def _post(self, rule_id, transaction, changed_by):
# Verify that the rule_id exists.
if not db.rules.getRuleById(rule_id, transaction=transaction):
return Response(status=404)
form = EditRuleForm()
releaseNames = retry(db.releases.getReleaseNames, sleeptime=5, retry_exceptions=(SQLAlchemyError,))
form.mapping.choices = [(item['name'],item['name']) for item in releaseNames]
form.mapping.choices.insert(0, ('', 'NULL' ))
if not form.validate():
return Response(status=400, response=form.errors)
what = dict(throttle=form.throttle.data,
mapping=form.mapping.data,
priority=form.priority.data,
product = form.product.data,
version = form.version.data,
build_id = form.build_id.data,
channel = form.channel.data,
locale = form.locale.data,
distribution = form.distribution.data,
build_target = form.build_target.data,
os_version = form.os_version.data,
dist_version = form.dist_version.data,
comment = form.comment.data,
update_type = form.update_type.data,
header_arch = form.header_arch.data)
self.log.debug("old_data_version: %s", form.data_version.data)
retry(db.rules.updateRule, sleeptime=5, retry_exceptions=(SQLAlchemyError,),
kwargs=dict(changed_by=changed_by, rule_id=rule_id, what=what, old_data_version=form.data_version.data, transaction=transaction))
return Response(status=200)
def _post(self, id_or_alias, transaction, changed_by):
# Verify that the rule_id or alias exists.
rule = dbo.rules.getRule(id_or_alias, transaction=transaction)
if not rule:
return Response(status=404)
form = EditRuleForm()
# Verify that the user has permission for the existing rule _and_ what the rule would become.
toCheck = [rule['product']]
# Rules can be partially updated - if product is null/None, we won't update that field, so
# we shouldn't check its permission.
if form.product.data:
toCheck.append(form.product.data)
for product in toCheck:
if not dbo.permissions.hasUrlPermission(changed_by, '/rules/:id', 'POST', urlOptions={'product': product}):
msg = "%s is not allowed to alter rules that affect %s" % (changed_by, product)
cef_event('Unauthorized access attempt', CEF_ALERT, msg=msg)
return Response(status=401, response=msg)
releaseNames = dbo.releases.getReleaseNames()
form.mapping.choices = [(item['name'], item['name']) for item in releaseNames]
form.mapping.choices.insert(0, ('', 'NULL'))
if not form.validate():
cef_event("Bad input", CEF_WARN, errors=form.errors)
return Response(status=400, response=json.dumps(form.errors))
what = dict()
# We need to be able to support changing AND removing parts of a rule,
# and because of how Flask's request object and WTForm's defaults work
# this gets a little hary.
for k, v in form.data.iteritems():
# data_version is a "special" column, in that it's not part of the
# primary data, and shouldn't be updatable by the user.
if k == "data_version":
continue
# We need to check for each column in both the JSON style post
# and the regular multipart form data. If the key is not present in
# either of these data structures. We treat this cases as no-op
# and shouldn't modify the data for that key.
# If the key is present we should modify the data as requested.
# If a value is an empty string, we should remove that restriction
# from the rule (aka, set as NULL in the db). The underlying Form
# will have already converted it to None, so we can treat it the
# same as a modification here.
if (request.json and k in request.json) or k in request.form:
what[k] = v
dbo.rules.updateRule(changed_by=changed_by, id_or_alias=id_or_alias, what=what,
old_data_version=form.data_version.data, transaction=transaction)
# find out what the next data version is
rule = dbo.rules.getRule(id_or_alias, transaction=transaction)
new_data_version = rule['data_version']
response = make_response(json.dumps(dict(new_data_version=new_data_version)))
response.headers['Content-Type'] = 'application/json'
return response
def _post(self, id_or_alias, transaction, changed_by):
# Verify that the rule_id or alias exists.
rule = dbo.rules.getRule(id_or_alias, transaction=transaction)
if not rule:
return Response(status=404)
form = EditRuleForm()
releaseNames = dbo.releases.getReleaseNames()
form.mapping.choices = [(item['name'], item['name'])
for item in releaseNames]
form.mapping.choices.insert(0, ('', 'NULL'))
if not form.validate():
self.log.warning("Bad input: %s", form.errors)
return Response(status=400, response=json.dumps(form.errors))
what = dict()
# We need to be able to support changing AND removing parts of a rule,
# and because of how Flask's request object and WTForm's defaults work
# this gets a little hary.
for k, v in form.data.iteritems():
# data_version is a "special" column, in that it's not part of the
# primary data, and shouldn't be updatable by the user.
if k == "data_version":
