def confirm_transactions(): """ Used as a response from an rpc payout system. This will either reset the sent status of a list of transactions upon failure on the remote side, or create a new CoinTransaction object and link it to the transactions to signify that the transaction has been processed. Both request and response are signed. """ s = TimedSerializer(current_app.config['rpc_signature']) data = s.loads(request.data) # basic checking of input try: assert len(data['coin_txid']) == 64 assert isinstance(data['pids'], list) assert isinstance(data['bids'], list) for id in data['pids']: assert isinstance(id, int) for id in data['bids']: assert isinstance(id, int) except AssertionError: current_app.logger.warn("Invalid data passed to confirm", exc_info=True) abort(400) coin_trans = Transaction.create(data['coin_txid']) db.session.flush() Payout.query.filter(Payout.id.in_(data['pids'])).update( {Payout.transaction_id: coin_trans.txid}, synchronize_session=False) BonusPayout.query.filter(BonusPayout.id.in_(data['bids'])).update( {BonusPayout.transaction_id: coin_trans.txid}, synchronize_session=False) db.session.commit() return s.dumps(True)
def publish(): if request.method == 'GET': abort(404) # authorization token = request.form.get('token', '') if token != app.config['TOKEN']: return 'invalid access token', 500 title = request.form.get('title', None) if not title: return 'no title found', 500 summary = request.form.get('summary', None) if not summary: return 'no summary found', 500 content = request.form.get('content', None) if not content: return 'no content found', 500 content = markdown2html(content) pub_time = request.form.get('pub_time', None) if pub_time: pub_time = datetime.strptime(pub_time, app.config['TIME_FORMAT']) tags = request.form.getlist('tags') create_article(title, summary, content, pub_time, tags) return '', 200
def delete_post(username, post_id, reply_id=None): """Deletes posts. """ # The default redirect is different for a post/reply deletion # Reply deletion keeps you on the page and post deletion takes you to feed if reply_id is not None: redirect_url = handle_next(request, url_for('posts.view_post', username=username, post_id=post_id)) else: redirect_url = handle_next(request, url_for('users.feed')) user_id = get_uid(username) if not check_post(user_id, post_id, reply_id): return abort(404) if reply_id is not None: _post = get_post(reply_id) if _post['user_id'] != current_user['_id'] and \ user_id != current_user['_id']: return abort(403) else: if user_id != current_user['_id']: return abort(403) if reply_id is not None: be_delete_post(reply_id) flash('Post has been deleted', 'success') else: be_delete_post(post_id) flash('Post has been deleted along with all replies', 'success') return redirect(redirect_url)
def get_mem_one( data, request ): name = request.args.get('name', None) if name is None: return abort( 404 ) mem_data = {} for utime in data.db: ctime = int(utime / g.glanularity) * g.glanularity for my_name in data.db[ utime ]: if my_name != name: continue mem = data.db[ utime ][ my_name ][ 'memories' ] for key in mem: val = mem[ key ] if key not in mem_data: mem_data[ key ] = {} if ctime not in mem_data[ key ]: mem_data[ key ][ ctime ] = {} mem_data[ key ][ ctime ][ my_name ] = val if len( mem_data ) == 0: return abort( 404 ) return tojason( mem_data )
def event_withdraw(profile, event): user_id = g.user.id participant = Participant.query.filter_by(event_id=event.id, user_id=user_id).first() if participant: workflow = participant.workflow() if not workflow.can_withdraw(): abort(403) withdraw_call = { 0: workflow.withdraw_pending, 1: workflow.withdraw_waiting_list, 2: workflow.withdraw_confirmed, 3: workflow.withdraw_rejected, } form = ConfirmWithdrawForm() if form.validate_on_submit(): if 'delete' in request.form: try: withdraw_call[participant.status]() except KeyError: pass db.session.commit() flash(u"Your request to withdraw from {0} is recorded".format(event.title), "success") values = {'profile': profile.name, 'event': event.name} return render_redirect(event.url_for(), code=303) return render_template('withdraw.html', form=form, title=u"Confirm withdraw", message=u"Withdraw from '%s' ? You can come back anytime." % (event.title)) else: abort(404)
