def serve(iuid):
"""Return dataset's information (metadata), update it, or delete it.
The content of the dataset cannot be updated via this resource.
"""
try:
dataset = get_dataset(iuid)
except ValueError as error:
flask.abort(http.client.NOT_FOUND)
if utils.http_GET():
if not allow_view(dataset):
flask.abort(http.client.FORBIDDEN)
set_links(dataset)
return utils.jsonify(dataset,
schema=flask.url_for("api_schema.dataset",
_external=True))
elif utils.http_POST(csrf=False):
if not allow_edit(dataset):
flask.abort(http.client.FORBIDDEN)
try:
data = flask.request.get_json()
with DatasetSaver(dataset) as saver:
try:
saver.set_title(data["title"])
except KeyError:
pass
try:
saver.set_description(data["description"])
except KeyError:
pass
try:
saver.set_public(data["public"])
except KeyError:
pass
try:
saver.set_vega_lite_types(data["meta"])
except KeyError:
pass
except ValueError as error:
return str(error), http.client.BAD_REQUEST
dataset = saver.doc
set_links(dataset)
return utils.jsonify(dataset,
schema=flask.url_for("api_schema.dataset",
_external=True))
elif utils.http_DELETE():
if not possible_delete(dataset):
flask.abort(http.client.FORBIDDEN)
if not allow_delete(dataset):
flask.abort(http.client.FORBIDDEN)
flask.g.db.delete(dataset)
for log in utils.get_logs(dataset["_id"], cleanup=False):
flask.g.db.delete(log)
return "", http.client.NO_CONTENT
def serve(iuid):
"Return graphic information, update it, or delete it."
try:
graphic = get_graphic(iuid)
except ValueError as error:
flask.abort(http.client.NOT_FOUND)
if utils.http_GET():
if not allow_view(graphic):
flask.abort(http.client.FORBIDDEN)
set_links(graphic)
return utils.jsonify(graphic,
schema=flask.url_for("api_schema.graphic",
_external=True))
elif utils.http_POST(csrf=False):
if not allow_edit(graphic):
flask.abort(http.client.FORBIDDEN)
try:
data = flask.request.get_json()
with GraphicSaver(graphic) as saver:
try:
saver.set_title(data["title"])
except KeyError:
pass
try:
saver.set_description(data["description"])
except KeyError:
pass
try:
saver.set_public(data["public"])
except KeyError:
pass
try:
saver.set_specification(data["specification"])
except KeyError:
pass
except ValueError as error:
return str(error), http.client.BAD_REQUEST
graphic = saver.doc
set_links(graphic)
return utils.jsonify(graphic,
schema=flask.url_for("api_schema.graphic",
_external=True))
elif utils.http_DELETE():
if not allow_delete(graphic):
flask.abort(http.client.FORBIDDEN)
flask.g.db.delete(graphic)
for log in utils.get_logs(graphic["_id"], cleanup=False):
flask.g.db.delete(log)
return "", http.client.NO_CONTENT
def logs(iuid):
"Display the log records of the given graphic."
try:
graphic = get_graphic(iuid)
except ValueError as error:
utils.flash_error(str(error))
return flask.redirect(utils.url_referrer())
if not allow_view(graphic):
utils.flash_error("View access to graphic not allowed.")
return flask.redirect(utils.url_referrer())
return flask.render_template(
"logs.html",
title=f"Graphic {graphic['title']}",
back_url=flask.url_for(".display", iuid=iuid),
logs=utils.get_logs(iuid))
def logs(iuid):
"Display the log records of the given dataset."
try:
dataset = get_dataset(iuid)
except ValueError as error:
utils.flash_error(str(error))
return flask.redirect(utils.url_referrer())
if not allow_view(dataset):
utils.flash_error("View access to dataset not allowed.")
return flask.redirect(utils.url_referrer())
return flask.render_template(
"logs.html",
title=f"Dataset {dataset['title'] or 'No title'}",
cancel_url=flask.url_for(".display", iuid=iuid),
logs=utils.get_logs(iuid))
def logs(username):
"Display the log records of the given user."
user = get_user(username=username)
if user is None:
utils.flash_error("No such user.")
return flask.redirect(flask.url_for("home"))
if not am_admin_or_self(user):
utils.flash_error("Access not allowed.")
return flask.redirect(flask.url_for("home"))
return flask.render_template(
"logs.html",
title=f"User {user['username']}",
back_url=flask.url_for(".display", username=user["username"]),
api_logs_url=flask.url_for("api_user.logs", username=user["username"]),
logs=utils.get_logs(user["_id"]))
def logs(username):
"Return all log entries for the given user."
user = datagraphics.user.get_user(username=username)
if not user:
flask.abort(http.client.NOT_FOUND)
# XXX Use 'allow' function
if not datagraphics.user.am_admin_or_self(user):
flask.abort(http.client.FORBIDDEN)
entity = {"type": "user",
"username": user["username"],
"href": flask.url_for(".serve",
username=user["username"],
_external=True)}
return utils.jsonify({"entity": entity,
"logs": utils.get_logs(user["_id"])},
schema=flask.url_for("api_schema.logs",_external=True))
def edit(iuid):
"Edit the dataset, or delete it."
