def _ajax_upload(self, request, *args, **kwargs):
if request.method == "POST":
upload = request.FILES.get('qqfile', None)
if not upload:
return HttpResponseBadRequest("AJAX request not valid")
filename = upload.name
backend = self.get_backend()
# custom filename handler
filename = (backend.update_filename(request, filename, *args, **kwargs)
or filename)
# save the file
backend.setup(request, filename, *args, **kwargs)
success = backend.upload(upload, filename, False, *args, **kwargs)
# callback
extra_context = backend.upload_complete(request, filename, uuid=request.POST['qquuid'], *args, **kwargs)
if success is True:
file_uploaded.send(sender=self.__class__, backend=backend, request=request, extra_context=extra_context)
# let Ajax Upload know whether we saved it or not
ret_json = {'success': success, 'filename': filename}
if extra_context is not None:
ret_json.update(extra_context)
# although "application/json" is the correct content type, IE throws a fit
return HttpResponse(json.dumps(ret_json, cls=DjangoJSONEncoder), content_type='text/html; charset=utf-8')
else:
response = HttpResponseNotAllowed(['POST'])
response.write("ERROR: Only POST allowed")
return response
def json_method_not_allowed(methods):
# type: (List[Text]) -> Text
resp = HttpResponseNotAllowed(methods)
resp.content = force_bytes(ujson.dumps({"result": "error",
"msg": "Method Not Allowed",
"allowed_methods": methods}))
return resp
def _ajax_upload(self, request, *args, **kwargs):
if request.method == "POST":
if request.is_ajax():
# the file is stored raw in the request
upload = request
is_raw = True
# AJAX Upload will pass the filename in the querystring if it
# is the "advanced" ajax upload
try:
if 'qqfile' in request.GET:
filename = request.GET['qqfile']
elif 'qqfilename' in request.GET:
filename = request.GET['qqfilename']
else:
filename = request.POST['qqfilename']
except KeyError:
return HttpResponseBadRequest("AJAX request not valid")
# not an ajax upload, so it was the "basic" iframe version with
# submission via form
else:
is_raw = False
if len(request.FILES) == 1:
# FILES is a dictionary in Django but Ajax Upload gives
# the uploaded file an ID based on a random number, so it
# cannot be guessed here in the code. Rather than editing
# Ajax Upload to pass the ID in the querystring, observe
# that each upload is a separate request, so FILES should
# only have one entry. Thus, we can just grab the first
# (and only) value in the dict.
upload = request.FILES.values()[0]
else:
raise Http404("Bad Upload")
filename = upload.name
backend = self.get_backend()
# custom filename handler
filename = (backend.update_filename(request, filename, *args, **kwargs)
or filename)
# save the file
backend.setup(filename, *args, **kwargs)
success = backend.upload(upload, filename, is_raw, *args, **kwargs)
if success:
file_uploaded.send(sender=self.__class__, backend=backend, request=request)
# callback
extra_context = backend.upload_complete(request, filename, *args, **kwargs)
# let Ajax Upload know whether we saved it or not
ret_json = {'success': success, 'filename': filename}
if extra_context is not None:
ret_json.update(extra_context)
# although "application/json" is the correct content type, IE throws a fit
return HttpResponse(json.dumps(ret_json, cls=DjangoJSONEncoder), content_type='text/html; charset=utf-8')
else:
response = HttpResponseNotAllowed(['POST'])
response.write("ERROR: Only POST allowed")
return response
def __call__(self, request, *args, **kwargs):
try:
return self.dispatch(request, self, *args, **kwargs)
except HttpMethodNotAllowed:
response = HttpResponseNotAllowed(self.permitted_methods)
response.mimetype = self.mimetype
return response
def json_method_not_allowed(methods):
# type: (List[text_type]) -> text_type
resp = HttpResponseNotAllowed(methods)
resp.content = ujson.dumps({"result": "error",
"msg": "Method Not Allowed",
"allowed_methods": methods})
return resp
def __call__(self, request, *args, **kwargs):
try:
return self.dispatch(request, self, *args, **kwargs)
except HttpMethodNotAllowed:
response = HttpResponseNotAllowed(self.permitted_methods)
response.mimetype = self.mimetype
return response
except:
exc_info = sys.exc_info()
msg_array = traceback.format_exception(exc_info[0], exc_info[1], exc_info[2])
msg = ""
for line in msg_array:
msg += line
msg = "[" + unicode(exc_info[0]) + "] " + unicode(exc_info[1])
return HttpResponseServerError(json_encode(get_error_object(msg)), mimetype='application/json; charset=UTF-8')
def _ajax_upload(self, request, *args, **kwargs):
if request.method == "POST":
upload = request.FILES.get('qqfile', None)
if not upload:
return HttpResponseBadRequest("AJAX request not valid")
# get chunks
chunk_index = int(request.POST.get('qqpartindex'))
total_chunks = int(request.POST.get('qqtotalparts'))
filename = upload.name
file_id = request.POST['qquuid']
backend = self.get_backend()
# custom filename handler
filename = (backend.update_filename(request, filename, *args, **kwargs)
or filename)
backend.setup(filename, *args, **kwargs)
success = backend.upload_chunk(upload, *args, **kwargs)
# callback - edited
extra_context = None
if total_chunks == chunk_index +1:
extra_context = backend.upload_complete(request, filename, file_id, *args, **kwargs)
# file_uploaded.send(sender=self.__class__, backend=backend, request=request)
# let Ajax Upload know whether we saved it or not
if settings.DEBUG:
ret_json = {'success': success, 'filename': filename}
else:
ret_json = {'success': success}
if extra_context is not None:
if settings.DEBUG:
ret_json.update(extra_context)
# although "application/json" is the correct content type, IE throws a fit
return HttpResponse(json.dumps(ret_json, cls=DjangoJSONEncoder), content_type='text/html; charset=utf-8')
else:
response = HttpResponseNotAllowed(['POST'])
response.write("ERROR: Only POST allowed")
return response
def __call__(self, request, *args, **kwargs):
try:
response = self.dispatch(request, self, *args, **kwargs)
log_request(request, response, 'access')
return response
except (HttpMethodNotAllowed, Http403):
log_request(request, None, 'access')
response = HttpResponseNotAllowed(self.permitted_methods)
response.mimetype = self.mimetype
return response
except TracedServerError, e:
log_request(request, None, 'access')
msg = log_detailed_exception(request, e)
def ajax_upload(request):
if request.method == 'POST':
for field_name in request.FILES:
uploaded_file = request.FILES[field_name]
datedir = time.strftime('%Y/%m/%d/', time.localtime(time.time()))
dest_dir = conf.TEMP_DIR + datedir
if not os.path.exists(str(dest_dir)):
os.makedirs(str(dest_dir))
salt = str(time.time()) + uploaded_file.name
if isinstance(salt, unicode):
salt = salt.encode('utf8')
filename = hashlib.md5(salt).hexdigest()
fn_ext = uploaded_file.name.split('.')[-1]
# save to temp dir
dest_path = dest_dir + filename + '.' + fn_ext
dest = open(str(dest_path), 'wb+')
for chunk in uploaded_file.chunks():
dest.write(chunk)
dest.close()
# copy to media root
media_path = time.strftime('uploads/media/%Y/%m/%d/', time.localtime(time.time())) + filename + '.' + fn_ext
if not os.path.exists(settings.MEDIA_ROOT + time.strftime('uploads/media/%Y/%m/%d/', time.localtime(time.time()))):
os.makedirs(settings.MEDIA_ROOT + time.strftime('uploads/media/%Y/%m/%d/', time.localtime(time.time())))
import shutil
shutil.copyfile(dest_path, settings.MEDIA_ROOT + media_path)
ret_json = {'success': True, 'filename': media_path}
return HttpResponse(json.dumps(ret_json), mimetype="text/plain")
else:
response = HttpResponseNotAllowed(['POST'])
response.write("ERROR: Only POST allowed")
return response
def get_token_view(request, *args, **kwargs):
if request.method == 'GET':
return HttpResponse()
return HttpResponseNotAllowed('Only GET request are allowed')
def post(self, request):
return HttpResponseNotAllowed([])
def save_answer(request, task, answered, context, __, EncryptionProvider, set_ephemeral_encryption_cookies):
if request.method != "POST":
return HttpResponseNotAllowed(["POST"])