def get_club(rowkey): if not check_auth(request): abort(403) club = db_session.query(Club).filter_by(rowkey=rowkey).first() if club is None: abort(404) if request.method =='GET': return jsonify({'idclub': club.idclub, 'name': club.name, 'description': club.description, 'postaladdress': club.postaladdress, 'postalzipcode': club.postalzipcode, 'postalcity': club.postalcity, 'visitingaddress': club.visitingaddress, 'visitingzipcode': club.visitingzipcode, 'visitingcity': club.visitingcity, 'rowkey': club.rowkey}) if request.method =='POST': club.visitingaddress = request.json["visitingaddress"] club.visitingzipcode = request.json["visitingzipcode"] club.visitingcity = request.json["visitingcity"] club.name = request.json["name"] club.postaladdress = request.json["postaladdress"] club.postalzipcode = request.json["postalzipcode"] club.postalcity = request.json["postalcity"] db_session.commit() return jsonify({'idclub': club.idclub, 'name': club.name, 'description': club.description, 'postaladdress': club.postaladdress, 'postalzipcode': club.postalzipcode, 'postalcity': club.postalcity, 'visitingaddress': club.visitingaddress, 'visitingzipcode': club.visitingzipcode, 'visitingcity': club.visitingcity, 'rowkey': club.rowkey})
def blogedit(blogid): if 'logged_in' not in session: abort(403) if request.method == 'POST': title = request.form['title'].strip() text = request.form['blogpost'].strip() error = 0 if title == "": error = 1 flash("You must make a title","error") if text == "": error = 1 flash("You must make the blogpost","error") if 'Preview Blog' in request.form.values(): renderedblog = render_bbcode(text) return render_template("blogedit.html",blogid=blogid,title=title,blogpost=text,recover=1,preview="1",renderedblog=renderedblog) if error: return render_template('blogedit.html',blogid=blogid,title=title,blogpost=text,recover=1) g.db.execute(""" UPDATE post SET title=?, text=?, lastedit=? WHERE id=? """,(title,text,unixtime(),blogid)) g.db.commit() flash("You successfully changed your blogpost","message") return redirect(url_for('blogpost',blogid=blogid)) g.blog = query_db(""" SELECT * FROM post WHERE id=? """, [str(blogid)], True,False) return render_template('blogedit.html',blogid=blogid)
def club_pictures(rowkey): if not check_auth(request): abort(403) if request.method == 'POST': # check if the post request has the file part if 'file' not in request.files: return make_response('No file part', 400) file = request.files['file'] # if user does not select file, browser also # submit a empty part without filename if file.filename == '': return make_response('No file part', 400) if not allowed_file(file.filename): return make_response('The filetype is not allowed') if file and allowed_file(file.filename): filename = secure_filename(file.filename) filename = rowkey + "." + filename.rsplit('.', 1)[1] file.save(os.path.join(app.config['CLUB_PICTURE_UPLOAD_FOLDER'], filename)) db_picture = db_session.query(UserFile).filter_by(owner=rowkey, file_type='ProfilePicture') if len(list(db_picture)) == 0: db_picture = UserFile() db_picture.file_type = 'ProfilePicture' db_picture.owner = rowkey db_session.add(db_picture) db_session.commit() return make_response("",200) db_picture.update({"file_name":filename}) db_session.commit() return make_response("", 200) if request.method == 'GET': filename = db_session.query(UserFile).filter_by(file_type='ProfilePicture', owner=rowkey)[0].file_name return jsonify({"filename": str.replace(app.config['CLUB_PICTURE_UPLOAD_FOLDER'], "static\\Sloach\\", "") + "/" + filename})
def get_results(idathlete): if not check_auth(request): abort(403) retResults = {"trainingresults": []} if request.method == 'GET': trainingresults = db_session.query(TrainingResult).filter_by(id=idathlete).join(TrainingSession).order_by(TrainingResult.resulttype) for training_result in trainingresults: retResults["trainingresults"].append({"result_type":training_result.resulttype, "timeresult": training_result.timeresult, "achievedonsession":training_result.achievedonsession.id, "sessionname": training_result.achievedonsession.name, "achievedondate":str(training_result.achievedonsession.fromtime.isoformat())}) if request.method == 'PUT': if not request.json: abort(400) training_result = TrainingResult() training_result.achievedonsession = request.json["trainingsession"] training_result.athlete_id = request.json["athlete"] training_result.resulttype = request.json["resulttype"] training_result.timeresult = request.json["timeresult"] db_session.commit() return make_response(jsonify(retResults),200)
def network(network): try: channels = paths.channels(network) except exceptions.NoResultsException as ex: abort(404) return render_template('network.html', network=network, channels=channels)
