def update(slug):
authz.require(authz.source_write(slug))
source = obj_or_404(Source.by_slug(slug))
source.update(request_data(), current_user)
db.session.add(source)
db.session.commit()
return view(slug)
def crawl(slug):
logging.debug('starting a crawl of %s' % slug)
authz.require(authz.source_write(slug))
source = obj_or_404(Source.by_slug(slug))
crawl_source.delay(source.slug)
logging.debug('started crawl')
return jsonify({'status': 'ok'})
def update(id):
user = obj_or_404(User.by_id(id))
authz.require(user.id == current_user.id or authz.is_admin())
user.update(request_data())
db.session.add(user)
db.session.commit()
return jsonify(user)
def delete(id):
authz.require(authz.watchlist_write(id))
watchlist = obj_or_404(Watchlist.by_id(id))
analyze_terms.delay(watchlist.terms)
watchlist.delete()
db.session.commit()
return jsonify({'status': 'ok'})
def ingest_upload(collection_id):
collection = obj_or_404(Collection.by_id(collection_id))
authz.require(authz.collection_write(collection.id))
log_event(request)
try:
meta = json.loads(request.form.get('meta', '{}'))
except Exception as ex:
raise BadRequest(unicode(ex))
metas = []
for storage in request.files.values():
file_meta = meta.copy()
file_meta['mime_type'] = storage.mimetype
file_meta['file_name'] = storage.filename
validate(file_meta, 'metadata.json#')
file_meta = Metadata.from_data(file_meta)
file_meta.crawler_id = 'user_upload:%s' % request.auth_role.id
file_meta.crawler_run = make_textid()
sec_fn = os.path.join(get_upload_folder(),
secure_filename(storage.filename))
storage.save(sec_fn)
ingest_file(collection.id, file_meta, sec_fn, move=True,
queue=USER_QUEUE, routing_key=USER_ROUTING_KEY)
metas.append(file_meta)
return jsonify({'status': 'ok', 'metadata': metas})
def delete(id):
authz.require(authz.logged_in())
alert = obj_or_404(Alert.by_id(id))
authz.require(alert.user_id == current_user.id)
db.session.delete(alert)
db.session.commit()
return jsonify({'status': 'ok'})
def delete(id):
collection = obj_or_404(Collection.by_id(id))
authz.require(authz.collection_write(id))
delete_collection.apply_async([collection.id], queue=USER_QUEUE,
routing_key=USER_ROUTING_KEY)
log_event(request)
return jsonify({'status': 'ok'})
def create():
authz.require(authz.logged_in())
collection = Collection.create(request_data(), request.auth_role)
db.session.commit()
update_collection(collection)
log_event(request)
return view(collection.id)
def update(id):
authz.require(authz.list_write(id))
lst = obj_or_404(List.by_id(id))
lst.update(request_data(), current_user)
db.session.add(lst)
db.session.commit()
return view(id)
def view(id):
authz.require(id == current_user.id or authz.is_admin())
user = obj_or_404(User.by_id(id))
data = user.to_dict()
if user.id != current_user.id:
del data['email']
return jsonify(data)
def ingest_upload(collection_id):
collection = obj_or_404(Collection.by_id(collection_id))
authz.require(authz.collection_write(collection.id))
log_event(request)
try:
meta = json.loads(request.form.get('meta', '{}'))
except Exception as ex:
raise BadRequest(unicode(ex))
metas = []
for storage in request.files.values():
file_meta = meta.copy()
file_meta['mime_type'] = storage.mimetype
file_meta['file_name'] = storage.filename
validate(file_meta, 'metadata.json#')
file_meta = Metadata.from_data(file_meta)
file_meta.crawler_id = 'user_upload:%s' % request.auth_role.id
file_meta.crawler_run = make_textid()
sec_fn = os.path.join(get_upload_folder(),
secure_filename(storage.filename))
storage.save(sec_fn)
ingest_file(collection.id,
file_meta,
sec_fn,
move=True,
queue=USER_QUEUE,
routing_key=USER_ROUTING_KEY)
metas.append(file_meta)
return jsonify({'status': 'ok', 'metadata': metas})
def delete(id):
entity = obj_or_404(Entity.by_id(id))
authz.require(authz.watchlist_write(entity.watchlist_id))
entity.delete()
db.session.commit()
analyze_entity.delay(id)
return jsonify({"status": "ok"})
def update(id):
authz.require(authz.source_write(id))
source = obj_or_404(Source.by_id(id))
source.update(request_data())
db.session.add(source)
db.session.commit()
return view(id)
def create():
# also handles update
data = request.get_json()
print(data)
if 'query_text' not in data:
return jsonify({'status': 'invalid'})
authz.require(authz.logged_in())
if data.get('alert_id', None): # UPDATE
alert_id = int(data['alert_id'])
alert = obj_or_404(Alert.by_id(alert_id))