# does user have write privs?
if not task.has_write_priv(request.user):
return HttpResponseForbidden()
# normal redirect - reload the page
redirect_to = task.get_absolute_url() + "?previous=nquestion"
# validate question
q = task.module.questions.get(id=request.POST.get("question"))
# validate and parse value
if request.POST.get("method") == "clear":
# clear means that the question returns to an unanswered state
value = None
cleared = True
elif request.POST.get("method") == "skip":
# skipped means the question is answered with a null value
value = None
cleared = False
elif request.POST.get("method") == "save":
# load the answer from the HTTP request
if q.spec["type"] == "file":
# File uploads come through request.FILES.
value = request.FILES.get("value")
# We allow the user to preserve the existing uploaded value
# for a question by submitting nothing. (The proper way to
# clear it is to use Skip.) If the user submits nothing,
# just return immediately.
if value is None:
return JsonResponse({ "status": "ok", "redirect": redirect_to })
else:
# All other values come in as string fields. Because
# multiple-choice comes as a multi-value field, we get
# the value as a list. question_input_parser will handle
# turning it into a single string for other question types.
value = request.POST.getlist("value")
# parse & validate
try:
value = answer_validation.question_input_parser.parse(q, value)
value = answer_validation.validator.validate(q, value)
except ValueError as e:
# client side validation should have picked this up
return JsonResponse({ "status": "error", "message": str(e) })
# run external functions
if q.spec['type'] == "external-function":
# Make a deepcopy of some things so that we don't allow the function
# to mess with our data.
try:
value = module_logic.run_external_function(
q, answered,
project_name=task.project.title,
project_url=task.project.organization.get_url(task.project.get_absolute_url())
)
except ValueError as e:
return JsonResponse({ "status": "error", "message": str(e) })
cleared = False
elif request.POST.get("method") == "review":
# Update the reviewed flag on the answer.
ta = TaskAnswer.objects.filter(task=task, question=q).first()
if ta:
ans = ta.get_current_answer()
if ans and not ans.cleared and ans.id == int(request.POST["answer"]):
ans.reviewed = int(request.POST["reviewed"])
ans.save(update_fields=["reviewed"])
return JsonResponse({ "status": "ok" })
return JsonResponse({ "status": "error", "message": "Invalid question." })
else:
raise ValueError("invalid 'method' parameter %s" + request.POST.get("method", "<not set>"))
# save answer - get the TaskAnswer instance first
question, _ = TaskAnswer.objects.get_or_create(
task=task,
question=q,
)
# fetch the task that answers this question
answered_by_tasks = []
if q.spec["type"] in ("module", "module-set") and not cleared:
if value == "__new":
# Create a new task, and we'll redirect to it immediately.
t = Task.create(
parent_task_answer=question, # for instrumentation only, doesn't go into Task instance
editor=request.user,
project=task.project,
module=q.answer_type_module,
title=q.answer_type_module.title)
answered_by_tasks = [t]
redirect_to = t.get_absolute_url() + "?previous=parent"
elif value == None:
# User is skipping this question.
answered_by_tasks = []
else:
# User selects existing Tasks.
# Validate that the tasks are of the right type (module) and
# the user has read access.
answered_by_tasks = [
Task.objects.get(id=int(item))
for item in value.split(',')
]
for t in answered_by_tasks:
if t.module != q.answer_type_module or not t.has_read_priv(request.user):
raise ValueError("invalid task ID")
if q.spec["type"] == "module" and len(answered_by_tasks) != 1:
raise ValueError("did not provide exactly one task ID")
value = None
answered_by_file = None
elif q.spec["type"] == "file" and not cleared:
# Don't save the File into the stored_value field in the database.
# Instead put it in answered_by_file. value may be None if the user
# is skipping the question.
answered_by_file = value
value = None
else:
answered_by_file = None
# Create a new TaskAnswerHistory record, if the answer is actually changing.
if cleared:
# Clear the answer.
question.clear_answer(request.user)
instrumentation_event_type = "clear"
else:
# Save the answer.
had_answer = question.has_answer()
if question.save_answer(value, answered_by_tasks, answered_by_file, request.user, "web", encryption_provider=EncryptionProvider()):
# The answer was changed (not just saved as a new answer).
if request.POST.get("method") == "skip":
instrumentation_event_type = "skip"
elif had_answer:
instrumentation_event_type = "change"
else: # is a new answer
instrumentation_event_type = "answer"
else:
instrumentation_event_type = "keep"
# Add instrumentation event.
# --------------------------
# How long was it since the question was initially viewed? That gives us
# how long it took to answer the question.
i_task_question_view = InstrumentationEvent.objects\
.filter(user=request.user, event_type="task-question-show", task=task, question=q)\
.order_by('event_time')\
.first()
i_event_value = (timezone.now() - i_task_question_view.event_time).total_seconds() \
if i_task_question_view else None
# Save.
InstrumentationEvent.objects.create(
user=request.user,
event_type="task-question-" + instrumentation_event_type,
event_value=i_event_value,
module=task.module,
question=q,
project=task.project,
task=task,
answer=question,
extra={
"answer_value": value,
}
)
# Form a JSON response to the AJAX request and indicate the
# URL to redirect to, to load the next question.
response = JsonResponse({ "status": "ok", "redirect": redirect_to })
# Apply any new ephemeral encryption cookies now that we have
# an HttpResponse object.
set_ephemeral_encryption_cookies(response)
