def route(page):
endpoint, *args = page.split("/")
admin_user = current_user.is_admin
if f"/{endpoint}" not in app.rbac["post_requests"]:
return jsonify({"alert": "Invalid POST request."})
if not admin_user and f"/{endpoint}" not in current_user.post_requests:
return jsonify({"alert": "Error 403 - Operation not allowed."})
form_type = request.form.get("form_type")
if request.json:
kwargs = request.json
elif form_type:
form = form_classes[form_type](request.form)
if not form.validate_on_submit():
return jsonify({
"invalid_form": True,
**{
"errors": form.errors
}
})
kwargs = form.form_postprocessing(request.form)
else:
kwargs = request.form
try:
with db.session_scope():
result = getattr(app, endpoint)(*args, **kwargs)
except db.rbac_error:
result = {"alert": "Error 403 - Operation not allowed."}
except Exception:
app.log("error", format_exc(), change_log=False)
result = {"alert": "Error 500 - Internal Server Error"}
return jsonify(result)
def route(page):
form_type = request.form.get("form_type")
endpoint, *args = page.split("/")
if request.json:
kwargs = request.json
elif form_type:
form = form_classes[form_type](request.form)
if not form.validate_on_submit():
return jsonify({"invalid_form": True, **{"errors": form.errors}})
kwargs = form.form_postprocessing(request.form)
else:
kwargs = request.form
with db.session_scope():
return jsonify(getattr(app, endpoint)(*args, **kwargs))