't figure number of pages",req) else: nbpages = res[0][0] #Get current page if startPg != "" and (curpage=="" or curpage==0): curpage = startPg # retrieve the name of the file in which the reference of # the submitted document will be stored res = run_sql("SELECT value FROM sbmPARAMETERS WHERE doctype=%s and name='edsrn'", (doctype,)) if len(res) == 0: edsrn = "" else: edsrn = res[0][0] # This defines the path to the directory containing the action data curdir = "%s/%s/%s/%s" % (storage,indir,doctype,access) # if this submission comes from another one ($fromdir is then set) # We retrieve the previous submission directory and put it in the proper one if fromdir != "": olddir = "%s/%s/%s/%s" % (storage,fromdir,doctype,access) if os.path.exists(olddir): os.rename(olddir,curdir) # If the submission directory still does not exist, we create it if not os.path.exists(curdir): try: os.makedirs(curdir) except: return errorMsg("can't create submission directory",req) # retrieve the original main menu url ans save it in the "mainmenu" file if mainmenu != "": fp = open("%s/mainmenu" % curdir,"w+") fp.write(mainmenu) fp.close() # and if the file containing the URL to the main menu exists # we retrieve it and store it in the $mainmenu variable if os.path.exists("%s/mainmenu" % curdir): fp = open("%s/mainmenu" % curdir,"r"); mainmenu = fp.read() fp.close() else: mainmenu = "%s/submit.py" %urlpath # various authentication related tasks... if uid_email != "guest" and uid_email != "": #First save the username (email address) in the SuE file. This way bibconvert will be able to use it if needed fp = open("%s/SuE" % curdir,"w+") fp.write(uid_email) fp.close() # is user authorized to perform this action? if acc_isRole("submit",doctype=doctype,act=act) and not acc_authorize_action(uid, "submit",verbose=0,doctype=doctype, act=act): return warningMsg("
Sorry, user %s does not have the right to perform this action. Try logging with another user.
" % uid_email,req) # then we update the "journal of submission" res = run_sql("SELECT * FROM sbmSUBMISSIONS WHERE doctype=%s and action=%s and id=%s and email=%s", (doctype,act,access,uid_email,)) if len(res) == 0: run_sql("INSERT INTO sbmSUBMISSIONS values (%s,%s,%s,'pending',%s,'',NOW(),NOW())", (uid_email,doctype,act,access,)) else: run_sql("UPDATE sbmSUBMISSIONS SET md=NOW() WHERE doctype=%s and action=%s and id=%s and email=%s", (doctype,act,access,uid_email,)) # Save the form fields entered in the previous submission page # If the form was sent with the GET method form = req.form value = "" # we parse all the form variables for key in form.keys(): formfields = form[key] if re.search("\[\]",key): filename = key.replace("[]","") else: filename = key # the field is an array if isinstance(formfields,types.ListType): fp = open("%s/%s" % (curdir,filename),"w+") for formfield in formfields: #stripslashes(value) value = specialchars(formfield) fp.write(value+"\n") fp.close() # the field is a normal string elif isinstance(formfields,types.StringTypes) and formfields != "": value = formfields fp = open("%s/%s" % (curdir,filename),"w+") fp.write(specialchars(value)) fp.close() # the field is a file elif hasattr(formfields,"filename"): if not os.path.exists("%s/files/%s" % (curdir,key)): try: os.makedirs("%s/files/%s" % (curdir,key)) except: return errorMsg("can't create submission directory",req) filename = formfields.filename if filename != "": # This may be dangerous if the file size is bigger than the available memory data = formfields.file.read() fp = open("%s/files/%s/%s" % (curdir,key,filename),"w") fp.write(data) fp.close() fp = open("%s/lastuploadedfile" % curdir,"w+") fp.write(filename) fp.close() fp = open("%s/%s" % (curdir,key),"w+") fp.write(filename) fp.close() # if the found field is the reference of the document # we save this value in the "journal of submissions" if uid_email != "" and uid_email != "guest": if key == edsrn: run_sql("UPDATE sbmSUBMISSIONS SET reference=%s WHERE doctype=%s and id=%s and email=%s", (value,doctype,access,uid_email,)) # Now deal with the cookies # If the fields must be saved as a cookie, we do so # In this case, the value of the field will be retrieved and # displayed as the default value of the field next time the user # does a submission if value!="": res = run_sql("SELECT cookie FROM sbmFIELDDESC WHERE name=%s", (key,)) if len(res) > 0: if res[0][0] == 1: setCookie(key,value,uid) # create interface # top menu t=t+"
" t=t+"
" t=t+" " % docname t=t+" " % actname t=t+""" \n" t=t+"\n" % (doctype,act,access,indir) t=t+"" # main cell t=t+"\n" # Display the navigation cell # Display "previous page" navigation arrows t=t+"
%s  %s  """ for i in range(1,nbpages+1): if i == int(curpage): t=t+"" % curpage else: t=t+"" % (i,i) t=t+"
   page:%s  %s   
 SUMMARY(2) 

" # display the static form fields t=t+"\n" % file t=t+"\n" % nextPg t=t+"\n" % access t=t+"\n" % curpage t=t+"\n" % nbPg t = t +"\n" % doctype t=t+"\n" % act t=t+"\n" % indir t=t+"\n" t=t+"\n" # For each field to be displayed on the page subname = "%s%s" % (act,doctype) res = run_sql("SELECT * FROM sbmFIELD WHERE subname=%s and pagenb=%s ORDER BY fieldnb,fieldnb", (subname,curpage,)) nbFields = 0 for arr in res: # We retrieve its HTML description res3 = run_sql("SELECT * FROM sbmFIELDDESC WHERE name=%s", (arr[3],)) arr3 = res3[0] # we also retrieve and add the javascript code of the checking function, if needed if arr[7] != '': res2 = run_sql("SELECT chdesc FROM sbmCHECKS WHERE chname=%s", (arr[7],)) t=t+"\n" # If the field is a textarea if arr3[3] == 'T': text="" % (arr[3],arr3[5],arr3[6],arr3[8]) # If the field is a file upload elif arr3[3] == 'F': text="" % (arr[3],arr3[4],arr3[7]); # If the field is a text input elif arr3[3] == 'I': text="" % (arr[3],arr3[4],arr3[8]) # If the field is a hidden input elif arr3[3] == 'H': text="" % (arr[3],arr3[8]) # If the field is user-defined elif arr3[3] == 'D': text=arr3[9] # If the field is a select box elif arr3[3] == 'S': text=arr3[9] # If the field is an evaluated script elif arr3[3] == 'R': text=eval(arr3[9]) # If the field type is not recognized else: text="%s: unknown field type" % arr[1] # we now determine the exact type of the created field if arr3[3] not in [ 'D','R']: field.append(arr[3]) level.append(arr[5]) fullDesc.append(arr[4]) txt.append(arr[6]) check.append(arr[7]) # If the field is not user-defined, we try to determine its type # (select, radio, file upload...) # check whether it is a select field or not if re.search("SELECT",text,re.IGNORECASE) != None: select.append(1) else: select.append(0) # checks whether it is a radio field or not if re.search("TYPE=radio",text,re.IGNORECASE) != None: radio.append(1) else: radio.append(0) # checks whether it is a file upload or not if re.search("TYPE=file",text,re.IGNORECASE) != None: upload.append(1) else: upload.append(0) # if the field description contains the "" string, replace # it by the category selected on the document page submission page combofile = "combo%s" % doctype if os.path.exists("%s/%s" % (curdir,combofile)): f = open("%s/%s" % (curdir,combofile),"r") combo = f.read() f.close() else: combo="" text = text.replace("",combo) # if there is a tag in it, replace it by the current year year = time.strftime("%Y"); text = text.replace("",year) fieldhtml.append(text) # increment the fields counter nbFields = nbFields + 1 else: #case of a user-defined field which contains multiple form fields formfields = text.split(">") for formfield in formfields: match = re.search("name=([^ <>]+)",formfield,re.IGNORECASE) if match != None: names = match.groups() for value in names: if value != "": value = re.compile("[\"']+").sub("",value) select.append(0) radio.append(0) upload.append(0) field.append(value) level.append(arr[5]) txt.append(arr[6]) level.append(arr[5]) fullDesc.append(arr[4]) txt.append(arr[6]) check.append(arr[7]) fieldhtml.append(text) nbFields = nbFields+1 # now displays the html form field(s) t+="%s\n" % fullDesc[nbFields-1] t+=text+"\n" # if there is a file upload field, we change the encoding type t=t+"
 
