def auth_check(*args, **kwargs):
user = get_requesting_user()
if user is None:
return base_routes.make_not_authorized_response()
if 'admin' == auth_level and not user.is_administrator:
return base_routes.make_not_authorized_response()
return f(*args, requester=user, **kwargs)
def auth_check(*args, **kwargs):
user = get_requesting_user()
if user is None:
return base_routes.make_not_authorized_response()
if 'admin' == auth_level and not user.is_administrator:
return base_routes.make_not_authorized_response()
return f(*args, requester=user, **kwargs)
def get_search_results(id, page):
page = int(page)
requester = get_requesting_user()
if requester is None:
response = base_routes.make_not_authorized_response()
elif not is_integer(id):
response = base_routes.make_bad_request_response()
else:
search = store.session.query(Search).filter_by(id=id).first()
if search is None:
response = base_routes.make_not_found_response()
else:
if search.has_admin_rights(requester):
matching_searches = search_utils.find_matching_searches(
search, page)
serialized = [
search.serialize(
requester,
exclude=[],
) for search in matching_searches
]
response_data = {'data': serialized}
response = jsonify(response_data)
else:
response = base_routes.make_forbidden_response()
return response
def post_picture(user_id):
user = get_requesting_user()
if user_id != user.id:
return base_routes.make_not_authorized_response()
image_file = request.files['file']
if not image_file:
return base_routes.make_bad_request_response('missing image data')
image_data = image_file.read()
if not is_allowable_image(image_data):
return base_routes.make_bad_request_response(
'unallowed image type')
filename = image_to_user_filename(image_data, user_id)
store_image(image_file, filename)
user.picture_filename = filename
store.session.add(user)
store.session.commit()
logger.info('Saving image {!r}'.format(filename))
return base_routes.make_OK_response()
def post_picture(user_id):
user = get_requesting_user()
if user_id != user.id:
return base_routes.make_not_authorized_response()
image_file = request.files['file']
if not image_file:
return base_routes.make_bad_request_response('missing image data')
image_data = image_file.read()
if not is_allowable_image(image_data):
return base_routes.make_bad_request_response('unallowed image type')
filename = image_to_user_filename(image_data, user_id)
store_image(image_file, filename)
user.picture_filename = filename
store.session.add(user)
store.session.commit()
logger.info('Saving image {!r}'.format(filename))
return base_routes.make_OK_response()
def get_search_results(id, page):
page = int(page)
requester = get_requesting_user()
if requester is None:
response = base_routes.make_not_authorized_response()
elif not is_integer(id):
response = base_routes.make_bad_request_response()
else:
search = store.session.query(Search).filter_by(id=id).first()
if search is None:
response = base_routes.make_not_found_response()
else:
if search.has_admin_rights(requester):
matching_searches = search_utils.find_matching_searches(search, page)
serialized = [
search.serialize(
requester,
exclude=[],
) for search in matching_searches
]
response_data = {'data': serialized}
response = jsonify(response_data)
else:
response = base_routes.make_forbidden_response()
return response
def request_api_key():
requester = get_requesting_user()
if requester is None:
response = base_routes.make_not_authorized_response()
else:
secret = requester.make_api_key()
response_data = {'apiKey': secret.key}
response = jsonify(response_data)
return response
def request_api_key():
requester = get_requesting_user()
if requester is None:
response = base_routes.make_not_authorized_response()
else:
secret = requester.make_api_key()
response_data = {'apiKey': secret.key}
response = jsonify(response_data)
return response
def request_confirm_email():
requester = get_requesting_user()
if requester is None:
response = base_routes.make_not_authorized_response()
else:
error_message = mail_actions.request_signup_email_confirmation(requester)
if error_message:
response = base_routes.make_server_error_response(error_message)
else:
response = base_routes.make_OK_response()
return response
def request_confirm_email():
requester = get_requesting_user()
if requester is None:
response = base_routes.make_not_authorized_response()
else:
error_message = mail_actions.request_signup_email_confirmation(
requester)
if error_message:
response = base_routes.make_server_error_response(
error_message)
else:
response = base_routes.make_OK_response()
return response
def statistics():
requester = get_requesting_user()
if requester is None:
response = base_routes.make_not_authorized_response()
elif not requester.is_administrator:
response = base_routes.make_forbidden_response()
else:
yesterday = Statistic.date_yesterday()
response_data = {'data': {}}
for days_ago in range(30):
date = yesterday - datetime.timedelta(days=days_ago)
stats = Statistic.get_statistics(date)
response_data['data'][time_format.to_iso8601(date)] = stats
response = jsonify(response_data)
return response
def statistics():
requester = get_requesting_user()
if requester is None:
response = base_routes.make_not_authorized_response()
elif not requester.is_administrator:
response = base_routes.make_forbidden_response()
else:
yesterday = Statistic.date_yesterday()
response_data = {'data': {}}
for days_ago in range(30):
date = yesterday - datetime.timedelta(days=days_ago)
stats = Statistic.get_statistics(date)
response_data['data'][time_format.to_iso8601(date)] = stats
response = jsonify(response_data)
return response
def userbyemail(email):
requester = get_requesting_user()
if requester is None:
response = base_routes.make_not_authorized_response()
elif requester.email != email:
response = base_routes.make_forbidden_response()
else:
users = store.session.query(User).filter(User.email == email, User.active == True).all()
if len(users) > 1:
logger.error('More than one active user with the same email - {}'.format(email))
user = users[0]
elif len(users) == 0:
user = None
else:
user = users[0]
if user is None:
response = base_routes.make_not_found_response()
else:
response = base_routes.make_single_response(requester, user)
return response
def userbyemail(email):
requester = get_requesting_user()
if requester is None:
response = base_routes.make_not_authorized_response()
elif requester.email != email:
response = base_routes.make_forbidden_response()
else:
users = store.session.query(User).filter(
User.email == email, User.active == True).all()
if len(users) > 1:
logger.error(
'More than one active user with the same email - {}'.
format(email))
user = users[0]
elif len(users) == 0:
user = None
else:
user = users[0]
if user is None:
response = base_routes.make_not_found_response()
else:
response = base_routes.make_single_response(requester, user)
return response
