def filter_queryset(self, request, queryset, view):
accessibility_filtering = request.query_params.get(
'order_by', None) == 'accessibility'
viewpoint_defined = 'accessibility_viewpoint' in request.query_params
if accessibility_filtering and not viewpoint_defined:
error_message = "'accessibility_viewpoint' must be defined when ordering by accessibility"
raise exceptions.ParseError(error_message)
return ResourceFilterSet(request.query_params,
queryset=queryset,
user=request.user).qs
def save_as_template(self, request, pk=None):
obj = self.get_object()
name = request.data.get('name')
if not name:
raise exceptions.ParseError('Missing "name" parameter')
template, _ = ProfileIPDataTemplate.objects.update_or_create(
name=name,
profile=obj.relation.profile,
defaults={'data': obj.data})
return Response(ProfileIPDataTemplateSerializer(template).data)
def get(self, request, *args, **kwargs):
try:
page_size = int(
self.request.GET.get('page_size', api_settings.PAGE_SIZE))
except ValueError:
raise exceptions.ParseError('Invalid page_size parameter')
# Simulate pagination-like results, without actual pagination.
queryset = self.filter_queryset(self.get_queryset()[:page_size])
serializer = self.get_serializer(queryset, many=True)
return Response({'results': serializer.data})
def _get_entities(self, user, ids):
"""Return entities queryset based on provided entity ids."""
queryset = Entity.objects.filter(id__in=ids).filter_for_user(user)
actual_ids = queryset.values_list("id", flat=True)
missing_ids = list(set(ids) - set(actual_ids))
if missing_ids:
raise exceptions.ParseError(
"Entities with the following ids not found: {}".format(
", ".join(map(str, missing_ids))))
return queryset
def create(self, request, *args, **kwargs):
serializer = self.get_serializer(data=request.data)
serializer.is_valid(raise_exception=True)
data = serializer.data
data["S-creator"] = request.user.username
try:
res = es.create(index=data_index, doc_type="data", id=str(uuid.uuid1()).replace("-", ""), body=data)
except ConflictError as exc:
raise exceptions.ParseError("Document is exists")
headers = self.get_success_headers(serializer.data)
return Response(res, status=status.HTTP_201_CREATED, headers=headers)
def filter_type(self, queryset, name, value):
workarea_type_reverse = dict(
(v.lower(), k) for k, v in Workarea.TYPE_CHOICES)
try:
workarea_type = workarea_type_reverse[value]
except KeyError:
raise exceptions.ParseError(
'Workarea of type "%s" does not exist' % value)
return queryset.filter(**{name: workarea_type})
def get(self, request):
address = request.query_params.get("q")
if not address:
return Response()
try:
point = get_geo_point_from_address(address)
except AddressNotFound:
raise exceptions.ParseError(detail="address not found")
providers_coverage = get_closest_coverage_for_each_provider_from_point(
point)
return Response(providers_coverage)
def initial(self, request, *args, **kwargs):
super().initial(request, *args, **kwargs)
if request.method == 'POST' and self.require_post_token:
token = request.data.get('T', request.query_params.get('T', None))
if token is None:
logger.info("Missing POST token, %s",
data=dict(request.data), request=request)
raise exceptions.ParseError("Missing 'T' POST token")
user_id = check_post_token(token)
if not user_id == request.user.pk:
raise BadToken
def finish_item_check(self, request, pk):
inbound_detail_id = request.POST.get('inbound_detail_id')
inbound_detail = get_object_or_404(InBoundDetail, id=inbound_detail_id)
arrival_quantity = int(request.POST.get("arrival_quantity"))
inferior_quantity = int(request.POST.get("inferior_quantity"))
try:
inbound_detail.finish_check(arrival_quantity, inferior_quantity)
packing_skus()
return Response({'res': True})
except Exception, e0:
raise exceptions.ParseError(e0.message)
def initial(self, request, *args, **kwargs):
super(ReaderView, self).initial(request, *args, **kwargs)
if request.method == 'POST' and self.require_post_token:
token = request.DATA.get('T', request.GET.get('T', None))
if token is None:
logger.info(u"Missing POST token, {0}".format(
request.DATA.dict()))
raise exceptions.ParseError("Missing 'T' POST token")
user_id = check_post_token(token)
if not user_id == request.user.pk:
raise BadToken
def to_representation(self, obj):
if obj is None:
return super(StatsInstanceSerializer, self).to_representation(obj)
request = self.context.get('request')
method = request.query_params.get('method', None)
field = request.query_params.get('field', None)
if field and field not in obj.data_dictionary().get_keys():
raise exceptions.ParseError(detail=_("Field not in XForm."))
stats_function = STATS_FUNCTIONS.get(method and method.lower(),
get_all_stats)
try:
data = stats_function(obj, field)
except ValueError as e:
raise exceptions.ParseError(detail=e.message)
return data
def create(self, request, *args, **kwargs):
upload_pk = request.data.get('validation_id', '')
if not upload_pk:
raise exceptions.ParseError(_('No validation_id specified.'))
