def confirm_transactions():
""" Used as a response from an rpc payout system. This will either reset
the sent status of a list of transactions upon failure on the remote side,
or create a new CoinTransaction object and link it to the transactions to
signify that the transaction has been processed. Both request and response
are signed. """
s = TimedSerializer(current_app.config['rpc_signature'])
data = s.loads(request.data)
# basic checking of input
try:
assert len(data['coin_txid']) == 64
assert isinstance(data['pids'], list)
assert isinstance(data['bids'], list)
for id in data['pids']:
assert isinstance(id, int)
for id in data['bids']:
assert isinstance(id, int)
except AssertionError:
current_app.logger.warn("Invalid data passed to confirm", exc_info=True)
abort(400)
coin_trans = Transaction.create(data['coin_txid'])
db.session.flush()
Payout.query.filter(Payout.id.in_(data['pids'])).update(
{Payout.transaction_id: coin_trans.txid}, synchronize_session=False)
BonusPayout.query.filter(BonusPayout.id.in_(data['bids'])).update(
{BonusPayout.transaction_id: coin_trans.txid}, synchronize_session=False)
db.session.commit()
return s.dumps(True)
def publish():
if request.method == 'GET':
abort(404)
# authorization
token = request.form.get('token', '')
if token != app.config['TOKEN']:
return 'invalid access token', 500
title = request.form.get('title', None)
if not title:
return 'no title found', 500
summary = request.form.get('summary', None)
if not summary:
return 'no summary found', 500
content = request.form.get('content', None)
if not content:
return 'no content found', 500
content = markdown2html(content)
pub_time = request.form.get('pub_time', None)
if pub_time:
pub_time = datetime.strptime(pub_time, app.config['TIME_FORMAT'])
tags = request.form.getlist('tags')
create_article(title, summary, content, pub_time, tags)
return '', 200
def delete_post(username, post_id, reply_id=None):
"""Deletes posts.
"""
# The default redirect is different for a post/reply deletion
# Reply deletion keeps you on the page and post deletion takes you to feed
if reply_id is not None:
redirect_url = handle_next(request, url_for('posts.view_post',
username=username, post_id=post_id))
else:
redirect_url = handle_next(request, url_for('users.feed'))
user_id = get_uid(username)
if not check_post(user_id, post_id, reply_id):
return abort(404)
if reply_id is not None:
_post = get_post(reply_id)
if _post['user_id'] != current_user['_id'] and \
user_id != current_user['_id']:
return abort(403)
else:
if user_id != current_user['_id']:
return abort(403)
if reply_id is not None:
be_delete_post(reply_id)
flash('Post has been deleted', 'success')
else:
be_delete_post(post_id)
flash('Post has been deleted along with all replies', 'success')
return redirect(redirect_url)
def get_mem_one( data, request ):
name = request.args.get('name', None)
if name is None:
return abort( 404 )
mem_data = {}
for utime in data.db:
ctime = int(utime / g.glanularity) * g.glanularity
for my_name in data.db[ utime ]:
if my_name != name:
continue
mem = data.db[ utime ][ my_name ][ 'memories' ]
for key in mem:
val = mem[ key ]
if key not in mem_data:
mem_data[ key ] = {}
if ctime not in mem_data[ key ]:
mem_data[ key ][ ctime ] = {}
mem_data[ key ][ ctime ][ my_name ] = val
if len( mem_data ) == 0:
return abort( 404 )
return tojason( mem_data )
def event_withdraw(profile, event):
user_id = g.user.id
participant = Participant.query.filter_by(event_id=event.id, user_id=user_id).first()
if participant:
workflow = participant.workflow()
if not workflow.can_withdraw():
abort(403)
withdraw_call = {
0: workflow.withdraw_pending,
1: workflow.withdraw_waiting_list,
2: workflow.withdraw_confirmed,
3: workflow.withdraw_rejected,
}
form = ConfirmWithdrawForm()
if form.validate_on_submit():
if 'delete' in request.form:
try:
withdraw_call[participant.status]()
except KeyError:
pass
db.session.commit()
flash(u"Your request to withdraw from {0} is recorded".format(event.title), "success")
values = {'profile': profile.name, 'event': event.name}
return render_redirect(event.url_for(), code=303)
return render_template('withdraw.html', form=form, title=u"Confirm withdraw",
message=u"Withdraw from '%s' ? You can come back anytime." % (event.title))
else:
abort(404)
def get_club(rowkey):
if not check_auth(request):
abort(403)
club = db_session.query(Club).filter_by(rowkey=rowkey).first()
if club is None:
abort(404)
if request.method =='GET':
return jsonify({'idclub': club.idclub, 'name': club.name, 'description': club.description,
'postaladdress': club.postaladdress,
'postalzipcode': club.postalzipcode,
'postalcity': club.postalcity,
'visitingaddress': club.visitingaddress,
'visitingzipcode': club.visitingzipcode,
'visitingcity': club.visitingcity,