 
\n" if int(curpage) != 1: t=t+" \n" else: t=t+" \n" # Display the submission number t=t+" \n" % access # Display the "next page" navigation arrow if int(curpage) != int(nbpages): t=t+" \n" t=t+"
 \n" t=t+" " % (int(curpage)-1) t=t+" \"previous\n" % images t=t+" previous page Submission no(1): %s\n" t=t+" \n" % (int(curpage)+1) t=t+" next page\n" t=t+" \"next " % images else: t=t+"  
" # # # # # # # # # # # # # # # # # # # # # # # # # # Fill the fields with the previously saved values # # # # # # # # # # # # # # # # # # # # # # # # # t=t+"

""" # Display the "back to main menu" button t=t+"\n" % mainmenu t=t+"\"back

\n" % images t=t+"""
(1) you should take note of this number at the beginning of the submission, it will allow you to get your information back in case your browser crashes before the end of the submission.
""" # Add the summary window definition if needed t=t+" (2) mandatory fields appear in red in the 'Summary' window.
\n" # start display: req.content_type = "text/html" req.send_http_header() p_navtrail = "Submit > %s > %s" % (doctype,docname,actname) return page(title="" , body=t, navtrail = p_navtrail, description="", keywords="", uid=uid, language=ln, urlargs=req.args) def endaction(req,c=cdsname,ln=cdslang, doctype="", act="", startPg=1, indir="", access="",mainmenu="",fromdir="",file="",nextPg="",nbPg="",curpage=1,step=1,mode="U"): global rn,sysno,dismode,curdir,uid,uid_email,lats_step,action_score dismode = mode ln = wash_language(ln) sys.stdout = req t="" # get user ID: try: uid = getUid(req) uid_email = get_email(uid) except MySQLdb.Error, e: return errorMsg(e.value) # Preliminary tasks # check that the user is logged in if uid_email == "" or uid_email == "guest": return warningMsg("
Sorry, you must log in to perform this action. Please use the top right menu to do so.
",req,cdsname,ln) # check we have minimum fields if doctype=="" or act=="" or access=="": return errorMsg("invalid parameter",req,cdsname,ln) # retrieve the action and doctype data if indir == "": res = run_sql("select dir from sbmACTION where sactname=%s", (act,)) if len(res) == 0: return errorMsg("cannot find submission directory",req,cdsname,ln) else: row = res[0] indir = row[0] # The following words are reserved and should not be used as field names reserved_words = ["stop","file","nextPg","startPg","access","curpage","nbPg","act","indir","doctype","mode","step","deleted","file_path","userfile_name"] # This defines the path to the directory containing the action data curdir = "%s/%s/%s/%s" % (storage,indir,doctype,access) # If the submission directory still does not exist, we create it if not os.path.exists(curdir): try: os.makedirs(curdir) except: return errorMsg("can't create submission directory",req,cdsname,ln) # retrieve the original main menu url ans save it in the "mainmenu" file if mainmenu != "": fp = open("%s/mainmenu" % curdir,"w+") fp.write(mainmenu) fp.close() # and if the file containing the URL to the main menu exists # we retrieve it and store it in the $mainmenu variable if os.path.exists("%s/mainmenu" % curdir): fp = open("%s/mainmenu" % curdir,"r"); mainmenu = fp.read() fp.close() else: mainmenu = "%s/submit.py" % urlpath # retrieve the name of the file in which the reference of # the submitted document will be stored res = run_sql("SELECT value FROM sbmPARAMETERS WHERE doctype=%s and name='edsrn'",(doctype,)) if len(res) == 0: edsrn = "" else: edsrn = res[0][0] # Now we test whether the user has already completed the action and # reloaded the page (in this case we don't want the functions to be called # once again reloaded = Test_Reload(uid_email,doctype,act,access) # if the action has been completed #if reloaded: # return warningMsg(" Sorry, this action has already been completed. Please go back to the main menu to start a new action.",req) # We must determine if the action is finished (ie there is no other steps after the current one res = run_sql("SELECT step FROM sbmFUNCTIONS WHERE action=%s and doctype=%s and step > %s", (act,doctype,step,)) if len(res) == 0: finished = 1 else: finished = 0 # Save the form fields entered in the previous submission page # If the form was sent with the GET method form = req.form value = "" # we parse all the form variables for key in form.keys(): formfields = form[key] if re.search("\[\]",key): filename = key.replace("[]","") else: filename = key # the field is an array if isinstance(formfields,types.ListType): fp = open("%s/%s" % (curdir,filename),"w+") for formfield in formfields: #stripslashes(value) value = specialchars(formfield) fp.write(value+"\n") fp.close() # the field is a normal string elif isinstance(formfields,types.StringTypes) and formfields != "": value = formfields fp = open("%s/%s" % (curdir,filename),"w+") fp.write(specialchars(value)) fp.close() # the field is a file elif hasattr(formfields,"filename"): if not os.path.exists("%s/files/%s" % (curdir,key)): try: os.makedirs("%s/files/%s" % (curdir,key)) except: return errorMsg("can't create submission directory",req,cdsname,ln) filename = formfields.filename if filename != "": # This may be dangerous if the file size is bigger than the available memory data = formfields.file.read() fp = open("%s/files/%s/%s" % (curdir,key,filename),"w") fp.write(data) fp.close() fp = open("%s/lastuploadedfile" % curdir,"w+") fp.write(filename) fp.close() fp = open("%s/%s" % (curdir,key),"w+") fp.write(filename) fp.close() # if the found field is the reference of the document # we save this value in the "journal of submissions" if uid_email != "" and uid_email != "guest": if key == edsrn: run_sql("UPDATE sbmSUBMISSIONS SET reference=%s WHERE doctype=%s and id=%s and email=%s", (value,doctype,access,uid_email,)) # Now deal with the cookies # If the fields must be saved as a cookie, we do so # In this case, the value of the field will be retrieved and # displayed as the default value of the field next time the user # does a submission if value!="": res = run_sql("SELECT cookie FROM sbmFIELDDESC WHERE name=%s", (key,)) if len(res) > 0: if res[0][0] == 1: setCookie(key,value,uid) # those fields are necessary for the navigation t=t+"
\n" t=t+"\n" % file t=t+"\n" % nextPg t=t+"\n" % startPg t=t+"\n" % access t=t+"\n" % curpage t=t+"\n" % nbPg t=t+"\n" % doctype t=t+"\n" %act t=t+"\n" % indir t=t+"\n" t=t+"\n" % mainmenu # parameters for new MESS end scripts t=t+"\n" t=t+"\n" t=t+"\n" t=t+"\n" t=t+"\n" # Get document name res = run_sql("SELECT ldocname FROM sbmDOCTYPE WHERE sdocname=%s", (doctype,)) if len(res) > 0: docname = res[0][0] else: return errorMsg("unknown type of document",req,cdsname,ln) # Get action name res = run_sql("SELECT lactname FROM sbmACTION WHERE sactname=%s", (act,)) if len(res) > 0: actname = res[0][0] else: return errorMsg("unknown action",req,cdsname,ln) # Get number of pages subname = "%s%s" % (act,doctype) res = run_sql("SELECT nbpg FROM sbmIMPLEMENT WHERE subname=%s",(subname,)) if len(res) > 0: nbpages = res[0][0] else: return errorMsg("this action does not apply on this type of document",req,cdsname,ln) # Display table header t=t+"
" t=t+" " % docname t=t+" " % actname t=t+""" \n" t=t+"\n" else: for i in range(1,nbpages+1): t=t+"" % (i,i) t=t+"
%s  %s  """ if finished == 1: t=t+"
  finished!  
  %s end of action  
\n" t=t+" SUMMARY(2) \n" % (doctype,act,access,indir) t=t+"\n" # Display main cell t=t+"\n" t=t+" \n" t=t+"

