def obj_create(self, bundle, request=None, **kwargs):
request = bundle.request
create_type = bundle.data.pop('type')
key = request.GET.get('oauth_consumer_key')
user = MyUser.objects.get(
username=verify_access_token(key).user.username)
if (create_type == 'create'):
new_group = StudyGroup(description=bundle.data.pop('description'))
new_group.save()
self.add_user_to_group(user, new_group)
raise ImmediateHttpResponse(http.HttpAccepted(t.user))
elif (create_type == 'delete'):
group = StudyGroup.objects.get(id=bundle.data.pop('id'))
for m in Membership.objects.filter(group=group):
m.delete()
group.delete()
raise ImmediateHttpResponse(http.HttpAccepted())
elif create_type == "add_to_group":
group = StudyGroup.objects.get(id=bundle.data.pop('id'))
self.add_user_to_group(user, group)
elif create_type == "quit_group":
group = StudyGroup.objects.get(id=bundle.data.pop('id'))
m = Membership.objects.get(person=user, group=group)
def post_zip(self, request, **kwargs):
self.method_check(request, allowed=['post'])
self.is_authenticated(request)
self.throttle_check(request)
try:
event_obj = Event.objects.get(pk=kwargs['pk'])
cont = rackspace.cloud_files.get_container(
event_obj.container_name)
album_zip = cont.get_object('{}.zip'.format(event_obj.uuid))
response_body = {
'zip_url': event_obj.zip_download_url,
'created_at': album_zip.last_modified + "Z",
}
return self.create_response(request, response_body)
except ObjectDoesNotExist:
return http.HttpNotFound()
except MultipleObjectsReturned:
return http.HttpMultipleChoices(
"More than one resource is found at this URI.")
else:
# check if there's already a job running that is creating an album archive
if app.backend.get('event:{0}:create_album_zip'.format(
kwargs['pk'])):
http409 = http.HttpResponse
http409.status_code = 409
return http409()
else:
event.create_album_zip.delay(kwargs['pk'])
return http.HttpAccepted()
def inner(self, request, **kwargs):
"""
Handle ``{method}`` request.
Implement ``async_{method} to add custom request, returning
celery.result.AsyncResult. If it returns None, HttpBadRequest
is returned from this method. If you don't implement the
custom method, it will return HttpNotImplemented.
"""
try:
result = getattr(self, 'async_' + method)(
request, **self.remove_api_resource_names(kwargs))
if result is None:
return http.HttpBadRequest()
except NotImplementedError:
return http.HttpNotImplemented()
if isinstance(result, AsyncResult):
if isinstance(result, EagerResult):
EAGER_RESULTS[result.id] = result
response = http.HttpAccepted()
response['Location'] = self._build_reverse_url(
'api_async_state',
kwargs={
'api_name': self._meta.api_name,
'resource_name': self._meta.resource_name,
'task_id': result.id
})
return response
else:
return result
def obj_create(self, bundle, request=None, **kwargs):
create_type = bundle.data.pop('type', 'register')
if create_type == 'register':
form = USER_CREATION_FORM(bundle.data)
if form.is_valid():
new_user = form.save()
new_user.send_email('activate')
bundle.obj = new_user
raise ImmediateHttpResponse(http.HttpAccepted())
#auto login, means request twice, first register, then login!
else:
#output the errors for tatstypie
bundle.errors[self._meta.resource_name] = form.errors
self.error_response(bundle.errors, request)
elif create_type == 'login':
expiry_seconds = bundle.data.pop('expiry_seconds', None)
user = auth.authenticate(**bundle.data)
if user is not None and user.is_active:
auth.login(request, user)
if expiry_seconds:
request.session.set_expiry(int(expiry_seconds))
self.show_keys(request)
elif user is not None and not user.is_active:
raise BadRequest('not active')
else:
raise BadRequest('login error')
else:
raise BadRequest('create user resource error')
def obj_delete(self, bundle, **kwargs):
user = CommCareUser.get(kwargs['pk'])
if user:
user.retire(bundle.request.domain,
deleted_by=bundle.request.couch_user,
deleted_via=USER_CHANGE_VIA_API)
return ImmediateHttpResponse(response=http.HttpAccepted())
def register(self, request, **kwargs):
self.method_check(request, allowed=['post'])
self.is_authenticated_apikey_only(request)
self.is_authorized(request)
self.throttle_check(request)
deserialized = self.deserialize(request, request.raw_post_data, format=request.META.get('CONTENT_TYPE', 'application/json'))
deserialized = self.alter_deserialized_detail_data(request, deserialized)
email = deserialized['email'] or ''
password = deserialized['password'] or ''
newsletter = bool(deserialized['newsletter'])
try:
validate_email(email)
except:
raise BadRequest('Please provide a valid email address.')
