| 1 | from SimpleXMLRPCServer import SimpleXMLRPCDispatcher, resolve_dotted_attribute |
| 2 | from django.utils.httpwrappers import HttpResponseServerError, HttpResponse |
| 3 | |
| 4 | |
| 5 | class SimpleXMLRPCView(SimpleXMLRPCDispatcher): |
| 6 | def __call__(self, request): |
| 7 | """ SimpleXMLRPCView is callable so it can be installed as a view. |
| 8 | |
| 9 | Django calls it with 'request', which is a HttpRequest |
| 10 | """ |
| 11 | |
| 12 | if request.META['REQUEST_METHOD'] != 'POST': |
| 13 | return HttpResponseServerError('Non POST methods not allowed.') |
| 14 | |
| 15 | try: |
| 16 | # get arguments |
| 17 | data = request.raw_post_data |
| 18 | response = self._marshaled_dispatch( |
| 19 | data, getattr(self, '_dispatch', None) |
| 20 | ) |
| 21 | except: |
| 22 | # internal error, report as HTTP server error |
| 23 | return HttpResponseServerError('internal error') |
| 24 | else: |
| 25 | # got a valid XML RPC response |
| 26 | return HttpResponse(response, mimetype="text/xml") |
| 27 | |
| 28 | class SafeXMLRPCView(SimpleXMLRPCView): |
| 29 | """ class SafeXMLRPCView |
| 30 | |
| 31 | Checks for "public" attribute on callables before calling them. |
| 32 | """ |
| 33 | def _dispatch(self, method, params): |
| 34 | """Dispatches the XML-RPC method. |
| 35 | |
| 36 | Overwriting to put some extra checks before calling a method. |
| 37 | """ |
| 38 | |
| 39 | func = None |
| 40 | try: |
| 41 | # check to see if a matching function has been registered |
| 42 | func = self.funcs[method] |
| 43 | except KeyError: |
| 44 | if self.instance is not None: |
| 45 | # check for a _dispatch method |
| 46 | if hasattr(self.instance, '_dispatch'): |
| 47 | return apply( |
| 48 | getattr(self.instance,'_dispatch'), |
| 49 | (method, params) |
| 50 | ) |
| 51 | else: |
| 52 | # call instance method directly |
| 53 | try: |
| 54 | func = resolve_dotted_attribute( |
| 55 | self.instance, |
| 56 | method |
| 57 | ) |
| 58 | except AttributeError: |
| 59 | pass |
| 60 | |
| 61 | if func is not None and hasattr(func, 'public') and func.public: |
| 62 | return apply(func, params) |
| 63 | else: |
| 64 | raise Exception('method "%s" is not supported' % method) |