Beispiel #1
0
def check_access():
    """Global decorator for each view.
    Checks permissions to access app resources by each user's request.
    Gets dynamic user info(user role, url, request method)from request context.
    :return: nested function returns true or 403
    """
    if "access_control" not in session:
        session["access_control"] = permission_control.get_dct()
    logger.debug(jsonify(session["access_control"]))
    access_rules = session["access_control"]
    route = "/" + "/".join(request.url.split("/")[3:])

    access_result = check_permissions(current_user.role, route, request.method, access_rules)
    if not access_result["error"]:
        access_status = access_result["status"]
        logger.info(
            "ACCESS STATUS: %s DETAILS:(url= %s[%s], user ID:%s (%s))",
            access_status,
            route,
            request.method,
            current_user.uid,
            current_user.role,
        )
    else:
        logger.debug(
            "ACCESS: FORBIDDEN! DETAILS:(url= %s[%s], "
            "user ID:%s (%s), errors=%s)"
            % (route, request.method, current_user.uid, current_user.role, access_result["error"])
        )
        abort(403)
Beispiel #2
0
def check_access():
    """Global decorator for each view.
    Checks permissions to access app resources by each user's request.
    Gets dynamic user info(user role, url, request method)from request context.
    :return: nested function returns true or 403
    """
    if 'access_control' not in session:
        session['access_control'] = permission_control.get_dct()
    logger.debug(jsonify(session['access_control']))
    access_rules = session['access_control']
    route = '/' + '/'.join(request.url.split('/')[3:])

    access_result = check_permissions(current_user.role, route, request.method,
                                      access_rules)
    if not access_result['error']:
        access_status = access_result['status']
        logger.info('ACCESS STATUS: %s DETAILS:(url= %s[%s], user ID:%s (%s))',
                    access_status, route, request.method, current_user.uid,
                    current_user.role)
    else:
        logger.debug('ACCESS: FORBIDDEN! DETAILS:(url= %s[%s], '
                     'user ID:%s (%s), errors=%s)' %
                     (route, request.method, current_user.uid,
                      current_user.role, access_result['error']))
        abort(403)
Beispiel #3
0
def post_problem():
    """Function which adds data from problem form to DB.
    :return: If request data is invalid:
    {'status': False, 'error': [list of errors]}, 400
    If all ok:
    {'added_problem': 'problem_title'
    'problem_id': 'problem_id'}
    """
    if request.method == 'POST' and request.form:
        data = request.form
        logger.warning(json.dumps(request.form))
        logger.info(data)
        valid = validator.problem_post(data)
        if valid['status']:
            logger.debug('Checks problem post validation. %s', valid)
            user_id = current_user.uid
            posted_date = int(time.time())
            last_id = db.problem_post(data['title'], data['content'],
                                      data['proposal'], data['latitude'],
                                      data['longitude'], data['type'],
                                      posted_date, user_id)
            if last_id:
                db.problem_activity_post(last_id, posted_date, user_id)
            logger.debug('New problem post was created with id %s', last_id)
            response = jsonify(added_problem=data['title'], problem_id=last_id)
        else:
            response = Response(json.dumps(valid),
                                mimetype='application/json'), 400
        return response
def post_problem():
    """Function which adds data from problem form to DB.
    :return: If request data is invalid:
    {'status': False, 'error': [list of errors]}, 400
    If all ok:
    {'added_problem': 'problem_title'
    'problem_id': 'problem_id'}
    """
    if request.method == 'POST' and request.form:
        data = request.form
        logger.warning(json.dumps(request.form))
        logger.info(data)
        valid = validator.problem_post(data)
        if valid['status']:
            logger.debug('Checks problem post validation. %s', valid)
            user_id = current_user.uid
            posted_date = int(time.time())
            last_id = db.problem_post(data['title'],
                                      data['content'],
                                      data['proposal'],
                                      data['latitude'],
                                      data['longitude'],
                                      data['type'],
                                      posted_date,
                                      user_id)
            if last_id:
                db.problem_activity_post(last_id, posted_date,
                                         user_id)
            logger.debug('New problem post was created with id %s', last_id)
            response = jsonify(added_problem=data['title'],
                               problem_id=last_id)
        else:
            response = Response(json.dumps(valid),
                                mimetype='application/json'), 400
        return response
def delete_comment_by_id():
    """Function deletes comment from DB.
    :type: JSON
    :return: response
    """
    comment_id = int(request.args.get('comment_id'))
    db.delete_comment_by_id(comment_id)
    logger.debug('Comment and all subcomments (if any) was deleted with id %s',
                 comment_id)
    response = jsonify(message='Comment successfully added.'), 200
    return response
def subscription_delete():
    """Function deletes data of subscription from DB.
    :type: JSON
    :return: response
    """
    if request.method == 'DELETE':
        logger.info(request.args.get('problem_id'))
        problem_id = int(request.args.get('problem_id'))
        user_id = current_user.uid
        logger.info(problem_id)
        last_id = db.subscription_delete(user_id, problem_id)
        logger.debug('Subscription post was deleted with id %s', last_id)
        response = jsonify(subscription_id=last_id)
        return response
def post_problem():
    """Function which adds data about created problem into DB.

    :content-type: multipart/form-data

    :fparam title: Title of problem ('problem with rivers')
    :fparam type: id of problem type (2)
    :fparam lat: lat coordinates (49.8256101)
    :fparam longitude: lon coordinates (24.0600542)
    :fparam content: description of problem ('some text')
    :fparam proposal: proposition for solving problem ('text')

    :rtype: JSON
    :return:
            - If request data is invalid:
                    ``{'status': False, 'error': [list of errors]}``
            - If all ok:
                    ``{"added_problem": "problem title", "problem_id": 83}``

    :statuscode 400: request is invalid
    :statuscode 200: problem was successfully posted

    """
    if request.method == 'POST' and request.form:
        data = request.form
        logger.warning(json.dumps(request.form))
        logger.info(data)
        valid = validator.problem_post(data)
        if valid['status']:
            logger.debug('Checks problem post validation. %s', valid)
            user_id = current_user.uid
            posted_date = int(time.time())
            last_id = db.problem_post(data['title'], data['content'],
                                      data['proposal'], data['latitude'],
                                      data['longitude'], data['type'],
                                      posted_date, user_id)
            if last_id:
                db.problem_activity_post(last_id, posted_date, user_id,
                                         'Added')
            logger.debug('New problem post was created with id %s', last_id)
            response = jsonify(added_problem=data['title'], problem_id=last_id)
        else:
            response = Response(json.dumps(valid),
                                mimetype='application/json'), 400
        return response
def subscription_post():
    """Function adds data about subscription into DB.
    :param problem_id: id of problem (int)
    :param user_id: id of user (int)
    :param subscr date: date when user subscribed to a problem
    :return: response
    :type: JSON
    """
    if request.method == 'POST':
        data = request.get_json()
        logger.warning(request.get_json())
        logger.info(data)
        user_id = current_user.uid
        subscr_date = int(time.time())
        last_id = db.subscription_post(data['problem_id'], user_id,
                                       subscr_date)
        logger.debug('New subscription post was created with id %s', last_id)
        response = jsonify(subscription_id=last_id)
        return response