def check_access():
"""Global decorator for each view.
Checks permissions to access app resources by each user's request.
Gets dynamic user info(user role, url, request method)from request context.
:return: nested function returns true or 403
"""
if "access_control" not in session:
session["access_control"] = permission_control.get_dct()
logger.debug(jsonify(session["access_control"]))
access_rules = session["access_control"]
route = "/" + "/".join(request.url.split("/")[3:])
access_result = check_permissions(current_user.role, route, request.method, access_rules)
if not access_result["error"]:
access_status = access_result["status"]
logger.info(
"ACCESS STATUS: %s DETAILS:(url= %s[%s], user ID:%s (%s))",
access_status,
route,
request.method,
current_user.uid,
current_user.role,
)
else:
logger.debug(
"ACCESS: FORBIDDEN! DETAILS:(url= %s[%s], "
"user ID:%s (%s), errors=%s)"
% (route, request.method, current_user.uid, current_user.role, access_result["error"])
)
abort(403)
def check_access():
"""Global decorator for each view.
Checks permissions to access app resources by each user's request.
Gets dynamic user info(user role, url, request method)from request context.
:return: nested function returns true or 403
"""
if 'access_control' not in session:
session['access_control'] = permission_control.get_dct()
logger.debug(jsonify(session['access_control']))
access_rules = session['access_control']
route = '/' + '/'.join(request.url.split('/')[3:])
access_result = check_permissions(current_user.role, route, request.method,
access_rules)
if not access_result['error']:
access_status = access_result['status']
logger.info('ACCESS STATUS: %s DETAILS:(url= %s[%s], user ID:%s (%s))',
access_status, route, request.method, current_user.uid,
current_user.role)
else:
logger.debug('ACCESS: FORBIDDEN! DETAILS:(url= %s[%s], '
'user ID:%s (%s), errors=%s)' %
(route, request.method, current_user.uid,
current_user.role, access_result['error']))
abort(403)
def post_problem():
"""Function which adds data from problem form to DB.
:return: If request data is invalid:
{'status': False, 'error': [list of errors]}, 400
If all ok:
{'added_problem': 'problem_title'
'problem_id': 'problem_id'}
"""
if request.method == 'POST' and request.form:
data = request.form
logger.warning(json.dumps(request.form))
logger.info(data)
valid = validator.problem_post(data)
if valid['status']:
logger.debug('Checks problem post validation. %s', valid)
user_id = current_user.uid
posted_date = int(time.time())
last_id = db.problem_post(data['title'], data['content'],
data['proposal'], data['latitude'],
data['longitude'], data['type'],
posted_date, user_id)
if last_id:
db.problem_activity_post(last_id, posted_date, user_id)
logger.debug('New problem post was created with id %s', last_id)
response = jsonify(added_problem=data['title'], problem_id=last_id)
else:
response = Response(json.dumps(valid),
mimetype='application/json'), 400
return response
def post_problem():
"""Function which adds data from problem form to DB.
:return: If request data is invalid:
{'status': False, 'error': [list of errors]}, 400
If all ok:
{'added_problem': 'problem_title'
'problem_id': 'problem_id'}
"""
if request.method == 'POST' and request.form:
data = request.form
logger.warning(json.dumps(request.form))
logger.info(data)
valid = validator.problem_post(data)
if valid['status']:
logger.debug('Checks problem post validation. %s', valid)
user_id = current_user.uid
posted_date = int(time.time())
last_id = db.problem_post(data['title'],
data['content'],
data['proposal'],
data['latitude'],
data['longitude'],
data['type'],
posted_date,
user_id)
if last_id:
db.problem_activity_post(last_id, posted_date,
user_id)
logger.debug('New problem post was created with id %s', last_id)
response = jsonify(added_problem=data['title'],
problem_id=last_id)
else:
response = Response(json.dumps(valid),
mimetype='application/json'), 400
return response
def delete_comment_by_id():
"""Function deletes comment from DB.
:type: JSON
:return: response
"""
comment_id = int(request.args.get('comment_id'))
db.delete_comment_by_id(comment_id)
logger.debug('Comment and all subcomments (if any) was deleted with id %s',
comment_id)
response = jsonify(message='Comment successfully added.'), 200
return response
def subscription_delete():
"""Function deletes data of subscription from DB.
:type: JSON
:return: response
"""
if request.method == 'DELETE':
logger.info(request.args.get('problem_id'))
problem_id = int(request.args.get('problem_id'))
user_id = current_user.uid
logger.info(problem_id)
last_id = db.subscription_delete(user_id, problem_id)
logger.debug('Subscription post was deleted with id %s', last_id)
response = jsonify(subscription_id=last_id)
return response
def post_problem():
"""Function which adds data about created problem into DB.
:content-type: multipart/form-data
:fparam title: Title of problem ('problem with rivers')
:fparam type: id of problem type (2)
:fparam lat: lat coordinates (49.8256101)
:fparam longitude: lon coordinates (24.0600542)
:fparam content: description of problem ('some text')
:fparam proposal: proposition for solving problem ('text')
:rtype: JSON
:return:
- If request data is invalid:
``{'status': False, 'error': [list of errors]}``
- If all ok:
``{"added_problem": "problem title", "problem_id": 83}``
:statuscode 400: request is invalid
:statuscode 200: problem was successfully posted
"""
if request.method == 'POST' and request.form:
data = request.form
logger.warning(json.dumps(request.form))
logger.info(data)
valid = validator.problem_post(data)
if valid['status']:
logger.debug('Checks problem post validation. %s', valid)
user_id = current_user.uid
posted_date = int(time.time())
last_id = db.problem_post(data['title'], data['content'],
data['proposal'], data['latitude'],
data['longitude'], data['type'],
posted_date, user_id)
if last_id:
db.problem_activity_post(last_id, posted_date, user_id,
'Added')
logger.debug('New problem post was created with id %s', last_id)
response = jsonify(added_problem=data['title'], problem_id=last_id)
else:
response = Response(json.dumps(valid),
mimetype='application/json'), 400
return response
def subscription_post():
"""Function adds data about subscription into DB.
:param problem_id: id of problem (int)
:param user_id: id of user (int)
:param subscr date: date when user subscribed to a problem
:return: response
:type: JSON
"""
if request.method == 'POST':
data = request.get_json()
logger.warning(request.get_json())
logger.info(data)
user_id = current_user.uid
subscr_date = int(time.time())
last_id = db.subscription_post(data['problem_id'], user_id,
subscr_date)
logger.debug('New subscription post was created with id %s', last_id)
response = jsonify(subscription_id=last_id)
return response