def _post(self, rule_id, transaction, changed_by): # Verify that the rule_id exists. if not db.rules.getRuleById(rule_id, transaction=transaction): return Response(status=404) form = EditRuleForm() releaseNames = retry(db.releases.getReleaseNames, sleeptime=5, retry_exceptions=(SQLAlchemyError,)) form.mapping.choices = [(item['name'],item['name']) for item in releaseNames] form.mapping.choices.insert(0, ('', 'NULL' )) if not form.validate(): return Response(status=400, response=form.errors) what = dict(throttle=form.throttle.data, mapping=form.mapping.data, priority=form.priority.data, product = form.product.data, version = form.version.data, build_id = form.build_id.data, channel = form.channel.data, locale = form.locale.data, distribution = form.distribution.data, build_target = form.build_target.data, os_version = form.os_version.data, dist_version = form.dist_version.data, comment = form.comment.data, update_type = form.update_type.data, header_arch = form.header_arch.data) self.log.debug("old_data_version: %s", form.data_version.data) retry(db.rules.updateRule, sleeptime=5, retry_exceptions=(SQLAlchemyError,), kwargs=dict(changed_by=changed_by, rule_id=rule_id, what=what, old_data_version=form.data_version.data, transaction=transaction)) return Response(status=200)
def _post(self, id_or_alias, transaction, changed_by): # Verify that the rule_id or alias exists. rule = dbo.rules.getRule(id_or_alias, transaction=transaction) if not rule: return Response(status=404) form = EditRuleForm() # Verify that the user has permission for the existing rule _and_ what the rule would become. toCheck = [rule['product']] # Rules can be partially updated - if product is null/None, we won't update that field, so # we shouldn't check its permission. if form.product.data: toCheck.append(form.product.data) for product in toCheck: if not dbo.permissions.hasUrlPermission(changed_by, '/rules/:id', 'POST', urlOptions={'product': product}): msg = "%s is not allowed to alter rules that affect %s" % (changed_by, product) cef_event('Unauthorized access attempt', CEF_ALERT, msg=msg) return Response(status=401, response=msg) releaseNames = dbo.releases.getReleaseNames() form.mapping.choices = [(item['name'], item['name']) for item in releaseNames] form.mapping.choices.insert(0, ('', 'NULL')) if not form.validate(): cef_event("Bad input", CEF_WARN, errors=form.errors) return Response(status=400, response=json.dumps(form.errors)) what = dict() # We need to be able to support changing AND removing parts of a rule, # and because of how Flask's request object and WTForm's defaults work # this gets a little hary. for k, v in form.data.iteritems(): # data_version is a "special" column, in that it's not part of the # primary data, and shouldn't be updatable by the user. if k == "data_version": continue # We need to check for each column in both the JSON style post # and the regular multipart form data. If the key is not present in # either of these data structures. We treat this cases as no-op # and shouldn't modify the data for that key. # If the key is present we should modify the data as requested. # If a value is an empty string, we should remove that restriction # from the rule (aka, set as NULL in the db). The underlying Form # will have already converted it to None, so we can treat it the # same as a modification here. if (request.json and k in request.json) or k in request.form: what[k] = v dbo.rules.updateRule(changed_by=changed_by, id_or_alias=id_or_alias, what=what, old_data_version=form.data_version.data, transaction=transaction) # find out what the next data version is rule = dbo.rules.getRule(id_or_alias, transaction=transaction) new_data_version = rule['data_version'] response = make_response(json.dumps(dict(new_data_version=new_data_version))) response.headers['Content-Type'] = 'application/json' return response
def _post(self, id_or_alias, transaction, changed_by): # Verify that the rule_id or alias exists. rule = dbo.rules.getRule(id_or_alias, transaction=transaction) if not rule: return Response(status=404) form = EditRuleForm() releaseNames = dbo.releases.getReleaseNames() form.mapping.choices = [(item['name'], item['name']) for item in releaseNames] form.mapping.choices.insert(0, ('', 'NULL')) if not form.validate(): self.log.warning("Bad input: %s", form.errors) return Response(status=400, response=json.dumps(form.errors)) what = dict() # We need to be able to support changing AND removing parts of a rule, # and because of how Flask's request object and WTForm's defaults work # this gets a little hary. for k, v in form.data.iteritems(): # data_version is a "special" column, in that it's not part of the # primary