try:
dataset = get_dataset(iuid)
except ValueError as error:
utils.flash_error(str(error))
return flask.redirect(utils.url_referrer())
if utils.http_GET():
if not allow_edit(dataset):
utils.flash_error("Edit access to dataset not allowed.")
return flask.redirect(flask.url_for(".display", iuid=iuid))
return flask.render_template("dataset/edit.html",
am_owner=am_owner(dataset),
dataset=dataset)
elif utils.http_POST():
if not allow_edit(dataset):
utils.flash_error("Edit access to dataset not allowed.")
return flask.redirect(flask.url_for(".display", iuid=iuid))
try:
with DatasetSaver(dataset) as saver:
saver.set_title()
if flask.g.am_admin:
saver.change_owner()
if am_owner(dataset):
saver.set_editors()
saver.set_description()
saver.upload_file()
saver.set_vega_lite_types()
except ValueError as error:
utils.flash_error(str(error))
return flask.redirect(flask.url_for(".display", iuid=iuid))
elif utils.http_DELETE():
if not possible_delete(dataset):
utils.flash_error("Dataset cannot be deleted; use by graphics.")
return flask.redirect(flask.url_for(".display", iuid=iuid))
if not allow_delete(dataset):
utils.flash_error("Delete access to dataset not allowed.")
return flask.redirect(flask.url_for(".display", iuid=iuid))
flask.g.db.delete(dataset)
for log in utils.get_logs(dataset["_id"], cleanup=False):
flask.g.db.delete(log)
utils.flash_message("The dataset was deleted.")
return flask.redirect(flask.url_for("datasets.display"))
def edit(iuid):
"Edit the graphic, or delete it."
try:
graphic = get_graphic(iuid)
except ValueError as error:
utils.flash_error(str(error))
return flask.redirect(utils.url_referrer())
if utils.http_GET():
if not allow_edit(graphic):
utils.flash_error("Edit access to graphic not allowed.")
return flask.redirect(flask.url_for(".display", iuid=iuid))
return flask.render_template("graphic/edit.html",
am_owner=am_owner(graphic),
graphic=graphic)
elif utils.http_POST():
if not allow_edit(graphic):
utils.flash_error("Edit access to graphic not allowed.")
return flask.redirect(flask.url_for(".display", iuid=iuid))
try:
with GraphicSaver(graphic) as saver:
saver.set_title()
if flask.g.am_admin:
saver.change_owner()
if am_owner(graphic):
saver.set_editors()
saver.set_description()
saver.set_specification()
except ValueError as error:
utils.flash_error(str(error))
return flask.redirect(utils.url_referrer())
return flask.redirect(flask.url_for(".display", iuid=saver.doc["_id"]))
elif utils.http_DELETE():
if not allow_delete(graphic):
utils.flash_error("Delete access to graphic not allowed.")
return flask.redirect(flask.url_for(".display", iuid=iuid))
flask.g.db.delete(graphic)
for log in utils.get_logs(graphic["_id"], cleanup=False):
flask.g.db.delete(log)
utils.flash_message("The graphic was deleted.")
return flask.redirect(
flask.url_for("dataset.display", iuid=graphic["dataset"]))
def logs(iuid):
"Return all log entries for the given dataset."
try:
dataset = get_dataset(iuid)
except ValueError as error:
flask.abort(http.client.NOT_FOUND)
if not allow_view(dataset):
flask.abort(http.client.FORBIDDEN)
entity = {
"type": "dataset",
"iuid": iuid,
"href": flask.url_for("api_dataset.serve", iuid=iuid, _external=True)
}
return utils.jsonify(
{
"entity": entity,
"logs": utils.get_logs(dataset["_id"])
},
schema=flask.url_for("api_schema.logs", _external=True))
def edit(username):
"Edit the user display. Or delete the user."
user = get_user(username=username)
if user is None:
utils.flash_error("No such user.")
return flask.redirect(flask.url_for("home"))
if not am_admin_or_self(user):
utils.flash_error("Access not allowed.")
return flask.redirect(flask.url_for("home"))
if utils.http_GET():
return flask.render_template("user/edit.html",
user=user,
deletable=is_empty(user))
elif utils.http_POST():
with UserSaver(user) as saver:
if flask.g.am_admin:
email = flask.request.form.get("email")
if email != user["email"]:
saver.set_email(email)
if am_admin_and_not_self(user):
saver.set_role(flask.request.form.get("role"))
if flask.request.form.get("apikey"):
saver.set_apikey()
return flask.redirect(
flask.url_for(".display", username=user["username"]))
elif utils.http_DELETE():
if not is_empty(user):
utils.flash_error("Cannot delete non-empty user account.")
return flask.redirect(flask.url_for(".display", username=username))
for log in utils.get_logs(user["_id"], cleanup=False):
flask.g.db.delete(log)
flask.g.db.delete(user)
utils.flash_message(f"Deleted user {username}.")
utils.get_logger().info(f"deleted user {username}")
if flask.g.am_admin:
return flask.redirect(flask.url_for(".all"))
else:
return flask.redirect(flask.url_for("home"))