def edit(id): book = Book.query.get_or_404(id) if not current_user.can(Permission.EDIT): abort('403') form = AddBookForm() if form.validate_on_submit(): book.front_cover=form.front_cover.data book.bookname=form.bookname.data book.introduction=form.introduction.data book.press=form.press.data book.author=form.author.data book.book_type=form.book_type.data book.published_date=form.published_date.data book.amount_all=form.amount_all.data db.session.add(book) flash('The book has been updated.') return redirect(url_for('.book', id=book.id)) form.front_cover.data=book.front_cover form.bookname.data=book.bookname form.introduction.data=book.introduction form.press.data=book.press form.author.data=book.author form.book_type.data=book.book_type form.published_date.data=book.published_date form.amount_all.data=book.amount_all return render_template('edit_book.html', form=form)
def merge(): try: if request.method == 'OPTIONS': return make_response(jsonify({"Allow":"POST"}), 200) if not request.json or not 'foreground_url' in request.json or not 'background_url' in request.json: abort(400) foreground_url = request.json['foreground_url'] background_url = request.json['background_url'] m = Merger(foreground_url, background_url) m.merge_images() response = { 'output_image':{ 'name': m.get_output_image('name'), 'url' : url_for('get_image', image_name = m.get_output_image('name'),_external=True), 'base64' : m.get_output_image('base64') } } return jsonify(response), 201 except Exception as e: err_msg = e.message if err_msg == '': err_msg = 'Internal Error. Please Try Again' return make_response(jsonify({'error': e.message}), 202)
def view_font(name, page, per_page=10): try: # TODO: check all possible options like "Arial", arial "\"arail\"" pagination = Font.objects.filter(name__icontains=name).paginate(page=page, per_page=per_page) return render_template('font.html', pagination=pagination, name=name) except db.DoesNotExist: abort(404)
def get_userinfo(self, access_token): userinfo = requests.get(GOOGLE_OAUTH2_USERINFO_URL, params=dict( access_token=access_token, )).json() if not userinfo or userinfo.get('error'): abort(400) return userinfo
def decorated_function(*args, **kwargs): if current_user.is_authenticated: if current_user.id != 1: abort(403) return f(*args, **kwargs) else: abort(403)
def post(self, **kwargs): """Create a record. :returns: The created record. """ if request.content_type != 'application/json': abort(415) # TODO: accept non json content (MARC21...) data = request.get_json() if data is None: return abort(400) try: # Create uuid for record record_uuid = uuid.uuid4() # Create persistent identifier pid = self.minter(record_uuid, data=data) # Create record record = Record.create(data, id_=record_uuid) # Check permissions permission_factory = self.create_permission_factory or \ current_records_rest.create_permission_factory if permission_factory: verify_record_permission(permission_factory, record) db.session.commit() except SQLAlchemyError: db.session.rollback() current_app.logger.exception('Failed to create record.') abort(500) return self.make_response(pid, record, 201)
def get_task(task_id, src_id): print task_id print src_id task = filter(lambda t: t['dst'][:5] == task_id[:5], tasks) new_task = filter(lambda t: t['src'][:5] == src_id[:5], task) if len(new_task) == 0: print "cannot find the ip " + task_id + " from the database" print "calling king service from server" print subprocess.call(["../king/bin/king", src_id, task_id], stdout=open('log.txt','a')) re_tasks = [] with open('out.txt') as ff: lines = ff.readlines() for line in lines: words = line.split(' ') re_task = {'src': words[1], 'dst': words[4], 'rtt': words[7], 'bandwidth': words[11]} re_tasks.append(re_task) print re_tasks _task = filter(lambda t: t['dst'][:5] == task_id[:5], re_tasks) inject_task = filter(lambda t: t['src'][:5] == src_id[:5], _task) print inject_task if len(inject_task) == 0: abort(404) print inject_task new_task = inject_task print new_task return jsonify( { 'task': make_public_task(new_task[0]) } )
def grant_mod(mod_id): mod = Mod.query.filter(Mod.id == mod_id).first() if not mod: abort(404) editable = False if current_user: if current_user.admin: editable = True if current_user.id == mod.user_id: editable = True if not editable: abort(401) new_user = request.form.get('user') new_user = User.query.filter(User.username.ilike(new_user)).first() if new_user == None: return { 'error': True, 'message': 'The specified user does not exist.' }, 400 if mod.user == new_user: return { 'error': True, 'message': 'This user has already been added.' }, 400 if any(m.user == new_user for m in mod.shared_authors): return { 'error': True, 'message': 'This user has already been added.' }, 400 if not new_user.public: return { 'error': True, 'message': 'This user has not made their profile public.' }, 400 author = SharedAuthor() author.mod = mod author.user = new_user mod.shared_authors.append(author) db.add(author) db.commit() send_grant_notice(mod, new_user) return { 'error': False }, 200