data, and shouldn't be updatable by the user. if k == "data_version": continue # We need to check for each column in both the JSON style post # and the regular multipart form data. If the key is not present in # either of these data structures. We treat this cases as no-op # and shouldn't modify the data for that key. # If the key is present we should modify the data as requested. # If a value is an empty string, we should remove that restriction # from the rule (aka, set as NULL in the db). The underlying Form # will have already converted it to None, so we can treat it the # same as a modification here. if (request.json and k in request.json) or k in request.form: what[k] = v dbo.rules.update( changed_by=changed_by, where={"rule_id": id_or_alias}, what=what, old_data_version=form.data_version.data, transaction=transaction) # find out what the next data version is rule = dbo.rules.getRule(id_or_alias, transaction=transaction) return jsonify(new_data_version=rule["data_version"])
def _post(self, id_or_alias, transaction, changed_by): # Verify that the rule_id or alias exists. rule = dbo.rules.getRule(id_or_alias, transaction=transaction) if not rule: return Response(status=404) form = EditRuleForm() releaseNames = dbo.releases.getReleaseNames() form.mapping.choices = [(item['name'], item['name']) for item in releaseNames] form.mapping.choices.insert(0, ('', 'NULL')) if not form.validate(): self.log.warning("Bad input: %s", form.errors) return Response(status=400, response=json.dumps(form.errors)) what = dict() # We need to be able to support changing AND removing parts of a rule, # and because of how Flask's request object and WTForm's defaults work # this gets a little hary. for k, v in form.data.iteritems(): # data_version is a "special" column, in that it's not part of the # primary data, and shouldn't be updatable by the user. if k == "data_version": continue # We need to check for each column in both the JSON style post # and the regular multipart form data. If the key is not present in # either of these data structures. We treat this cases as no-op # and shouldn't modify the data for that key. # If the key is present we should modify the data as requested. # If a value is an empty string, we should remove that restriction # from the rule (aka, set as NULL in the db). The underlying Form # will have already converted it to None, so we can treat it the # same as a modification here. if (request.json and k in request.json) or k in request.form: what[k] = v dbo.rules.update(changed_by=changed_by, where={"rule_id": id_or_alias}, what=what, old_data_version=form.data_version.data, transaction=transaction) # find out what the next data version is rule = dbo.rules.getRule(id_or_alias, transaction=transaction) return jsonify(new_data_version=rule["data_version"])
def _post(self, rule_id, transaction, changed_by): # Verify that the rule_id exists. if not db.rules.getRuleById(rule_id, transaction=transaction): return Response(status=404) form = EditRuleForm() releaseNames = db.releases.getReleaseNames() form.mapping.choices = [(item['name'],item['name']) for item in releaseNames] form.mapping.choices.insert(0, ('', 'NULL' )) if not form.validate(): return Response(status=400, response=form.errors) what = dict(backgroundRate=form.backgroundRate.data, mapping=form.mapping.data, priority=form.priority.data, product = form.product.data, version = form.version.data, buildID = form.build_id.data, channel = form.channel.data, locale = form.locale.data, distribution = form.distribution.data, buildTarget = form.build_target.data, osVersion = form.os_version.data, distVersion = form.dist_version.data, comment = form.comment.data, update_type = form.update_type.data, headerArchitecture = form.header_arch.data) self.log.debug("old_data_version: %s", form.data_version.data) db.rules.updateRule(changed_by=changed_by, rule_id=rule_id, what=what, old_data_version=form.data_version.data, transaction=transaction) # find out what the next data version is rule = db.rules.getRuleById(rule_id, transaction=transaction) new_data_version = rule['data_version'] response = make_response(json.dumps(dict(new_data_version=new_data_version))) response.headers['Content-Type'] = 'application/json' return response