\n" # we specify here whether we are in the last step of the action or not res = run_sql("SELECT step FROM sbmFUNCTIONS WHERE action=%s and doctype=%s and step>%s", (act,doctype,step,)) if len(res) == 0: last_step = 1 else: last_step = 0 # Prints the action details, returning the mandatory score action_score = action_details(doctype,act) current_level = get_level(doctype, act) # Calls all the function's actions try: t=t+print_function_calls(doctype, act, step, form) except functionError,e: return errorMsg(e.value,req) except functionStop,e: if e.value != None: t=t+e.value else: t=t+e # If the action was mandatory we propose the next mandatory action (if any) if action_score != -1 and last_step == 1: t=t+Propose_Next_Action(doctype,action_score,access,current_level,indir) # If we are in the last step of an action, we can update the "journal of submissions" if last_step == 1: if uid_email != "" and uid_email != "guest" and rn != "": res = run_sql("SELECT * FROM sbmSUBMISSIONS WHERE doctype=%s and action=%s and id=%s and email=%s", (doctype,act,access,uid_email,)) if len(res) == 0: run_sql("INSERT INTO sbmSUBMISSIONS values(%s,%s,%s,'finished',%s,%s,NOW(),NOW())", (uid_email,doctype,act,access,rn,)) else: run_sql("UPDATE sbmSUBMISSIONS SET md=NOW(),reference=%s,status='finished' WHERE doctype=%s and action=%s and id=%s and email=%s", (rn,doctype,act,access,uid_email,)) t=t+"""

""" if finished == 0: t=t+"Submission no²:\n" t=t+"%s\n" % access else: t=t+" \n" t=t+"""
""" # Add the "back to main menu" button if finished == 0: t=t+ " \n" % mainmenu else: t=t+" \n" % mainmenu t=t+"\"back

\n" % images # start display: req.content_type = "text/html" req.send_http_header() p_navtrail = "Submit > %s > %s" % (doctype,docname,actname) return page(title="", body=t, navtrail = p_navtrail, description="", keywords="", uid=uid, language=ln, urlargs=req.args) def home(req,c=cdsname,ln=cdslang): ln = wash_language(ln) # get user ID: try: uid = getUid(req) except MySQLdb.Error, e: return errorMsg(e.value) # start display: req.content_type = "text/html" req.send_http_header() finaltext = "" finaltext = finaltext + """
Catalogues available for submission

Please select the type of document you want to submit:

""" finaltext = finaltext + "
\n" finaltext = finaltext + "" # Initialise catalogues array finaltext = finaltext + makeCataloguesTable() finaltext = finaltext + """
""" p_navtrail = "Submit" return page(title="", body=finaltext, navtrail=p_navtrail, description="toto", keywords="keywords", uid=uid, language=ln, urlargs=req.args ) def makeCataloguesTable(): text = "" catalogues = [] queryResult = run_sql("SELECT id_son FROM sbmCOLLECTION_sbmCOLLECTION WHERE id_father=0 ORDER BY catalogue_order"); if len(queryResult) != 0: # Query has executed successfully, so we can proceed to display all # catalogues in the EDS system... text = "
    \n" for row in queryResult: catalogues.append(row[0]) text = text + displayCatalogueBranch(row[0],1,catalogues) text = text + "
\n" else: text = "

No catalogues yet...

\n" return text def displayCatalogueBranch(id_father,level,catalogues): text = "" queryResult = run_sql("SELECT name, id FROM sbmCOLLECTION WHERE id=%s", (id_father,)) if len(queryResult) != 0: row = queryResult[0] if level == 1: text = "
  • %s\n" % row[0] else: if level == 2: text = "
  • %s\n" % row[0] else: if level > 2: text = "
  • %s\n" % row[0] # display the son document types res1 = run_sql("SELECT id_son FROM sbmCOLLECTION_sbmDOCTYPE WHERE id_father=%s ORDER BY catalogue_order", (id_father,)) res2 = run_sql("SELECT id_son FROM sbmCOLLECTION_sbmCOLLECTION WHERE id_father=%s ORDER BY catalogue_order", (id_father,)) if len(res1) != 0 or len(res2) != 0: text = text + "
      \n" if len(res1) != 0: for row in res1: text = text + displayDoctypeBranch(row[0],catalogues) # display the son catalogues for row in res2: catalogues.append(row[0]) text = text + displayCatalogueBranch(row[0],llevel+1,catalogues) if len(res1) != 0 or len(res2) != 0: text = text + "
    \n" return text def displayDoctypeBranch(doctype,catalogues): text = "" res = run_sql("SELECT ldocname FROM sbmDOCTYPE WHERE sdocname=%s", (doctype,)) row = res[0] text = "
  • %s\n" % (doctype,doctype,doctype,row[0]) return text def action(req,c=cdsname,ln=cdslang,doctype=""): nbCateg = 0 snameCateg = [] lnameCateg = [] actionShortDesc = [] indir = [] actionbutton = [] statustext = [] t = "" ln = wash_language(ln) # get user ID: try: uid = getUid(req) uid_email = get_email(uid) except MySQLdb.Error, e: return errorMsg(e.value, req) #parses database to get all data #first the list of categories res = run_sql("SELECT * FROM sbmCATEGORIES WHERE doctype=%s ORDER BY lname", (doctype,)) if len(res) > 0: for arr in res: nbCateg = nbCateg+1 snameCateg.append(arr[1]) lnameCateg.append(arr[2]) #then data about the document type res = run_sql("SELECT * FROM sbmDOCTYPE WHERE sdocname=%s", (doctype,)) if len(res) > 0: arr = res[0] docFullDesc = arr[0] docShortDesc = arr[1] description = arr[4] else: return errorMsg ("Cannot find document %s" % doctype, req) #then data about associated actions res2 = run_sql("SELECT * FROM sbmIMPLEMENT LEFT JOIN sbmACTION on sbmACTION.sactname=sbmIMPLEMENT.actname WHERE docname=%s and displayed='Y' ORDER BY sbmIMPLEMENT.buttonorder", (docShortDesc,)) for arr2 in res2: res = run_sql("SELECT * FROM sbmACTION WHERE sactname=%s", (arr2[1],)) for arr in res: actionShortDesc.append(arr[1]) indir.append(arr[2]) actionbutton.append(arr[5]) statustext.append(arr[6]) t = """
    """ t = t + "\n" % doctype t = t + "" pid = os.getpid() now = time.time() t = t + "" % (now,pid) t = t + """ """ t = t + "\n" % doctype t = t + """ """ t+=" " % docFullDesc t+="""
    %s
    """ if description != "": t = t + "%s" % description t = t + """

    """ if nbCateg != 0: t = t + "\n" else: t = t + "\n" t = t + """
    \n" for i in range(0,nbCateg): t = t + "%s 
    \n" % (lnameCateg[i],doctype,snameCateg[i]) t = t + "    		          """ #display list of actions for i in range(0,len(actionShortDesc)): t+="
    " % (statustext[i],indir[i],actionShortDesc[i]) t = t + """

    """ if nbCateg != 0: t = t + "Notice:
    \nSelect a category and then click the button to perform the action you chose.\n" t = t + """


