def setUp(self):
db = DAL("sqlite:memory")
db.define_table("color",
Field("name", requires=IS_NOT_IN_DB(db, "color.name")))
db.color.insert(name="red")
db.color.insert(name="green")
db.color.insert(name="blue")
db.define_table("thing", Field("name"),
Field("color", "reference color"))
db.thing.insert(name="Chair", color=1)
db.thing.insert(name="Chair", color=2)
db.thing.insert(name="Table", color=1)
db.thing.insert(name="Table", color=3)
db.thing.insert(name="Lamp", color=2)
db.define_table(
"rel",
Field("a", "reference thing"),
Field("desc"),
Field("b", "reference thing"),
)
db.rel.insert(a=1, b=2, desc="is like")
db.rel.insert(a=3, b=4, desc="is like")
db.rel.insert(a=1, b=3, desc="is under")
db.rel.insert(a=2, b=4, desc="is under")
db.rel.insert(a=5, b=4, desc="is above")
api = RestAPI(db, ALLOW_ALL_POLICY)
self.db = db
self.api = api
def setUp(self):
db = DAL('sqlite:memory')
db.define_table('color',
Field('name', requires=IS_NOT_IN_DB(db, 'color.name')))
db.color.insert(name='red')
db.color.insert(name='green')
db.color.insert(name='blue')
db.define_table('thing', Field('name'),
Field('color', 'reference color'))
db.thing.insert(name='Chair', color=1)
db.thing.insert(name='Chair', color=2)
db.thing.insert(name='Table', color=1)
db.thing.insert(name='Table', color=3)
db.thing.insert(name='Lamp', color=2)
db.define_table('rel', Field('a', 'reference thing'), Field('desc'),
Field('b', 'reference thing'))
db.rel.insert(a=1, b=2, desc='is like')
db.rel.insert(a=3, b=4, desc='is like')
db.rel.insert(a=1, b=3, desc='is under')
db.rel.insert(a=2, b=4, desc='is under')
db.rel.insert(a=5, b=4, desc='is above')
api = RestAPI(db, ALLOW_ALL_POLICY)
self.db = db
self.api = api
def api(tablename, rec_id=None):
return RestAPI(db, policy)(request.method,
tablename,
rec_id,
request.GET,
request.POST
)
def api(path):
# this is not final, requires pydal 19.5
args = path.split('/')
app_name = args[0]
from py4web.core import Reloader, DAL
from pydal.restapi import RestAPI, ALLOW_ALL_POLICY, DENY_ALL_POLICY
if MODE == 'full':
policy = ALLOW_ALL_POLICY
else:
policy = DENY_ALL_POLICY
module = Reloader.MODULES[app_name]
def url(*args): return request.url + '/' + '/'.join(args)
databases = [name for name in dir(module) if isinstance(getattr(module, name), DAL)]
if len(args) == 1:
def tables(name):
db = getattr(module, name)
return [{'name': t._tablename,
'fields': t.fields,
'link': url(name, t._tablename)+'?model=true'}
for t in getattr(module, name)]
return {'databases': [{'name':name, 'tables': tables(name)} for name in databases]}
elif len(args) > 2 and args[1] in databases:
db = getattr(module, args[1])
id = args[3] if len(args) == 4 else None
data = action.uses(db)(lambda: RestAPI(db, policy)(
request.method, args[2], id, request.query, request.json))()
else:
data = {}
if 'code' in data:
response.status = data['code']
return data
def api():
return RestAPI(db, policy)(
request.method,
request.args(0), # tablename
request.args(1), # id
request.get_vars,
request.post_vars)
def __init__(self, db, policy=None, auth=None, path="service/{uuid}/<tablename>"):
self.db = db
self.policy = policy
self.restapi = RestAPI(self.db, policy)
self.path = path.format(uuid=str(uuid.uuid4()))
args = [db, auth] if auth else [db]
f = action.uses(*args)(self.api)
f = action(self.path, method=["GET", "POST"])(f)
f = action(self.path + "/<id:int>", method=["PUT", "DELETE"])(f)
def api(path):
# this is not final, requires pydal 19.5
args = path.split("/")
app_name = args[0]
from py4web.core import Reloader, DAL
from pydal.restapi import RestAPI, Policy
if MODE != "full":
raise HTTP(403)
module = Reloader.MODULES[app_name]
def url(*args):
return request.url + "/" + "/".join(args)
databases = [
name for name in dir(module) if isinstance(getattr(module, name), DAL)
]
if len(args) == 1:
def tables(name):
db = getattr(module, name)
return [
{
"name": t._tablename,
"fields": t.fields,
"link": url(name, t._tablename) + "?model=true",
}
for t in getattr(module, name)
]
return {
"databases": [
{"name": name, "tables": tables(name)} for name in databases
]
}
elif len(args) > 2 and args[1] in databases:
db = getattr(module, args[1])
id = args[3] if len(args) == 4 else None
policy = Policy()
for table in db:
policy.set(table._tablename, 'GET', authorize=True,
allowed_patterns=["**"], allow_lookup=True,
fields=table.fields)
policy.set(table._tablename,'PUT', authorize=True, fields=table.fields)
policy.set(table._tablename,'POST', authorize=True, fields=table.fields)
policy.set(table._tablename,'DELETE', authorize=True)