def revoke_mod(mod_id): if current_user == None: return { 'error': True, 'message': 'You are not logged in.' }, 401 mod = Mod.query.filter(Mod.id == mod_id).first() if not mod: abort(404) editable = False if current_user: if current_user.admin: editable = True if current_user.id == mod.user_id: editable = True if not editable: abort(401) new_user = request.form.get('user') new_user = User.query.filter(User.username.ilike(new_user)).first() if new_user == None: return { 'error': True, 'message': 'The specified user does not exist.' }, 400 if mod.user == new_user: return { 'error': True, 'message': 'You can\'t remove yourself.' }, 400 if not any(m.user == new_user for m in mod.shared_authors): return { 'error': True, 'message': 'This user is not an author.' }, 400 author = [a for a in mod.shared_authors if a.user == new_user][0] mod.shared_authors = [a for a in mod.shared_authors if a.user != current_user] db.delete(author) return { 'error': False }, 200
def get_contents(self, long_slug): now = datetime.now() path = long_slug.split('/') mpath = ",".join(path) mpath = ",{0},".format(mpath) channel = Channel.objects.get_or_404(mpath=mpath, published=True) if not channel.include_in_rss: abort(404) self.channel = channel base_filters = {} filters = { 'published': True, 'available_at__lte': now, } if not channel.is_homepage: base_filters['__raw__'] = { 'mpath': {'$regex': "^{0}".format(mpath)}} filters.update(channel.get_content_filters()) contents = Content.objects(**base_filters).filter(**filters) if current_app.config.get("PAGINATION_ENABLED", True): pagination_arg = current_app.config.get("PAGINATION_ARG", "page") page = request.args.get(pagination_arg, 1) per_page = channel.per_page or current_app.config.get( "PAGINATION_PER_PAGE", 10 ) contents = contents.paginate(page=int(page), per_page=per_page) return contents
def client(address=None): try: clients = monitor_app.config['stratum_clients']['address_lut'][address] except KeyError: abort(404) return jsonify(**{address: [client.details for client in clients]})
def api_update(self, pk): is_valid_form = True get_filter_args(self._filters) exclude_cols = self._filters.get_relation_cols() item = self.datamodel.get(pk, self._base_filters) if not item: abort(404) # convert pk to correct type, if pk is non string type. pk = self.datamodel.get_pk_value(item) form = self.edit_form.refresh(request.form) # fill the form with the suppressed cols, generated from exclude_cols self._fill_form_exclude_cols(exclude_cols, form) # trick to pass unique validation form._id = pk if form.validate(): form.populate_obj(item) self.pre_update(item) if self.datamodel.edit(item): self.post_update(item) http_return_code = 200 else: http_return_code = 500 else: is_valid_form = False if is_valid_form: response = make_response(jsonify({'message': self.datamodel.message[0], 'severity': self.datamodel.message[1]}), http_return_code) else: # TODO return dict with from errors validation response = make_response(jsonify({'message': 'Invalid form', 'severity': 'warning'}), 500) return response
def user_linked_key_conf_get(key_id, server_id): doc = _find_doc({ 'key_id': key_id, }) if not doc: return flask.abort(404) org = organization.get_by_id(doc['org_id']) if not org: return flask.abort(404) user = org.get_user(id=doc['user_id']) if not user: return flask.abort(404) if user.disabled: return flask.abort(403) key_conf = user.build_key_conf(server_id) user.audit_event('user_profile', 'User profile downloaded with temporary profile link', remote_addr=utils.get_remote_addr(), ) response = flask.Response(response=key_conf['conf'], mimetype='application/ovpn') response.headers.add('Content-Disposition', 'attachment; filename="%s"' % key_conf['name']) return response
def create_item(project): path, err = _get_path() if err: return err try: File.get_by_project_path(project, path) except NotFoundError: is_directory = path.strip().endswith("/") data = {"path": path} if not is_directory: data["file"] = request.files.get("file", None) if not data["file"]: return abort(400) data["project"] = project data["author"] = current_user._get_current_object() f = File.create(data=data) try: f.save() except NotFoundError: return abort(404) return jsonify(**f.serialize_for_client()) else: return jsonify(error="That path already exists!"), 400