authz.require(alert.role_id == request.auth_role.id)
alert.query_text = data['query_text']
alert.custom_label = data.get('custom_label' '') or data['query_text']
alert.checking_interval=int(data.get('checking_interval', 9))
else: # CREATE
alert = Alert(
role_id = request.auth_role.id,
query_text=data['query_text'],
custom_label=data.get('custom_label' '') or data['query_text'],
checking_interval=int(data.get('checking_interval', 9))
)
db.session.add(alert)
db.session.commit()
return view(alert.id)
def delete(id):
entity = obj_or_404(Entity.by_id(id))
authz.require(authz.collection_write(entity.collection_id))
entity.delete()
db.session.commit()
analyze_entity.delay(id)
return jsonify({'status': 'ok'})
def get_package(collection, package_id):
authz.require(authz.source_read(collection))
collection = archive.get(collection)
package = collection.get(package_id)
if not package.exists():
raise NotFound()
return package
def delete(id):
authz.require(authz.collection_write(id))
collection = obj_or_404(Collection.by_id(id))
analyze_terms.delay(collection.terms)
collection.delete()
db.session.commit()
return jsonify({'status': 'ok'})
def delete(id):
authz.require(authz.logged_in())
alert = obj_or_404(Alert.by_id(id, role=request.auth_role))
alert.delete()
db.session.commit()
log_event(request)
return jsonify({'status': 'ok'})
def create():
authz.require(authz.logged_in())
alert = Alert.create(request_data(),
request.auth_role)
db.session.commit()
log_event(request)
return view(alert.id)
def delete(id):
authz.require(authz.logged_in())
alert = obj_or_404(Alert.by_id(id))
authz.require(alert.user_id == current_user.id)
db.session.delete(alert)
db.session.commit()
return jsonify({'status': 'ok'})
def get_document(document_id):
document = Document.by_id(document_id)
if document is None:
raise NotFound()
readable = [c for c in document.collection_ids if authz.collection_read(c)]
authz.require(len(readable))
return document
def create():
authz.require(authz.logged_in())
collection = Collection.create(request_data(), request.auth_role)
db.session.commit()
update_collection(collection)
log_event(request)
return view(collection.id)
def update(slug):
authz.require(authz.source_write(slug))
source = obj_or_404(Source.by_slug(slug))
source.update(request_data(), current_user)
db.session.add(source)
db.session.commit()
return view(slug)
def create(collection_id):
collection = obj_or_404(Collection.by_id(collection_id))
authz.require(authz.collection_write(collection.id))
network = Network.create(request_data(), collection, request.auth_role)
db.session.commit()
log_event(request)
return view(collection_id, network.id)
def delete(id):
entity = obj_or_404(Entity.by_id(id))
authz.require(authz.collection_write(entity.collection_id))
entity.delete()
db.session.commit()
analyze_entity.delay(id)
return jsonify({'status': 'ok'})
def view(id):
authz.require(authz.logged_in())
role = obj_or_404(Role.by_id(id))
data = role.to_dict()
if role.id != request.auth_role.id:
del data["email"]
return jsonify(data)
def delete(id):
authz.require(authz.logged_in())
alert = obj_or_404(Alert.by_id(id, role=request.auth_role))
alert.delete()
db.session.commit()
log_event(request)
return jsonify({'status': 'ok'})
def update(id):
authz.require(authz.collection_write(id))
collection = obj_or_404(Collection.by_id(id))
collection.update(request_data())
db.session.add(collection)
db.session.commit()
return view(id)
def get_package(collection, package_id):
authz.require(authz.source_read(collection))
collection = archive.get(collection)
package = collection.get(package_id)
if not package.exists():
raise NotFound()
return package
def update(id):
authz.require(authz.watchlist_write(id))
watchlist = obj_or_404(Watchlist.by_id(id))
watchlist.update(request_data())
db.session.add(watchlist)
db.session.commit()
return view(id)
def update(id):
authz.require(authz.source_write(id))
source = obj_or_404(Source.by_id(id))
source.update(request_data())
db.session.add(source)
db.session.commit()
return view(id)
def view(id):
authz.require(authz.logged_in())
role = obj_or_404(Role.by_id(id))
data = role.to_dict()
if role.id != request.auth_role.id:
del data['email']
return jsonify(data)
def get_document(document_id):
document = Document.by_id(document_id)
if document is None:
raise NotFound()
readable = [c for c in document.collection_ids if authz.collection_read(c)]
authz.require(len(readable))