def _post(self, rule_id, transaction, changed_by): # Verify that the rule_id exists. rule = dbo.rules.getRuleById(rule_id, transaction=transaction) if not rule: return Response(status=404) form = EditRuleForm() # Verify that the user has permission for the existing rule _and_ what the rule would become. toCheck = [rule['product']] # Rules can be partially updated - if product is null/None, we won't update that field, so # we shouldn't check its permission. if form.product.data: toCheck.append(form.product.data) for product in toCheck: if not dbo.permissions.hasUrlPermission( changed_by, '/rules/:id', 'POST', urlOptions={'product': product}): msg = "%s is not allowed to alter rules that affect %s" % ( changed_by, product) cef_event('Unauthorized access attempt', CEF_ALERT, msg=msg) return Response(status=401, response=msg) releaseNames = dbo.releases.getReleaseNames() form.mapping.choices = [(item['name'], item['name']) for item in releaseNames] form.mapping.choices.insert(0, ('', 'NULL')) if not form.validate(): cef_event("Bad input", CEF_WARN, errors=form.errors) return Response(status=400, response=json.dumps(form.errors)) what = dict() # We need to be able to support changing AND removing parts of a rule, # and because of how Flask's request object and WTForm's defaults work # this gets a little hary. for k, v in form.data.iteritems(): # data_version is a "special" column, in that it's not part of the # primary data, and shouldn't be updatable by the user. if k == "data_version": continue # We need to check for each column in both the JSON style post # and the regular multipart form data. If the key is not present in # either of these data structures. We treat this cases as no-op # and shouldn't modify the data for that key. # If the key is present we should modify the data as requested. # If a value is an empty string, we should remove that restriction # from the rule (aka, set as NULL in the db). The underlying Form # will have already converted it to None, so we can treat it the # same as a modification here. if (request.json and k in request.json) or k in request.form: what[k] = v dbo.rules.updateRule(changed_by=changed_by, rule_id=rule_id, what=what, old_data_version=form.data_version.data, transaction=transaction) # find out what the next data version is rule = dbo.rules.getRuleById(rule_id, transaction=transaction) new_data_version = rule['data_version'] response = make_response( json.dumps(dict(new_data_version=new_data_version))) response.headers['Content-Type'] = 'application/json' return response
def _post(self, rule_id, transaction, changed_by): # Verify that the rule_id exists. rule = dbo.rules.getRuleById(rule_id, transaction=transaction) if not rule: return Response(status=404) form = EditRuleForm() # Verify that the user has permission for the existing rule _and_ what the rule would become. toCheck = [rule['product']] # Rules can be partially updated - if product is null/None, we won't update that field, so # we shouldn't check its permission. if form.product.data: toCheck.append(form.product.data) for product in toCheck: if not dbo.permissions.hasUrlPermission(changed_by, '/rules/:id', 'POST', urlOptions={'product': product}): msg = "%s is not allowed to alter rules that affect %s" % (changed_by, product) cef_event('Unauthorized access attempt', CEF_ALERT, msg=msg) return Response(status=401, response=msg) releaseNames = dbo.releases.getReleaseNames() form.mapping.choices = [(item['name'],item['name']) for item in releaseNames] form.mapping.choices.insert(0, ('', 'NULL' )) if not form.validate(): cef_event("Bad input", CEF_WARN, errors=form.errors) return Response(status=400, response=json.dumps(form.errors)) what = dict() if form.backgroundRate.data: what['backgroundRate'] = form.backgroundRate.data if form.mapping.data: what['mapping'] = form.mapping.data if form.priority.data: what['priority'] = form.priority.data if form.product.data: what['product'] = form.product.data if form.version.data: what['version'] = form.version.data if form.build_id.data: what['buildID'] = form.build_id.data if form.channel.data: what['channel'] = form.channel.data if form.locale.data: what['locale'] = form.locale.data if form.distribution.data: what['distribution'] = form.distribution.data if form.build_target.data: what['buildTarget'] = form.build_target.data if form.os_version.data: what['osVersion'] = form.os_version.data if form.dist_version.data: what['distVersion'] = form.dist_version.data if form.comment.data: what['comment'] = form.comment.data if form.update_type.data: what['update_type'] = form.update_type.data if form.header_arch.data: what['headerArchitecture'] = form.header_arch.data dbo.rules.updateRule(changed_by=changed_by, rule_id=rule_id, what=what, old_data_version=form.data_version.data, transaction=transaction) # find out what the next data version is rule = dbo.rules.getRuleById(rule_id, transaction=transaction) new_data_version = rule['data_version'] response = make_response(json.dumps(dict(new_data_version=new_data_version))) response.headers['Content-Type'] = 'application/json' return response