    To continue an interrupted submission, enter your access number directly in the input box.
    Access Number: """ t = t + " " % doctype t = t + """
    """ p_navtrail = "Submit > %s" % docFullDesc return page(title="", body=t, navtrail=p_navtrail, description="toto", keywords="keywords", uid=uid, language=ln, urlargs=req.args ) def set_report_number (newrn): global uid_email,doctype,access,rn # First we save the value in the global object rn = newrn # then we save this value in the "journal of submissions" if uid_email != "" and uid_email != "guest": run_sql("UPDATE sbmSUBMISSIONS SET reference=%s WHERE doctype=%s and id=%s and email=%s", (newrn,doctype,access,uid_email,)) def get_report_number(): global rn return rn def set_sysno (newsn) : global sysno sysno = newsn def get_sysno() : global sysno return sysno def Request_Print(m, txt): # The argumemts to this function are the display mode (m) and the text to be displayed (txt) # If the argument mode is 'ALL' then the text is unconditionally echoed # m can also take values S (Supervisor Mode) and U (User Mode). In these # circumstances txt is only echoed if the argument mode is the same as # the current mode global dismode if m == "A" or m == dismode: return txt else: return "" def Evaluate_Parameter (field, doctype): # Returns the literal value of the parameter. Assumes that the value is # uniquely determined by the doctype, i.e. doctype is the primary key in # the table # If the table name is not null, evaluate the parameter res = run_sql("SELECT value FROM sbmPARAMETERS WHERE doctype=%s and name=%s", (doctype,field,)) # If no data is found then the data concerning the DEF(ault) doctype is used if len(res) == 0: res = run_sql("SELECT value FROM sbmPARAMETERS WHERE doctype='DEF' and name=%s", (field,)) if len(res) == 0: return "" else: if res[0][0] != None: return res[0][0] else: return "" def Get_Parameters (function, doctype): # Returns the function parameters, in an array, for the function # Gets a description of the parameter parray = {} res = run_sql("SELECT * FROM sbmFUNDESC WHERE function=%s", (function,)) for i in range(0,len(res)): parameter = res[i][1] parray[parameter] = Evaluate_Parameter (parameter , doctype) return parray def get_level (doctype, action): res = run_sql("SELECT * FROM sbmIMPLEMENT WHERE docname=%s and actname=%s", (doctype,action,)) if len(res) > 0: return res[0][9] else: return 0 def action_details (doctype, action): # Prints whether the action is mandatory or optional. The score of the # action is returned (-1 if the action was optional) res = run_sql("SELECT * FROM sbmIMPLEMENT WHERE docname=%s and actname=%s", (doctype,action,)) if len(res)>0: if res[0][9] != "0": return res[0][10] else: return -1 else: return -1 def print_function_calls (doctype, action, step, form): # Calls the functions required by an "action" action on a "doctype" document # In supervisor mode, a table of the function calls is produced global htdocsdir,storage,access,pylibdir t="" # Get the list of functions to be called res = run_sql("SELECT * FROM sbmFUNCTIONS WHERE action=%s and doctype=%s and step=%s ORDER BY score", (action,doctype,step,)) # If no data is found then the data concerning the DEF(ault) doctype is used if len(res) == 0: res = run_sql("SELECT * FROM sbmFUNCTIONS WHERE action=%s and doctype='DEF' and step=%s ORDER BY score", (action,step,)) if len(res) > 0: t=t+Request_Print("S", "

    Here is the %s function list for %s documents at level %s

    " % (action,doctype,step)) t=t+Request_Print("S", "") # while there are functions left... for function in res: function_name = function[2] function_score = function[3] if os.path.exists("%s/cdsware/websubmit_functions/%s.py" % (pylibdir,function_name)): t=t+Request_Print("S", "") else: t=t+"function %s does not exist...
    " % function_name t=t+Request_Print("S","
    FunctionScoreRunning Function
    %s%s" % (function_name,function_score)) # import the function itself #function = getattr(cdsware.websubmit_functions, function_name) execfile("%s/cdsware/websubmit_functions/%s.py" % (pylibdir,function_name),globals()) if not globals().has_key(function_name): t=t+"function %s does not exist...
    " % function_name else: function = globals()[function_name] # Evaluate the parameters, and place them in an array parameters = Get_Parameters(function_name,doctype) # Call function t=t+function(parameters,curdir,form) t=t+Request_Print("S","
    ") else : t=t+Request_Print("S","

    Your chosen action is not supported by the document") return t def Propose_Next_Action (doctype,action_score,access,currentlevel,indir): global machine,storage,act,rn t="" res = run_sql("SELECT * FROM sbmIMPLEMENT WHERE docname=%s and level!='0' and level=%s and score>%s ORDER BY score", (doctype,currentlevel,action_score,)) if len(res) > 0: t=t+Request_Print("A","