'rowkey': club.rowkey})
if request.method =='POST':
club.visitingaddress = request.json["visitingaddress"]
club.visitingzipcode = request.json["visitingzipcode"]
club.visitingcity = request.json["visitingcity"]
club.name = request.json["name"]
club.postaladdress = request.json["postaladdress"]
club.postalzipcode = request.json["postalzipcode"]
club.postalcity = request.json["postalcity"]
db_session.commit()
return jsonify({'idclub': club.idclub, 'name': club.name, 'description': club.description,
'postaladdress': club.postaladdress,
'postalzipcode': club.postalzipcode,
'postalcity': club.postalcity,
'visitingaddress': club.visitingaddress,
'visitingzipcode': club.visitingzipcode,
'visitingcity': club.visitingcity,
'rowkey': club.rowkey})
def blogedit(blogid):
if 'logged_in' not in session:
abort(403)
if request.method == 'POST':
title = request.form['title'].strip()
text = request.form['blogpost'].strip()
error = 0
if title == "":
error = 1
flash("You must make a title","error")
if text == "":
error = 1
flash("You must make the blogpost","error")
if 'Preview Blog' in request.form.values():
renderedblog = render_bbcode(text)
return render_template("blogedit.html",blogid=blogid,title=title,blogpost=text,recover=1,preview="1",renderedblog=renderedblog)
if error:
return render_template('blogedit.html',blogid=blogid,title=title,blogpost=text,recover=1)
g.db.execute("""
UPDATE post SET title=?, text=?, lastedit=? WHERE id=?
""",(title,text,unixtime(),blogid))
g.db.commit()
flash("You successfully changed your blogpost","message")
return redirect(url_for('blogpost',blogid=blogid))
g.blog = query_db("""
SELECT * FROM post WHERE id=?
""", [str(blogid)], True,False)
return render_template('blogedit.html',blogid=blogid)
def club_pictures(rowkey):
if not check_auth(request):
abort(403)
if request.method == 'POST':
# check if the post request has the file part
if 'file' not in request.files:
return make_response('No file part', 400)
file = request.files['file']
# if user does not select file, browser also
# submit a empty part without filename
if file.filename == '':
return make_response('No file part', 400)
if not allowed_file(file.filename):
return make_response('The filetype is not allowed')
if file and allowed_file(file.filename):
filename = secure_filename(file.filename)
filename = rowkey + "." + filename.rsplit('.', 1)[1]
file.save(os.path.join(app.config['CLUB_PICTURE_UPLOAD_FOLDER'], filename))
db_picture = db_session.query(UserFile).filter_by(owner=rowkey, file_type='ProfilePicture')
if len(list(db_picture)) == 0:
db_picture = UserFile()
db_picture.file_type = 'ProfilePicture'
db_picture.owner = rowkey
db_session.add(db_picture)
db_session.commit()
return make_response("",200)
db_picture.update({"file_name":filename})
db_session.commit()
return make_response("", 200)
if request.method == 'GET':
filename = db_session.query(UserFile).filter_by(file_type='ProfilePicture', owner=rowkey)[0].file_name
return jsonify({"filename": str.replace(app.config['CLUB_PICTURE_UPLOAD_FOLDER'], "static\\Sloach\\", "") + "/" + filename})
def get_results(idathlete):
if not check_auth(request):
abort(403)
retResults = {"trainingresults": []}
if request.method == 'GET':
trainingresults = db_session.query(TrainingResult).filter_by(id=idathlete).join(TrainingSession).order_by(TrainingResult.resulttype)
for training_result in trainingresults:
retResults["trainingresults"].append({"result_type":training_result.resulttype,
"timeresult": training_result.timeresult,
"achievedonsession":training_result.achievedonsession.id,
"sessionname": training_result.achievedonsession.name,
"achievedondate":str(training_result.achievedonsession.fromtime.isoformat())})
if request.method == 'PUT':
if not request.json:
abort(400)
training_result = TrainingResult()
training_result.achievedonsession = request.json["trainingsession"]
training_result.athlete_id = request.json["athlete"]
training_result.resulttype = request.json["resulttype"]
training_result.timeresult = request.json["timeresult"]
db_session.commit()
return make_response(jsonify(retResults),200)
def network(network):
try:
channels = paths.channels(network)
except exceptions.NoResultsException as ex:
abort(404)
return render_template('network.html', network=network, channels=channels)
def edit(id):
book = Book.query.get_or_404(id)
if not current_user.can(Permission.EDIT):
abort('403')
form = AddBookForm()
if form.validate_on_submit():
book.front_cover=form.front_cover.data
book.bookname=form.bookname.data
book.introduction=form.introduction.data
book.press=form.press.data
book.author=form.author.data
book.book_type=form.book_type.data
book.published_date=form.published_date.data
book.amount_all=form.amount_all.data
db.session.add(book)
flash('The book has been updated.')