if password == '':
raise BadRequest('Please provide a password.')
try:
NewsletterBackend().register(request, username=email, email=email, password1=password, newsletter=newsletter)
except IntegrityError:
raise BadRequest('A user with that email address already exists.')
self.log_throttled_access(request)
return http.HttpAccepted()
def obj_delete(self, bundle, **kwargs):
try:
obj = self.obj_get(bundle, **kwargs)
except ObjectDoesNotExist:
raise NotFound("A model instance matching the provided arguments could not be found.")
ScanDaemonRpcInterface().remove_resource(obj.id)
raise ImmediateHttpResponse(http.HttpAccepted())
def post(self, request, pk=None, params=None, **kwargs):
"""
Sets user's roles to given list of ids as ``role_id`` param.
"""
user = get_object_or_404(User, pk=pk)
roles = Role.objects.filter(id__in=params.role_ids)
user.roles.clear()
user.roles.add(*roles)
return http.HttpAccepted()
def obj_create(self, bundle, request, **kwargs):
log.info('Resizing product icon %s @ %s to %s for webpay' %
(bundle.data['ext_url'], bundle.data['ext_size'],
bundle.data['size']))
tasks.fetch_product_icon.delay(bundle.data['ext_url'],
bundle.data['ext_size'],
bundle.data['size'])
# Tell the client that deferred processing will create an object.
raise ImmediateHttpResponse(response=http.HttpAccepted())
def patch_detail(self, request, **kwargs):
"""
Updates a resource in-place.
Calls ``obj_update``.
If the resource is updated, return ``HttpAccepted`` (202 Accepted).
If the resource did not exist, return ``HttpNotFound`` (404 Not Found).
"""
request = convert_post_to_patch(request)
basic_bundle = self.build_bundle(request=request)
# We want to be able to validate the update, but we can't just pass
# the partial data into the validator since all data needs to be
# present. Instead, we basically simulate a PUT by pulling out the
# original data and updating it in-place.
# So first pull out the original object. This is essentially
# ``get_detail``.
try:
obj = self.cached_obj_get(bundle=basic_bundle,
**self.remove_api_resource_names(kwargs))
except ObjectDoesNotExist:
return http.HttpNotFound()
except MultipleObjectsReturned:
return http.HttpMultipleChoices(
"More than one resource is found at this URI.")
self.post_obj_get(obj)
bundle = self.build_bundle(obj=obj, request=request)
bundle = self.full_dehydrate(bundle)
bundle = self.alter_detail_data_to_serialize(request, bundle)
# Now update the bundle in-place.
deserialized = self.deserialize(request,
request.body,
format=request.META.get(
'CONTENT_TYPE',
'application/json'))
self.update_in_place(request, bundle, deserialized)
# TODO: Check if this try/except is neccessary
#try:
# self.update_in_place(request, bundle, deserialized)
#except ObjectDoesNotExist:
# return http.HttpNotFound()
#
if not self._meta.always_return_data:
return http.HttpAccepted()
else:
bundle = self.full_dehydrate(bundle)
bundle = self.alter_detail_data_to_serialize(request, bundle)
return self.create_response(request,
bundle,
response_class=http.HttpAccepted)
def expire_token(self, request, **kwargs):
self.method_check(request, allowed=['post'])
self.is_authenticated(request)
self.is_authorized(request)
self.throttle_check(request)
if hasattr(request, 'token'):
request.token.delete()
self.log_throttled_access(request)
return http.HttpAccepted()
def api_auth(request):
""" authentication gate for the REST clients. Wraps the normal login method
into JSON shell """
if not request.method == "POST":
return http.HttpMethodNotAllowed()
form = AuthenticationForm(data=request.POST)
if form.is_valid():
login(request, form.get_user())
return http.HttpAccepted()
else:
return http.HttpUnauthorized("Invalid credentials")
def patch_detail(self, request, **kwargs):
data = json.loads(request.META.get('data', request.raw_post_data))
action_type = data.pop('action', None)
if action_type: # triggerre by action/function
if action_type == 'change_password':
change_password(request.user, data.get('new_password'))
self.show_keys(request)
elif action_type == 'request_reset_password':
try:
email = data.get('email')
if not email:
raise BadRequest('need email to reset password')
user = User.objects.get(email=email)
user.send_email('reset_password')
except User.DoesNotExist:
raise BadRequest('the email is not registered')
elif action_type == 're_activate':
try:
user = User.objects.get(username=data.get('username'))
if user.is_active:
raise BadRequest('already activated')
else:
user.send_email('re_activate')
except User.DoesNotExist:
raise BadRequest('need username')
elif action_type == 'reset_password':
uid = base36_to_int(data['uid'])
user = User.objects.get(id=uid)
if default_token_generator.check_token(user, data['token']):
change_password(user, data.get('new_password'))
if AUTO_LOGIN_AFTER_RESET_PASSWORD:
user.backend = DEFAULT_USER_BACKEND
auth.login(request, user)
self.show_keys(request)
else:
raise BadRequest('token error can not reset your password')
else:
raise BadRequest('not allowed ')
#at last
raise ImmediateHttpResponse(http.HttpAccepted())
if not action_type and request.user.is_authenticated():
return super(UserResource, self).patch_detail(request, **kwargs)
else:
raise BadRequest('can not modify info of other user')
def patch_detail(self, request, **kwargs):
"""
Updates a resource in-place.
