def auth_check(*args, **kwargs): user = get_requesting_user() if user is None: return base_routes.make_not_authorized_response() if 'admin' == auth_level and not user.is_administrator: return base_routes.make_not_authorized_response() return f(*args, requester=user, **kwargs)
def auth_check(*args, **kwargs): user = get_requesting_user() if user is None: return base_routes.make_not_authorized_response() if 'admin' == auth_level and not user.is_administrator: return base_routes.make_not_authorized_response() return f(*args, requester=user, **kwargs)
def get_search_results(id, page): page = int(page) requester = get_requesting_user() if requester is None: response = base_routes.make_not_authorized_response() elif not is_integer(id): response = base_routes.make_bad_request_response() else: search = store.session.query(Search).filter_by(id=id).first() if search is None: response = base_routes.make_not_found_response() else: if search.has_admin_rights(requester): matching_searches = search_utils.find_matching_searches( search, page) serialized = [ search.serialize( requester, exclude=[], ) for search in matching_searches ] response_data = {'data': serialized} response = jsonify(response_data) else: response = base_routes.make_forbidden_response() return response
def post_picture(user_id): user = get_requesting_user() if user_id != user.id: return base_routes.make_not_authorized_response() image_file = request.files['file'] if not image_file: return base_routes.make_bad_request_response('missing image data') image_data = image_file.read() if not is_allowable_image(image_data): return base_routes.make_bad_request_response( 'unallowed image type') filename = image_to_user_filename(image_data, user_id) store_image(image_file, filename) user.picture_filename = filename store.session.add(user) store.session.commit() logger.info('Saving image {!r}'.format(filename)) return base_routes.make_OK_response()
def post_picture(user_id): user = get_requesting_user() if user_id != user.id: return base_routes.make_not_authorized_response() image_file = request.files['file'] if not image_file: return base_routes.make_bad_request_response('missing image data') image_data = image_file.read() if not is_allowable_image(image_data): return base_routes.make_bad_request_response('unallowed image type') filename = image_to_user_filename(image_data, user_id) store_image(image_file, filename) user.picture_filename = filename store.session.add(user) store.session.commit() logger.info('Saving image {!r}'.format(filename)) return base_routes.make_OK_response()
def get_search_results(id, page): page = int(page) requester = get_requesting_user() if requester is None: response = base_routes.make_not_authorized_response() elif not is_integer(id): response = base_routes.make_bad_request_response() else: search = store.session.query(Search).filter_by(id=id).first() if search is None: response = base_routes.make_not_found_response() else: if search.has_admin_rights(requester): matching_searches = search_utils.find_matching_searches(search, page) serialized = [ search.serialize( requester, exclude=[], ) for search in matching_searches ] response_data = {'data': serialized} response = jsonify(response_data) else: response = base_routes.make_forbidden_response() return response
def request_api_key(): requester = get_requesting_user() if requester is None: response = base_routes.make_not_authorized_response() else: secret = requester.make_api_key() response_data = {'apiKey': secret.key} response = jsonify(response_data) return response
def request_api_key(): requester = get_requesting_user() if requester is None: response = base_routes.make_not_authorized_response() else: secret = requester.make_api_key() response_data = {'apiKey': secret.key} response = jsonify(response_data) return response
def request_confirm_email(): requester = get_requesting_user() if requester is None: response = base_routes.make_not_authorized_response() else: error_message = mail_actions.request_signup_email_confirmation(requester) if error_message: response = base_routes.make_server_error_response(error_message) else: response = base_routes.make_OK_response() return response
def request_confirm_email(): requester = get_requesting_user() if requester is None: response = base_routes.make_not_authorized_response() else: error_message = mail_actions.request_signup_email_confirmation( requester) if error_message: response = base_routes.make_server_error_response( error_message) else: response = base_routes.make_OK_response() return response
def statistics(): requester = get_requesting_user() if requester is None: response = base_routes.make_not_authorized_response() elif not requester.is_administrator: response = base_routes.make_forbidden_response() else: yesterday = Statistic.date_yesterday() response_data = {'data': {}} for days_ago in range(30): date = yesterday - datetime.timedelta(days=days_ago) stats = Statistic.get_statistics(date) response_data['data'][time_format.to_iso8601(date)] = stats response = jsonify(response_data) return response
def statistics(): requester = get_requesting_user() if requester is None: response = base_routes.make_not_authorized_response() elif not requester.is_administrator: response = base_routes.make_forbidden_response() else: yesterday = Statistic.date_yesterday() response_data = {'data': {}} for days_ago in range(30): date = yesterday - datetime.timedelta(days=days_ago) stats = Statistic.get_statistics(date) response_data['data'][time_format.to_iso8601(date)] = stats response = jsonify(response_data) return response
def userbyemail(email): requester = get_requesting_user() if requester is None: response = base_routes.make_not_authorized_response() elif requester.email != email: response = base_routes.make_forbidden_response() else: users = store.session.query(User).filter(User.email == email, User.active == True).all() if len(users) > 1: logger.error('More than one active user with the same email - {}'.format(email)) user = users[0] elif len(users) == 0: user = None else: user = users[0] if user is None: response = base_routes.make_not_found_response() else: response = base_routes.make_single_response(requester, user) return response
def userbyemail(email): requester = get_requesting_user() if requester is None: response = base_routes.make_not_authorized_response() elif requester.email != email: response = base_routes.make_forbidden_response() else: users = store.session.query(User).filter( User.email == email, User.active == True).all() if len(users) > 1: logger.error( 'More than one active user with the same email - {}'. format(email)) user = users[0] elif len(users) == 0: user = None else: user = users[0] if user is None: response = base_routes.make_not_found_response() else: response = base_routes.make_single_response(requester, user) return response