return redirect(url_for('.book', id=book.id))
form.front_cover.data=book.front_cover
form.bookname.data=book.bookname
form.introduction.data=book.introduction
form.press.data=book.press
form.author.data=book.author
form.book_type.data=book.book_type
form.published_date.data=book.published_date
form.amount_all.data=book.amount_all
return render_template('edit_book.html', form=form)
def merge():
try:
if request.method == 'OPTIONS':
return make_response(jsonify({"Allow":"POST"}), 200)
if not request.json or not 'foreground_url' in request.json or not 'background_url' in request.json:
abort(400)
foreground_url = request.json['foreground_url']
background_url = request.json['background_url']
m = Merger(foreground_url, background_url)
m.merge_images()
response = {
'output_image':{
'name': m.get_output_image('name'),
'url' : url_for('get_image', image_name = m.get_output_image('name'),_external=True),
'base64' : m.get_output_image('base64')
}
}
return jsonify(response), 201
except Exception as e:
err_msg = e.message
if err_msg == '':
err_msg = 'Internal Error. Please Try Again'
return make_response(jsonify({'error': e.message}), 202)
def view_font(name, page, per_page=10):
try:
# TODO: check all possible options like "Arial", arial "\"arail\""
pagination = Font.objects.filter(name__icontains=name).paginate(page=page, per_page=per_page)
return render_template('font.html', pagination=pagination, name=name)
except db.DoesNotExist:
abort(404)
def get_userinfo(self, access_token):
userinfo = requests.get(GOOGLE_OAUTH2_USERINFO_URL, params=dict(
access_token=access_token,
)).json()
if not userinfo or userinfo.get('error'):
abort(400)
return userinfo
def decorated_function(*args, **kwargs):
if current_user.is_authenticated:
if current_user.id != 1:
abort(403)
return f(*args, **kwargs)
else:
abort(403)
def post(self, **kwargs):
"""Create a record.
:returns: The created record.
"""
if request.content_type != 'application/json':
abort(415)
# TODO: accept non json content (MARC21...)
data = request.get_json()
if data is None:
return abort(400)
try:
# Create uuid for record
record_uuid = uuid.uuid4()
# Create persistent identifier
pid = self.minter(record_uuid, data=data)
# Create record
record = Record.create(data, id_=record_uuid)
# Check permissions
permission_factory = self.create_permission_factory or \
current_records_rest.create_permission_factory
if permission_factory:
verify_record_permission(permission_factory, record)
db.session.commit()
except SQLAlchemyError:
db.session.rollback()
current_app.logger.exception('Failed to create record.')
abort(500)
return self.make_response(pid, record, 201)
def get_task(task_id, src_id):
print task_id
print src_id
task = filter(lambda t: t['dst'][:5] == task_id[:5], tasks)
new_task = filter(lambda t: t['src'][:5] == src_id[:5], task)
if len(new_task) == 0:
print "cannot find the ip " + task_id + " from the database"
print "calling king service from server"
print subprocess.call(["../king/bin/king", src_id, task_id], stdout=open('log.txt','a'))
re_tasks = []
with open('out.txt') as ff:
lines = ff.readlines()
for line in lines:
words = line.split(' ')
re_task = {'src': words[1],
'dst': words[4],
'rtt': words[7],
'bandwidth': words[11]}
re_tasks.append(re_task)
print re_tasks
_task = filter(lambda t: t['dst'][:5] == task_id[:5], re_tasks)
inject_task = filter(lambda t: t['src'][:5] == src_id[:5], _task)
print inject_task
if len(inject_task) == 0:
abort(404)
print inject_task
new_task = inject_task
print new_task
return jsonify( { 'task': make_public_task(new_task[0]) } )
def grant_mod(mod_id):
mod = Mod.query.filter(Mod.id == mod_id).first()
if not mod:
abort(404)
editable = False
if current_user:
if current_user.admin:
editable = True
if current_user.id == mod.user_id:
editable = True
if not editable:
abort(401)
new_user = request.form.get('user')
new_user = User.query.filter(User.username.ilike(new_user)).first()
if new_user == None:
return { 'error': True, 'message': 'The specified user does not exist.' }, 400
if mod.user == new_user:
return { 'error': True, 'message': 'This user has already been added.' }, 400
if any(m.user == new_user for m in mod.shared_authors):
return { 'error': True, 'message': 'This user has already been added.' }, 400
if not new_user.public:
return { 'error': True, 'message': 'This user has not made their profile public.' }, 400
author = SharedAuthor()
author.mod = mod
author.user = new_user
mod.shared_authors.append(author)
db.add(author)
db.commit()
send_grant_notice(mod, new_user)
return { 'error': False }, 200
def revoke_mod(mod_id):
if current_user == None:
return { 'error': True, 'message': 'You are not logged in.' }, 401
mod = Mod.query.filter(Mod.id == mod_id).first()
if not mod:
abort(404)
editable = False
if current_user:
if current_user.admin:
editable = True
if current_user.id == mod.user_id:
editable = True
if not editable:
abort(401)
