"""WWW request handler (also used in the stand-alone server). """ __docformat__ = 'restructuredtext' import base64, binascii, cgi, codecs, mimetypes, os import quopri, random, re, rfc822, stat, sys, time import socket, errno from roundup import roundupdb, date, hyperdb, password from roundup.cgi import templating, cgitb, TranslationService from roundup.cgi.actions import * from roundup.exceptions import * from roundup.cgi.exceptions import * from roundup.cgi.form_parser import FormParser from roundup.mailer import Mailer, MessageSendError, encode_quopri from roundup.cgi import accept_language from roundup import xmlrpc from roundup.anypy.cookie_ import CookieError, BaseCookie, SimpleCookie, \ get_cookie_date from roundup.anypy.io_ import StringIO from roundup.anypy import http_ from roundup.anypy import urllib_ def initialiseSecurity(security): '''Create some Permissions and Roles on the security object This function is directly invoked by security.Security.__init__() as a part of the Security object instantiation. ''' p = security.addPermission(name="Web Access", description="User may access the web interface") security.addPermissionToRole('Admin', p) # doing Role stuff through the web - make sure Admin can # TODO: deprecate this and use a property-based control p = security.addPermission(name="Web Roles", description="User may manipulate user Roles through the web") security.addPermissionToRole('Admin', p) # used to clean messages passed through CGI variables - HTML-escape any tag # that isn't , , and
(including XHTML variants) so # that people can't pass through nasties like