Beispiel #1
0
def _get_query_and_params(request, name):
    query = get_redshift_catalogue().get_query(name)
    if not query:
        raise Http404("No query named: %s" % name)

    supplied_params = request.GET.dict()
    if "deck_id" in supplied_params and not supplied_params["deck_id"].isdigit(
    ):
        # We got sent a shortid, so we need to translate it into a deck_id int
        deck = Deck.objects.get_by_shortid(supplied_params["deck_id"])
        supplied_params["deck_id"] = str(deck.id)

    if query.is_personalized:
        if request.user and not request.user.is_fake:

            if "Region" not in supplied_params:
                default_pegasus_account = request.user.pegasusaccount_set.first(
                )

                if default_pegasus_account:
                    supplied_params[
                        "Region"] = default_pegasus_account.region.name
                    supplied_params[
                        "account_lo"] = default_pegasus_account.account_lo
                else:
                    raise Http404("User does not have any Pegasus Accounts.")
            else:
                user_owns_pegasus_account = request.user.pegasusaccount_set.filter(
                    region__exact=int(supplied_params["Region"]),
                    account_lo__exact=int(
                        supplied_params["account_lo"])).exists()
                if not user_owns_pegasus_account:
                    return HttpResponseForbidden()

            if supplied_params["Region"].isdigit():
                region_member = Region.from_int(int(supplied_params["Region"]))
                supplied_params["Region"] = region_member.name

            personal_parameterized_query = query.build_full_params(
                supplied_params)

            if not user_is_eligible_for_query(request.user, query,
                                              personal_parameterized_query):
                return HttpResponseForbidden()

            return personal_parameterized_query

        else:
            # Anonymous or Fake Users Can Never Request Personal Stats
            return HttpResponseForbidden()
    else:

        parameterized_query = query.build_full_params(supplied_params)
        if not user_is_eligible_for_query(request.user, query,
                                          parameterized_query):
            return HttpResponseForbidden()

        return parameterized_query
Beispiel #2
0
    def get(self, request, **kwargs):
        serializer = self.serializer_class(data=request.GET)
        serializer.is_valid(raise_exception=True)

        supplied_params = request.GET.copy()
        supplied_params.update(serializer.validated_data)
        del supplied_params["query"]
        if "Region" in supplied_params:
            supplied_params["Region"] = Region.from_int(
                supplied_params["Region"]).name

        try:
            parameterized_query = serializer.query.build_full_params(
                supplied_params)
        except InvalidOrMissingQueryParameterError as e:
            raise PermissionDenied(str(e)) from e

        if parameterized_query.has_premium_values:
            if not self._check_premium(request):
                raise PermissionDenied("You do not have access to this query.")

        last_modified = parameterized_query.result_as_of
        if last_modified:
            last_modified = timegm(last_modified.utctimetuple())

        response = None

        is_cache_hit = parameterized_query.result_available
        if is_cache_hit:
            _trigger_if_stale(parameterized_query)
            # Try to return a minimal response
            response = get_conditional_response(request,
                                                last_modified=last_modified)

        if not response:
            # Resort to a full response
            response = _fetch_query_results(parameterized_query,
                                            user=request.user)

        response["last-modified"] = http_date(last_modified)

        # Always send Cache-Control headers
        if parameterized_query.is_personalized or parameterized_query.has_premium_values:
            patch_cache_control(response, no_cache=True, private=True)
        else:
            patch_cache_control(response, no_cache=True, public=True)

        return response
Beispiel #3
0
def _get_query_and_params(request, name):
    query = get_redshift_query(name)
    if not query:
        raise Http404("No query named: %s" % name)

    supplied_params = request.GET.dict()
    deck = None
    if "deck_id" in supplied_params and not supplied_params["deck_id"].isdigit(
    ):
        # We got sent a shortid, so we need to translate it into a deck_id int
        try:
            deck = Deck.objects.get_by_shortid(supplied_params["deck_id"])
            supplied_params["deck_id"] = str(deck.id)
        except Deck.DoesNotExist:
            raise Http404("Deck does not exist")

    if query.is_personalized:
        if request.user and request.user.is_authenticated:
            if "Region" in supplied_params and "account_lo" in supplied_params:
                # The parameters region and account_lo were both supplied, use these
                supplied_region = supplied_params["Region"]
                supplied_account_lo = supplied_params["account_lo"]
                if not (supplied_region.isdigit()
                        and supplied_account_lo.isdigit()):
                    return JsonResponse(
                        {
                            "msg":
                            "Both account_lo and Region should be numeric."
                        },
                        status=400)