def update_tour(planid): if not request.json: abort(400) else: request.json["planid"]=planid mongocli.update_tour(request.json) return jsonify({"result":"success"})
def get_patch(): """ Function to return a patch from cache """ logging.debug('Request received with args : %s', flask.request.args) required_params = ('sha_from', 'sha_to') if not all(param in flask.request.args.keys() for param in required_params): logging.info('Arguments could not be validated') flask.abort(400) identifier = _get_identifier(flask.request.args['sha_from'], flask.request.args['sha_to']) logging.debug('Looking up record with identifier %s', identifier) cacheo = cache.Cache() if not cacheo.find(identifier, 'patch'): logging.info('Invalid partial request') resp = flask.Response(json.dumps({ "result": "Patch with identifier %s not found" % identifier, }), status=400, ) return resp logging.info('Patch found, retrieving ...') return flask.Response(cacheo.retrieve(identifier, 'patch'), status=200, mimetype='application/octet-stream')
def save_patch(): """ Function to cache a patch in funsize """ logging.debug('Parameters passed in : %s', flask.request.form) logging.debug('Files passed in : %s', flask.request.files.lists()) required_params = ('sha_from', 'sha_to') if not all(param in flask.request.form.keys() for param in required_params): logging.info('Parameters could not be validated') flask.abort(400) files = flask.request.files if 'patch_file' not in files.keys(): logging.info('Parameters passed could not be found on disk') flask.abort(400) storage = files.get('patch_file') form = flask.request.form sha_from, sha_to = form['sha_from'], form['sha_to'] identifier = _get_identifier(sha_from, sha_to) logging.info('Saving patch file to cache with key %s', identifier) cacheo = cache.Cache() cacheo.save(storage.stream, identifier, 'patch') url = flask.url_for('get_patch', sha_from=sha_from, sha_to=sha_to) return flask.Response(json.dumps({ "result": url, }), status=200, mimetype='application/json')
def api_package_activities(package_name, test_id, hierarchy_id=None): package = db.session.query(Package).filter(Package.package_name == package_name).first() latest_runtime = db.session.query(Runtime ).filter(Result.package_id==package.id ).join(Result ).order_by(Runtime.id.desc() ).first() if (hierarchy_id): if (hierarchy_id=="None"): hierarchy_id=None test_results = db.session.query(Result.result_identifier, Result.result_data ).filter(Package.package_name == package_name, Result.runtime_id==latest_runtime.id, Result.test_id==test_id, Result.result_hierarchy==hierarchy_id ).join(Package ).all() else: test_results = db.session.query(Result.result_identifier, Result.result_data ).filter(Package.package_name == package_name, Result.runtime_id==latest_runtime.id, Result.test_id==test_id ).join(Package ).all() if ((package == None) or (test_results==None)): abort(404) else: return jsonify(test_results)
def on_create(self, docs): ''' Create corresponding item on file upload ''' for doc in docs: file, content_type, metadata = self.get_file_from_document(doc) inserted = [doc['media']] file_type = content_type.split('/')[0] try: update_dates_for(doc) doc['guid'] = generate_guid(type=GUID_TAG) doc.setdefault('_id', doc['guid']) doc['type'] = self.type_av.get(file_type) doc['version'] = 1 doc['versioncreated'] = utcnow() rendition_spec = config.RENDITIONS['picture'] renditions = generate_renditions(file, doc['media'], inserted, file_type, content_type, rendition_spec, url_for_media) doc['renditions'] = renditions doc['mimetype'] = content_type doc['filemeta'] = metadata if not doc.get('_import', None): doc['creator'] = set_user(doc) add_activity('uploaded media {{ name }}', name=doc.get('headline', doc.get('mimetype')), renditions=doc.get('renditions')) except Exception as io: logger.exception(io) for file_id in inserted: delete_file_on_error(doc, file_id) abort(500) on_create_media_archive()