return document
def delete(collection_id, id):
collection = obj_or_404(Collection.by_id(collection_id))
authz.require(authz.collection_write(collection.id))
network = obj_or_404(Network.by_id_collection(id, collection))
network.delete()
db.session.commit()
log_event(request)
return jsonify({'status': 'ok'})
def update(collection_id, id):
collection = obj_or_404(Collection.by_id(collection_id))
authz.require(authz.collection_write(collection_id))
network = obj_or_404(Network.by_id_collection(id, collection))
network.update(request_data())
log_event(request)
db.session.commit()
return view(collection_id, network.id)
def permissions_index(collection):
authz.require(authz.collection_write(collection))
q = Permission.all()
q = q.filter(Permission.collection_id == collection)
return jsonify({
'total': q.count(),
'results': q
})
def delete(id):
entity = obj_or_404(Entity.by_id(id))
authz.require(authz.list_write(entity.list_id))
selectors = entity.terms
entity.delete()
db.session.commit()
refresh_selectors.delay(list(selectors))
return jsonify({'status': 'ok'})
def index():
authz.require(authz.is_admin())
users = []
for user in User.all():
data = user.to_dict()
del data['email']
users.append(data)
return jsonify({'results': users, 'total': len(users)})
def index():
authz.require(authz.logged_in())
users = []
for role in Role.all():
data = role.to_dict()
del data['email']
users.append(data)
return jsonify({'results': users, 'total': len(users)})
def update(id):
role = obj_or_404(Role.by_id(id))
authz.require(authz.logged_in())
authz.require(role.id == request.auth_role.id)
role.update(request_data())
db.session.add(role)
db.session.commit()
return jsonify(role)
def index():
authz.require(authz.logged_in())
users = []
for role in Role.all():
data = role.to_dict()
del data['email']
users.append(data)
return jsonify({'results': users, 'total': len(users)})
def view(id):
## XXX seems to let any user get private info on other users?
authz.require(authz.logged_in())
role = obj_or_404(Role.by_id(id))
data = role.to_dict()
if role.id != request.auth_role.id:
del data['email']
return jsonify(data)
def update(id):
role = obj_or_404(Role.by_id(id))
authz.require(authz.logged_in())
authz.require(role.id == request.auth_role.id)
role.update(request_data())
db.session.add(role)
db.session.commit()
return jsonify(role)
def delete(id):
authz.require(authz.list_write(id))
lst = obj_or_404(List.by_id(id))
selectors = lst.terms
lst.delete()
db.session.commit()
refresh_selectors.delay(list(selectors))
return jsonify({'status': 'ok'})
def create():
data = EntityForm().deserialize(request_data())
authz.require(data['list'])
authz.require(authz.list_write(data['list'].id))
entity = Entity.create(data, current_user)
db.session.commit()
refresh_selectors.delay(list(entity.terms))
return view(entity.id)
def delete(id):
collection = obj_or_404(Collection.by_id(id))
authz.require(authz.collection_write(id))
collection.delete()
for entity in collection.entities:
update_entity(entity)
db.session.commit()
return jsonify({'status': 'ok'})
def index():
authz.require(authz.logged_in())
users = []
for role in Role.all():
data = role.to_dict()
del data["email"]
users.append(data)
return jsonify({"results": users, "total": len(users)})
def collection_permissions_index(collection=None):
authz.require(authz.collection_write(collection))
q = Permission.all()
q = q.filter(Permission.resource_type == Permission.COLLECTION)
q = q.filter(Permission.resource_id == collection)
return jsonify({
'total': q.count(),
'results': q
})
def source_permissions_index(source=None):
authz.require(authz.source_write(source))
q = Permission.all()
q = q.filter(Permission.resource_type == Permission.SOURCE)
q = q.filter(Permission.resource_id == source)
return jsonify({
'total': q.count(),
'results': q
})
def delete(id):
collection = obj_or_404(Collection.by_id(id))
authz.require(authz.collection_write(id))
# TODO: race condition-ish...
for entity in collection.entities:
analyze_entity.delay(entity.id)
collection.delete()
db.session.commit()
return jsonify({'status': 'ok'})
def get_data(entity=None):
data = request_data()
collection_id = data.get('collection_id')
collection_id = entity.collection_id if entity else collection_id
authz.require(authz.collection_write(collection_id))
if entity is not None:
data['id'] = entity.id
else:
data.pop('id', None)
return data