def list_audits():
page = get_valid_page_or_1()
try:
per_page = int(
request.args.get('per_page',
current_app.config['DM_API_SERVICES_PAGE_SIZE']))
except ValueError:
abort(400, 'invalid page size supplied')
audits = AuditEvent.query.order_by(asc(AuditEvent.created_at))
audit_date = request.args.get('audit-date', None)
if audit_date:
if is_valid_date(audit_date):
audits = audits.filter(
cast(AuditEvent.created_at, Date) == audit_date)
else:
abort(400, 'invalid audit date supplied')
audit_type = request.args.get('audit-type')
if audit_type:
if AuditTypes.is_valid_audit_type(audit_type):
audits = audits.filter(AuditEvent.type == audit_type)
else:
abort(400, "Invalid audit type")
acknowledged = request.args.get('acknowledged', None)
if acknowledged and acknowledged != 'all':
if is_valid_acknowledged_state(acknowledged):
if convert_to_boolean(acknowledged):
audits = audits.filter(AuditEvent.acknowledged == true())
elif not convert_to_boolean(acknowledged):
audits = audits.filter(AuditEvent.acknowledged == false())
else:
abort(400, 'invalid acknowledged state supplied')
object_type = request.args.get('object-type')
object_id = request.args.get('object-id')
if object_type:
if object_type not in AUDIT_OBJECT_TYPES:
abort(400, 'invalid object-type supplied')
if not object_id:
abort(400, 'object-type cannot be provided without object-id')
model = AUDIT_OBJECT_TYPES[object_type]
id_field = AUDIT_OBJECT_ID_FIELDS[object_type]
audits = audits.join(model, model.id == AuditEvent.object_id) \
.filter(id_field == object_id)
elif object_id:
abort(400, 'object-id cannot be provided without object-type')
audits = audits.paginate(page=page, per_page=per_page)
return jsonify(auditEvents=[audit.serialize() for audit in audits.items],
links=pagination_links(audits, '.list_audits',
request.args))
def list_audits():
try:
page = int(request.args.get('page', 1))
except ValueError:
abort(400, "Invalid page argument")
audits = AuditEvent.query.order_by(
asc(AuditEvent.created_at)
)
audit_date = request.args.get('audit-date', None)
if audit_date:
if is_valid_date(audit_date):
audits = audits.filter(
cast(AuditEvent.created_at, Date) == audit_date
)
else:
abort(400, 'invalid audit date supplied')
if request.args.get('audit-type'):
if AuditTypes.is_valid_audit_type(request.args.get('audit-type')):
audits = audits.filter(
AuditEvent.type == request.args.get('audit-type')
)
else:
abort(400, "Invalid audit type")
acknowledged = request.args.get('acknowledged', None)
if acknowledged and acknowledged != 'all':
if is_valid_acknowledged_state(acknowledged):
if convert_to_boolean(acknowledged):
audits = audits.filter(
AuditEvent.acknowledged == true()
)
elif not convert_to_boolean(acknowledged):
audits = audits.filter(
AuditEvent.acknowledged == false()
)
else:
abort(400, 'invalid acknowledged state supplied')
audits = audits.paginate(
page=page,
per_page=current_app.config['DM_API_SERVICES_PAGE_SIZE'],
)
return jsonify(
auditEvents=[audit.serialize() for audit in audits.items],
links=pagination_links(
audits,
'.list_audits',
request.args
)
)
def create_audit_event():
json_payload = get_json_from_request() # TODO test
json_has_required_keys(json_payload, ['auditEvents']) # TODO test
audit_event_data = json_payload['auditEvents']
json_has_required_keys(audit_event_data, ["type", "data"])
if 'objectType' not in audit_event_data:
if 'objectId' in audit_event_data:
abort(400, "object ID cannot be provided without an object type")
db_object = None
else:
if audit_event_data['objectType'] not in AUDIT_OBJECT_TYPES:
abort(400, "invalid object type supplied")
if 'objectId' not in audit_event_data:
abort(400, "object type cannot be provided without an object ID")
model = AUDIT_OBJECT_TYPES[audit_event_data['objectType']]
id_field = AUDIT_OBJECT_ID_FIELDS[audit_event_data['objectType']]
db_objects = model.query.filter(