# Return the response.
return response
def process_request(self, request):
if request.method not in desktop.conf.HTTP_ALLOWED_METHODS.get():
return HttpResponseNotAllowed(desktop.conf.HTTP_ALLOWED_METHODS.get())
async def async_generic_view(request):
if request.method.lower() != method_name:
return HttpResponseNotAllowed(method_name)
return HttpResponse(status=200)
def get_analyze_state(request):
allowed_method = ['GET']
if request.method not in allowed_method:
return HttpResponseNotAllowed(allowed_method)
locktime = timezone.now() - LOCKDELTA
face_loc = {
'service':
'face_location',
'unanalyzed':
models.Image.objects.filter(
service_face_location_analyzed=False).count(),
'analyzing':
models.Image.objects.filter(
service_face_location_analyzed=False,
service_face_location_analyzing_startdate__range=(locktime,
timezone.now()),
).count(),
'analyzed':
models.Image.objects.filter(
service_face_location_analyzed=True).count()
}
face_enc = {
'service':
'face_encoding',
'unanalyzed':
models.Face.objects.filter(
service_face_encoding_analyzed=False).count(),
'analyzing':
models.Face.objects.filter(
service_face_encoding_analyzed=False,
service_face_encoding_analyzing_startdate__range=(locktime,
timezone.now()),
).count(),
'analyzed':
models.Face.objects.filter(
service_face_encoding_analyzed=True).count()
}
face_sex = {
'service':
'sex_detection',
'unanalyzed':
models.Face.objects.filter(
service_sex_detection_analyzed=False).count(),
'analyzing':
models.Face.objects.filter(
service_sex_detection_analyzed=False,
service_sex_detection_analyzing_startdate__range=(locktime,
timezone.now()),
).count(),
'analyzed':
models.Face.objects.filter(
service_sex_detection_analyzed=True).count()
}
face_age = {
'service':
'age_prediction',
'unanalyzed':
models.Face.objects.filter(
service_age_prediction_analyzed=False).count(),
'analyzing':
models.Face.objects.filter(
service_age_prediction_analyzed=False,
service_age_prediction_analyzing_startdate__range=(locktime,
timezone.now()),
).count(),
'analyzed':
models.Face.objects.filter(
service_age_prediction_analyzed=True).count()
}
return_list = [
face_loc,
face_enc,
face_sex,
face_age,
]
return JsonResponse(return_list, safe=False)
def dashboard(request):
if request.method == 'GET':
return render(request, 'dashboard.html')
return HttpResponseNotAllowed(permitted_methods=['GET'])
def contacts(request, uid):
print('I dont know what to do, but I know ur ID: ', uid)
if request.method == 'GET':
return JsonResponse({'text': 'contacts ' + str(uid)})
else:
return HttpResponseNotAllowed(['GET'])
def store(request):
if request.method != 'POST':
return HttpResponseNotAllowed(
'This method only supports POST requests')
if request.META.get('HTTP_AUTHORIZATION', '').startswith('Sentry'):
auth_vars = parse_auth_header(request.META['HTTP_AUTHORIZATION'])
signature = auth_vars.get('sentry_signature')
timestamp = auth_vars.get('sentry_timestamp')
format = 'json'
data = request.body
# Signed data packet
if signature and timestamp:
try:
timestamp = float(timestamp)
except ValueError:
return HttpResponseBadRequest('Invalid timestamp')
if timestamp < time.time() - 3600: # 1 hour
return HttpResponseGone('Message has expired')
sig_hmac = get_signature(data, timestamp)
if sig_hmac != signature:
return HttpResponseForbidden('Invalid signature')
else:
return HttpResponse('Unauthorized', status_code=401)
else:
# Legacy request (deprecated as of 2.0)
key = request.POST.get('key')
if not key:
return HttpResponseForbidden('Invalid credentials')
if key != settings.KEY:
warnings.warn(
'A client is sending the `key` parameter, which will be removed in Sentry 2.0',
DeprecationWarning)
return HttpResponseForbidden('Invalid credentials')
data = request.POST.get('data')
if not data:
return HttpResponseBadRequest('Missing data')
format = request.POST.get('format', 'pickle')
if format not in ('pickle', 'json'):
return HttpResponseBadRequest('Invalid format')
logger = logging.getLogger('sentry.server')
try:
try:
data = base64.b64decode(data).decode('zlib')
except zlib.error:
data = base64.b64decode(data)
except Exception, e:
# This error should be caught as it suggests that there's a
# bug somewhere in the client's code.
logger.exception('Bad data received')
return HttpResponseForbidden('Bad data decoding request (%s, %s)' %
(e.__class__.__name__, e))
def submit_feedback_via_zendesk(request):
"""
Create a new user-requested Zendesk ticket.
If Zendesk submission is not enabled, any request will raise `Http404`.
If any configuration parameter (`ZENDESK_URL`, `ZENDESK_USER`, or
`ZENDESK_API_KEY`) is missing, any request will raise an `Exception`.
The request must be a POST request specifying `subject` and `details`.
If the user is not authenticated, the request must also specify `name` and
`email`. If the user is authenticated, the `name` and `email` will be
populated from the user's information. If any required parameter is
missing, a 400 error will be returned indicating which field is missing and
providing an error message. If Zendesk returns any error on ticket
creation, a 500 error will be returned with no body. Once created, the
ticket will be updated with a private comment containing additional
information from the browser and server, such as HTTP headers and user
state. Whether or not the update succeeds, if the user's ticket is
successfully created, an empty successful response (200) will be returned.
"""
if not settings.MITX_FEATURES.get('ENABLE_FEEDBACK_SUBMISSION', False):
raise Http404()
if request.method != "POST":
return HttpResponseNotAllowed(["POST"])
if (not settings.ZENDESK_URL or not settings.ZENDESK_USER
or not settings.ZENDESK_API_KEY):
raise Exception("Zendesk enabled but not configured")
def build_error_response(status_code, field, err_msg):
return HttpResponse(json.dumps({
"field": field,
"error": err_msg
}),
status=status_code)
additional_info = {}
required_fields = ["subject", "details"]
if not request.user.is_authenticated():
required_fields += ["name", "email"]
required_field_errs = {
"subject": "Please provide a subject.",
"details": "Please provide details.",
"name": "Please provide your name.",
"email": "Please provide a valid e-mail.",
}
for field in required_fields:
if field not in request.POST or not request.POST[field]:
return build_error_response(400, field, required_field_errs[field])
subject = request.POST["subject"]
details = request.POST["details"]
tags = []
if "tag" in request.POST:
tags = [request.POST["tag"]]
if request.user.is_authenticated():
realname = request.user.profile.name
email = request.user.email
additional_info["username"] = request.user.username
else:
realname = request.POST["name"]
email = request.POST["email"]
try:
validate_email(email)
except ValidationError:
return build_error_response(400, "email",
required_field_errs["email"])
for header in ["HTTP_REFERER", "HTTP_USER_AGENT"]:
additional_info[header] = request.META.get(header)
zendesk_api = _ZendeskApi()
additional_info_string = ("Additional information:\n\n" + "\n".join(
"%s: %s" % (key, value)
for (key, value) in additional_info.items() if value is not None))
new_ticket = {
"ticket": {
"requester": {
"name": realname,
"email": email
},
"subject": subject,
"comment": {
"body": details
},
"tags": tags
}
}
try:
ticket_id = zendesk_api.create_ticket(new_ticket)
except zendesk.ZendeskError as err:
log.error("Error creating Zendesk ticket: %s", str(err))
return HttpResponse(status=500)
# Additional information is provided as a private update so the information
# is not visible to the user.
ticket_update = {
"ticket": {
"comment": {
"public": False,
"body": additional_info_string
}
}
}
try:
zendesk_api.update_ticket(ticket_id, ticket_update)
except zendesk.ZendeskError as err:
log.error("Error updating Zendesk ticket: %s", str(err))
# The update is not strictly necessary, so do not indicate failure to the user
pass
return HttpResponse()
def get(self, request, *args, **kwargs):
return HttpResponseNotAllowed(['post'])
def http_method_not_allowed(self, request, *args, **kwargs):
logger.warning(
'Method Not Allowed (%s): %s', request.method, request.path,
extra={'status_code': 405, 'request': request}
)
return HttpResponseNotAllowed(self._allowed_methods())
def state_progress(request, state, context, category):
# If no context is specified, "full" is the default
if context is None: context = 'full'
# Only GET commands are allowed
valid_requests = ['GET']
if request.META['REQUEST_METHOD'] not in valid_requests:
return HttpResponseNotAllowed(valid_requests)
# Check that the URL components were valid. If they aren't, 404
if context not in VALID_CONTEXTS: raise Http404
if category is not None and category not in CATEGORIES: raise Http404
state = get_object_or_404(State, abbreviation__iexact=state)
if category != None:
# Get deliverables that fall under this category
deliverables = state.deliverable_set.filter(category=category)
else:
# Get all this state's deliverables
deliverables = state.deliverable_set.all()
# Get submissions that address these deliverables
submissions = Submission.objects.filter(
satisfies_deliverable__in=deliverables)
# Get comments that pertain to these submissions
comments = SubmissionComment.objects.filter(submission__in=submissions)
# Get the completion percentage for this category
if category == None:
if state.category_completion('all') == None:
percent = None
else:
percent = int(round(state.category_completion('all')))
else:
if state.category_completion(category) == None:
percent = None
else:
percent = int(round(state.category_completion(category)))
# Build context for the templates
additional_context = {
'comments': comments,
'submissions': submissions,
'deliverables': deliverables,
'deliv_1': deliverables.filter(year=1),
'deliv_2': deliverables.filter(year=2),
'deliv_3': deliverables.filter(year=3),
'deliv_4': deliverables.filter(year=4),
'state': state,
'percent': percent
}
if category != None: additional_context['category'] = CATEGORIES[category]
template_context = standard_context(additional_context)
# Render the appropriate template
if context == 'full':
return render_to_response('aasgtrack/progress-full.html',
template_context)
if context == 'popup':
return render_to_response('aasgtrack/progress-popup.html',
template_context)
else:
# If this happens, double-check this code. Make sure there's an if-statement for each
# item in the VALID_CONTEXTS variable. You can only get here if that is botched.
return HttpResponse('Sorry, there was an error', status=500)
def todo(request, id=None):
# read and read by id, @return json
if request.method == 'GET':
if id != None:
try:
t = Todo.objects.get(pk=id)
res = serializers.serialize("json", [t])
return HttpResponse(res, content_type="application/json")
except Todo.DoesNotExist:
response = json.dumps({
'errors': ['No Items found'],
'success': False
})
return HttpResponse(response, content_type="application/json")
keyword = request.GET.get('keyword', '')
if keyword != '':
data = Todo.objects.order_by('-created_at').filter(
Q(tags__slug__contains=keyword)
| Q(todo_text__contains=keyword))
else:
data = Todo.objects.order_by('-created_at').all()
tags_data = {}
for t in data:
tags = t.tags.all()
tags_data[t.pk] = []
for tag in tags:
tags_data[t.pk].append(tag.slug)
list = {}
list['todos'] = json.loads(serializers.serialize("json", data))
list['tags'] = tags_data
response = json.dumps(list)
return HttpResponse(response, content_type="application/json")
# create, @return json
elif request.method == 'POST':
query = request.POST.get('query', '')
if query != '':
query = query.split(',')
pub_date = datetime.datetime.now()
todo = Todo()
todo.todo_text = query[0]
todo.created_at = pub_date
todo.save()
del query[0]
for tag in query:
if tag.strip() == '':
continue
try:
t = Tag.objects.get(slug=tag)
todo.tags.add(t)
except Tag.DoesNotExist:
t = Tag()
t.slug = tag
t.save()
todo.tags.add(t)
response = json.dumps({'query': query, 'success': True})
return HttpResponse(response, content_type="application/json")
else:
return HttpResponseBadRequest('Query missing')
# delete, @return json
elif request.method == 'DELETE':
if id == None:
return HttpResponseBadRequest('ID missing')
else:
try:
t = Todo.objects.get(pk=id)
t.delete()
response = json.dumps({
'message': 'Item has been deleted',
'success': True
})
return HttpResponse(response, content_type="application/json")
except Todo.DoesNotExist:
response = json.dumps({
'errors': ['No Items found'],
'success': False
})
return HttpResponse(response, content_type="application/json")
# update, @return json
elif request.method == 'PUT':
if id == None:
return HttpResponseBadRequest('ID missing')
else:
request.PUT = QueryDict(request.body)
query = request.PUT.get('query', '')
if query != '':
query = query.split(',')
try:
todo = Todo.objects.get(pk=id)
todo.todo_text = query[0]
todo.tags.clear()
todo.save()
del query[0]
for tag in query:
if tag.strip() == '':
continue
try:
t = Tag.objects.get(slug=tag)
todo.tags.add(t)
except Tag.DoesNotExist:
t = Tag()
t.slug = tag
t.save()
todo.tags.add(t)
response = json.dumps({
'message': 'Item has been updated',
'success': True
})
return HttpResponse(response,
content_type="application/json")
except Todo.DoesNotExist:
response = json.dumps({
'errors': ['No Items found'],
'success': False
})
return HttpResponse(response,
content_type="application/json")
else:
return HttpResponseBadRequest('Query missing')
# Invalid method, @return json
else:
return HttpResponseNotAllowed('Method not allowed')
def method_not_allowed(message = ''):
return HttpResponseNotAllowed(message)
def not_allowed(self, data=''):
return HttpResponseNotAllowed(data)
def add_to_cart(request):
if request.method == "GET":
return HttpResponseNotAllowed()
order = Order.objects.filter(user__pk=request.user.id).filter(
order_sent=False)
if order.count() == 0:
order = Order(user=request.user)
order.save()
else:
order = order[0]
# Get product data
try:
product_class = request.POST["product_class"]
product_name = request.POST["product_name"]
product_id = int(request.POST["product_id"])
except (KeyError, ValueError):
return HttpResponseBadRequest()
# Get other request parameters
quantity = int(request.POST["quantity"])
# Add to order
if product_class == "DinnerPlatterName":
order_dinner_platter = OrderDinnerPlatter(
order=order,
dinner_platter=DinnerPlatter.objects.get(
name=DinnerPlatterName.objects.get(name=product_name),
size=Size.objects.get(pk=int(request.POST["size"]))),
quantity=quantity)
order_dinner_platter.save()
order.save()
elif product_class == "Salad":
order_salad = OrderSalad(
order=order,
salad=Salad.objects.get(name=Salad.objects.get(name=product_name)),
quantity=quantity)
order_salad.save()
order.save()
elif product_class == "Pasta":
order_pasta = OrderPasta(
order=order,
pasta=Pasta.objects.get(name=Pasta.objects.get(name=product_name)),
quantity=quantity)
order_pasta.save()
order.save()
elif product_class == "Sub":
order_sub = OrderSub(
order=order,
sub=Sub.objects.get(
name=SubName.objects.get(name=product_name),
size=Size.objects.get(pk=int(request.POST["size"]))),
quantity=quantity)
order_sub.save()
for addon_id in request.POST.get("subaddons", []).split(","):
order_sub.sub_addons.add(SubAddon.objects.get(pk=int(addon_id)))
order_sub.save()
order.save()
elif product_class == "PizzaName":
order_pizza = OrderPizza(
order=order,
pizza=Pizza.objects.get(
name=PizzaName.objects.get(name=product_name),
size=Size.objects.get(pk=int(request.POST["size"])),
toppings_count=int(request.POST["toppings_count"])),
quantity=quantity)
order_pizza.save()
for topping_id in request.POST.get("toppings", []).split(","):
order_pizza.toppings.add(Topping.objects.get(pk=int(topping_id)))
order_pizza.save()
order.save()
else:
return HttpResponseNotFound()
return JsonResponse({
"order_price": order.get_order_price(),
"order_id": order.id
})
def dummy_view_handle_http_response_not_allowed(
_request, _message, _client_public_key):
return HttpResponseNotAllowed({}, status=405)
def questions(request, offering_id, **kwargs):
"""
List of Questions, Tagged questions, and Unanswered questions.
