def set_permissions(user_id, service_id):
# TODO fix security hole, how do we verify that the user
# who is making this request has permission to make the request.
service_user = dao_get_service_user(user_id, service_id)
user = service_user.user
service = dao_fetch_service_by_id(service_id=service_id)
data = request.get_json()
validate(data, post_set_permissions_schema)
permission_list = [
Permission(service_id=service_id, user_id=user_id, permission=p['permission'])
for p in data['permissions']
]
service_key = "service_id_{}".format(service_id)
change_dict = {service_key: service_id, "permissions": permission_list}
try:
_update_alert(user, change_dict)
except Exception as e:
current_app.logger.error(e)
permission_dao.set_user_service_permission(user, service, permission_list, _commit=True, replace=True)
if 'folder_permissions' in data:
folders = [
dao_get_template_folder_by_id_and_service_id(folder_id, service_id)
for folder_id in data['folder_permissions']
]
service_user.folders = folders
dao_update_service_user(service_user)
return jsonify({}), 204
def set_permissions(user_id, service_id):
# TODO fix security hole, how do we verify that the user
# who is making this request has permission to make the request.
service_user = dao_get_service_user(user_id, service_id)
user = service_user.user
service = dao_fetch_service_by_id(service_id=service_id)
data = request.get_json()
validate(data, post_set_permissions_schema)
permission_list = [
Permission(service_id=service_id,
user_id=user_id,
permission=p['permission']) for p in data['permissions']
]
permission_dao.set_user_service_permission(user,
service,
permission_list,
_commit=True,
replace=True)
if 'folder_permissions' in data:
folders = [
dao_get_template_folder_by_id_and_service_id(
folder_id, service_id)
for folder_id in data['folder_permissions']
]
service_user.folders = folders
dao_update_service_user(service_user)
return jsonify({}), 204
def move_to_template_folder(service_id, target_template_folder_id=None):
data = request.get_json()
validate(data, post_move_template_folder_schema)
if target_template_folder_id:
target_template_folder = dao_get_template_folder_by_id_and_service_id(
target_template_folder_id, service_id)
else:
target_template_folder = None
for template_folder_id in data["folders"]:
try:
template_folder = dao_get_template_folder_by_id_and_service_id(
template_folder_id, service_id)
except NoResultFound:
msg = "No folder found with id {} for service {}".format(
template_folder_id, service_id)
raise InvalidRequest(msg, status_code=400)
_validate_folder_move(
target_template_folder,
target_template_folder_id,
template_folder,
template_folder_id,
)
template_folder.parent = target_template_folder
for template_id in data["templates"]:
try:
template = dao_get_template_by_id_and_service_id(
template_id, service_id)
except NoResultFound:
msg = "Could not move to folder: No template found with id {} for service {}".format(
template_id, service_id)
raise InvalidRequest(msg, status_code=400)
if template.archived:
current_app.logger.info(
"Could not move to folder: Template {} is archived. (Skipping)"
.format(template_id))
else:
template.folder = target_template_folder
return "", 204
def validate_parent_folder(template_json):
if template_json.get("parent_folder_id"):
try:
return dao_get_template_folder_by_id_and_service_id(
template_folder_id=template_json.pop("parent_folder_id"),
service_id=template_json['service'])
except NoResultFound:
raise InvalidRequest("parent_folder_id not found", status_code=400)
else:
return None
def delete_template_folder(service_id, template_folder_id):
template_folder = dao_get_template_folder_by_id_and_service_id(
template_folder_id, service_id)
# don't allow deleting if there's anything in the folder (even if it's just more empty subfolders)
if template_folder.subfolders or template_folder.templates:
return jsonify(result='error', message='Folder is not empty'), 400
dao_delete_template_folder(template_folder)
return '', 204
def update_template_folder(service_id, template_folder_id):
data = request.get_json()
validate(data, post_update_template_folder_schema)
template_folder = dao_get_template_folder_by_id_and_service_id(
template_folder_id, service_id)
template_folder.name = data['name']
if 'users_with_permission' in data:
template_folder.users = [
dao_get_service_user(user_id, service_id)
for user_id in data['users_with_permission']
]
dao_update_template_folder(template_folder)
return jsonify(data=template_folder.serialize()), 200
def create_template_folder(service_id):
data = request.get_json()
validate(data, post_create_template_folder_schema)
if data.get('parent_id') is not None:
try:
parent_folder = dao_get_template_folder_by_id_and_service_id(
data['parent_id'], service_id)
users_with_permission = parent_folder.users
except NoResultFound:
raise InvalidRequest("parent_id not found", status_code=400)
else:
users_with_permission = dao_get_active_service_users(service_id)
template_folder = TemplateFolder(
service_id=service_id,
name=data['name'].strip(),
parent_id=data['parent_id'],
users=users_with_permission,
)
dao_create_template_folder(template_folder)
return jsonify(data=template_folder.serialize()), 201