continue
# We need to check for each column in both the JSON style post
# and the regular multipart form data. If the key is not present in
# either of these data structures. We treat this cases as no-op
# and shouldn't modify the data for that key.
# If the key is present we should modify the data as requested.
# If a value is an empty string, we should remove that restriction
# from the rule (aka, set as NULL in the db). The underlying Form
# will have already converted it to None, so we can treat it the
# same as a modification here.
if (request.json and k in request.json) or k in request.form:
what[k] = v
dbo.rules.update(
changed_by=changed_by,
where={"rule_id": id_or_alias},
what=what,
old_data_version=form.data_version.data,
transaction=transaction)
# find out what the next data version is
rule = dbo.rules.getRule(id_or_alias, transaction=transaction)
return jsonify(new_data_version=rule["data_version"])
def _post(self, id_or_alias, transaction, changed_by):
# Verify that the rule_id or alias exists.
rule = dbo.rules.getRule(id_or_alias, transaction=transaction)
if not rule:
return Response(status=404)
form = EditRuleForm()
releaseNames = dbo.releases.getReleaseNames()
form.mapping.choices = [(item['name'], item['name'])
for item in releaseNames]
form.mapping.choices.insert(0, ('', 'NULL'))
if not form.validate():
self.log.warning("Bad input: %s", form.errors)
return Response(status=400, response=json.dumps(form.errors))
what = dict()
# We need to be able to support changing AND removing parts of a rule,
# and because of how Flask's request object and WTForm's defaults work
# this gets a little hary.
for k, v in form.data.iteritems():
# data_version is a "special" column, in that it's not part of the
# primary data, and shouldn't be updatable by the user.
if k == "data_version":
continue
# We need to check for each column in both the JSON style post
# and the regular multipart form data. If the key is not present in
# either of these data structures. We treat this cases as no-op
# and shouldn't modify the data for that key.
# If the key is present we should modify the data as requested.
# If a value is an empty string, we should remove that restriction
# from the rule (aka, set as NULL in the db). The underlying Form
# will have already converted it to None, so we can treat it the
# same as a modification here.
if (request.json and k in request.json) or k in request.form:
what[k] = v
dbo.rules.update(changed_by=changed_by,
where={"rule_id": id_or_alias},
what=what,
old_data_version=form.data_version.data,
transaction=transaction)
# find out what the next data version is
rule = dbo.rules.getRule(id_or_alias, transaction=transaction)
return jsonify(new_data_version=rule["data_version"])
def _post(self, rule_id, transaction, changed_by):
# Verify that the rule_id exists.
if not db.rules.getRuleById(rule_id, transaction=transaction):
return Response(status=404)
form = EditRuleForm()
releaseNames = db.releases.getReleaseNames()
form.mapping.choices = [(item['name'],item['name']) for item in releaseNames]
form.mapping.choices.insert(0, ('', 'NULL' ))
if not form.validate():
return Response(status=400, response=form.errors)
what = dict(backgroundRate=form.backgroundRate.data,
mapping=form.mapping.data,
priority=form.priority.data,
product = form.product.data,
version = form.version.data,
buildID = form.build_id.data,
channel = form.channel.data,
locale = form.locale.data,
distribution = form.distribution.data,
buildTarget = form.build_target.data,
osVersion = form.os_version.data,
distVersion = form.dist_version.data,
comment = form.comment.data,
update_type = form.update_type.data,
headerArchitecture = form.header_arch.data)
self.log.debug("old_data_version: %s", form.data_version.data)
db.rules.updateRule(changed_by=changed_by, rule_id=rule_id, what=what,
old_data_version=form.data_version.data, transaction=transaction)
# find out what the next data version is
rule = db.rules.getRuleById(rule_id, transaction=transaction)
new_data_version = rule['data_version']
response = make_response(json.dumps(dict(new_data_version=new_data_version)))
response.headers['Content-Type'] = 'application/json'
return response
def _post(self, rule_id, transaction, changed_by):
# Verify that the rule_id exists.
rule = dbo.rules.getRuleById(rule_id, transaction=transaction)
if not rule:
return Response(status=404)
form = EditRuleForm()
# Verify that the user has permission for the existing rule _and_ what the rule would become.
toCheck = [rule['product']]
