Beispiel #1
0
 def _get_validated_object_parameters(self, data_dict):
     params = {
         'name':
         data_dict['name'].strip(),
         'description':
         data_dict['description'],
         'group_type':
         parse_int(data_dict['group_type']),
         'access_folios':
         parse_boolean(data_dict.get('access_folios', '')),
         'access_reports':
         parse_boolean(data_dict.get('access_reports', '')),
         'access_admin_users':
         parse_boolean(data_dict.get('access_admin_users', '')),
         'access_admin_files':
         parse_boolean(data_dict.get('access_admin_files', '')),
         'access_admin_folios':
         parse_boolean(data_dict.get('access_admin_folios', '')),
         'access_admin_permissions':
         parse_boolean(data_dict.get('access_admin_permissions', '')),
         'access_admin_all':
         parse_boolean(data_dict.get('access_admin_all', ''))
     }
     validate_string(params['description'], 0, 5 * 1024)
     validate_number(params['group_type'], Group.GROUP_TYPE_SYSTEM,
                     Group.GROUP_TYPE_LDAP)
     if params['group_type'] == Group.GROUP_TYPE_LOCAL:
         validate_string(params['name'], 1, 120)
     return params
Beispiel #2
0
    def _get_validated_object_parameters(self, data_dict, adding):
        params = {
            'filename': data_dict.get('filename'),
            'index': data_dict.get('index'),
            'image_parameters': data_dict.get('image_parameters')
        }
        if adding:
            # Require either image_id or image_src
            if data_dict.get('image_id') and data_dict.get('image_src'):
                raise ValueError(
                    'specify only one of either image_id or image_src')
            elif data_dict.get('image_id'):
                params['image_id'] = parse_int(data_dict['image_id'])
                validate_number(params['image_id'], 1, sys.maxsize)
            elif data_dict.get('image_src'):
                params['image_src'] = data_dict['image_src'].strip()
                validate_string(params['image_src'], 5, 1024)
            else:
                raise KeyError('image_id or image_src')
            # Get or default all the others
            params['filename'] = params['filename'] or ''
            params['index'] = parse_int(
                params['index']) if params['index'] else 0
            params['image_parameters'] = params['image_parameters'] or '{}'
        else:
            # All parameters optional, if not supplied we leave the values unchanged
            if params['index']:
                params['index'] = parse_int(params['index'])