new_user = request.form.get('user')
new_user = User.query.filter(User.username.ilike(new_user)).first()
if new_user == None:
return { 'error': True, 'message': 'The specified user does not exist.' }, 400
if mod.user == new_user:
return { 'error': True, 'message': 'You can\'t remove yourself.' }, 400
if not any(m.user == new_user for m in mod.shared_authors):
return { 'error': True, 'message': 'This user is not an author.' }, 400
author = [a for a in mod.shared_authors if a.user == new_user][0]
mod.shared_authors = [a for a in mod.shared_authors if a.user != current_user]
db.delete(author)
return { 'error': False }, 200
def get_contents(self, long_slug):
now = datetime.now()
path = long_slug.split('/')
mpath = ",".join(path)
mpath = ",{0},".format(mpath)
channel = Channel.objects.get_or_404(mpath=mpath, published=True)
if not channel.include_in_rss:
abort(404)
self.channel = channel
base_filters = {}
filters = {
'published': True,
'available_at__lte': now,
}
if not channel.is_homepage:
base_filters['__raw__'] = {
'mpath': {'$regex': "^{0}".format(mpath)}}
filters.update(channel.get_content_filters())
contents = Content.objects(**base_filters).filter(**filters)
if current_app.config.get("PAGINATION_ENABLED", True):
pagination_arg = current_app.config.get("PAGINATION_ARG", "page")
page = request.args.get(pagination_arg, 1)
per_page = channel.per_page or current_app.config.get(
"PAGINATION_PER_PAGE", 10
)
contents = contents.paginate(page=int(page), per_page=per_page)
return contents
def client(address=None):
try:
clients = monitor_app.config['stratum_clients']['address_lut'][address]
except KeyError:
abort(404)
return jsonify(**{address: [client.details for client in clients]})
def api_update(self, pk):
is_valid_form = True
get_filter_args(self._filters)
exclude_cols = self._filters.get_relation_cols()
item = self.datamodel.get(pk, self._base_filters)
if not item:
abort(404)
# convert pk to correct type, if pk is non string type.
pk = self.datamodel.get_pk_value(item)
form = self.edit_form.refresh(request.form)
# fill the form with the suppressed cols, generated from exclude_cols
self._fill_form_exclude_cols(exclude_cols, form)
# trick to pass unique validation
form._id = pk
if form.validate():
form.populate_obj(item)
self.pre_update(item)
if self.datamodel.edit(item):
self.post_update(item)
http_return_code = 200
else:
http_return_code = 500
else:
is_valid_form = False
if is_valid_form:
response = make_response(jsonify({'message': self.datamodel.message[0],
'severity': self.datamodel.message[1]}), http_return_code)
else:
# TODO return dict with from errors validation
response = make_response(jsonify({'message': 'Invalid form',
'severity': 'warning'}), 500)
return response
def user_linked_key_conf_get(key_id, server_id):
doc = _find_doc({
'key_id': key_id,
})
if not doc:
return flask.abort(404)
org = organization.get_by_id(doc['org_id'])
if not org:
return flask.abort(404)
user = org.get_user(id=doc['user_id'])
if not user:
return flask.abort(404)
if user.disabled:
return flask.abort(403)
key_conf = user.build_key_conf(server_id)
user.audit_event('user_profile',
'User profile downloaded with temporary profile link',
remote_addr=utils.get_remote_addr(),
)
response = flask.Response(response=key_conf['conf'],
mimetype='application/ovpn')
response.headers.add('Content-Disposition',
'attachment; filename="%s"' % key_conf['name'])
return response
def create_item(project):
path, err = _get_path()
if err:
return err
try:
File.get_by_project_path(project, path)
except NotFoundError:
is_directory = path.strip().endswith("/")
data = {"path": path}
if not is_directory:
data["file"] = request.files.get("file", None)
if not data["file"]:
return abort(400)
data["project"] = project
data["author"] = current_user._get_current_object()
f = File.create(data=data)
try:
f.save()
except NotFoundError:
return abort(404)
return jsonify(**f.serialize_for_client())
else:
return jsonify(error="That path already exists!"), 400
def update_tour(planid):
if not request.json:
abort(400)
else:
request.json["planid"]=planid
mongocli.update_tour(request.json)
return jsonify({"result":"success"})
def get_patch():
""" Function to return a patch from cache """
logging.debug('Request received with args : %s', flask.request.args)
required_params = ('sha_from', 'sha_to')
if not all(param in flask.request.args.keys() for param in required_params):
logging.info('Arguments could not be validated')
flask.abort(400)
identifier = _get_identifier(flask.request.args['sha_from'],
flask.request.args['sha_to'])
logging.debug('Looking up record with identifier %s', identifier)
cacheo = cache.Cache()
if not cacheo.find(identifier, 'patch'):
logging.info('Invalid partial request')
resp = flask.Response(json.dumps({
"result": "Patch with identifier %s not found" % identifier,
}),
status=400,
)
return resp
logging.info('Patch found, retrieving ...')
