1 files changed, 100 insertions, 0 deletions

diff --git a/cgi/mmroster b/cgi/mmroster
new file mode 100644
index 000000000..9962010ee
--- /dev/null
+++ b/cgi/mmroster
@@ -0,0 +1,100 @@
+#!/usr/local/bin/python
+
+"""Produce subscriber roster, from list roster.html template.
+
+Takes listname in PATH_INFO and listinfo form results as cgi input."""
+
+# We don't need to lock in this script, because we're never going to change
+# data. 
+
+import sys
+sys.path.append('/home/mailman/mailman/modules')
+
+import os, string
+import mm_utils, maillist, htmlformat, mm_cfg
+import mm_err
+
+try:
+    sys.stderr = mm_utils.StampedLogger("error", label = 'mmroster',
+                                        manual_reprime=1)
+except IOError:
+    pass                        # Oh well - SOL on redirect, errors show thru.
+
+def main():
+    doc = htmlformat.Document()
+
+    path = os.environ['PATH_INFO']
+    list_info = mm_utils.GetPathPieces(path)
+
+    if len(list_info) != 1:
+        doc.AddItem(htmlformat.Header(2, "Error"))
+        doc.AddItem(htmlformat.Bold("Invalid options to CGI script."))
+        print doc.Format()
+        sys.exit(0)
+
+    list_name = string.lower(list_info[0])
+
+    try:
+        list = maillist.MailList(list_name)
+    except:
+        doc.AddItem(htmlformat.Header(2, "Error"))
+        doc.AddItem(htmlformat.Bold("%s: No such list." % list_name ))
+        print doc.Format()
+        sys.exit(0)
+
+    if not list._ready:
+        doc.AddItem(htmlformat.Header(2, "Error"))
+        doc.AddItem(htmlformat.Bold("%s: No such list." % list_name ))
+        print doc.Format()
+        sys.exit(0)
+
+    #######
+    # Preliminaries done, actual processing of the form input below.
+
+    bad = ""
+    got = 0
+    if not list.private_roster:
+        # No privacy.
+        bad = ""
+    else:
+        auth_req = ("%s subscriber list requires authentication."
+                    % list.real_name)
+        if not form.has_key("roster-pw"):
+            bad = auth_req
+        else:
+            pw = form['roster-pw'].value
+            # Just the admin password is sufficient - check it early.
+            if not list.ValidAdminPassword(pw):
+                if not form.has_key('roster-email'):
+                    # No admin password and no user id, nogo.
+                    bad = auth_req
+                else:
+                    id = form['roster-email'].value
+                    if list.private_roster == 1:
+                        # Private list - members visible.
+                        try:
+                            got = list.ConfirmUserPassword(id, pw)
+                        except (mm_err.MMBadUserError, 
+                                mm_err.MMBadPasswordError):
+                            # Give a try to admin authentication.
+                            bad = ("%s subscriber authentication failed."
+                                   % list.real_name)
+                        else:
+                            # Anonymous list - admin-only visible
+                            # - and we already tried admin password, above.
+                            bad = ("%s admin authentication failed."
+                                   % list.real_name)
+    if bad:
+        doc.AddItem(htmlformat.Header(2, "Error"))
+        doc.AddItem(htmlformat.Bold(bad))
+        doc.AddItem(list.GetMailmanFooter())
+        print doc.Format()
+        sys.exit(0)
+
+    replacements = list.GetStandardReplacements()
+
+    doc.AddItem(list.ParseTags('roster.html', replacements))
+    print doc.Format()
+
+if __name__ == "__main__":
+    main()