matching search query or user selection
"""
#before = timezone.now()
if request.method != 'GET':
return HttpResponseNotAllowed(['GET'])
offering = get_object_or_404(Offering, id=offering_id)
search_state = SearchState(user_logged_in=request.user.is_authenticated(),
offering_id=offering_id,
**kwargs)
qs, meta_data = models.Thread.objects.run_advanced_search(
request_user=request.user,
search_state=search_state,
offering=offering)
if meta_data['non_existing_tags']:
search_state = search_state.remove_tags(meta_data['non_existing_tags'])
paginator = Paginator(qs, search_state.page_size)
if paginator.num_pages < search_state.page:
search_state.page = 1
page = paginator.page(search_state.page)
page.object_list = list(page.object_list) # evaluate the queryset
# INFO: Because for the time being we need question posts and thread authors
# down the pipeline, we have to precache them in thread objects
models.Thread.objects.precache_view_data_hack(threads=page.object_list)
related_tags = Tag.objects.get_related_to_search(
threads=page.object_list,
ignored_tag_names=meta_data.get('ignored_tag_names', []))
tag_list_type = askbot_settings.TAG_LIST_FORMAT
if tag_list_type == 'cloud': #force cloud to sort by name
related_tags = sorted(related_tags, key=operator.attrgetter('name'))
contributors = list(
models.Thread.objects.get_thread_contributors(
thread_list=page.object_list).only('id', 'username',
'askbot_profile__gravatar'))
paginator_context = {
'is_paginated': (paginator.count > search_state.page_size),
'pages': paginator.num_pages,
'current_page_number': search_state.page,
'page_object': page,
'base_url': search_state.query_string(),
'page_size': search_state.page_size,
}
#get url for the rss feed
context_feed_url = reverse('latest_questions_feed')
# We need to pass the rss feed url based
# on the search state to the template.
# We use QueryDict to get a querystring
# from dicts and arrays. Much cleaner
# than parsing and string formating.
rss_query_dict = QueryDict("").copy()
if search_state.query:
# We have search string in session - pass it to
# the QueryDict
rss_query_dict.update({"q": search_state.query})
if search_state.tags:
# We have tags in session - pass it to the
# QueryDict but as a list - we want tags+
rss_query_dict.setlist('tags', search_state.tags)
context_feed_url += '?' + rss_query_dict.urlencode()
reset_method_count = len(
filter(None, [
search_state.query, search_state.tags,
meta_data.get('author_name', None)
]))
if request.is_ajax():
q_count = paginator.count
#todo: words
question_counter = ungettext('%(q_num)s question',
'%(q_num)s questions', q_count)
question_counter = question_counter % {
'q_num': humanize.intcomma(q_count),
}
if q_count > search_state.page_size:
paginator_tpl = get_template('main_page/paginator.html')
paginator_html = paginator_tpl.render(
RequestContext(
request, {
'context': paginator_context,
'questions_count': q_count,
'page_size': search_state.page_size,
'search_state': search_state,
}))
else:
paginator_html = ''
questions_tpl = get_template('main_page/questions_loop.html')
questions_html = questions_tpl.render(
RequestContext(
request, {
'threads': page,
'search_state': search_state,
'reset_method_count': reset_method_count,
'request': request,
'offering_id': offering_id,
}))
print questions_html
ajax_data = {
'query_data': {
'tags': search_state.tags,
'sort_order': search_state.sort,
'ask_query_string': search_state.ask_query_string(),
},
'paginator': paginator_html,
'question_counter': question_counter,
'faces':
[], #[extra_tags.gravatar(contributor, 48) for contributor in contributors],
'feed_url': context_feed_url,
'query_string': search_state.query_string(),
'page_size': search_state.page_size,
'questions': questions_html.replace('\n', ''),
'non_existing_tags': meta_data['non_existing_tags'],
}
related_tags_tpl = get_template('widgets/related_tags.html')
related_tags_data = {
'tags': related_tags,
'tag_list_type': tag_list_type,
'query_string': search_state.query_string(),
'search_state': search_state,
'language_code': translation.get_language(),
}
if tag_list_type == 'cloud':
related_tags_data['font_size'] = extra_tags.get_tag_font_size(
related_tags)
ajax_data['related_tags_html'] = related_tags_tpl.render(
RequestContext(request, related_tags_data))
#here we add and then delete some items
#to allow extra context processor to work
ajax_data['tags'] = related_tags
ajax_data['interesting_tag_names'] = None
ajax_data['threads'] = page
extra_context = context.get_extra(
'ASKBOT_QUESTIONS_PAGE_EXTRA_CONTEXT', request, ajax_data)
del ajax_data['tags']
del ajax_data['interesting_tag_names']
del ajax_data['threads']
ajax_data.update(extra_context)
return HttpResponse(simplejson.dumps(ajax_data),
content_type='application/json')
else: # non-AJAX branch
template_data = {
'active_tab':
'questions',
'author_name':
meta_data.get('author_name', None),
'contributors':
contributors,
'context':
paginator_context,
'is_unanswered':
False, #remove this from template
'interesting_tag_names':
meta_data.get('interesting_tag_names', None),
'ignored_tag_names':
meta_data.get('ignored_tag_names', None),
'subscribed_tag_names':
meta_data.get('subscribed_tag_names', None),
'language_code':
translation.get_language(),
'name_of_anonymous_user':
models.get_name_of_anonymous_user(),
'page_class':
'main-page',
'page_size':
search_state.page_size,
'query':
search_state.query,
'threads':
page,
'questions_count':
paginator.count,
'reset_method_count':
reset_method_count,
'scope':
search_state.scope,
'show_sort_by_relevance':
conf.should_show_sort_by_relevance(),
'search_tags':
search_state.tags,
'sort':
search_state.sort,
'tab_id':
search_state.sort,
'tags':
related_tags,
'tag_list_type':
tag_list_type,
'font_size':
extra_tags.get_tag_font_size(related_tags),
'display_tag_filter_strategy_choices':
conf.get_tag_display_filter_strategy_choices(),
'email_tag_filter_strategy_choices':
conf.get_tag_email_filter_strategy_choices(),
'query_string':
search_state.query_string(),
'search_state':
search_state,
'feed_url':
context_feed_url,
'offering_id':
offering_id,
}
extra_context = context.get_extra(
'ASKBOT_QUESTIONS_PAGE_EXTRA_CONTEXT', request, template_data)
template_data.update(extra_context)
template_data.update(context.get_for_tag_editor())
#and one more thing:) give admin user heads up about
#setting the domain name if they have not done that yet
#todo: move this out to a separate middleware
if request.user.is_authenticated() and request.user.is_administrator():
if domain_is_bad():
url = askbot_settings.get_setting_url(
('QA_SITE_SETTINGS', 'APP_URL'))
msg = _(
'Please go to Settings -> %s '
'and set the base url for your site to function properly'
) % url
request.user.message_set.create(message=msg)
print "dusan"
return render(request, 'main_page.html', template_data)
def edit_study(request, owner, title):
if request.method != 'POST': return HttpResponseNotAllowed()
if request.user.username != owner: return HttpResponseForbidden()
body = request.data
study_title = body['title']
study_start_date = parse_date(body['start_date'])
study_end_date = parse_date(
body['end_date']
) if 'end_date' in body and body['end_date'] is not None else None
study_contact_institution = body[
'contact_institution'] if 'contact_institution' in body else None
study_country = body['country'] if 'country' in body else None
study_site_name = body['site_name'] if 'site_name' in body else None
study_latitude = float(
body['latitude']
) if 'latitude' in body and body['latitude'] is not None else None
study_longitude = float(
body['longitude']
) if 'longitude' in body and body['longitude'] is not None else None
study_altitude = int(
body['altitude']
) if 'altitude' in body and body['altitude'] is not None else None
study_altitude_units = body[
'altitude_units'] if 'altitude_units' in body else None
study_experimental_design_description = body[
'experimental_design_description'] if 'experimental_design_description' in body else None
study_experimental_design_type = body[
'experimental_design_type'] if 'experimental_design_type' in body else None
study_observation_unit_description = body[
'observation_unit_description'] if 'observation_unit_description' in body else None
study_growth_facility_description = body[
'growth_facility_description'] if 'growth_facility_description' in body else None
study_growth_facility_type = body[
'growth_facility_type'] if 'growth_facility_type' in body else None
study_cultural_practices = body[
'cultural_practices'] if 'cultural_practices' in body else None
study_environment_parameters = body[
'environment_parameters'] if 'environment_parameters' in body else None
study_experimental_factors = body[
'experimental_factors'] if 'experimental_factors' in body else None
try:
project = Investigation.objects.get(owner=request.user, title=title)
study = Study.objects.get(investigation=project, title=study_title)
environment_parameters = list(
EnvironmentParameter.objects.filter(study=study))
except:
return HttpResponseNotFound()
study.description = body['description']
study.start_date = study_start_date
study.end_date = study_end_date
study.contact_institution = study_contact_institution
study.country = study_country
study.site_name = study_site_name
study.latitude = study_latitude
study.longitude = study_longitude
study.altitude = study_altitude
study.altitude_units = study_altitude_units
study.experimental_design_description = study_experimental_design_description
study.experimental_design_type = study_experimental_design_type
# study.experimental_design_map = body['experimental_design_map']
# study.observation_unit_level_hierarchy = body['observation_unit_level_hierarchy']
study.observation_unit_description = study_observation_unit_description
study.growth_facility_description = study_growth_facility_description
study.growth_facility_type = study_growth_facility_type
study.cultural_practices = study_cultural_practices
study.save()
for existing in environment_parameters:
existing.delete()
for name, value in study_environment_parameters.items():
EnvironmentParameter.objects.create(name=name,
value=value,
study=study)
return JsonResponse(q.project_to_dict(project))
def routed(request, *args, **kwargs):
method = request.method.lower()
if method not in methods:
return HttpResponseNotAllowed(permitted)
return methods[method](request, *args, **kwargs)
def wrap(request, *args, **kwargs):
nonlocal methods
methods = [m.upper() for m in methods]
if request.method not in methods:
return HttpResponseNotAllowed(methods)
return view_func(request, *args, **kwargs)
def dynamic_ip_update_view(request):
"""
TODO: explain dynamic IP update options and logic
if hostname is missing, the ips of all A and AAAA records of the zone are changed
otherwise only the specific record with the name=hostname and provided that the
correct ip (v4, v6) has been provided for the type of the record (A, AAAA)
If no ipv4 or ipv6 address is provided, then the client IP address is used
to update A records (if the client IP is IPv4) or AAAA records (if client IP is IPv6).