        if params['filename'] is not None:
            validate_string(params['filename'], 0, 255)
            if params['filename']:
                # Zips only support ASCII filenames, block directory traversal attempts
                sec_filename = secure_filename(params['filename'])
                if sec_filename != params['filename']:
                    # We could continue with the secured filename, but the caller won't
                    # expect the filename to change, so be consistent and just fail it
                    raise ValueError('filename not allowed, try: ' +
                                     sec_filename)
        if params['index'] is not None:
            validate_number(params['index'], -999999, 999999)
        if params['image_parameters'] is not None:
            validate_string(params['image_parameters'], 2, 100 * 1024)
            params['image_parameters'] = _image_params_to_template_dict(
                params['image_parameters'])
        return params
Beispiel #3
0
 def _get_validated_object_parameters(self, data_dict):
     params = {
         'name': data_dict['name'].strip(),
         'description': data_dict['description'],
         'group_type': parse_int(data_dict['group_type']),
         'access_folios': parse_boolean(data_dict.get('access_folios', '')),
         'access_reports': parse_boolean(data_dict.get('access_reports', '')),
         'access_admin_users': parse_boolean(data_dict.get('access_admin_users', '')),
         'access_admin_files': parse_boolean(data_dict.get('access_admin_files', '')),
         'access_admin_folios': parse_boolean(data_dict.get('access_admin_folios', '')),
         'access_admin_permissions': parse_boolean(data_dict.get('access_admin_permissions', '')),
         'access_admin_all': parse_boolean(data_dict.get('access_admin_all', ''))
     }
     validate_string(params['description'], 0, 5 * 1024)
     validate_number(params['group_type'], Group.GROUP_TYPE_SYSTEM, Group.GROUP_TYPE_LDAP)
     if params['group_type'] == Group.GROUP_TYPE_LOCAL:
         validate_string(params['name'], 1, 120)
     return params
Beispiel #4
0
 def _get_validated_object_parameters(self, data_dict, require_password):
     params = {
         'first_name': data_dict['first_name'],
         'last_name': data_dict['last_name'],
         'email': data_dict['email'],
         'username': data_dict['username'].strip(),
         'password': data_dict.get('password', ''),
         'auth_type': parse_int(data_dict['auth_type']),
         'allow_api': parse_boolean(data_dict.get('allow_api', ''))
     }
     validate_string(params['first_name'], 0, 120)
     validate_string(params['last_name'], 0, 120)
     validate_string(params['email'], 0, 120)
     validate_number(params['auth_type'], User.AUTH_TYPE_PASSWORD, User.AUTH_TYPE_LDAP)
     if params['auth_type'] != User.AUTH_TYPE_LDAP:
         validate_string(params['username'], 1, 120)
     if params['password'] or require_password:
         validate_string(params['password'], 6, 120)
     return params
Beispiel #5
0
 def _get_validated_object_parameters(self, data_dict, require_password):
     params = {
         'first_name': data_dict['first_name'],
         'last_name': data_dict['last_name'],
         'email': data_dict['email'],
         'username': data_dict['username'].strip(),
         'password': data_dict.get('password', ''),
         'auth_type': parse_int(data_dict['auth_type']),
         'allow_api': parse_boolean(data_dict.get('allow_api', ''))
     }
     validate_string(params['first_name'], 0, 120)
     validate_string(params['last_name'], 0, 120)
     validate_string(params['email'], 0, 120)
     validate_number(params['auth_type'], User.AUTH_TYPE_PASSWORD,
                     User.AUTH_TYPE_LDAP)
     if params['auth_type'] != User.AUTH_TYPE_LDAP:
         validate_string(params['username'], 1, 120)
     if params['password'] or require_password:
         validate_string(params['password'], 8, 120)
     return params
Beispiel #6
0
    def _get_validated_object_parameters(self, data_dict):
        params = {
            'human_id': data_dict.get('human_id', '').strip(),
            'name': data_dict['name'],
            'description': data_dict['description'],
            'internal_access': parse_int(data_dict['internal_access']),
            'public_access': parse_int(data_dict['public_access'])
        }
        if params['human_id']:
            validate_string(params['human_id'], 1, 64)
            if params['human_id'] != secure_url_fragment(
                    params['human_id'], True):
                raise ValueError(
                    'human_id is not allowed to contain characters: %<>&.?:/')

        validate_string(params['name'], 0, 255)
        validate_string(params['description'], 0, 5 * 1024)
        # For the first release of portfolios we're limiting access to <= DOWNLOAD
        validate_number(params['internal_access'], FolioPermission.ACCESS_NONE,
                        FolioPermission.ACCESS_DOWNLOAD)
        validate_number(params['public_access'], FolioPermission.ACCESS_NONE,
                        FolioPermission.ACCESS_DOWNLOAD)
        return params
Beispiel #7
0
 def _get_validated_object_parameters(self, data_dict):
     params = {
         'group_id': parse_int(data_dict['group_id']),
         'folder_id': parse_int(data_dict['folder_id']),
         'access': parse_int(data_dict['access'])
     }
     validate_number(params['group_id'], 1, sys.maxint)
     validate_number(params['folder_id'], 1, sys.maxint)
     validate_number(params['access'], FolderPermission.ACCESS_NONE, FolderPermission.ACCESS_ALL)
     return params
Beispiel #8
0
 def _get_validated_object_parameters(self, data_dict):
     params = {
         'group_id': parse_int(data_dict['group_id']),
         'folder_id': parse_int(data_dict['folder_id']),
         'access': parse_int(data_dict['access'])
     }
     validate_number(params['group_id'], 1, sys.maxsize)
     validate_number(params['folder_id'], 1, sys.maxsize)
     validate_number(params['access'], FolderPermission.ACCESS_NONE,
                     FolderPermission.ACCESS_ALL)
     return params
Beispiel #9
0
 def _get_validated_object_parameters(self, data_dict):
     params = {'index': parse_int(data_dict['index'])}
     validate_number(params['index'], -999999, 999999)
     return params
Beispiel #10
0
def imagelist():
    # Check parameters
    try:
        from_path = request.args.get('path', '')
        want_info = parse_boolean(request.args.get('attributes', ''))
        start = parse_int(request.args.get('start', '0'))
        limit = parse_int(request.args.get('limit', '1000'))
        validate_string(from_path, 1, 1024)
        validate_number(start, 0, 999999999)
        validate_number(limit, 1, 1000)
    except ValueError as e:
        raise ParameterError(e)