return flask.Response(cacheo.retrieve(identifier, 'patch'),
status=200,
mimetype='application/octet-stream')
def save_patch():
""" Function to cache a patch in funsize """
logging.debug('Parameters passed in : %s', flask.request.form)
logging.debug('Files passed in : %s', flask.request.files.lists())
required_params = ('sha_from', 'sha_to')
if not all(param in flask.request.form.keys() for param in required_params):
logging.info('Parameters could not be validated')
flask.abort(400)
files = flask.request.files
if 'patch_file' not in files.keys():
logging.info('Parameters passed could not be found on disk')
flask.abort(400)
storage = files.get('patch_file')
form = flask.request.form
sha_from, sha_to = form['sha_from'], form['sha_to']
identifier = _get_identifier(sha_from, sha_to)
logging.info('Saving patch file to cache with key %s', identifier)
cacheo = cache.Cache()
cacheo.save(storage.stream, identifier, 'patch')
url = flask.url_for('get_patch', sha_from=sha_from, sha_to=sha_to)
return flask.Response(json.dumps({
"result": url,
}),
status=200,
mimetype='application/json')
def api_package_activities(package_name, test_id, hierarchy_id=None):
package = db.session.query(Package).filter(Package.package_name == package_name).first()
latest_runtime = db.session.query(Runtime
).filter(Result.package_id==package.id
).join(Result
).order_by(Runtime.id.desc()
).first()
if (hierarchy_id):
if (hierarchy_id=="None"): hierarchy_id=None
test_results = db.session.query(Result.result_identifier,
Result.result_data
).filter(Package.package_name == package_name,
Result.runtime_id==latest_runtime.id,
Result.test_id==test_id,
Result.result_hierarchy==hierarchy_id
).join(Package
).all()
else:
test_results = db.session.query(Result.result_identifier,
Result.result_data
).filter(Package.package_name == package_name,
Result.runtime_id==latest_runtime.id,
Result.test_id==test_id
).join(Package
).all()
if ((package == None) or (test_results==None)):
abort(404)
else:
return jsonify(test_results)
def on_create(self, docs):
''' Create corresponding item on file upload '''
for doc in docs:
file, content_type, metadata = self.get_file_from_document(doc)
inserted = [doc['media']]
file_type = content_type.split('/')[0]
try:
update_dates_for(doc)
doc['guid'] = generate_guid(type=GUID_TAG)
doc.setdefault('_id', doc['guid'])
doc['type'] = self.type_av.get(file_type)
doc['version'] = 1
doc['versioncreated'] = utcnow()
rendition_spec = config.RENDITIONS['picture']
renditions = generate_renditions(file, doc['media'], inserted, file_type,
content_type, rendition_spec, url_for_media)
doc['renditions'] = renditions
doc['mimetype'] = content_type
doc['filemeta'] = metadata
if not doc.get('_import', None):
doc['creator'] = set_user(doc)
add_activity('uploaded media {{ name }}',
name=doc.get('headline', doc.get('mimetype')),
renditions=doc.get('renditions'))
except Exception as io:
logger.exception(io)
for file_id in inserted:
delete_file_on_error(doc, file_id)
abort(500)
on_create_media_archive()
def wrapper(*args, **kwargs):
logger.debug("%s Oauth verification...", request.url)
authorization = request.headers.get("Authorization")
if authorization is None:
logger.error("... No auth provided. Aborting with 401.")
raise abort(401)
else:
_, token = authorization.split()
logger.debug("... Getting token '%s' from %s", token, token_info_url)
token_request = requests.get(token_info_url, params={"access_token": token})
logger.debug("... Token info (%d): %s", token_request.status_code, token_request.text)
if not token_request.ok:
raise abort(401)
token_info = token_request.json()
user_scopes = set(token_info["scope"])
scopes_intersection = user_scopes & allowed_scopes
logger.debug("... Scope intersection: %s", scopes_intersection)
if not scopes_intersection:
logger.error(
"... User scopes (%s) don't include one of the allowed scopes (%s). Aborting with 401.",
user_scopes,
allowed_scopes,
)
raise abort(401)
logger.info("... Token authenticated.")