data = action.uses(db, T)(
lambda: RestAPI(db, policy)(
request.method, args[2], id, request.query, request.json
)
)()
else:
data = {}
if "code" in data:
response.status = data["code"]
return data
def __init__(self,
db,
policy=None,
auth=None,
path='service/{uuid}/<tablename>'):
self.db = db
self.policy = policy
self.restapi = RestAPI(self.db, policy)
self.path = path.format(uuid=str(uuid.uuid4()))
args = [db, auth] if auth else [db]
f = action.uses(*args)(self.api)
f = action(self.path, method=['GET', 'POST'])(f)
f = action(self.path + '/<id:int>', method=['PUT', 'DELETE'])(f)
def api(path):
# this is not final, requires pydal 19.5
args = path.split("/")
app_name = args[0]
from py4web.core import Reloader, DAL
from pydal.restapi import RestAPI, ALLOW_ALL_POLICY, DENY_ALL_POLICY
if MODE == "full":
policy = ALLOW_ALL_POLICY
else:
policy = DENY_ALL_POLICY
module = Reloader.MODULES[app_name]
def url(*args):
return request.url + "/" + "/".join(args)
databases = [
name for name in dir(module) if isinstance(getattr(module, name), DAL)
]
if len(args) == 1:
def tables(name):
db = getattr(module, name)
return [
{
"name": t._tablename,
"fields": t.fields,
"link": url(name, t._tablename) + "?model=true",
}
for t in getattr(module, name)
]
return {
"databases": [
{"name": name, "tables": tables(name)} for name in databases
]
}
elif len(args) > 2 and args[1] in databases:
db = getattr(module, args[1])
id = args[3] if len(args) == 4 else None
data = action.uses(db, T)(
lambda: RestAPI(db, policy)(
request.method, args[2], id, request.query, request.json
)
)()
else:
data = {}
if "code" in data:
response.status = data["code"]
return data
def apisec(tablename, rec_id=None):
token = jwt_token_from_header()
if token:
try:
jwt.decode(token, 'secret', algorithms=['HS256'])
return RestAPI(db, policy)(request.method,
tablename,
rec_id,
request.GET,
request.POST
)
except jwt.ExpiredSignatureError:
return json.dumps({'error': 403, 'message': 'Token Expired'})
except jwt.InvalidSignatureError:
return json.dumps({'error': 403, 'message': 'JWT Signature failed!'})
except:
return json.dumps({'error': 403, 'message': 'User not found'})
else:
return json.dumps({'error': 403, 'message': 'Token required!'})
def __init__(
self,
table,
query=None,
fields=None,
limit=100,
create=True,
editable=True,
deletable=True,
):
self.db = table._db
self.table = table
self.query = query
self.fields = fields or [f.name for f in table if f.readable]
self.limit = limit
self.create = create
self.editable = editable
self.deletable = deletable
self.policy = Policy()
self.policy.set(
table._tablename,
"GET",
query=query,
authorize=True,
allowed_patterns=["*"],
fields=fields,
limit=limit,
)
self.restapi = RestAPI(self.db, self.policy)
self.labels = {}
self.renderers = {"id": self.idlink}
self.guessing_renderers = [
GuessingRenderers.hide_null,
GuessingRenderers.boolean_renderer,
GuessingRenderers.link_renderer,
GuessingRenderers.list_renderer,
GuessingRenderers.dict_renderer,
GuessingRenderers.html_renderer,
GuessingRenderers.large_text_renderer,
]
self.form_attributes = {}
self.T = lambda value: value
self.denormalize = {}
def api(path):
# this is not final, requires pydal 19.5
args = path.split("/")
app_name = args[0]
if MODE != "full":
raise HTTP(403)
module = Reloader.MODULES.get(app_name)
if not module:
raise HTTP(404)
def url(*args):
return request.url + "/" + "/".join(args)
databases = [
name for name in dir(module) if isinstance(getattr(module, name), DAL)
]
if len(args) == 1:
def tables(name):
db = getattr(module, name)
make_safe(db)
return [
{
"name": t._tablename,
"fields": t.fields,
"link": url(name, t._tablename) + "?model=true",
}
for t in getattr(module, name)
]
return {
"databases": [
{"name": name, "tables": tables(name)} for name in databases
]
}
elif len(args) > 2 and args[1] in databases:
db = getattr(module, args[1])
make_safe(db)
id = args[3] if len(args) == 4 else None
policy = Policy()
for table in db:
policy.set(
table._tablename,
"GET",
authorize=True,
allowed_patterns=["**"],
allow_lookup=True,
fields=table.fields,
)
policy.set(table._tablename, "PUT", authorize=True, fields=table.fields)
policy.set(
table._tablename, "POST", authorize=True, fields=table.fields
)
policy.set(table._tablename, "DELETE", authorize=True)
# must wrap into action uses to make sure it closes transactions
data = action.uses(db)(lambda: RestAPI(db, policy)(
request.method, args[2], id, request.query, request.json
))()
else:
data = {}
if "code" in data:
response.status = data["code"]
return data