def wrapper(*args, **kwargs): logger.debug("%s Oauth verification...", request.url) authorization = request.headers.get("Authorization") if authorization is None: logger.error("... No auth provided. Aborting with 401.") raise abort(401) else: _, token = authorization.split() logger.debug("... Getting token '%s' from %s", token, token_info_url) token_request = requests.get(token_info_url, params={"access_token": token}) logger.debug("... Token info (%d): %s", token_request.status_code, token_request.text) if not token_request.ok: raise abort(401) token_info = token_request.json() user_scopes = set(token_info["scope"]) scopes_intersection = user_scopes & allowed_scopes logger.debug("... Scope intersection: %s", scopes_intersection) if not scopes_intersection: logger.error( "... User scopes (%s) don't include one of the allowed scopes (%s). Aborting with 401.", user_scopes, allowed_scopes, ) raise abort(401) logger.info("... Token authenticated.") return function(*args, **kwargs)
def admin(): if session.get('is_author'): return render_template('blog/admin.html') else: abort(403)
def cities_get(city_id): """Return attribute dictionary for a particular city""" get_cities = storage.get("City", city_id) if get_cities is None: abort(404) return (jsonify(get_cities.to_dict()))
def cities_by_state(state_id): """Return all cities in a state""" state = storage.get("State", state_id) if state is None: abort(404) return(jsonify([x.to_dict() for x in state.cities]))
def _wrap(*args, **kwargs): if not request.is_json: abort(400) return fn(*args, **kwargs)
def paginate(self, page=None, per_page=None, error_out=True, max_per_page=None): """Returns ``per_page`` items from page ``page``. If ``page`` or ``per_page`` are ``None``, they will be retrieved from the request query. If ``max_per_page`` is specified, ``per_page`` will be limited to that value. If there is no request or they aren't in the query, they default to 1 and 20 respectively. When ``error_out`` is ``True`` (default), the following rules will cause a 404 response: * No items are found and ``page`` is not 1. * ``page`` is less than 1, or ``per_page`` is negative. * ``page`` or ``per_page`` are not ints. When ``error_out`` is ``False``, ``page`` and ``per_page`` default to 1 and 20 respectively. Returns a :class:`Pagination` object. """ if request: if page is None: try: page = int(request.args.get('page', 1)) except (TypeError, ValueError): if error_out: abort(404) page = 1 if per_page is None: try: per_page = int(request.args.get('per_page', 20)) except (TypeError, ValueError): if error_out: abort(404) per_page = 20 else: if page is None: page = 1 if per_page is None: per_page = 20 if max_per_page is not None: per_page = min(per_page, max_per_page) if page < 1: if error_out: abort(404) else: page = 1 if per_page < 0: if error_out: abort(404) else: per_page = 20 items = self.limit(per_page).offset((page - 1) * per_page).all() if not items and page != 1 and error_out: abort(404) total = self.order_by(None).count() return Pagination(self, page, per_page, total, items)
def inner(*args, **kwargs): request_data = request.get_json(silent=True) if 'object_kind' not in request_data or \ (object_kind != request_data['object_kind']): return abort(400) return f(request_data, *args, **kwargs)
def abortTest(): abort(404) return '<h1>Hello</h1>'
def stocks(): if session.get('logged_in'): result = screened_stocks() return result else: return abort(401)
def decorated_function(*args, **kwargs): if not current_user.can(permission): abort(403) return f(*args, **kwargs)
def get(self): args = parser.parse_args() image_id = args.get('id') skip = args.get('skip') maximum = args.get('maximum') thumb = args.get('thumbnail') token = request.headers['Authorization'] token = token.split(" ")[1] userid = oidc.user_getfield('sub', token) if request.headers.get('accept') == 'application/json': if skip is None: skip = 0 if maximum is None: max = 20 if image_id is None: myquery = {"userId": userid} found = [] try: cursor = mongoClient['image'].find(myquery).skip( skip).limit(maximum) for f in cursor: found.append(json_util.dumps(f)) resp = Response(json_util.dumps(found)) resp.headers["Access-Control-Expose-Headers"] = '*' return resp except Exception as e: abort(404, "Could not get images") if image_id is not None: myquery = {"$and": [{"userId": userid}, {"imageId": image_id}]} found = mongoClient['image'].find_one(myquery) resp = Response(json_util.dumps(found)) resp.headers["Access-Control-Expose-Headers"] = '*' return resp if request.headers.get('accept') == 'application/octet-stream': query = {"$and": [{"userId": userid}, {"imageId": image_id}]} found = mongoClient['image'].find_one(query) if found: photo = found['photo'] bucket = photo.split("/")[0] name = photo.split("/")[1] @after_this_request def save_or_delete_file(response): try: if os.path.exists(image_path['IMAGE_PATH'] + name): os.remove(image_path['IMAGE_PATH'] + name) return response except Exception: return response try: minioClient.fget_object(bucket, name, image_path['IMAGE_PATH'] + name) except Exception: abort(500, "Could not find image") if thumb is not None: im = Image.open(image_path['IMAGE_PATH'] + name) size = 128, 128 im.thumbnail(size) im.save(image_path['IMAGE_PATH'] + name, "JPEG") try: return send_file(image_path['IMAGE_PATH'] + name) except Exception: abort(404) else: return send_file(image_path['IMAGE_PATH'] + name)
