def get_user(request, required=False, joinedload=None):
"""
Get the current logged in User object, else None.
Overrides request.features from loaded user.
"""
user_id = get_user_id(request, required=required)
if not user_id:
return
q = Session.query(model.User)
for p in iterate(joinedload or []):
q = q.options(orm.joinedload(p))
u = q.get(user_id)
if not u:
request.session.pop('user_id', None)
request.session.save()
return get_user(request, required=required) # Try again.
if u:
# Override features
request.features.update(u.config or {})
return u
def __init__(self, value_map, strict=True, *args, **kw):
"""Emulate Enum type with integer-based indexing.
value_map:
An integer_id:name dictionary of possible values, or a list of value
names (which gets converted to corresponding index numbers starting from 1).
strict:
Assert that data read from the database matches with the expected
valid value definitions.
"""
self.strict = strict
self.id_names = {}
self.name_labels = {}
self.name_ids = {}
for id, v in iterate_index(value_map):
v = iterate(v)
name, label = v[0], v[-1]
self.id_names[id] = name
self.name_labels[name] = label
self.name_ids[name] = id
super(Enum, self).__init__()
def __init__(self, value_map, strict=True, *args, **kw):
"""Emulate Enum type with integer-based indexing.
value_map:
An integer_id:name dictionary of possible values, or a list of value
names (which gets converted to corresponding index numbers starting from 1).
strict:
Assert that data read from the database matches with the expected
valid value definitions.
"""
self.strict = strict
self.id_names = {}
self.name_labels = {}
self.name_ids = {}
for id, v in iterate_index(value_map):
v = iterate(v)
name, label = v[0], v[-1]
self.id_names[id] = name
self.name_labels[name] = label
self.name_ids[name] = id
super(Enum, self).__init__()
def api_controller(request, method_whitelist=None):
""" Performs the internal exposed API routing and error handling.
:param request:
Request object.
:param method_whitelist:
If provided, limits the methods which we're allowed to process in this
call. Can be a single method name string, or a list of them.
"""
try:
method = request.params['method']
except KeyError as e:
raise APIControllerError("Missing required parameter: %s" % e.args[0])
if method_whitelist and method not in iterate(method_whitelist):
raise APIControllerError("Method not permitted: %s" % method)
fn = API_METHOD_MAP.get(method)
if not fn:
raise APIControllerError("Method does not exist: %s" % method)
if fn.check_referer and request.referer:
expected_referer = request.application_url.split('://', 1)[1]
request_referer = request.referer.split('://', 1)[1]
if not request_referer.startswith(expected_referer):
raise APIControllerError("Bad referer: %s" % request.referer)
if fn.check_csrf and request.params.get(
'csrf_token') != request.session.get_csrf_token():
raise APIControllerError("Invalid csrf_token value: %s" %
request.params.get('csrf_token'))
try:
return fn(request)
except KeyError as e:
raise APIControllerError("Missing required parameter: %s" % e.args[0])
def api_controller(request, method_whitelist=None):
""" Performs the internal exposed API routing and error handling.
:param request:
Request object.
:param method_whitelist:
If provided, limits the methods which we're allowed to process in this
call. Can be a single method name string, or a list of them.
"""
try:
method = request.params['method']
except KeyError, e:
raise APIControllerError("Missing required parameter: %s" % e.args[0])
if method_whitelist and method not in iterate(method_whitelist):
raise APIControllerError("Method not permitted: %s" % method)
fn = API_METHOD_MAP.get(method)
if not fn:
raise APIControllerError("Method does not exist: %s" % method)
if fn.check_referer and request.referer:
expected_referer = request.application_url.split('://', 1)[1]
request_referer = request.referer.split('://', 1)[1]
if not request_referer.startswith(expected_referer):
raise APIControllerError("Bad referer: %s" % request.referer)
if fn.check_csrf and request.params.get('csrf_token') != request.session.get_csrf_token():
raise APIControllerError("Invalid csrf_token value: %s" % request.params.get('csrf_token'))