    You now have to

      ") first_score = res[0][10] for i in range(0,len(res)): action = res[i] if action[10] == first_score: if i > 0: t=t+Request_Print("A"," or"); res2 = run_sql("SELECT dir FROM sbmACTION WHERE sactname=%s", (action[1],)) nextdir = res2[0][0] t=t+Request_Print("A","
    • %s " % (action[11],action[11],action[1],doctype,nextdir,access,indir,action[12])) t=t+Request_Print("A","
    ") return t def Test_Reload(uid_email,doctype,act,access): res = run_sql("SELECT * FROM sbmSUBMISSIONS WHERE doctype=%s and action=%s and id=%s and email=%s and status='finished'", (doctype,act,access,uid_email,)) if len(res) > 0: return 1 else: return 0 class functionError(Exception): def __init__(self, value): self.value = value def __str__(self): return repr(self.value) class functionStop(Exception): def __init__(self, value): self.value = value def __str__(self): return repr(self.value) def errorMsg(title,req,c=cdsname,ln=cdslang): return page(title="error", body = create_error_box(req, title=title,verbose=0, ln=ln), description="%s - Internal Error" % c, keywords="%s, CDSware, Internal Error" % c, language=ln, urlargs=req.args) def warningMsg(title,req,c=cdsname,ln=cdslang): return page(title="warning", body = title, description="%s - Internal Error" % c, keywords="%s, CDSware, Internal Error" % c, language=ln, urlargs=req.args) def getCookie(name,uid): # these are not real http cookies but are stored in the DB res = run_sql("select value from sbmCOOKIES where uid=%s and name=%s", (uid,name,)) if len(res) > 0: return res[0][0] else: return None def setCookie(name,value,uid): # these are not real http cookies but are stored in the DB res = run_sql("select id from sbmCOOKIES where uid=%s and name=%s", (uid,name,)) if len(res) > 0: run_sql("update sbmCOOKIES set value=%s where uid=%s and name=%s", (value,uid,name,)) else: run_sql("insert into sbmCOOKIES(name,value,uid) values(%s,%s,%s)", (name,value,uid,)) return 1 def specialchars(text): text = string.replace(text,"“","\042"); text = string.replace(text,"”","\042"); text = string.replace(text,"’","\047"); text = string.replace(text,"—","\055"); text = string.replace(text,"\221","\047"); #single-quote left text = string.replace(text,"\222","\047"); #apostrophe text = string.replace(text,"\223","\042"); #double quote left text = string.replace(text,"\224","\042"); #double quote right text = string.replace(text,"\226","\055"); #long dash text = string.replace(text,"\205","\056\056\056"); #ellipse text = string.replace(text,"…","\056\056\056"); return text +def isUserSubmitter(uid): + u_email = get_email(uid) + res = run_sql("select * from sbmSUBMISSIONS where email=%s",(u_email,)) + if len(res) > 0: + return 1 + else: + return 0 + +def isUserReferee(uid): + res = run_sql("select sdocname from sbmDOCTYPE") + for row in res: + doctype = row[0] + categ = "*" + if acc_authorize_action(uid, "referee",doctype=doctype, categ=categ): + return 1 + res2 = run_sql("select sname from sbmCATEGORIES where doctype=%s",(doctype,)) + for row2 in res2: + categ = row2[0] + if acc_authorize_action(uid, "referee",doctype=doctype, categ=categ): + return 1 + return 0 + \ No newline at end of file diff --git a/modules/websubmit/lib/websubmit_engine.py.wml b/modules/websubmit/lib/websubmit_engine.py.wml index cfb1dac7e..3957851b2 100644 --- a/modules/websubmit/lib/websubmit_engine.py.wml +++ b/modules/websubmit/lib/websubmit_engine.py.wml @@ -1,1305 +1,1327 @@ ## $Id$ ## CDSware WebSubmit in mod_python. ## This file is part of the CERN Document Server Software (CDSware). ## Copyright (C) 2002 CERN. ## ## The CDSware is free software; you can redistribute it and/or ## modify it under the terms of the GNU General Public License as ## published by the Free Software Foundation; either version 2 of the ## License, or (at your option) any later version. ## ## The CDSware is distributed in the hope that it will be useful, but ## WITHOUT ANY WARRANTY; without even the implied warranty of ## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ## General Public License for more details. ## ## You should have received a copy of the GNU General Public License ## along with CDSware; if not, write to the Free Software Foundation, Inc., ## 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA. ## read config variables: #include "config.wml" #include "configbis.wml" ## start Python: ## $Id$ ## DO NOT EDIT THIS FILE! IT WAS AUTOMATICALLY GENERATED FROM CDSware WML SOURCES. """CDSware Submission Web Interface.""" ## fill config variables: pylibdir = "/python" ## import interesting modules: import string import os import sys import time import types import re import MySQLdb import shutil sys.path.append('%s' % pylibdir) from cdsware.config import * from cdsware.dbquery import run_sql from cdsware.access_control_engine import acc_authorize_action from cdsware.access_control_admin import acc_isRole from cdsware.webpage import page, create_error_box from cdsware.webuser import getUid, get_email from cdsware.messages import * from mod_python import apache from cdsware.websubmit_config import * from cdsware.file import * def interface(req,c=cdsname,ln=cdslang, doctype="", act="", startPg=1, indir="", access="",mainmenu="",fromdir="",file="",nextPg="",nbPg="",curpage=1): ln = wash_language(ln) sys.stdout = req # get user ID: try: uid = getUid(req) uid_email = get_email(uid) except MySQLdb.Error, e: return errorMsg(e.value,req) # variable initialisation t = "" field = [] fieldhtml = [] level = [] fullDesc = [] text = [] check = [] select = [] radio = [] upload = [] txt = [] noPage = [] # Preliminary tasks # check that the user is logged in if uid_email == "" or uid_email == "guest": warningMsg("
    Sorry, you must log in to perform this action. Please use the top right menu to do so.
    ",req) # check we have minimum fields if doctype=="" or act=="" or access=="": return errorMsg("invalid parameter",req) # retrieve the action and doctype data if indir == "": res = run_sql("select dir from sbmACTION where sactname=%s",(act,)) if len(res) == 0: return errorMsg("cannot find submission directory",req) else: row = res[0] indir = row[0] res = run_sql("SELECT ldocname FROM sbmDOCTYPE WHERE sdocname=%s",(doctype,)) if len(res) == 0: return errorMsg("unknown document type",req) else: docname = res[0][0] docname = string.replace(docname," "," ") res = run_sql("SELECT lactname FROM sbmACTION WHERE sactname=%s",(act,)) if len(res) == 0: return errorMsg("unknown action",req) else: actname = res[0][0] actname = string.replace(actname," "," ") subname = "%s%s" % (act,doctype) res = run_sql("SELECT nbpg FROM sbmIMPLEMENT WHERE subname=%s", (subname,)) if len(res) == 0: return errorMsg("can't figure number of pages",req) else: nbpages = res[0][0] #Get current page if startPg != "" and (curpage=="" or curpage==0): curpage = startPg # retrieve the name of the file in which the reference of # the submitted document will be stored res = run_sql("SELECT value FROM sbmPARAMETERS WHERE doctype=%s and name='edsrn'", (doctype,)) if len(res) == 0: edsrn = "" else: edsrn = res[0][0] # This defines the path to the directory containing the action data curdir = "%s/%s/%s/%s" % (storage,indir,doctype,access) # if this submission comes from another one ($fromdir is then set) # We retrieve the previous submission directory and put it in the proper one if fromdir != "": olddir = "%s/%s/%s/%s" % (storage,fromdir,doctype,access) if os.path.exists(olddir): os.rename(olddir,curdir) # If the submission directory still does not exist, we create it if not os.path.exists(curdir): try: os.makedirs(curdir) except: return errorMsg("can't create submission directory",req) # retrieve the original main menu url ans save it in the "mainmenu" file if mainmenu != "": fp = open("%s/mainmenu" % curdir,"w+") fp.write(mainmenu) fp.close() # and if the file containing the URL to the main menu exists # we retrieve it and store it in the $mainmenu variable if os.path.exists("%s/mainmenu" % curdir): fp = open("%s/mainmenu" % curdir,"r"); mainmenu = fp.read() fp.close() else: mainmenu = "%s/submit.py" %urlpath # various authentication related tasks... if uid_email != "guest" and uid_email != "": #First save the username (email address) in the SuE file. This way bibconvert will be able to use it if needed fp = open("%s/SuE" % curdir,"w+") fp.write(uid_email) fp.close() # is user authorized to perform this action? if acc_isRole("submit",doctype=doctype,act=act) and not acc_authorize_action(uid, "submit",verbose=0,doctype=doctype, act=act): return warningMsg("
    Sorry, user %s does not have the right to perform this action. Try logging with another user.
    " % uid_email,req) # then we update the "journal of submission" res = run_sql("SELECT * FROM sbmSUBMISSIONS WHERE doctype=%s and action=%s and id=%s and email=%s", (doctype,act,access,uid_email,)) if len(res) == 0: run_sql("INSERT INTO sbmSUBMISSIONS values (%s,%s,%s,'pending',%s,'',NOW(),NOW())", (uid_email,doctype,act,access,)) else: run_sql("UPDATE sbmSUBMISSIONS SET md=NOW() WHERE doctype=%s and action=%s and id=%s and email=%s", (doctype,act,access,uid_email,)) # Save the form fields entered in the previous submission page # If the form was sent with the GET method form = req.form value = "" # we parse all the form variables for key in form.keys(): formfields = form[key] if re.search("\[\]",key): filename = key.replace("[]","") else: filename = key # the field is an array if isinstance(formfields,types.ListType): fp = open("%s/%s" % (curdir,filename),"w+") for formfield in formfields: #stripslashes(value) value = specialchars(formfield) fp.write(value+"\n") fp.close() # the field is a normal string elif isinstance(formfields,types.StringTypes) and formfields != "": value = formfields fp = open("%s/%s" % (curdir,filename),"w+") fp.write(specialchars(value)) fp.close() # the field is a file elif hasattr(formfields,"filename"): if not os.path.exists("%s/files/%s" % (curdir,key)): try: os.makedirs("%s/files/%s" % (curdir,key)) except: return errorMsg("can't create submission directory",req) filename = formfields.filename if filename != "": # This may be dangerous if the file size is bigger than the available memory data = formfields.file.read() fp = open("%s/files/%s/%s" % (curdir,key,filename),"w") fp.write(data) fp.close() fp = open("%s/lastuploadedfile" % curdir,"w+") fp.write(filename) fp.close() fp = open("%s/%s" % (curdir,key),"w+") fp.write(filename) fp.close() # if the found field is the reference of the document # we save this value in the "journal of submissions" if uid_email != "" and uid_email != "guest": if key == edsrn: run_sql("UPDATE sbmSUBMISSIONS SET reference=%s WHERE doctype=%s and id=%s and email=%s", (value,doctype,access,uid_email,)) # Now deal with the cookies # If the fields must be saved as a cookie, we do so # In this case, the value of the field will be retrieved and # displayed as the default value of the field next time the user # does a submission if value!="": res = run_sql("SELECT cookie FROM sbmFIELDDESC WHERE name=%s", (key,)) if len(res) > 0: if res[0][0] == 1: setCookie(key,value,uid) # create interface # top menu t=t+"
    " t=t+"
    " t=t+" " % docname t=t+" " % actname t=t+""" \n" t=t+"\n" % (doctype,act,access,indir) t=t+"" # main cell t=t+"\n" # Display the navigation cell # Display "previous page" navigation arrows t=t+"
    %s  %s  """ for i in range(1,nbpages+1): if i == int(curpage): t=t+"" % curpage else: t=t+"" % (i,i) t=t+"
       page:%s  %s   
    		 SUMMARY(2) 

