def validate_document_post_status(request):
post = request.validated['post']
if post.author != get_monitoring_role(request.authenticated_role):
raise forbidden(request)
if post.postOf == DECISION_OBJECT_TYPE:
_validate_document_status(request, ACTIVE_STATUS)
elif post.postOf == CONCLUSION_OBJECT_TYPE:
_validate_document_status(request, (ADDRESSED_STATUS, DECLINED_STATUS))
def patch(self):
obj = self.request.validated["request"]
now = get_now()
if obj.answer is not None:
raise forbidden(self.request)
apply_patch(self.request, src=self.request.validated["request_src"], save=False)
if obj.answer:
obj.dateAnswered = now
save_request(self.request, date_modified=now)
LOGGER.info(
"Updated request {}".format(obj.id),
extra=context_unpack(self.request, {"MESSAGE_ID": "request_patch"}),
)
return {"data": request_serialize_view(obj, self.request.authenticated_role)}
def validate_credentials_generate(request):
try:
token = get_access_token(request)
except ValueError:
raise_operation_error(request, 'No access token was provided.')
try:
response = TendersClient(
request.registry.api_token,
host_url=request.registry.api_server,
api_version=request.registry.api_version,
).extract_credentials(request.validated['monitoring'].tender_id)
except ResourceNotFound:
raise_operation_error(
request, 'Tender {} not found'.format(
request.validated['monitoring'].tender_id))
else:
if sha512(token).hexdigest() != response['data']['tender_token']:
raise forbidden(request)
def get(self):
if self.request.params.get('mode') == 'draft':
perm = self.request.has_permission('view_draft_monitoring')
if not isinstance(perm, ACLAllowed):
return forbidden(self.request)
tender_id = self.request.matchdict["tender_id"]
opt_fields = self.request.params.get('opt_fields', '')
opt_fields = set(e for e in opt_fields.split(',') if e)
mode = self.request.params.get('mode', '')
list_view = self.views.get(mode, "")
view_kwargs = dict(
limit=500, # TODO: pagination
startkey=[tender_id, None],
endkey=[tender_id, {}],
)
if opt_fields - self.default_fields:
self.LOGGER.info(
'Used custom fields for monitoring list: {}'.format(','.join(
sorted(opt_fields))),
extra=context_unpack(self.request,
{'MESSAGE_ID': "CUSTOM_MONITORING_LIST"}))
results = [
monitoring_serialize(self.request, i[u'doc'],
opt_fields | self.default_fields)
for i in list_view(self.db, include_docs=True, **view_kwargs)
]
else:
results = [
dict(id=e.id, dateCreated=e.key[1], **e.value)
for e in list_view(self.db, **view_kwargs)
]
data = {
'data': results,
}
return data
def get(self):
if self.request.params.get('mode') == 'draft':
perm = self.request.has_permission('view_draft_monitoring')
if not isinstance(perm, ACLAllowed):
return forbidden(self.request)
return super(TenderMonitoringResource, self).get()
def validate_allowed_request_document(request):
obj = request.validated['request']
if request.authenticated_role == PUBLIC_ROLE and obj.answer is not None:
raise forbidden(request)
def get(self):
if self.request.validated['monitoring'].status == ACTIVE_STATUS \
and not self.request.has_permission('view_draft_monitoring'):
return forbidden(self.request)
return {'data': self.context.serialize('default')}
def get(self):
if self.request.params.get('mode') in ('real_draft', 'all_draft'):
perm = self.request.has_permission('view_draft_monitoring')
if not isinstance(perm, ACLAllowed):
return forbidden(self.request)
return super(MonitoringsResource, self).get()