curl -k \
-F "api_key=UBSE1RJ0J175MRAMJC31JFUH" \
-F "hostname=ns1.centos.example.org" \
-F "ipv4=10.1.2.3" \
-F "ipv6=3ffe:1900:4545:3:200:f8ff:fe21:67cf" \
https://centos.example.org/powerdns/zone/update/
"""
if request.method != 'POST':
return HttpResponseNotAllowed(['POST'])
form = DynamicIPUpdateForm(request.POST)
if not form.is_valid():
return HttpResponseBadRequest(repr(form.errors))
# Determine protocol or REMOTE_ADDR
remote_ipv4 = None
remote_ipv6 = None
try:
validate_ipv4_address(request.META['REMOTE_ADDR'])
except ValidationError:
try:
validate_ipv6_address(request.META['REMOTE_ADDR'])
except ValidationError:
return HttpResponseBadRequest('Cannot determine protocol of remote IP address')
else:
remote_ipv6 = request.META['REMOTE_ADDR']
else:
remote_ipv4 = request.META['REMOTE_ADDR']
# Gather required information
# API key
api_key = form.cleaned_data['api_key']
# Hostname
hostname = form.cleaned_data['hostname']
# If the hostname is missing, the IP addresses of all A and AAAA records
# of the zone are updated.
update_all_hosts_in_zone = False
if not hostname:
update_all_hosts_in_zone = True
# IP addresses
ipv4 = form.cleaned_data['ipv4']
ipv6 = form.cleaned_data['ipv6']
# If IP information is missing, the remote client's IP address will be used.
if not ipv4 and not ipv6:
if remote_ipv4:
ipv4 = remote_ipv4
if remote_ipv6:
ipv6 = remote_ipv6
# All required data is good. Process the request.
DynamicZone = get_model('powerdns_manager', 'DynamicZone')
Record = get_model('powerdns_manager', 'Record')
# Get the relevant dynamic zone instance
dyn_zone = DynamicZone.objects.get(api_key__exact=api_key)
# Get A and AAAA records
dyn_rrs = Record.objects.filter(domain=dyn_zone.domain, type__in=('A', 'AAAA'))
if not dyn_rrs:
return HttpResponseNotFound('A or AAAA resource records not found')
# Check existence of hostname
if hostname:
hostname_exists = False
for rr in dyn_rrs:
if rr.name == hostname:
hostname_exists = True
break
if not hostname_exists:
return HttpResponseNotFound('error:Hostname not found: %s' % hostname)
# Update the IPs
rr_has_changed = False
if update_all_hosts_in_zone: # No hostname supplied
for rr in dyn_rrs:
# Try to update A records
if rr.type == 'A' and ipv4:
rr.content = ipv4
rr_has_changed = True
# Try to update AAAA records
elif rr.type == 'AAAA' and ipv6:
rr.content = ipv6
rr_has_changed = True
rr.save()
else: # A hostname is supplied
for rr in dyn_rrs:
if rr.name == hostname:
# Try to update A records
if rr.type == 'A' and ipv4:
rr.content = ipv4
rr_has_changed = True
# Try to update AAAA records
elif rr.type == 'AAAA' and ipv6:
rr.content = ipv6
rr_has_changed = True
rr.save()
if rr_has_changed:
return HttpResponse('Success')
else:
return HttpResponseNotFound('error:No suitable resource record found')
def try_capture(request, username, id_flag):
# comprobamos método HTTP, sino POST 405
if request.method != 'POST':
return HttpResponseNotAllowed(['POST'])
# comprobamos si cookie está en headers, sino 400
if not 'sessioncookie' in request.headers:
return JsonResponse(custom_error_response.BAD_REQUEST, status=400)
session_cookie = request.headers.get('sessioncookie')
# comprobamos si user existe, sino 404
try:
user = Usuario.objects.get(nombre__exact=username)
except Usuario.DoesNotExist:
return JsonResponse(custom_error_response.NOT_FOUND, status=404)
# obtenemos todas las sesiones del usuario
session_list = Sesion.objects.filter(id_usuario__exact=user)
# comprobamos si cookie está es válida, sino 401
valid_session = False
for session in session_list:
if session.valor_cookie == session_cookie:
valid_session = True
break
if not valid_session:
return JsonResponse(custom_error_response.BAD_COOKIE, status=401)
# comprobamos si la bandera existe, sino 404
try:
flag = Bandera.objects.get(pk=id_flag)
except Bandera.DoesNotExist:
return JsonResponse(custom_error_response.NOT_FOUND, status=404)
# obtengo todos los intentos de captura sobre esa bandera
intento_captura_list = IntentoCaptura.objects.filter(id_bandera=flag)
# cuento cuantos usuarios de mi clan han realizado un intento de captura en los últimos 10 min
users_capturing_list = []
for intento_captura in intento_captura_list:
# si este mismo usuario ya ha iniciado una captura sobre esta bandera se devuelve un conflicto (409)
# OJO!: (si no se aplica el borrado de intentos esto no funciona bien)
if intento_captura.id_usuario == user:
return JsonResponse(custom_error_response.ALREADY_EXISTS,
status=409)
# antiguedad_intento_captura = timezone.now() - intento_captura.fecha
# if intento_captura.id_usuario.id_clan == user.id_clan and antiguedad_intento_captura < datetime.timedelta(minutes=1): # 10 o 5? (1 de prueba)
if intento_captura.id_usuario.id_clan == user.id_clan:
users_capturing_list.append(intento_captura.id_usuario)
if len(users_capturing_list) >= 1:
# si hay 1 o más usuarios de tu mismo clan (además de ti mismo) la bandera se captura
flag.capturando = False
flag.id_clan = user.id_clan
# borramos todos los intentos de captura asociados a esa bandera (puede que no haga falta, poer el hecho de filtrar por tiempo)
for intento_captura in intento_captura_list:
intento_captura.delete()
# sumamos 1 a las banderas capturadas de todos los usuarios del clan ganador
for user_obj in users_capturing_list:
user_obj.banderas_capturadas += 1
user_obj.save()
# sumamos 1 a las banderas capturadas de este propio usuario
user.banderas_capturadas += 1
user.save()
else:
# sino creamos un nuevo intento de captura
flag.capturando = True
new_intento = IntentoCaptura(id_usuario=user, id_bandera=flag)
new_intento.save()
# guardamos la bandera, porque su estado de captura se ha modificado (a true o a false)
flag.save()
# envio una respuesta 200 indicando que la captura ha comenzado
# (aunque sea el usuario que finaliza la captura)
return JsonResponse(custom_error_response.CAPTURE_STARTED, status=200)
def get(self, request, *args, **kwargs):
if "GET" in self.Meta.methods:
return self.handle_request(request)
return HttpResponseNotAllowed(self.Meta.methods.keys())
def _ajax_upload(self, request):
if request.method == "POST":
# determine which model and field this upload relates to
try:
model = request.POST['model']
self.model = model
field = request.POST['field']
except KeyError:
return HttpResponseBadRequest("AJAX request not valid")
else:
# is the field one of the fields allowed?
if field not in ('picture',):
return HttpResponseBadRequest("AJAX request not valid")
if request.is_ajax():
# /!\ try this with Chrome / this is HTML5
# the file is stored raw in the request
is_raw = True
upload = request
try:
filename = request.POST['file']
except KeyError:
return HttpResponseBadRequest("AJAX request not valid")
# not an ajax upload, so it was the "basic" iframe version with
# submission via form
else:
is_raw = False
if len(request.FILES) == 1:
# FILES is a dictionary in Django but Ajax Upload gives
# the uploaded file an ID based on a random number, so it
# cannot be guessed here in the code. Rather than editing
# Ajax Upload to pass the ID in the querystring, observe
# that each upload is a separate request, so FILES should
# only have one entry. Thus, we can just grab the first
# (and only) value in the dict.
upload = request.FILES.values()[0]
filename = upload.name
else:
raise Http404("Bad Upload")
# we have a filename, now determine where to put it
# first, we need to figure out what model this refers to
#logger.debug(model + '/' + field)
try:
_model = getattr(models, model)
upload_to = _model._meta.get_field(field).upload_to
except Exception as e:
logger.error(e)
return HttpResponseBadRequest("Bad Request")
# do we need to resize the image?
width = request.POST['width'] if request.POST.has_key('width') else None
height = request.POST['height'] if request.POST.has_key('height') else None
if width and height:
self.storage.set_size(width, height)
# save the file
self.storage.setup(filename, upload_to)
success = self.storage.upload(upload, is_raw)
ret_json = {'success': success, 'filename': self.storage.filename}
return HttpResponse(json.dumps(ret_json, cls=DjangoJSONEncoder), content_type=self.content_type)
else:
response = HttpResponseNotAllowed(['POST'])
response.write("Only POST allowed")
return response
def flag(request):
# Si recibimos una peticion que no es GET, devolvemos un 405
if request.method != 'GET':
return HttpResponseNotAllowed(['GET'])
# if not 'latitude' in request.GET or not 'longitude' in request.GET or not 'radius' in request.GET:
# return JsonResponse(custom_error_response.BAD_REQUEST, status=400)
user_latitude = request.GET.get('latitude', None)
user_longitude = request.GET.get('longitude', None)
search_radius = request.GET.get('radius', None)
try:
if user_latitude is None or user_longitude is None or search_radius is None:
raise ValueError
user_latitude = float(user_latitude)
user_longitude = float(user_longitude)
search_radius = float(search_radius)
# https://www.movable-type.co.uk/scripts/latlong.html
# 0.2 = 16.26 km (ese es el radio máximo permitido)
if search_radius > 0.200000:
raise ValueError
except ValueError:
return JsonResponse(custom_error_response.BAD_REQUEST, status=400)
all_flags_list = Bandera.objects.all()
flags_in_area_list = []
for flag in all_flags_list:
distance_to_location = math.sqrt((flag.latitud - user_latitude)**2 +
(flag.longitud - user_longitude)**2)
# print(distance_to_location, "<=", search_radius, distance_to_location <= search_radius)
# if distance_to_location < search_radius:
if distance_to_location <= search_radius:
flags_in_area_list.append(flag)
response = []
for flag in flags_in_area_list:
flag_response = {
"id": flag.id,
"name": flag.nombre,
"description": flag.descripcion,
"latitude": flag.latitud,
"longitude": flag.longitud,
"capturing": flag.capturando
}
if flag.id_clan is not None:
flag_response["clan"] = {
"id": flag.id_clan.id,
"name": flag.id_clan.nombre,
"color": flag.id_clan.color
}
if flag.id_clan.url_icon is not None:
flag_response["clan"]["url_icon"] = flag.id_clan.url_icon
if flag.id_clan.abreviatura is not None:
flag_response["clan"]["acronym"] = flag.id_clan.abreviatura
response.append(flag_response)
return JsonResponse(response, safe=False, status=200)
def file_upload(request):
if request.method != "POST":
return HttpResponseNotAllowed(["POST"])
upload_id = request.POST.get("upload_id")
upload_key = request.POST.get("upload_key")
fu = request.FILES["file"]
try:
upload = FileUpload.objects.get(id=upload_id, upload_key=upload_key)
except:
return HttpResponseForbidden("Not allowed to upload the file.")
upload_path = os.path.join(upload.target_dir, upload.name)
if os.path.isfile(upload_path):
upload.state = UPLOAD_STATES["FAILED"]
upload.save()
# remove file
return HttpResponseServerError("File already exists.")
# TODO: check size
# TODO: check target_dir? create it?
# don't re-upload FINISHED or STARTED
tmp_dir = tempfile.mkdtemp()
tmp_file_name = os.path.join(tmp_dir, upload.name)
tmp_file = open(tmp_file_name, "wb")
sum = hashlib.sha256()
# transaction, commit save()
upload.state = UPLOAD_STATES["STARTED"]
upload.save()
for chunk in fu.chunks():
tmp_file.write(chunk)
sum.update(chunk)
tmp_file.close()
checksum = sum.hexdigest().lower()
if checksum != upload.checksum.lower():
upload.state = UPLOAD_STATES["FAILED"]
upload.save()
# remove file
return HttpResponseServerError("Checksum mismatch.")
if not os.path.isdir(upload.target_dir):
os.makedirs(upload.target_dir)
shutil.move(tmp_file_name, upload.target_dir)
shutil.rmtree(tmp_dir)
upload.state = UPLOAD_STATES["FINISHED"]
upload.dt_finished = datetime.datetime.now()
upload.save()
# upload.save can modify state if there is a race
if upload.state == UPLOAD_STATES['FAILED']:
return HttpResponseServerError("Checksum mismatch.")
return HttpResponse("Upload finished.")
def pid(request, noid, type):
"""REST API access to PURLs and ARKs.
On GET, returns information about the PURL or ARK requested by id and type.
Accessing an ARK or PURL will return all information associated with that
pid. In order to allow accessing and updating the unqualified (for an ARK)
or default (for a PURL) target, the pid url must NOT include a trailing slash.
Attempting to access a PURL pid as an ARK or vice versa will result in a 404.
Example urls::
http://pid.emory.edu/ark/8g3sq - info for ARK and all targets
http://pid.emory.edu/purl/127zr - info for PURL and target
On PUT, update a PURL or ARK. Update values should be in the request body
as JSON. The following values are supported:
* **domain** - domain, in URI resource format, e.g.
http://pid.emory.edu/domains/1/
* **name** - label or title
* **external_system_id** - external system name
* **external_system_key** - key or identifier in the specified external
system
* **policy** - policy by name (to specify a different policy from the
default domain policy)
Updating target information (resolve URI, active, proxy) is not currently
supported via PUT on the Ark or Purl that the target belongs to; you must PUT
the new data to the target itself-- see :meth:`target`.
