def _delete(self, release, changed_by, transaction): releases = dbo.releases.getReleases(name=release) if not releases: return Response(status=404, response='bad release') release = releases[0] # Bodies are ignored for DELETE requests, so we need to force WTForms # to look at the arguments instead. # We only need the release name (which comes through the URL) and the # data version to process this request. Because of that, we can just # use this form to validate, because we're only validating CSRF # and data version. form = DbEditableForm(request.args) if not form.validate(): self.log.warning("Bad input: %s", form.errors) return Response(status=400, response=json.dumps(form.errors)) try: dbo.releases.delete(where={"name": release["name"]}, changed_by=changed_by, old_data_version=form.data_version.data, transaction=transaction) except ReadOnlyError as e: msg = "Couldn't delete release: %s" % e self.log.warning("Bad input: %s", msg) return Response(status=403, response=json.dumps({"data": e.args})) return Response(status=200)
def _delete(self, release, changed_by, transaction): releases = dbo.releases.getReleases(name=release) if not releases: return Response(status=404, response='bad release') release = releases[0] if not dbo.permissions.hasUrlPermission(changed_by, '/releases/:name', 'DELETE', urlOptions={'product': release['product']}): msg = "%s is not allowed to delete %s releases" % (changed_by, release['product']) self.log.warning("Unauthorized access attempt: %s", msg) return Response(status=401, response=msg) # Bodies are ignored for DELETE requests, so we need to force WTForms # to look at the arguments instead. # We only need the release name (which comes through the URL) and the # data version to process this request. Because of that, we can just # use this form to validate, because we're only validating CSRF # and data version. form = DbEditableForm(request.args) if not form.validate(): self.log.warning("Bad input: %s", form.errors) return Response(status=400, response=json.dumps(form.errors)) try: dbo.releases.deleteRelease(changed_by=changed_by, name=release['name'], old_data_version=form.data_version.data, transaction=transaction) except ReadOnlyError as e: msg = "Couldn't delete release: %s" % e self.log.warning("Bad input: %s", msg) return Response(status=403, response=json.dumps({"data": e.args})) return Response(status=200)
def _delete(self, release, changed_by, transaction): releases = dbo.releases.getReleases(name=release) if not releases: return Response(status=404, response='bad release') release = releases[0] # Bodies are ignored for DELETE requests, so we need to force WTForms # to look at the arguments instead. # We only need the release name (which comes through the URL) and the # data version to process this request. Because of that, we can just # use this form to validate, because we're only validating CSRF # and data version. form = DbEditableForm(request.args) if not form.validate(): self.log.warning("Bad input: %s", form.errors) return Response(status=400, response=json.dumps(form.errors)) try: dbo.releases.delete(where={"name": release["name"]}, changed_by=changed_by, old_data_version=form.data_version.data, transaction=transaction) except ReadOnlyError as e: msg = "Couldn't delete release: %s" % e self.log.warning("Bad input: %s", msg) return Response(status=403, response=json.dumps({"data": e.args})) return Response(status=200)
def _delete(self, release, changed_by, transaction): releases = dbo.releases.getReleases(name=release) if not releases: return Response(status=404, response='bad release') release = releases[0] if not dbo.permissions.hasUrlPermission(changed_by, '/releases/:name', 'DELETE', urlOptions={'product': release['product']}): msg = "%s is not allowed to delete %s releases" % (changed_by, release['product']) cef_event('Unauthorized access attempt', CEF_ALERT, msg=msg) return Response(status=401, response=msg) # Bodies are ignored for DELETE requests, so we need to force WTForms # to look at the arguments instead. # We only need the release name (which comes through the URL) and the # data version to process this request. Because of that, we can just # use this form to validate, because we're only validating CSRF # and data version. form = DbEditableForm(request.args) if not form.validate(): cef_event("Bad input", CEF_WARN, errors=form.errors) return Response(status=400, response=form.errors) dbo.releases.deleteRelease(changed_by=changed_by, name=release['name'], old_data_version=form.data_version.data, transaction=transaction) return Response(status=200)
def _delete(self, release, changed_by, transaction): releases = dbo.releases.getReleases(name=release) if not releases: return Response(status=404, response='bad release') release = releases[0] if not dbo.permissions.hasUrlPermission( changed_by, '/releases/:name', 'DELETE', urlOptions={'product': release['product']}): msg = "%s is not allowed to delete %s releases" % ( changed_by, release['product']) cef_event('Unauthorized access attempt', CEF_ALERT, msg=msg) return Response(status=401, response=msg) # Bodies are ignored for DELETE requests, so we need to force WTForms # to look at the arguments instead. # We only need the release name (which comes through the URL) and the # data version to process this request. Because of that, we can just # use this form to validate, because we're only validating CSRF # and data version. form = DbEditableForm(request.args) if not form.validate(): cef_event("Bad input", CEF_WARN, errors=form.errors) return Response(status=400, response=form.errors) dbo.releases.deleteRelease(changed_by=changed_by, name=release['name'], old_data_version=form.data_version.data, transaction=transaction) return Response(status=200)
def _delete(self, username, role, changed_by, transaction): if role not in dbo.permissions.getUserRoles(username): return Response(status=404) form = DbEditableForm(request.args) if not form.validate(): self.log.warning("Bad input: %s", form.errors) return Response(status=400, response=json.dumps(form.errors)) dbo.permissions.revokeRole(username, role, changed_by=changed_by, old_data_version=form.data_version.data, transaction=transaction) return Response(status=200)
def _delete(self, username, role, changed_by, transaction): if role not in dbo.permissions.getUserRoles(username): return Response(status=404) form = DbEditableForm(request.args) if not form.validate(): self.log.warning("Bad input: %s", form.errors) return Response(status=400, response=json.dumps(form.errors)) dbo.permissions.revokeRole(username, role, changed_by=changed_by, old_data_version=form.data_version.data, transaction=transaction) return Response(status=200)
def _delete(self, release, changed_by, transaction): releases = dbo.releases.getReleases(name=release) if not releases: return Response(status=404, response='bad release') release = releases[0] if not dbo.permissions.hasUrlPermission( changed_by, '/releases/:name', 'DELETE', urlOptions={'product': release['product']}): msg = "%s is not allowed to delete %s releases" % ( changed_by, release['product']) self.log.warning("Unauthorized access attempt: %s", msg) return Response(status=401, response=msg) # Bodies are ignored for DELETE requests, so we need to force WTForms # to look at the arguments instead. # We only need the release name (which comes through the URL) and the # data version to process this request. Because of that, we can just # use this form to validate, because we're only validating CSRF # and data version. form = DbEditableForm(request.args) if not form.validate(): self.log.warning("Bad input: %s", form.errors) return Response(status=400, response=json.dumps(form.errors)) try: dbo.releases.deleteRelease(changed_by=changed_by, name=release['name'], old_data_version=form.data_version.data, transaction=transaction) except ReadOnlyError as e: msg = "Couldn't delete release: %s" % e self.log.warning("Bad input: %s", msg) return Response(status=403, response=json.dumps({"data": e.args})) return Response(status=200)