Calls ``obj_update``.
If the resource is updated, return ``HttpAccepted`` (202 Accepted).
If the resource did not exist, return ``HttpNotFound`` (404 Not Found).
"""
# request = self.convert_post_to_patch(request)
basic_bundle = self.build_bundle(request=request)
# We want to be able to validate the update, but we can't just pass
# the partial data into the validator since all data needs to be
# present. Instead, we basically simulate a PUT by pulling out the
# original data and updating it in-place.
# So first pull out the original object. This is essentially
# ``get_detail``.
try:
obj = self._meta.object_class.objects.get(id=kwargs['pk'])
except ObjectDoesNotExist:
return http.HttpNotFound()
except MultipleObjectsReturned:
return http.HttpMultipleChoices(
"More than one resource is found at this URI.")
bundle = self.build_bundle(obj=obj, request=request)
bundle = self.full_dehydrate(bundle)
bundle = self.alter_detail_data_to_serialize(request, bundle)
# Now update the bundle in-place.
deserialized = self.deserialize(request,
request.body,
format=request.META.get(
'CONTENT_TYPE',
'application/json'))
self.update_in_place(request, bundle, deserialized)
if not self._meta.always_return_data:
return http.HttpAccepted()
else:
# Invalidate prefetched_objects_cache for bundled object
# because we might have changed a prefetched field
bundle.obj._prefetched_objects_cache = {}
bundle = self.full_dehydrate(bundle)
bundle = self.alter_detail_data_to_serialize(request, bundle)
return self.create_response(request,
bundle,
response_class=http.HttpAccepted)
def post_detail(self, request, **kwargs):
if 'ssh_key' not in request.FILES:
res = HttpResponse("Please upload an ssh_key file")
res.status_code = 500
return res
basic_bundle = self.build_bundle(request=request)
try:
obj = self.cached_obj_get(bundle=basic_bundle,
**self.remove_api_resource_names(kwargs))
except ObjectDoesNotExist:
return http.HttpNotFound()
except MultipleObjectsReturned:
return http.HttpMultipleChoices(
"More than one resource is found at this URI.")
ssh_key = request.FILES['ssh_key']
got = ssh_key.read()
ssh_key.seek(0)
try:
SSHKey(got, obj.password).key_obj
except paramiko.ssh_exception.SSHException as error:
res = HttpResponse(error)
res.status_code = 500
return res
obj.ssh_key = File(ssh_key)
obj.save()
if not self._meta.always_return_data:
return http.HttpAccepted()
else:
bundle = self.build_bundle(obj=obj, request=request)
bundle = self.full_dehydrate(bundle)
bundle = self.alter_detail_data_to_serialize(request, bundle)
return self.create_response(request,
bundle,
response_class=http.HttpAccepted)
def post_invites(self, request, **kwargs):
### start copied from tasytpie ###
body = request.body
deserialized = self.deserialize(request,
body,
format=request.META.get(
'CONTENT_TYPE',
'application/json'))
deserialized = self.alter_deserialized_detail_data(
request, deserialized)
bundle = self.build_bundle(data=dict_strip_unicode_keys(deserialized),
request=request)
## start custom code ##
try:
event_obj = Event.objects.get(pk=kwargs['pk'])
except ObjectDoesNotExist:
return http.HttpNotFound()
except MultipleObjectsReturned:
return http.HttpMultipleChoices(
"More than one resource is found at this URI.")