def get_or_404(self, url): page = self.get(url) if page: return page abort(404)
def file(filename): file_item = files.get_file_by_filname(filename) if not file_item: abort(404) return render_template('file.html',file_item = file_item)
def dwelling_detail(id): dwelling = RestDwelling.query.get(id) if not dwelling: abort(404) return dwelling_schema.jsonify(dwelling)
def testAbort(): abort(500) return 'testAbort'
def admin_dashboard(): # prevent non-admins from accessing the page if not current_user.is_admin: abort(403) return render_template('home/admin_dashboard.html', title="Dashboard")
def create_brief_response(): json_payload = get_json_from_request() updater_json = validate_and_return_updater_request() page_questions = get_request_page_questions() json_has_required_keys(json_payload, ['briefResponses']) brief_response_json = json_payload['briefResponses'] json_has_required_keys(brief_response_json, ['briefId', 'supplierId']) try: brief = Brief.query.get(brief_response_json['briefId']) except DataError: brief = None if brief is None: abort(400, "Invalid brief ID '{}'".format(brief_response_json['briefId'])) if brief.status != 'live': abort(400, "Brief must be live") if brief.framework.status not in ['live', 'expired']: abort(400, "Brief framework must be live or expired") supplier = validate_and_return_supplier(brief_response_json) brief_service = get_supplier_service_eligible_for_brief(supplier, brief) if not brief_service: abort(400, "Supplier is not eligible to apply to this brief") # Check if brief response already exists from this supplier if BriefResponse.query.filter(BriefResponse.supplier == supplier, BriefResponse.brief == brief).first(): abort(400, "Brief response already exists for supplier '{}'".format(supplier.supplier_id)) brief_response = BriefResponse( data=brief_response_json, supplier=supplier, brief=brief, ) brief_role = brief.data["specialistRole"] if brief.lot.slug == "digital-specialists" else None service_max_day_rate = brief_service.data[brief_role + "PriceMax"] if brief_role else None brief_response.validate(enforce_required=False, required_fields=page_questions, max_day_rate=service_max_day_rate) db.session.add(brief_response) try: db.session.flush() except IntegrityError as e: db.session.rollback() abort(400, format(e)) audit = AuditEvent( audit_type=AuditTypes.create_brief_response, user=updater_json['updated_by'], data={ 'briefResponseId': brief_response.id, 'briefResponseJson': brief_response_json, }, db_object=brief_response, ) db.session.add(audit) db.session.commit() return single_result_response(RESOURCE_NAME, brief_response), 201
def destroy(id): temp = Lugar.get(id) if not temp: abort(404) return Lugar.remove(id)
def decorated_function(*args, **kwargs): # If id is not 1 then return abort with 403 error if current_user.id != 1: return abort(403) # Otherwise continue with the route function return f(*args, **kwargs)
def store(): data = request.get_json() if not request.json or not Lugar.valid(data): abort(400) return Lugar.add(data)
def wrapper(*args, **kwargs): u = current_user() if u : return f(*args, **kwargs) else: abort(401)
def get_status_by_station_and_date(station: str, date: str): status = _get_station_status(station, date) if status is None: abort(404) return jsonify(status._asdict())
def update(id): temp = Lugar.get(id) data = request.get_json() if not temp or not data or not Lugar.valid(data): abort(404) return Lugar.update(id, data)
def _handle_view(self, name, **kwargs): if not self.is_accessible(): abort(401)
def decorator(*args, **kwargs): try: _jwt_required(realm or current_app.config['JWT_DEFAULT_REALM']) return fn(*args, **kwargs) except JWTError: abort(401)
def gg_data(label): if not re.fullmatch(r'\d+T\d+', label): return abort(404, f"Invalid label {label}") bread = get_bread([(label, url_for_label(label)), ("Data", " ")]) title = f"Transitive group data - {label}" return datapage(label, "gps_transitive", title=title, bread=bread)
def get_job(job_id): job = ScheduledJob.query.get(job_id) if not job: abort(404, 'job ID not found') return jsonify(job.as_json())