    " # display the static form fields t=t+"\n" % file t=t+"\n" % nextPg t=t+"\n" % access t=t+"\n" % curpage t=t+"\n" % nbPg t = t +"\n" % doctype t=t+"\n" % act t=t+"\n" % indir t=t+"\n" t=t+"\n" # For each field to be displayed on the page subname = "%s%s" % (act,doctype) res = run_sql("SELECT * FROM sbmFIELD WHERE subname=%s and pagenb=%s ORDER BY fieldnb,fieldnb", (subname,curpage,)) nbFields = 0 for arr in res: # We retrieve its HTML description res3 = run_sql("SELECT * FROM sbmFIELDDESC WHERE name=%s", (arr[3],)) arr3 = res3[0] # we also retrieve and add the javascript code of the checking function, if needed if arr[7] != '': res2 = run_sql("SELECT chdesc FROM sbmCHECKS WHERE chname=%s", (arr[7],)) t=t+"\n" # If the field is a textarea if arr3[3] == 'T': text="" % (arr[3],arr3[5],arr3[6],arr3[8]) # If the field is a file upload elif arr3[3] == 'F': text="" % (arr[3],arr3[4],arr3[7]); # If the field is a text input elif arr3[3] == 'I': text="" % (arr[3],arr3[4],arr3[8]) # If the field is a hidden input elif arr3[3] == 'H': text="" % (arr[3],arr3[8]) # If the field is user-defined elif arr3[3] == 'D': text=arr3[9] # If the field is a select box elif arr3[3] == 'S': text=arr3[9] # If the field is an evaluated script elif arr3[3] == 'R': text=eval(arr3[9]) # If the field type is not recognized else: text="%s: unknown field type" % arr[1] # we now determine the exact type of the created field if arr3[3] not in [ 'D','R']: field.append(arr[3]) level.append(arr[5]) fullDesc.append(arr[4]) txt.append(arr[6]) check.append(arr[7]) # If the field is not user-defined, we try to determine its type # (select, radio, file upload...) # check whether it is a select field or not if re.search("SELECT",text,re.IGNORECASE) != None: select.append(1) else: select.append(0) # checks whether it is a radio field or not if re.search("TYPE=radio",text,re.IGNORECASE) != None: radio.append(1) else: radio.append(0) # checks whether it is a file upload or not if re.search("TYPE=file",text,re.IGNORECASE) != None: upload.append(1) else: upload.append(0) # if the field description contains the "" string, replace # it by the category selected on the document page submission page combofile = "combo%s" % doctype if os.path.exists("%s/%s" % (curdir,combofile)): f = open("%s/%s" % (curdir,combofile),"r") combo = f.read() f.close() else: combo="" text = text.replace("",combo) # if there is a tag in it, replace it by the current year year = time.strftime("%Y"); text = text.replace("",year) fieldhtml.append(text) # increment the fields counter nbFields = nbFields + 1 else: #case of a user-defined field which contains multiple form fields formfields = text.split(">") for formfield in formfields: match = re.search("name=([^ <>]+)",formfield,re.IGNORECASE) if match != None: names = match.groups() for value in names: if value != "": value = re.compile("[\"']+").sub("",value) select.append(0) radio.append(0) upload.append(0) field.append(value) level.append(arr[5]) txt.append(arr[6]) level.append(arr[5]) fullDesc.append(arr[4]) txt.append(arr[6]) check.append(arr[7]) fieldhtml.append(text) nbFields = nbFields+1 # now displays the html form field(s) t+="%s\n" % fullDesc[nbFields-1] t+=text+"\n" # if there is a file upload field, we change the encoding type t=t+"
     
     
    \n" if int(curpage) != 1: t=t+" \n" else: t=t+" \n" # Display the submission number t=t+" \n" % access # Display the "next page" navigation arrow if int(curpage) != int(nbpages): t=t+" \n" t=t+"
     \n" t=t+" " % (int(curpage)-1) t=t+" \"previous\n" % images t=t+" previous page Submission no(1): %s\n" t=t+" \n" % (int(curpage)+1) t=t+" next page\n" t=t+" \"next " % images else: t=t+"  
    " # # # # # # # # # # # # # # # # # # # # # # # # # # Fill the fields with the previously saved values # # # # # # # # # # # # # # # # # # # # # # # # # t=t+"

    """ # Display the "back to main menu" button t=t+"\n" % mainmenu t=t+"\"back

    \n" % images t=t+"""
    (1) you should take note of this number at the beginning of the submission, it will allow you to get your information back in case your browser crashes before the end of the submission.
    """ # Add the summary window definition if needed t=t+" (2) mandatory fields appear in red in the 'Summary' window.
    \n" # start display: req.content_type = "text/html" req.send_http_header() p_navtrail = "Submit > %s > %s" % (doctype,docname,actname) return page(title="" , body=t, navtrail = p_navtrail, description="", keywords="", uid=uid, language=ln, urlargs=req.args) def endaction(req,c=cdsname,ln=cdslang, doctype="", act="", startPg=1, indir="", access="",mainmenu="",fromdir="",file="",nextPg="",nbPg="",curpage=1,step=1,mode="U"): global rn,sysno,dismode,curdir,uid,uid_email,lats_step,action_score dismode = mode ln = wash_language(ln) sys.stdout = req t="" # get user ID: try: uid = getUid(req) uid_email = get_email(uid) except MySQLdb.Error, e: return errorMsg(e.value) # Preliminary tasks # check that the user is logged in if uid_email == "" or uid_email == "guest": return warningMsg("
    Sorry, you must log in to perform this action. Please use the top right menu to do so.
    ",req,cdsname,ln) # check we have minimum fields if doctype=="" or act=="" or access=="": return errorMsg("invalid parameter",req,cdsname,ln) # retrieve the action and doctype data if indir == "": res = run_sql("select dir from sbmACTION where sactname=%s", (act,)) if len(res) == 0: return errorMsg("cannot find submission directory",req,cdsname,ln) else: row = res[0] indir = row[0] # The following words are reserved and should not be used as field names reserved_words = ["stop","file","nextPg","startPg","access","curpage","nbPg","act","indir","doctype","mode","step","deleted","file_path","userfile_name"] # This defines the path to the directory containing the action data curdir = "%s/%s/%s/%s" % (storage,indir,doctype,access) # If the submission directory still does not exist, we create it if not os.path.exists(curdir): try: os.makedirs(curdir) except: return errorMsg("can't create submission directory",req,cdsname,ln) # retrieve the original main menu url ans save it in the "mainmenu" file if mainmenu != "": fp = open("%s/mainmenu" % curdir,"w+") fp.write(mainmenu) fp.close() # and if the file containing the URL to the main menu exists # we retrieve it and store it in the $mainmenu variable if os.path.exists("%s/mainmenu" % curdir): fp = open("%s/mainmenu" % curdir,"r"); mainmenu = fp.read() fp.close() else: mainmenu = "%s/submit.py" % urlpath # retrieve the name of the file in which the reference of # the submitted document will be stored res = run_sql("SELECT value FROM sbmPARAMETERS WHERE doctype=%s and name='edsrn'",(doctype,)) if len(res) == 0: edsrn = "" else: edsrn = res[0][0] # Now we test whether the user has already completed the action and # reloaded the page (in this case we don't want the functions to be called # once again reloaded = Test_Reload(uid_email,doctype,act,access) # if the action has been completed #if reloaded: # return warningMsg(" Sorry, this action has already been completed. Please go back to the main menu to start a new action.",req) # We must determine if the action is finished (ie there is no other steps after the current one res = run_sql("SELECT step FROM sbmFUNCTIONS WHERE action=%s and doctype=%s and step > %s", (act,doctype,step,)) if len(res) == 0: finished = 1 else: finished = 0 # Save the form fields entered in the previous submission page # If the form was sent with the GET method form = req.form value = "" # we parse all the form variables for key in form.keys(): formfields = form[key] if re.search("\[\]",key): filename = key.replace("[]","") else: filename = key # the field is an array if isinstance(formfields,types.ListType): fp = open("%s/%s" % (curdir,filename),"w+") for formfield in formfields: #stripslashes(value) value = specialchars(formfield) fp.write(value+"\n") fp.close() # the field is a normal string elif isinstance(formfields,types.StringTypes) and formfields != "": value = formfields fp = open("%s/%s" % (curdir,filename),"w+") fp.write(specialchars(value)) fp.close() # the field is a file elif hasattr(formfields,"filename"): if not os.path.exists("%s/files/%s" % (curdir,key)): try: os.makedirs("%s/files/%s" % (curdir,key)) except: return errorMsg("can't create submission directory",req,cdsname,ln) filename = formfields.filename if filename != "": # This may be dangerous if the file size is bigger than the available memory data = formfields.file.read() fp = open("%s/files/%s/%s" % (curdir,key,filename),"w") fp.write(data) fp.close() fp = open("%s/lastuploadedfile" % curdir,"w+") fp.write(filename) fp.close() fp = open("%s/%s" % (curdir,key),"w+") fp.write(filename) fp.close() # if the found field is the reference of the document # we save this value in the "journal of submissions" if uid_email != "" and uid_email != "guest": if key == edsrn: run_sql("UPDATE sbmSUBMISSIONS SET reference=%s WHERE doctype=%s and id=%s and email=%s", (value,doctype,access,uid_email,)) # Now deal with the cookies # If the fields must be saved as a cookie, we do so # In this case, the value of the field will be retrieved and # displayed as the default value of the field next time the user # does a submission if value!="": res = run_sql("SELECT cookie FROM sbmFIELDDESC WHERE name=%s", (key,)) if len(res) > 0: if res[0][0] == 1: setCookie(key,value,uid) # those fields are necessary for the navigation t=t+"
    \n" t=t+"\n" % file t=t+"\n" % nextPg t=t+"\n" % startPg t=t+"\n" % access t=t+"\n" % curpage t=t+"\n" % nbPg t=t+"\n" % doctype t=t+"\n" %act t=t+"\n" % indir t=t+"\n" t=t+"\n" % mainmenu # parameters for new MESS end scripts t=t+"\n" t=t+"\n" t=t+"\n" t=t+"\n" t=t+"\n" # Get document name res = run_sql("SELECT ldocname FROM sbmDOCTYPE WHERE sdocname=%s", (doctype,)) if len(res) > 0: docname = res[0][0] else: return errorMsg("unknown type of document",req,cdsname,ln) # Get action name res = run_sql("SELECT lactname FROM sbmACTION WHERE sactname=%s", (act,)) if len(res) > 0: actname = res[0][0] else: return errorMsg("unknown action",req,cdsname,ln) # Get number of pages subname = "%s%s" % (act,doctype) res = run_sql("SELECT nbpg FROM sbmIMPLEMENT WHERE subname=%s",(subname,)) if len(res) > 0: nbpages = res[0][0] else: return errorMsg("this action does not apply on this type of document",req,cdsname,ln) # Display table header t=t+"
    " t=t+" " % docname t=t+" " % actname t=t+""" \n" t=t+"\n" else: for i in range(1,nbpages+1): t=t+"" % (i,i) t=t+"
    %s  %s  """ if finished == 1: t=t+"
      finished!  
    		  %s end of action  
    \n" t=t+" SUMMARY(2) \n" % (doctype,act,access,indir) t=t+"\n" # Display main cell t=t+"\n" t=t+" \n" t=t+"