                user_owns_blizzard_account = request.user.blizzard_accounts.filter(
                    region__exact=int(supplied_region),
                    account_lo__exact=int(supplied_account_lo)).exists()
                if not user_owns_blizzard_account and not request.user.is_staff:
                    return HttpResponseForbidden()
            elif "Region" not in supplied_params and "account_lo" not in supplied_params:
                # Neither region nor account_lo were supplied, default to first
                default_blizzard_account = request.user.blizzard_accounts.first(
                )

                if default_blizzard_account:
                    supplied_params[
                        "Region"] = default_blizzard_account.region.name
                    supplied_params[
                        "account_lo"] = default_blizzard_account.account_lo
                else:
                    raise Http404("User does not have any Blizzard Accounts.")
            else:
                # Supplying only either Region or account_lo is a bad request
                msg = "Personalized queries require both region and account_lo to be present."
                return JsonResponse({"msg": msg}, status=400)

            # Map numeric region to FilterEnum
            if supplied_params["Region"].isdigit():
                supplied_region = supplied_params["Region"]
                region_member = Region.from_int(int(supplied_region))
                supplied_params["Region"] = region_member.name

            try:
                personal_parameterized_query = query.build_full_params(
                    supplied_params)
            except InvalidOrMissingQueryParameterError as e:
                # Return a 400 Bad Request response
                log.warn(str(e))
                return JsonResponse({"msg": str(e)}, status=400)

            if not user_is_eligible_for_query(request.user, query,
                                              personal_parameterized_query):
                return HttpResponseForbidden()

            return personal_parameterized_query

        else:
            # Anonymous or Fake Users Can Never Request Personal Stats
            return HttpResponseForbidden()
    else:
        if deck and not deck.eligible_for_global_stats:
            return HttpResponseForbidden()

        try:
            parameterized_query = query.build_full_params(supplied_params)
        except InvalidOrMissingQueryParameterError as e:
            # Return a 400 Bad Request response
            log.warn(str(e))
            return JsonResponse({"msg": str(e)}, status=400)

        if not user_is_eligible_for_query(request.user, query,
                                          parameterized_query):
            return HttpResponseForbidden()

        return parameterized_query
Beispiel #4
0
def _get_query_and_params(request, name):
    query = get_redshift_catalogue().get_query(name)
    if not query:
        raise Http404("No query named: %s" % name)

    supplied_params = request.GET.dict()
    if "deck_id" in supplied_params and not supplied_params["deck_id"].isdigit(
    ):
        # We got sent a shortid, so we need to translate it into a deck_id int
        try:
            deck = Deck.objects.get_by_shortid(supplied_params["deck_id"])
            supplied_params["deck_id"] = str(deck.id)
        except Deck.DoesNotExist:
            raise Http404("Deck does not exist")

    if query.is_personalized:
        if request.user and request.user.is_authenticated:
            if "Region" not in supplied_params:
                default_blizzard_account = request.user.blizzard_accounts.first(
                )

                if default_blizzard_account:
                    supplied_params[
                        "Region"] = default_blizzard_account.region.name
                    supplied_params[
                        "account_lo"] = default_blizzard_account.account_lo
                else:
                    raise Http404("User does not have any Blizzard Accounts.")
            else:
                user_owns_blizzard_account = request.user.blizzard_accounts.filter(
                    region__exact=int(supplied_params["Region"]),
                    account_lo__exact=int(
                        supplied_params["account_lo"])).exists()
                if not user_owns_blizzard_account:
                    return HttpResponseForbidden()

            if supplied_params["Region"].isdigit():
                region_member = Region.from_int(int(supplied_params["Region"]))
                supplied_params["Region"] = region_member.name

            try:
                personal_parameterized_query = query.build_full_params(
                    supplied_params)
            except InvalidOrMissingQueryParameterError as e:
                # Return a 400 Bad Request response
                log.warn(str(e))
                return HttpResponseBadRequest()

            if not user_is_eligible_for_query(request.user, query,
                                              personal_parameterized_query):
                return HttpResponseForbidden()

            return personal_parameterized_query

        else:
            # Anonymous or Fake Users Can Never Request Personal Stats
            return HttpResponseForbidden()
    else:
        try:
            parameterized_query = query.build_full_params(supplied_params)
        except InvalidOrMissingQueryParameterError as e:
            # Return a 400 Bad Request response
            log.warn(str(e))
            return HttpResponseBadRequest()

        if not user_is_eligible_for_query(request.user, query,
                                          parameterized_query):
            return HttpResponseForbidden()

        return parameterized_query