def ret_city_id(city_id=None): """Retrieves a City object""" city = storage.get('City', city_id) if city is None: abort(404) return jsonify(city.to_dict())
def post(self): """ Creates a new item The payload must consist of a JSON-LD document for a single entity. @graph is not permitted """ doc = request.json # validation if '@graph' in doc: return 406,\ "Invalid request: Providing 'graph' is not supported." # Create a temporary graph to store the item tmp_g = Graph() # Populate the temporary graph with our document data = json.dumps(doc) with debug_requests(): try: tmp_g.parse(data=data, format='application/ld+json') # Catch everything (HTTPError, connrefused, urlerror, ....... ) except Exception as e: abort(502, "Unable to parse graph: {}".format( getattr(e, 'msg', str(e)))) if not list(tmp_g): abort(406, "Unable to parse JSON-LD from input: {request.json}") # We want our new entities to be resolvable, and thus need IDs. # While we could simply set the ID on the document, we want to be as # liberal as possible in accepting valid JSON-LD data, which may be # nested. Therefore, we'll just parse it all, and then re-map the # BNodes to URIRefs # Get all subject bnodes (there should never be *unique* object BNodes) bnodes = list(set(filter(lambda s: isinstance(s, BNode), tmp_g.subjects()))) # We'll keep track of differences with running DB as well graph = get_db() unique = False # Keep track of potential duplicates in DB node_matches = set() for node in bnodes: # Create an ID, based on the hash of the document uri = URIRef(get_ns() + 'items/' + str(uuid.uuid4())) log.debug(f"Using {uri} for resource ID") ### # Replace as subject ### for (s, p, o) in tmp_g.triples((node, None, None)): # We only need a single different triple to be unique # this logic might be refactored for unique-ifying # based on type, but this is what we'll use now if not isinstance(o, BNode): node_matches.update(graph.subjects(predicate=p, object=o)) if not node_matches: unique = True ### # Replace as object ### for (s, p, o) in tmp_g.triples((None, None, node)): node_matches.update(graph.objects(subject=s, predicate=p)) if not node_matches: unique = True # Swap BNode for URIRef for (s, p, o) in tmp_g.triples((node, None, None)): log.debug("for subject") tmp_g.add((uri, p, o)) tmp_g.remove((s, p, o)) for (s, p, o) in tmp_g.triples((None, node, None)): log.debug("for predicate") tmp_g.add((s, uri, o)) tmp_g.remove((s, p, o)) for (s, p, o) in tmp_g.triples((None, None, node)): log.debug("for object") tmp_g.add((s, p, uri)) tmp_g.remove((s, p, o)) if not unique: abort(409, f"Conflict: exact match(es) already exist: {node_matches}") count = len([graph.add(t) for t in tmp_g if t not in graph]) log.debug("Added {} to store (total size {})".format( count, len(g.graph))) json_data = tmp_g.serialize(format='json-ld', auto_compact=True) return {'item': json.loads(json_data)}, 201
def get(self): # This can return None (unauth) if visibility is set to public user = get_current_user() challenges = ( Challenges.query.filter( and_(Challenges.state != "hidden", Challenges.state != "locked") ) .order_by(Challenges.value) .all() ) if user: solve_ids = ( Solves.query.with_entities(Solves.challenge_id) .filter_by(account_id=user.account_id) .order_by(Solves.challenge_id.asc()) .all() ) solve_ids = set([value for value, in solve_ids]) # TODO: Convert this into a re-useable decorator if is_admin(): pass else: if config.is_teams_mode() and get_current_team() is None: abort(403) else: solve_ids = set() response = [] tag_schema = TagSchema(view="user", many=True) for challenge in challenges: if challenge.requirements: requirements = challenge.requirements.get("prerequisites", []) anonymize = challenge.requirements.get("anonymize") prereqs = set(requirements) if solve_ids >= prereqs: pass else: if anonymize: response.append( { "id": challenge.id, "type": "hidden", "name": "???", "value": 0, "category": "???", "tags": [], "template": "", "script": "", } ) # Fallthrough to continue continue challenge_type = get_chal_class(challenge.type) response.append( { "id": challenge.id, "type": challenge_type.name, "name": challenge.name, "value": challenge.value, "category": challenge.category, "tags": tag_schema.dump(challenge.tags).data, "template": challenge_type.templates["view"], "script": challenge_type.scripts["view"], } ) db.session.close() return {"success": True, "data": response}
def metadata_get_or_404(source_id, user_id): metadata = Metadata.query.filter_by(user_id=user_id, source_id=source_id).first() if metadata is None: abort(404) return metadata