    \n" # we specify here whether we are in the last step of the action or not res = run_sql("SELECT step FROM sbmFUNCTIONS WHERE action=%s and doctype=%s and step>%s", (act,doctype,step,)) if len(res) == 0: last_step = 1 else: last_step = 0 # Prints the action details, returning the mandatory score action_score = action_details(doctype,act) current_level = get_level(doctype, act) # Calls all the function's actions try: t=t+print_function_calls(doctype, act, step, form) except functionError,e: return errorMsg(e.value,req) except functionStop,e: if e.value != None: t=t+e.value else: t=t+e # If the action was mandatory we propose the next mandatory action (if any) if action_score != -1 and last_step == 1: t=t+Propose_Next_Action(doctype,action_score,access,current_level,indir) # If we are in the last step of an action, we can update the "journal of submissions" if last_step == 1: if uid_email != "" and uid_email != "guest" and rn != "": res = run_sql("SELECT * FROM sbmSUBMISSIONS WHERE doctype=%s and action=%s and id=%s and email=%s", (doctype,act,access,uid_email,)) if len(res) == 0: run_sql("INSERT INTO sbmSUBMISSIONS values(%s,%s,%s,'finished',%s,%s,NOW(),NOW())", (uid_email,doctype,act,access,rn,)) else: run_sql("UPDATE sbmSUBMISSIONS SET md=NOW(),reference=%s,status='finished' WHERE doctype=%s and action=%s and id=%s and email=%s", (rn,doctype,act,access,uid_email,)) t=t+"""

    """ if finished == 0: t=t+"Submission no²:\n" t=t+"%s\n" % access else: t=t+" \n" t=t+"""
    """ # Add the "back to main menu" button if finished == 0: t=t+ " \n" % mainmenu else: t=t+" \n" % mainmenu t=t+"\"back

    \n" % images # start display: req.content_type = "text/html" req.send_http_header() p_navtrail = "Submit > %s > %s" % (doctype,docname,actname) return page(title="", body=t, navtrail = p_navtrail, description="", keywords="", uid=uid, language=ln, urlargs=req.args) def home(req,c=cdsname,ln=cdslang): ln = wash_language(ln) # get user ID: try: uid = getUid(req) except MySQLdb.Error, e: return errorMsg(e.value) # start display: req.content_type = "text/html" req.send_http_header() finaltext = "" finaltext = finaltext + """
    Catalogues available for submission

    Please select the type of document you want to submit:

    """ finaltext = finaltext + "
    \n" finaltext = finaltext + "" # Initialise catalogues array finaltext = finaltext + makeCataloguesTable() finaltext = finaltext + """
    """ p_navtrail = "Submit" return page(title="", body=finaltext, navtrail=p_navtrail, description="toto", keywords="keywords", uid=uid, language=ln, urlargs=req.args ) def makeCataloguesTable(): text = "" catalogues = [] queryResult = run_sql("SELECT id_son FROM sbmCOLLECTION_sbmCOLLECTION WHERE id_father=0 ORDER BY catalogue_order"); if len(queryResult) != 0: # Query has executed successfully, so we can proceed to display all # catalogues in the EDS system... text = "
      \n" for row in queryResult: catalogues.append(row[0]) text = text + displayCatalogueBranch(row[0],1,catalogues) text = text + "
    \n" else: text = "

    No catalogues yet...

    \n" return text def displayCatalogueBranch(id_father,level,catalogues): text = "" queryResult = run_sql("SELECT name, id FROM sbmCOLLECTION WHERE id=%s", (id_father,)) if len(queryResult) != 0: row = queryResult[0] if level == 1: text = "
  • %s\n" % row[0] else: if level == 2: text = "
  • %s\n" % row[0] else: if level > 2: text = "
  • %s\n" % row[0] # display the son document types res1 = run_sql("SELECT id_son FROM sbmCOLLECTION_sbmDOCTYPE WHERE id_father=%s ORDER BY catalogue_order", (id_father,)) res2 = run_sql("SELECT id_son FROM sbmCOLLECTION_sbmCOLLECTION WHERE id_father=%s ORDER BY catalogue_order", (id_father,)) if len(res1) != 0 or len(res2) != 0: text = text + "
      \n" if len(res1) != 0: for row in res1: text = text + displayDoctypeBranch(row[0],catalogues) # display the son catalogues for row in res2: catalogues.append(row[0]) text = text + displayCatalogueBranch(row[0],llevel+1,catalogues) if len(res1) != 0 or len(res2) != 0: text = text + "
    \n" return text def displayDoctypeBranch(doctype,catalogues): text = "" res = run_sql("SELECT ldocname FROM sbmDOCTYPE WHERE sdocname=%s", (doctype,)) row = res[0] text = "
  • %s\n" % (doctype,doctype,doctype,row[0]) return text def action(req,c=cdsname,ln=cdslang,doctype=""): nbCateg = 0 snameCateg = [] lnameCateg = [] actionShortDesc = [] indir = [] actionbutton = [] statustext = [] t = "" ln = wash_language(ln) # get user ID: try: uid = getUid(req) uid_email = get_email(uid) except MySQLdb.Error, e: return errorMsg(e.value, req) #parses database to get all data #first the list of categories res = run_sql("SELECT * FROM sbmCATEGORIES WHERE doctype=%s ORDER BY lname", (doctype,)) if len(res) > 0: for arr in res: nbCateg = nbCateg+1 snameCateg.append(arr[1]) lnameCateg.append(arr[2]) #then data about the document type res = run_sql("SELECT * FROM sbmDOCTYPE WHERE sdocname=%s", (doctype,)) if len(res) > 0: arr = res[0] docFullDesc = arr[0] docShortDesc = arr[1] description = arr[4] else: return errorMsg ("Cannot find document %s" % doctype, req) #then data about associated actions res2 = run_sql("SELECT * FROM sbmIMPLEMENT LEFT JOIN sbmACTION on sbmACTION.sactname=sbmIMPLEMENT.actname WHERE docname=%s and displayed='Y' ORDER BY sbmIMPLEMENT.buttonorder", (docShortDesc,)) for arr2 in res2: res = run_sql("SELECT * FROM sbmACTION WHERE sactname=%s", (arr2[1],)) for arr in res: actionShortDesc.append(arr[1]) indir.append(arr[2]) actionbutton.append(arr[5]) statustext.append(arr[6]) t = """
    """ t = t + "\n" % doctype t = t + "" pid = os.getpid() now = time.time() t = t + "" % (now,pid) t = t + """ """ t = t + "\n" % doctype t = t + """ """ t+=" " % docFullDesc t+="""
    %s
    """ if description != "": t = t + "%s" % description t = t + """

    """ if nbCateg != 0: t = t + "\n" else: t = t + "\n" t = t + """
    \n" for i in range(0,nbCateg): t = t + "%s 
    \n" % (lnameCateg[i],doctype,snameCateg[i]) t = t + "    		          """ #display list of actions for i in range(0,len(actionShortDesc)): t+="
    " % (statustext[i],indir[i],actionShortDesc[i]) t = t + """