else:
event.email_guests.delay(kwargs['pk'], bundle.data['message'])
return http.HttpAccepted()
def post_detail(self, request, **kwargs):
basic_bundle = self.build_bundle(request=request)
try:
obj = self.cached_obj_get(bundle=basic_bundle,
**self.remove_api_resource_names(kwargs))
except ObjectDoesNotExist:
return http.HttpNotFound()
except MultipleObjectsReturned:
return http.HttpMultipleChoices(
"More than one resource is found at this URI.")
obj.save()
if not self._meta.always_return_data:
return http.HttpAccepted()
else:
bundle = self.build_bundle(obj=obj, request=request)
bundle = self.full_dehydrate(bundle)
bundle = self.alter_detail_data_to_serialize(request, bundle)
return self.create_response(request,
bundle,
response_class=http.HttpAccepted)
def patch_passwordreset(self, request, **kwargs):
# Now update the bundle in-place.
deserialized = self.deserialize(request,
request.body,
format=request.META.get(
'CONTENT_TYPE',
'application/json'))
bundle = self.build_bundle(data=dict_strip_unicode_keys(deserialized),
request=request)
if bundle.data['nonce'] is not None and bundle.data[
'password'] is not None:
try:
passnonce = PasswordNonce.objects.get(
is_valid=True, nonce=bundle.data['nonce'])
passnonce.is_valid = False # invalidate the nonce so it can't be used again
passnonce.save()
passnonce.user.set_password(bundle.data['password'])
passnonce.user.save()
except ObjectDoesNotExist:
return http.HttpNotFound()
if not self._meta.always_return_data:
return http.HttpAccepted()
else:
bundle = self.build_get_detail(request, passnonce.user)
return self.create_response(request,
bundle,
response_class=http.HttpAccepted)
else:
return self.create_response(request,
bundle,
response_class=http.HttpBadRequest)
def patch_list(self, request, **kwargs):
"""
Since there is no RESTful way to do what we want to do, and since
``PATCH`` is poorly defined with regards to RESTfulness, we are
overloading ``PATCH`` to take a single request that performs
combinatorics and creates multiple objects.
"""
import itertools
from django.db import transaction
from tastypie.utils import dict_strip_unicode_keys
deserialized = self.deserialize(request,
request.body,
format=request.META.get(
'CONTENT_TYPE',
'application/json'))
# verify input
categories = deserialized.pop('categories', [])
if not categories or not isinstance(categories, list):
error_msg = "PATCH request must contain categories list."
logger.error(error_msg)
raise ImmediateHttpResponse(
response=http.HttpBadRequest(error_msg))
# do the combinatorics
elem_lists = []
for cat in categories:
# do some type validation / variation
if isinstance(cat, basestring):
# simple case of create all the combinations
cat = Category.objects.filter(id=self._id_from_uri(cat))
elem_list = Element.objects.filter(category=cat)
elif isinstance(cat, dict):
# we must be working with at least one partial category
category = Category.objects.filter(
id=self._id_from_uri(cat['category']))
elem_list = Element.objects.filter(category=category)
if 'exclude' in cat:
# exclude some element(s) from the combinations
exclude_uris = cat['exclude']
exclude_ids = [
int(self._id_from_uri(x)) for x in exclude_uris
]
elem_list = [
elem for elem in elem_list
if elem.id not in exclude_ids
]
elif 'include' in cat:
# include only a few elements in the combinations
include_uris = cat['include']
include_ids = [
int(self._id_from_uri(x)) for x in include_uris
]
elem_list = [
elem for elem in elem_list if elem.id in include_ids
]
else:
# don't worry about this,
# it'll act like a list of categories
pass # pragma: no cover
else:
error_msg = "categories list must contain resource uris or hashes."
logger.error(error_msg)
raise ImmediateHttpResponse(
response=http.HttpBadRequest(error_msg))
# save off the elements from this category that will be used
elem_lists.append(elem_list)
# create all the combinations of elements from categories
combinatorics = itertools.product(*elem_lists)
# do the creation
with transaction.commit_on_success():
for combo in combinatorics:
deserialized['elements'] = combo
bundle = self.build_bundle(
data=dict_strip_unicode_keys(deserialized))
bundle.request.META['REQUEST_METHOD'] = 'PATCH'
if getattr(request, 'user', None):
bundle.request.user = request.user
self.is_valid(bundle)
self.obj_create(bundle, request=request)
# don't try to reply with data, the request doesn't
# really match the results.
return http.HttpAccepted()
def process_file(self, request, **kwargs):
"""
:param request: incoming http request
:param pk: ID of the object that has file fields
:param attr_name: name of the attribute where the file is stored
:return: Http Response
"""
attr_name = kwargs.pop('attr_name')
if not request.method in ['GET', 'POST']:
return http.HttpMethodNotAllowed("Use GET or POST to manage files")
try:
bundle = self.build_bundle(data={'pk': kwargs['pk']},
request=request)
obj = self.cached_obj_get(bundle=bundle,
**self.remove_api_resource_names(kwargs))
except ObjectDoesNotExist:
return http.HttpGone()
except MultipleObjectsReturned:
return http.HttpMultipleChoices("More than one object found "
"at this URL.")