"""
methods = ["GET", "PUT"]
if request.method == "DELETE":
# *explicitly* disallow delete, since it will never be supported for pids
response = HttpResponseNotAllowed(methods)
response.content = """ARKs and PURLs cannot be deleted.
If no longer in use, you may mark the target(s) as inactive, which will prevent
them from being resolved."""
return response
# find the requested pid for view or update
if request.method in methods:
pid = get_object_or_404(Pid, pid__exact=noid, type=type.title())
if request.method == "PUT":
if not request.user.is_authenticated():
# 401 unauthorized - not logged in or invalid credentials
return HttpResponseUnauthorized(BASIC_AUTH_REALM)
elif not request.user.has_perm("pid.change_pid"):
# 403 Forbidden - logged in but insufficient permissions
return HttpResponseForbidden()
# content should be posted in request body as JSON
content_type = "application/json"
try:
if request.META["CONTENT_TYPE"] != content_type:
raise BadRequest(
"Unsupported content type '%s'; please use a supported format: %s"
% (request.META["CONTENT_TYPE"], content_type)
)
# parse the request body as JSON
data = json.loads(request.body)
# TODO: figure out how to take advantage of overlap in create_pid logic
# update any pid properties that are specified
if "domain" in data:
# domain should be passed in as resource URI
pid.domain = _domain_from_uri(data["domain"])
if "name" in data:
pid.name = data["name"]
if "external_system_id" in data:
# if external system id is set and not empty, find and update
if data["external_system_id"]:
try:
pid.ext_system = ExtSystem.objects.get(name=data["external_system_id"])
except ObjectDoesNotExist:
raise BadRequest("External System '%s' not found" % data["external_system_id"])
# otherwise, clear external system
else:
pid.ext_system = None
if "external_system_key" in data:
pid.ext_system_key = data["external_system_key"]
if "policy" in data:
# if policy is set and not empty, find and update
if data["policy"]:
try:
pid.policy = Policy.objects.get(title=data["policy"])
except ObjectDoesNotExist:
raise BadRequest("Policy '%s' not found" % request.POST["policy"])
# otherwise, clear policy
else:
pid.policy = None
# NOTE: currently does not supporting target URI or info
# It might be nice to allow updating one target specified by qualifier,
# or perhaps only primary/default target, (roughly parallel to pid creation)
# HOWEVER, that complicates things:
# - should specifying active=True/False at this level apply to one
# target or ALL targets?
# - if the requested target does not exist, do we create it?
# set current user as editor
pid.editor = request.user
pid.save()
_log_rest_action(request, pid, CHANGE, "Updated pid:%s via rest api" % unicode(pid))
except BadRequest as err:
# return a response with status code 400, Bad Request
return HttpResponseBadRequest("Error: %s" % err)
# successful PUT can return 200 Ok or 204 No Content
# in this case, on success, return the updated pid with status 200
# -- fall through to common GET/PUT display logic
# common logic for GET and successful PUT: return pid info as JSON
if request.method == "GET" or request.method == "PUT":
json_data = json_serializer.encode(pid_data(pid, request))
return HttpResponse(json_data, content_type="application/json")
# if request method is not GET or PUT, return 405 method not allowed
return HttpResponseNotAllowed(methods)
def token(request):
if request.method == 'GET':
return HttpResponse(status=204)
else:
return HttpResponseNotAllowed(['GET'])
def sign_up(request):
if request.method == 'POST':
try:
req_data = json.loads(request.body.decode())
username = req_data['username']
email = req_data['email']
password = req_data['password']
selected_foods = req_data['selectedFoods']
service_option_list = req_data['serviceOptionList']
except (KeyError, JSONDecodeError):
return HttpResponse(status=400)
# This checks duplicated user
if User.objects.filter(email=email).exists() or \
User.objects.filter(username=username).exists():
return HttpResponse(status=409)
# By user's selected foods, initialize pref_vec
pref_vec = PreferenceVector()
attr_list = get_preference_attributes(pref_vec)
max_cos = 0
min_cos = 5.0
for attr in attr_list:
weight = 0.0
for food in selected_foods:
weight += (cos_sim_word(attr, food))
if cos_sim_word(attr, food) > max_cos:
max_cos = cos_sim_word(attr, food)
if cos_sim_word(attr, food) < min_cos:
min_cos = cos_sim_word(attr, food)
weight /= len(selected_foods)
#print(weight)
weight = 2.5 + 10 * weight
if weight > max_weight:
weight = max_weight
if weight < min_weight:
weight = min_weight
pref_vec[attr] = weight
set_service_pref(pref_vec, service_option_list)
pref_vec.save()
"""
print('max', max_cos)
print('min', min_cos)
"""
food_category = FoodCategory()
food_category.save()
search_location = Location()
search_location.save()
user = User.objects.create_user(
username=username, email=email, password=password)
user.save()
profile = Profile(user=user,
preference_vector=pref_vec,
food_category=food_category,
search_location=search_location)
profile.save()
author = Author(user=user,
nickname=username)
author.save()
return HttpResponse(status=201)
else:
return HttpResponseNotAllowed(['POST'])
def service_proxy(request):
# To get around XMLHTTPRequest cross-domain issues. Commonly used as OpenLayers.ProxyHost
# These are the only domains that can be requested through this proxy
allowedHosts = [
'localhost', 'localhost:8080', 'localhost:8000', 'services.usgin.org',
'services.usgin.org:8080', '50.19.88.63', '50.19.88.63:8080'
]
# These are the only allowed request methods
allowedRequests = ['POST', 'GET', 'OPTIONS']
# These are the allowed CORS headers
allowedHeaders = ['content-type', 'x-requested-with']
# Check that the request Method is valid
method = request.META['REQUEST_METHOD']
if method in ["POST", "GET"]:
# Find the URL that is being requested through this proxy
url = request.GET.get('url', "http://www.openlayers.org")
elif method in ["OPTIONS"]:
# If it is an OPTIONS request, just respond appropriately
response = HttpResponse("OK", status=200, mimetype="text/plain")
return proxy_response_cors_headers(response, allowedRequests,
allowedHeaders)
else:
return HttpResponseNotAllowed(allowedRequests)
try:
# Make sure the requested Host is allowed
host = url.split("/")[2]
if allowedHosts and not host in allowedHosts:
return HttpResponse("502: Bad Gateway. Cannot provide " + url,
status=502)
elif url.startswith("http://") or url.startswith("https://"):
if method == "POST":
headers = {
'CONTENT-LENGTH': request.META['CONTENT_LENGTH'],
'CONTENT-TYPE': request.META.get('CONTENT_TYPE',
'text/plain')
}
body = request.raw_post_data
r = urllib2.Request(url, body, headers)
y = urllib2.urlopen(r)
else:
y = urllib2.urlopen(url)
# print content type header
response = HttpResponse(y.read())
i = y.info()
if i.has_key("Content-Type"):
response['Content-Type'] = i["Content-Type"]
else:
response['Content-Type'] = "text/plain"
y.close()
return proxy_response_cors_headers(response, allowedRequests,
allowedHeaders)
else:
return HttpResponse("Illegal request.")
except Exception, E:
return HttpResponse("Some unexpected error occurred. Error text was:" +
E,
status=500)
def json_method_not_allowed(methods: List[Text]) -> HttpResponseNotAllowed:
resp = HttpResponseNotAllowed(methods)
resp.content = ujson.dumps({"result": "error",
"msg": "Method Not Allowed",
"allowed_methods": methods}).encode()
return resp
def __init__(self, permitted_methods):
HttpResponseNotAllowed.__init__(self, permitted_methods)
