def get_sensor(self, request, sensor_id):
try:
sensor = Sensor.objects.get(uuid=sensor_id)
except Sensor.DoesNotExist:
return Http404("The sensor you requested does not exist.")
if not request.user.is_part_of(sensor.team):
return Http403("You do not have permission to view this sensor.")
return sensor
def authenticate(self, request):
user = request.params.get('user')
if user == 'friend':
return None
elif user == 'foe':
return Http403('you shall not pass')
elif user == 'exceptional-foe':
raise HttpError(403, 'with exception')
else:
# this is an illegal return value for this function
return 42
def post(self, request):
if not request.user.is_authenticated():
return Http403("You must log in to modify your user resource.")
user = request.user
form = UpdateUserForm(request.data, instance=user)
if form.is_valid():
user = form.save()
return UserPresenter(user).serialized
return Http400("Derp derp.", details=form.errors)
def get_instance(self, request, membership_id):
membership = Membership.objects.get(pk=membership_id)
if request.user.id == membership.user_id:
your_membership = membership
else:
your_membership = Membership.objects.get(
user_id=request.user.id, team_id=membership.team_id)
if your_membership:
return (membership, your_membership)
else:
return Http403("You cannot access this team membership.")
def post(self, request):
if request.user.is_authenticated():
return Http403(
"You cannot create a new user while you're logged-in.")
form = UpdateUserForm(request.data)
if form.is_valid():
user = form.save()
response = UserPresenter(user).serialized
response['token'] = user.fresh_token
return Http201(response)
return Http400(reason="The user could not be created.",
details=form.errors)
def verify_access_key(request, access_key):
"""
Verifies that an access_key is valid. Used inside of the sensor endpoint.
"""
try:
apikey = APIKey.objects.get(access_key=access_key)
except APIKey.DoesNotExist:
return Http403("The access_key is not valid.")
return JSONResponse(
serialize(apikey,
fields=[
'secret_key',
('identifier', lambda a: a.team.identifier),
]))
def get(self, request, identifier):
try:
membership = request.user.memberships \
.prefetch_related('team', 'team__keys') \
.get(team__identifier=identifier)
except Membership.DoesNotExist:
return Http403("You cannot access this team.")
team = TeamList.serialize_team_with_membership(membership)
# Add all the members to the team object
team['members'] = []
for member in membership.team.memberships.prefetch_related(
'user').all():
u = UserPresenter(member.user).serialized
u['membership'] = MembershipPresenter(member).serialized
team['members'].append(u)
# Add all the keys to the team object
team['keys'] = APIKeyPresenter(membership.team.keys.all()).serialized
return team
def authenticate(self, request):
if not request.user.is_authenticated():
return Http403("You must be logged-in to access this resource.")