try:
field = self._meta.object_class._meta.get_field_by_name(
attr_name)[0]
except FieldDoesNotExist:
return http.HttpBadRequest("Attribute %s does not exist" %
attr_name)
if not isinstance(field, models.FileField):
return http.HttpBadRequest("Attribute %s is not a data-field" %
attr_name)
if request.method == 'GET':
ffile = getattr(obj, attr_name)
try:
filepath = ffile.path
except ValueError: # file is not set, empty
return http.HttpNoContent()
with open(filepath, 'r') as f:
response = HttpResponse(f.read(),
content_type='application/x-hdf')
response['Content-Disposition'] = "attachment; filename=%s" % \
os.path.basename(filepath)
response['Content-Length'] = os.path.getsize(f.name)
return response
if not obj.is_editable(request.user):
return http.HttpUnauthorized("No access to the update this object")
if not len(request.FILES) > 0:
return http.HttpNoContent()
# take first file in the multipart/form request
setattr(obj, attr_name, request.FILES.values()[0])
obj.save()
return http.HttpAccepted("File content updated successfully")
def create_patch_response(self, request, original_bundle, new_data):
self.update_in_place(request, original_bundle, new_data)
return http.HttpAccepted()
def obj_delete(self, bundle, **kwargs):
user = CommCareUser.get(kwargs['pk'])
if user:
user.retire()
return ImmediateHttpResponse(response=http.HttpAccepted())
def obj_create(self, bundle, **kwargs):
request = bundle.request
create_type = bundle.data.pop('type')
print("f**k")
try:
key = request.GET.get('oauth_consumer_key')
my_user = User.objects.get(
username=verify_access_token(key).user.username)
except OAuthError:
my_user = None
if create_type == 'register':
username = bundle.data.pop('username')
password1 = bundle.data.pop('password1')
password2 = bundle.data.pop('password2')
email = bundle.data.pop('email')
if (password1 == password2):
new_user = User.objects.create_user(username, email, password1)
new_user.save()
bundle.obj = new_user
raise ImmediateHttpResponse(http.HttpAccepted())
else:
raise BadRequest('signup error: password did not match')
# form = USER_CREATION_FORM(bundle.data)
# if form.is_valid():
# new_user = form.save()
# new_user.send_email('activate')
# bundle.obj = new_user
# raise ImmediateHttpResponse(http.HttpAccepted())
# #auto login, means request twice, first register, then login!
# else:
# #output the errors for tatstypie
# bundle.errors[self._meta.resource_name] = form.errors
# raise ImmediateHttpResponse(self.error_response(request, bundle.errors))
elif create_type == 'login':
expiry_seconds = bundle.data.pop('expiry_seconds', None)
user = auth.authenticate(**bundle.data)
if user is not None and user.is_active:
auth.login(request, user)
if expiry_seconds:
request.session.set_expiry(int(expiry_seconds))
self.show_keys(request)
elif user is not None and not user.is_active:
raise BadRequest('not active')
else:
raise BadRequest('login error')
elif create_type == 'set_gis':
if my_user:
my_user.longitude = bundle.data.pop('longitude')
my_user.latitude = bundle.data.pop('latitude')
my_user.save()
raise ImmediateHttpResponse(
http.HttpAccepted(my_user.longitude))
else:
BadRequest('set user gis info error')
elif create_type == 'notify':
if (my_user):
recipient = MyUser.objects.get(bundle.data.pop("recipient"))
verb = bundle.data.pop("verb")
notify.send(my_user, recipient=recipient, verb=verb)
elif create_type == 'get_groups':
if (user != None):
all_groups = set()
for m in Membership.objects.filter(person=user):
all_groups.add(m.group)
raise ImmediateHttpResponse(
http.HttpAccepted(str(list(all_groups))))
else:
raise BadRequest('get user group error')
else:
raise BadRequest('create user resource error')