    # Get extra parameters for image URL construction, remove API parameters
    image_params = request.args.to_dict()
    image_params.pop('path', None)
    image_params.pop('attributes', None)
    image_params.pop('start', None)
    image_params.pop('limit', None)

    # Get directory listing
    directory_info = get_directory_listing(from_path, False, 2, start, limit)
    if not directory_info.exists():
        raise DoesNotExistError('Invalid path')

    ret_list = []
    db_session = data_engine.db_get_session()
    db_commit = False
    try:
        # Auto-populate the folders database
        db_folder = auto_sync_folder(
            from_path, data_engine, task_engine, _db_session=db_session
        )
        db_session.commit()

        # Require view permission or file admin
        permissions_engine.ensure_folder_permitted(
            db_folder,
            FolderPermission.ACCESS_VIEW,
            get_session_user()
        )
        # Get download permission in case we need to return it later
        can_download = permissions_engine.is_folder_permitted(
            db_folder,
            FolderPermission.ACCESS_DOWNLOAD,
            get_session_user()
        )

        # Create the response
        file_list = directory_info.contents()
        supported_img_types = image_engine.get_image_formats(supported_only=True)
        base_folder = add_sep(directory_info.name())
        for f in file_list:
            # v2.6.4 Return unsupported files too. If you want to reverse this change,
            # the filtering needs to be elsewhere for 'start' and 'limit' to work properly
            supported_file = get_file_extension(f['filename']) in supported_img_types
            file_path = base_folder + f['filename']

            if want_info:
                # Need to return the database fields too
                if supported_file:
                    db_entry = auto_sync_existing_file(
                        file_path,
                        data_engine,
                        task_engine,
                        burst_pdf=False,  # Don't burst a PDF just by finding it here
                        _db_session=db_session
                    )
                    db_entry = _prep_image_object(db_entry, can_download, **image_params)
                else:
                    db_entry = _prep_blank_image_object()
                    db_entry.filename = f['filename']
                    db_entry.supported = False
                # Return images in full (standard) image dict format
                entry = object_to_dict(db_entry, _omit_fields)
            else:
                # Return images in short dict format
                entry = {
                    'filename': f['filename'],
                    'supported': supported_file,
                    'url': (external_url_for('image', src=file_path, **image_params)
                            if supported_file else '')
                }

            ret_list.append(entry)

        db_commit = True
    finally:
        try:
            if db_commit:
                db_session.commit()
            else:
                db_session.rollback()
        finally:
            db_session.close()

    return make_api_success_response(ret_list)
Beispiel #11
0
 def _get_validated_object_parameters(self, data_dict):
     params = {'user_id': parse_int(data_dict['user_id'])}
     validate_number(params['user_id'], 1, sys.maxsize)
     return params
Beispiel #12
0
 def _get_validated_object_parameters(self, data_dict):
     params = {'user_id': parse_int(data_dict['user_id'])}
     validate_number(params['user_id'], 1, sys.maxint)
     return params