# Rules can be partially updated - if product is null/None, we won't update that field, so
# we shouldn't check its permission.
if form.product.data:
toCheck.append(form.product.data)
for product in toCheck:
if not dbo.permissions.hasUrlPermission(
changed_by,
'/rules/:id',
'POST',
urlOptions={'product': product}):
msg = "%s is not allowed to alter rules that affect %s" % (
changed_by, product)
cef_event('Unauthorized access attempt', CEF_ALERT, msg=msg)
return Response(status=401, response=msg)
releaseNames = dbo.releases.getReleaseNames()
form.mapping.choices = [(item['name'], item['name'])
for item in releaseNames]
form.mapping.choices.insert(0, ('', 'NULL'))
if not form.validate():
cef_event("Bad input", CEF_WARN, errors=form.errors)
return Response(status=400, response=json.dumps(form.errors))
what = dict()
# We need to be able to support changing AND removing parts of a rule,
# and because of how Flask's request object and WTForm's defaults work
# this gets a little hary.
for k, v in form.data.iteritems():
# data_version is a "special" column, in that it's not part of the
# primary data, and shouldn't be updatable by the user.
if k == "data_version":
continue
# We need to check for each column in both the JSON style post
# and the regular multipart form data. If the key is not present in
# either of these data structures. We treat this cases as no-op
# and shouldn't modify the data for that key.
# If the key is present we should modify the data as requested.
# If a value is an empty string, we should remove that restriction
# from the rule (aka, set as NULL in the db). The underlying Form
# will have already converted it to None, so we can treat it the
# same as a modification here.
if (request.json and k in request.json) or k in request.form:
what[k] = v
dbo.rules.updateRule(changed_by=changed_by,
rule_id=rule_id,
what=what,
old_data_version=form.data_version.data,
transaction=transaction)
# find out what the next data version is
rule = dbo.rules.getRuleById(rule_id, transaction=transaction)
new_data_version = rule['data_version']
response = make_response(
json.dumps(dict(new_data_version=new_data_version)))
response.headers['Content-Type'] = 'application/json'
return response
def _post(self, rule_id, transaction, changed_by):
# Verify that the rule_id exists.
rule = dbo.rules.getRuleById(rule_id, transaction=transaction)
if not rule:
return Response(status=404)
form = EditRuleForm()
# Verify that the user has permission for the existing rule _and_ what the rule would become.
toCheck = [rule['product']]
# Rules can be partially updated - if product is null/None, we won't update that field, so
# we shouldn't check its permission.
if form.product.data:
toCheck.append(form.product.data)
for product in toCheck:
if not dbo.permissions.hasUrlPermission(changed_by, '/rules/:id', 'POST', urlOptions={'product': product}):
msg = "%s is not allowed to alter rules that affect %s" % (changed_by, product)
cef_event('Unauthorized access attempt', CEF_ALERT, msg=msg)
return Response(status=401, response=msg)
releaseNames = dbo.releases.getReleaseNames()
form.mapping.choices = [(item['name'],item['name']) for item in releaseNames]
form.mapping.choices.insert(0, ('', 'NULL' ))
if not form.validate():
cef_event("Bad input", CEF_WARN, errors=form.errors)
return Response(status=400, response=json.dumps(form.errors))
what = dict()
if form.backgroundRate.data:
what['backgroundRate'] = form.backgroundRate.data
if form.mapping.data:
what['mapping'] = form.mapping.data
if form.priority.data:
what['priority'] = form.priority.data
if form.product.data:
what['product'] = form.product.data
if form.version.data:
what['version'] = form.version.data
if form.build_id.data:
what['buildID'] = form.build_id.data
if form.channel.data:
what['channel'] = form.channel.data
if form.locale.data:
what['locale'] = form.locale.data
if form.distribution.data:
what['distribution'] = form.distribution.data
if form.build_target.data:
what['buildTarget'] = form.build_target.data
if form.os_version.data:
what['osVersion'] = form.os_version.data
if form.dist_version.data:
what['distVersion'] = form.dist_version.data
if form.comment.data:
what['comment'] = form.comment.data
if form.update_type.data:
what['update_type'] = form.update_type.data
if form.header_arch.data:
what['headerArchitecture'] = form.header_arch.data
dbo.rules.updateRule(changed_by=changed_by, rule_id=rule_id, what=what,
old_data_version=form.data_version.data, transaction=transaction)
# find out what the next data version is
rule = dbo.rules.getRuleById(rule_id, transaction=transaction)
new_data_version = rule['data_version']
response = make_response(json.dumps(dict(new_data_version=new_data_version)))
response.headers['Content-Type'] = 'application/json'
return response