id_field == audit_event_data['objectId']
).all()
if len(db_objects) != 1:
abort(400, "referenced object does not exist")
else:
db_object = db_objects[0]
if not AuditTypes.is_valid_audit_type(audit_event_data['type']):
abort(400, "invalid audit type supplied")
audit_event = AuditEvent(
audit_type=AuditTypes[audit_event_data['type']],
user=audit_event_data.get('user'),
data=audit_event_data['data'],
db_object=db_object)
db.session.add(audit_event)
db.session.commit()
return jsonify(auditEvents=audit_event.serialize()), 201
def create_audit_event():
json_payload = get_json_from_request() # TODO test
json_has_required_keys(json_payload, ['auditEvents']) # TODO test
audit_event_data = json_payload['auditEvents']
json_has_required_keys(audit_event_data, ["type", "data"])
if 'objectType' not in audit_event_data:
if 'objectId' in audit_event_data:
abort(400, "object ID cannot be provided without an object type")
db_object = None
else:
if audit_event_data['objectType'] not in AUDIT_OBJECT_TYPES:
abort(400, "invalid object type supplied")
if 'objectId' not in audit_event_data:
abort(400, "object type cannot be provided without an object ID")
model = AUDIT_OBJECT_TYPES[audit_event_data['objectType']]
id_field = AUDIT_OBJECT_ID_FIELDS[audit_event_data['objectType']]
db_objects = model.query.filter(
id_field == audit_event_data['objectId']).all()
if len(db_objects) != 1:
abort(400, "referenced object does not exist")
else:
db_object = db_objects[0]
if not AuditTypes.is_valid_audit_type(audit_event_data['type']):
abort(400, "invalid audit type supplied")
audit_event = AuditEvent(audit_type=AuditTypes[audit_event_data['type']],
user=audit_event_data.get('user'),
data=audit_event_data['data'],
db_object=db_object)
db.session.add(audit_event)
db.session.commit()
return jsonify(auditEvents=audit_event.serialize()), 201
def test_should_reject_invalid_audit_type():
assert not AuditTypes.is_valid_audit_type("not valid")
def test_should_allow_valid_audit_type():
assert AuditTypes.is_valid_audit_type("contact_update")
def list_audits():
page = get_valid_page_or_1()
try:
per_page = int(request.args.get('per_page', current_app.config['DM_API_SERVICES_PAGE_SIZE']))
except ValueError:
abort(400, 'invalid page size supplied')
audits = AuditEvent.query.order_by(
asc(AuditEvent.created_at)
)
audit_date = request.args.get('audit-date', None)
if audit_date:
if is_valid_date(audit_date):
audits = audits.filter(
cast(AuditEvent.created_at, Date) == audit_date
)
else:
abort(400, 'invalid audit date supplied')
audit_type = request.args.get('audit-type')
if audit_type:
if AuditTypes.is_valid_audit_type(audit_type):
audits = audits.filter(
AuditEvent.type == audit_type
)
else:
abort(400, "Invalid audit type")
acknowledged = request.args.get('acknowledged', None)
if acknowledged and acknowledged != 'all':
if is_valid_acknowledged_state(acknowledged):
if convert_to_boolean(acknowledged):
audits = audits.filter(
AuditEvent.acknowledged == true()
)
elif not convert_to_boolean(acknowledged):
audits = audits.filter(
AuditEvent.acknowledged == false()
)
else:
abort(400, 'invalid acknowledged state supplied')
object_type = request.args.get('object-type')
object_id = request.args.get('object-id')
if object_type:
if object_type not in AUDIT_OBJECT_TYPES:
abort(400, 'invalid object-type supplied')
if not object_id:
abort(400, 'object-type cannot be provided without object-id')
model = AUDIT_OBJECT_TYPES[object_type]
id_field = AUDIT_OBJECT_ID_FIELDS[object_type]
audits = audits.join(model, model.id == AuditEvent.object_id) \
.filter(id_field == object_id)
elif object_id:
abort(400, 'object-id cannot be provided without object-type')
audits = audits.paginate(
page=page,
per_page=per_page
)
return jsonify(
auditEvents=[audit.serialize() for audit in audits.items],
links=pagination_links(
audits,
'.list_audits',
request.args
)
)