return function(*args, **kwargs)
def admin():
if session.get('is_author'):
return render_template('blog/admin.html')
else:
abort(403)
def cities_get(city_id):
"""Return attribute dictionary for a particular city"""
get_cities = storage.get("City", city_id)
if get_cities is None:
abort(404)
return (jsonify(get_cities.to_dict()))
def cities_by_state(state_id):
"""Return all cities in a state"""
state = storage.get("State", state_id)
if state is None:
abort(404)
return(jsonify([x.to_dict() for x in state.cities]))
def _wrap(*args, **kwargs):
if not request.is_json:
abort(400)
return fn(*args, **kwargs)
def paginate(self, page=None, per_page=None, error_out=True, max_per_page=None):
"""Returns ``per_page`` items from page ``page``.
If ``page`` or ``per_page`` are ``None``, they will be retrieved from
the request query. If ``max_per_page`` is specified, ``per_page`` will
be limited to that value. If there is no request or they aren't in the
query, they default to 1 and 20 respectively.
When ``error_out`` is ``True`` (default), the following rules will
cause a 404 response:
* No items are found and ``page`` is not 1.
* ``page`` is less than 1, or ``per_page`` is negative.
* ``page`` or ``per_page`` are not ints.
When ``error_out`` is ``False``, ``page`` and ``per_page`` default to
1 and 20 respectively.
Returns a :class:`Pagination` object.
"""
if request:
if page is None:
try:
page = int(request.args.get('page', 1))
except (TypeError, ValueError):
if error_out:
abort(404)
page = 1
if per_page is None:
try:
per_page = int(request.args.get('per_page', 20))
except (TypeError, ValueError):
if error_out:
abort(404)
per_page = 20
else:
if page is None:
page = 1
if per_page is None:
per_page = 20
if max_per_page is not None:
per_page = min(per_page, max_per_page)
if page < 1:
if error_out:
abort(404)
else:
page = 1
if per_page < 0:
if error_out:
abort(404)
else:
per_page = 20
items = self.limit(per_page).offset((page - 1) * per_page).all()
if not items and page != 1 and error_out:
abort(404)
total = self.order_by(None).count()
return Pagination(self, page, per_page, total, items)
def inner(*args, **kwargs):
request_data = request.get_json(silent=True)
if 'object_kind' not in request_data or \
(object_kind != request_data['object_kind']):
return abort(400)
return f(request_data, *args, **kwargs)
def abortTest():
abort(404)
return '<h1>Hello</h1>'
def stocks():
if session.get('logged_in'):
result = screened_stocks()
return result
else:
return abort(401)
def decorated_function(*args, **kwargs):
if not current_user.can(permission):
abort(403)
return f(*args, **kwargs)
def get(self):
args = parser.parse_args()
image_id = args.get('id')
skip = args.get('skip')
maximum = args.get('maximum')
thumb = args.get('thumbnail')
token = request.headers['Authorization']
token = token.split(" ")[1]
userid = oidc.user_getfield('sub', token)
if request.headers.get('accept') == 'application/json':
if skip is None:
skip = 0
if maximum is None:
max = 20
if image_id is None:
myquery = {"userId": userid}
found = []
try:
cursor = mongoClient['image'].find(myquery).skip(
skip).limit(maximum)
for f in cursor:
found.append(json_util.dumps(f))
resp = Response(json_util.dumps(found))
resp.headers["Access-Control-Expose-Headers"] = '*'
return resp
except Exception as e:
abort(404, "Could not get images")
if image_id is not None:
myquery = {"$and": [{"userId": userid}, {"imageId": image_id}]}
found = mongoClient['image'].find_one(myquery)
resp = Response(json_util.dumps(found))
resp.headers["Access-Control-Expose-Headers"] = '*'
return resp
if request.headers.get('accept') == 'application/octet-stream':
query = {"$and": [{"userId": userid}, {"imageId": image_id}]}
found = mongoClient['image'].find_one(query)
if found:
photo = found['photo']
bucket = photo.split("/")[0]
name = photo.split("/")[1]
@after_this_request
def save_or_delete_file(response):
try:
if os.path.exists(image_path['IMAGE_PATH'] + name):
os.remove(image_path['IMAGE_PATH'] + name)
return response
except Exception:
return response
try:
minioClient.fget_object(bucket, name,
image_path['IMAGE_PATH'] + name)
except Exception:
abort(500, "Could not find image")
if thumb is not None:
im = Image.open(image_path['IMAGE_PATH'] + name)
size = 128, 128
im.thumbnail(size)
im.save(image_path['IMAGE_PATH'] + name, "JPEG")
try:
return send_file(image_path['IMAGE_PATH'] + name)
except Exception:
abort(404)
else:
return send_file(image_path['IMAGE_PATH'] + name)
def get_or_404(self, url):
page = self.get(url)
if page:
return page
abort(404)
def file(filename):
file_item = files.get_file_by_filname(filename)
if not file_item:
abort(404)
return render_template('file.html',file_item = file_item)
def dwelling_detail(id):
dwelling = RestDwelling.query.get(id)
if not dwelling:
abort(404)
return dwelling_schema.jsonify(dwelling)
def testAbort():
abort(500)
return 'testAbort'
def admin_dashboard():
# prevent non-admins from accessing the page
if not current_user.is_admin:
abort(403)
return render_template('home/admin_dashboard.html', title="Dashboard")
def create_brief_response():
json_payload = get_json_from_request()
updater_json = validate_and_return_updater_request()
page_questions = get_request_page_questions()
json_has_required_keys(json_payload, ['briefResponses'])
brief_response_json = json_payload['briefResponses']
json_has_required_keys(brief_response_json, ['briefId', 'supplierId'])
try:
brief = Brief.query.get(brief_response_json['briefId'])
except DataError:
brief = None
if brief is None:
abort(400, "Invalid brief ID '{}'".format(brief_response_json['briefId']))
if brief.status != 'live':
abort(400, "Brief must be live")
if brief.framework.status not in ['live', 'expired']:
abort(400, "Brief framework must be live or expired")
supplier = validate_and_return_supplier(brief_response_json)
brief_service = get_supplier_service_eligible_for_brief(supplier, brief)
if not brief_service:
abort(400, "Supplier is not eligible to apply to this brief")
# Check if brief response already exists from this supplier
if BriefResponse.query.filter(BriefResponse.supplier == supplier, BriefResponse.brief == brief).first():
abort(400, "Brief response already exists for supplier '{}'".format(supplier.supplier_id))
brief_response = BriefResponse(
data=brief_response_json,
supplier=supplier,
brief=brief,
)
brief_role = brief.data["specialistRole"] if brief.lot.slug == "digital-specialists" else None
service_max_day_rate = brief_service.data[brief_role + "PriceMax"] if brief_role else None
brief_response.validate(enforce_required=False, required_fields=page_questions, max_day_rate=service_max_day_rate)
db.session.add(brief_response)
try:
db.session.flush()
except IntegrityError as e:
db.session.rollback()
abort(400, format(e))
audit = AuditEvent(
audit_type=AuditTypes.create_brief_response,
user=updater_json['updated_by'],
data={
'briefResponseId': brief_response.id,
'briefResponseJson': brief_response_json,
},
db_object=brief_response,
)
db.session.add(audit)
db.session.commit()
return single_result_response(RESOURCE_NAME, brief_response), 201
def destroy(id):
temp = Lugar.get(id)
if not temp: abort(404)
return Lugar.remove(id)
def decorated_function(*args, **kwargs):
# If id is not 1 then return abort with 403 error
if current_user.id != 1:
return abort(403)
# Otherwise continue with the route function
return f(*args, **kwargs)
def store():
data = request.get_json()
if not request.json or not Lugar.valid(data):
abort(400)
return Lugar.add(data)
def wrapper(*args, **kwargs):
u = current_user()
if u :
return f(*args, **kwargs)
else:
abort(401)
def get_status_by_station_and_date(station: str, date: str):
status = _get_station_status(station, date)
if status is None:
abort(404)
return jsonify(status._asdict())
def update(id):
temp = Lugar.get(id)
data = request.get_json()
if not temp or not data or not Lugar.valid(data):
abort(404)
return Lugar.update(id, data)
def _handle_view(self, name, **kwargs):
if not self.is_accessible():
abort(401)
def decorator(*args, **kwargs):
try:
_jwt_required(realm or current_app.config['JWT_DEFAULT_REALM'])
return fn(*args, **kwargs)
except JWTError:
abort(401)
def gg_data(label):
if not re.fullmatch(r'\d+T\d+', label):
return abort(404, f"Invalid label {label}")
bread = get_bread([(label, url_for_label(label)), ("Data", " ")])
title = f"Transitive group data - {label}"
return datapage(label, "gps_transitive", title=title, bread=bread)
def get_job(job_id):
job = ScheduledJob.query.get(job_id)
if not job:
abort(404, 'job ID not found')
return jsonify(job.as_json())
def ret_city_id(city_id=None):
"""Retrieves a City object"""
city = storage.get('City', city_id)
if city is None:
abort(404)
return jsonify(city.to_dict())
def post(self):
"""
Creates a new item
The payload must consist of a JSON-LD document for a single entity.