    """ if nbCateg != 0: t = t + "Notice:
    \nSelect a category and then click the button to perform the action you chose.\n" t = t + """


    To continue an interrupted submission, enter your access number directly in the input box.
    Access Number: """ t = t + " " % doctype t = t + """
    """ p_navtrail = "Submit > %s" % docFullDesc return page(title="", body=t, navtrail=p_navtrail, description="toto", keywords="keywords", uid=uid, language=ln, urlargs=req.args ) def set_report_number (newrn): global uid_email,doctype,access,rn # First we save the value in the global object rn = newrn # then we save this value in the "journal of submissions" if uid_email != "" and uid_email != "guest": run_sql("UPDATE sbmSUBMISSIONS SET reference=%s WHERE doctype=%s and id=%s and email=%s", (newrn,doctype,access,uid_email,)) def get_report_number(): global rn return rn def set_sysno (newsn) : global sysno sysno = newsn def get_sysno() : global sysno return sysno def Request_Print(m, txt): # The argumemts to this function are the display mode (m) and the text to be displayed (txt) # If the argument mode is 'ALL' then the text is unconditionally echoed # m can also take values S (Supervisor Mode) and U (User Mode). In these # circumstances txt is only echoed if the argument mode is the same as # the current mode global dismode if m == "A" or m == dismode: return txt else: return "" def Evaluate_Parameter (field, doctype): # Returns the literal value of the parameter. Assumes that the value is # uniquely determined by the doctype, i.e. doctype is the primary key in # the table # If the table name is not null, evaluate the parameter res = run_sql("SELECT value FROM sbmPARAMETERS WHERE doctype=%s and name=%s", (doctype,field,)) # If no data is found then the data concerning the DEF(ault) doctype is used if len(res) == 0: res = run_sql("SELECT value FROM sbmPARAMETERS WHERE doctype='DEF' and name=%s", (field,)) if len(res) == 0: return "" else: if res[0][0] != None: return res[0][0] else: return "" def Get_Parameters (function, doctype): # Returns the function parameters, in an array, for the function # Gets a description of the parameter parray = {} res = run_sql("SELECT * FROM sbmFUNDESC WHERE function=%s", (function,)) for i in range(0,len(res)): parameter = res[i][1] parray[parameter] = Evaluate_Parameter (parameter , doctype) return parray def get_level (doctype, action): res = run_sql("SELECT * FROM sbmIMPLEMENT WHERE docname=%s and actname=%s", (doctype,action,)) if len(res) > 0: return res[0][9] else: return 0 def action_details (doctype, action): # Prints whether the action is mandatory or optional. The score of the # action is returned (-1 if the action was optional) res = run_sql("SELECT * FROM sbmIMPLEMENT WHERE docname=%s and actname=%s", (doctype,action,)) if len(res)>0: if res[0][9] != "0": return res[0][10] else: return -1 else: return -1 def print_function_calls (doctype, action, step, form): # Calls the functions required by an "action" action on a "doctype" document # In supervisor mode, a table of the function calls is produced global htdocsdir,storage,access,pylibdir t="" # Get the list of functions to be called res = run_sql("SELECT * FROM sbmFUNCTIONS WHERE action=%s and doctype=%s and step=%s ORDER BY score", (action,doctype,step,)) # If no data is found then the data concerning the DEF(ault) doctype is used if len(res) == 0: res = run_sql("SELECT * FROM sbmFUNCTIONS WHERE action=%s and doctype='DEF' and step=%s ORDER BY score", (action,step,)) if len(res) > 0: t=t+Request_Print("S", "

    Here is the %s function list for %s documents at level %s

    " % (action,doctype,step)) t=t+Request_Print("S", "") # while there are functions left... for function in res: function_name = function[2] function_score = function[3] if os.path.exists("%s/cdsware/websubmit_functions/%s.py" % (pylibdir,function_name)): t=t+Request_Print("S", "") else: t=t+"function %s does not exist...
    " % function_name t=t+Request_Print("S","
    FunctionScoreRunning Function
    %s%s" % (function_name,function_score)) # import the function itself #function = getattr(cdsware.websubmit_functions, function_name) execfile("%s/cdsware/websubmit_functions/%s.py" % (pylibdir,function_name),globals()) if not globals().has_key(function_name): t=t+"function %s does not exist...
    " % function_name else: function = globals()[function_name] # Evaluate the parameters, and place them in an array parameters = Get_Parameters(function_name,doctype) # Call function t=t+function(parameters,curdir,form) t=t+Request_Print("S","
    ") else : t=t+Request_Print("S","

    Your chosen action is not supported by the document") return t def Propose_Next_Action (doctype,action_score,access,currentlevel,indir): global machine,storage,act,rn t="" res = run_sql("SELECT * FROM sbmIMPLEMENT WHERE docname=%s and level!='0' and level=%s and score>%s ORDER BY score", (doctype,currentlevel,action_score,)) if len(res) > 0: t=t+Request_Print("A","

    You now have to

      ") first_score = res[0][10] for i in range(0,len(res)): action = res[i] if action[10] == first_score: if i > 0: t=t+Request_Print("A"," or"); res2 = run_sql("SELECT dir FROM sbmACTION WHERE sactname=%s", (action[1],)) nextdir = res2[0][0] t=t+Request_Print("A","
    • %s " % (action[11],action[11],action[1],doctype,nextdir,access,indir,action[12])) t=t+Request_Print("A","
    ") return t def Test_Reload(uid_email,doctype,act,access): res = run_sql("SELECT * FROM sbmSUBMISSIONS WHERE doctype=%s and action=%s and id=%s and email=%s and status='finished'", (doctype,act,access,uid_email,)) if len(res) > 0: return 1 else: return 0 class functionError(Exception): def __init__(self, value): self.value = value def __str__(self): return repr(self.value) class functionStop(Exception): def __init__(self, value): self.value = value def __str__(self): return repr(self.value) def errorMsg(title,req,c=cdsname,ln=cdslang): return page(title="error", body = create_error_box(req, title=title,verbose=0, ln=ln), description="%s - Internal Error" % c, keywords="%s, CDSware, Internal Error" % c, language=ln, urlargs=req.args) def warningMsg(title,req,c=cdsname,ln=cdslang): return page(title="warning", body = title, description="%s - Internal Error" % c, keywords="%s, CDSware, Internal Error" % c, language=ln, urlargs=req.args) def getCookie(name,uid): # these are not real http cookies but are stored in the DB res = run_sql("select value from sbmCOOKIES where uid=%s and name=%s", (uid,name,)) if len(res) > 0: return res[0][0] else: return None def setCookie(name,value,uid): # these are not real http cookies but are stored in the DB res = run_sql("select id from sbmCOOKIES where uid=%s and name=%s", (uid,name,)) if len(res) > 0: run_sql("update sbmCOOKIES set value=%s where uid=%s and name=%s", (value,uid,name,)) else: run_sql("insert into sbmCOOKIES(name,value,uid) values(%s,%s,%s)", (name,value,uid,)) return 1 def specialchars(text): text = string.replace(text,"“","\042"); text = string.replace(text,"”","\042"); text = string.replace(text,"’","\047"); text = string.replace(text,"—","\055"); text = string.replace(text,"\221","\047"); #single-quote left text = string.replace(text,"\222","\047"); #apostrophe text = string.replace(text,"\223","\042"); #double quote left text = string.replace(text,"\224","\042"); #double quote right text = string.replace(text,"\226","\055"); #long dash text = string.replace(text,"\205","\056\056\056"); #ellipse text = string.replace(text,"…","\056\056\056"); return text +def isUserSubmitter(uid): + u_email = get_email(uid) + res = run_sql("select * from sbmSUBMISSIONS where email=%s",(u_email,)) + if len(res) > 0: + return 1 + else: + return 0 + +def isUserReferee(uid): + res = run_sql("select sdocname from sbmDOCTYPE") + for row in res: + doctype = row[0] + categ = "*" + if acc_authorize_action(uid, "referee",doctype=doctype, categ=categ): + return 1 + res2 = run_sql("select sname from sbmCATEGORIES where doctype=%s",(doctype,)) + for row2 in res2: + categ = row2[0] + if acc_authorize_action(uid, "referee",doctype=doctype, categ=categ): + return 1 + return 0 + \ No newline at end of file