@graph is not permitted
"""
doc = request.json
# validation
if '@graph' in doc:
return 406,\
"Invalid request: Providing 'graph' is not supported."
# Create a temporary graph to store the item
tmp_g = Graph()
# Populate the temporary graph with our document
data = json.dumps(doc)
with debug_requests():
try:
tmp_g.parse(data=data, format='application/ld+json')
# Catch everything (HTTPError, connrefused, urlerror, ....... )
except Exception as e:
abort(502, "Unable to parse graph: {}".format(
getattr(e, 'msg', str(e))))
if not list(tmp_g):
abort(406, "Unable to parse JSON-LD from input: {request.json}")
# We want our new entities to be resolvable, and thus need IDs.
# While we could simply set the ID on the document, we want to be as
# liberal as possible in accepting valid JSON-LD data, which may be
# nested. Therefore, we'll just parse it all, and then re-map the
# BNodes to URIRefs
# Get all subject bnodes (there should never be *unique* object BNodes)
bnodes = list(set(filter(lambda s: isinstance(s, BNode),
tmp_g.subjects())))
# We'll keep track of differences with running DB as well
graph = get_db()
unique = False
# Keep track of potential duplicates in DB
node_matches = set()
for node in bnodes:
# Create an ID, based on the hash of the document
uri = URIRef(get_ns() + 'items/' + str(uuid.uuid4()))
log.debug(f"Using {uri} for resource ID")
###
# Replace as subject
###
for (s, p, o) in tmp_g.triples((node, None, None)):
# We only need a single different triple to be unique
# this logic might be refactored for unique-ifying
# based on type, but this is what we'll use now
if not isinstance(o, BNode):
node_matches.update(graph.subjects(predicate=p, object=o))
if not node_matches:
unique = True
###
# Replace as object
###
for (s, p, o) in tmp_g.triples((None, None, node)):
node_matches.update(graph.objects(subject=s, predicate=p))
if not node_matches:
unique = True
# Swap BNode for URIRef
for (s, p, o) in tmp_g.triples((node, None, None)):
log.debug("for subject")
tmp_g.add((uri, p, o))
tmp_g.remove((s, p, o))
for (s, p, o) in tmp_g.triples((None, node, None)):
log.debug("for predicate")
tmp_g.add((s, uri, o))
tmp_g.remove((s, p, o))
for (s, p, o) in tmp_g.triples((None, None, node)):
log.debug("for object")
tmp_g.add((s, p, uri))
tmp_g.remove((s, p, o))
if not unique:
abort(409,
f"Conflict: exact match(es) already exist: {node_matches}")
count = len([graph.add(t) for t in tmp_g if t not in graph])
log.debug("Added {} to store (total size {})".format(
count, len(g.graph)))
json_data = tmp_g.serialize(format='json-ld', auto_compact=True)
return {'item': json.loads(json_data)}, 201
def get(self):
# This can return None (unauth) if visibility is set to public
user = get_current_user()
challenges = (
Challenges.query.filter(
and_(Challenges.state != "hidden", Challenges.state != "locked")
)
.order_by(Challenges.value)
.all()
)
if user:
solve_ids = (
Solves.query.with_entities(Solves.challenge_id)
.filter_by(account_id=user.account_id)
.order_by(Solves.challenge_id.asc())
.all()
)
solve_ids = set([value for value, in solve_ids])
# TODO: Convert this into a re-useable decorator
if is_admin():
pass
else:
if config.is_teams_mode() and get_current_team() is None:
abort(403)
else:
solve_ids = set()
response = []
tag_schema = TagSchema(view="user", many=True)
for challenge in challenges:
if challenge.requirements:
requirements = challenge.requirements.get("prerequisites", [])
anonymize = challenge.requirements.get("anonymize")
prereqs = set(requirements)
if solve_ids >= prereqs:
pass
else:
if anonymize:
response.append(
{
"id": challenge.id,
"type": "hidden",
"name": "???",
"value": 0,
"category": "???",
"tags": [],
"template": "",
"script": "",
}
)
# Fallthrough to continue
continue
challenge_type = get_chal_class(challenge.type)
response.append(
{
"id": challenge.id,
"type": challenge_type.name,
"name": challenge.name,
"value": challenge.value,
"category": challenge.category,
"tags": tag_schema.dump(challenge.tags).data,
"template": challenge_type.templates["view"],
"script": challenge_type.scripts["view"],
}
)
db.session.close()
return {"success": True, "data": response}
def metadata_get_or_404(source_id, user_id):
metadata = Metadata.query.filter_by(user_id=user_id,
source_id=source_id).first()
if metadata is None:
abort(404)
return metadata