try:
upload = FileUpload.objects.get(pk=upload_pk, user=request.user)
except FileUpload.DoesNotExist:
raise Http404(_('No such upload.'))
if not upload.valid:
raise exceptions.ParseError(
_('The specified upload has not passed validation.'))
if 'extension_pk' in self.kwargs:
# We are creating a new ExtensionVersion.
params = {'parent': self.get_extension_object()}
else:
# We are creating a new Extension.
params = {'user': request.user}
# self.model.from_upload() will raise ParseError if appropriate.
obj = self.model.from_upload(upload, **params)
log.info('%s created: %s' % (self.model, self.model.pk))
# TODO: change create_comm_note to just take a version.
if 'extension_pk' in self.kwargs:
create_comm_note(obj.extension,
obj,
request.user,
request.data.get('message', ''),
note_type=comm.SUBMISSION)
else:
create_comm_note(obj,
obj.latest_version,
request.user,
request.data.get('message', ''),
note_type=comm.SUBMISSION)
serializer = self.get_serializer(obj)
return Response(serializer.data, status=status.HTTP_201_CREATED)
def perform_update(self, serializer):
"""
Updates the request and performs any update actions.
"""
# NOTE: An identity could possible have multiple memberships
# It may be better to directly take membership rather than an identity
identity = serializer.initial_data.get('identity', {})
membership = None
if isinstance(identity, dict):
identity_id = identity.get("id", None)
else:
identity_id = identity
try:
if identity_id is not None:
membership = IdentityMembership.objects.get(
identity=identity_id)
if membership:
instance = serializer.save(end_date=timezone.now(),
membership=membership)
else:
instance = serializer.save(end_date=timezone.now())
except core_exceptions.ProviderLimitExceeded:
message = "Only one active request is allowed per provider."
raise exceptions.MethodNotAllowed('create', detail=message)
except core_exceptions.InvalidMembership:
message = ("The user '%s' is not a valid member." %
self.request.user.username)
raise exceptions.ParseError(detail=message)
except IdentityMembership.DoesNotExist:
message = ("The identity '%s' does not have a membership" %
identity_id)
raise exceptions.ParseError(detail=message)
if instance.is_approved():
self.approve_action(instance)
if instance.is_denied():
self.deny_action(instance)
def create(self, request, *args, **kwargs):
uuid = request.data.get('upload', '')
if uuid:
is_packaged = True
else:
uuid = request.data.get('manifest', '')
is_packaged = False
if not uuid:
raise exceptions.ParseError(
'No upload or manifest specified.')
try:
upload = FileUpload.objects.get(uuid=uuid)
except FileUpload.DoesNotExist:
raise exceptions.ParseError('No upload found.')
if not upload.valid:
raise exceptions.ParseError('Upload not valid.')
if not request.user.read_dev_agreement:
log.info(u'Attempt to use API without dev agreement: %s'
% request.user.pk)
raise exceptions.PermissionDenied('Terms of Service not accepted.')
if not (upload.user and upload.user.pk == request.user.pk):
raise exceptions.PermissionDenied('You do not own that app.')
# Create app, user and fetch the icon.
try:
obj = Webapp.from_upload(upload, is_packaged=is_packaged)
except (serializers.ValidationError,
django_forms.ValidationError) as e:
raise exceptions.ParseError(unicode(e))
AddonUser(addon=obj, user=request.user).save()
tasks.fetch_icon.delay(obj.pk, obj.latest_version.all_files[0].pk)
record_action('app-submitted', request, {'app-id': obj.pk})
log.info('App created: %s' % obj.pk)
data = AppSerializer(
context=self.get_serializer_context(), instance=obj).data
return response.Response(
data, status=201,
headers={'Location': reverse('app-detail', kwargs={'pk': obj.pk})})
def gateway_firewall_rule(request):
if request.method == 'POST':
try:
scene_id = request.shift_data.get('scene', int)
gateway_id = request.shift_data.get('gateway')
firewall_rule = json.loads(request.shift_data.get('firewall_rule'))
except Exception as e:
raise exceptions.ParseError(error.INVALID_PARAMS)
try:
scene_gateway = SceneGateway.objects.get(scene=scene_id, sub_id=gateway_id)
except SceneGateway.DoesNotExist as e:
raise exceptions.NotFound(error.GATEWAY_NOT_FOUND)
gateway_util = SceneHandler(request.user).get_gateway_util(scene_gateway)
try:
gateway_util.add_firewall_rule(firewall_rule)
except SceneException as e:
raise exceptions.PermissionDenied(e.message)
return Response(status=status.HTTP_201_CREATED)
elif request.method == 'DELETE':
try:
scene_id = request.shift_data.get('scene', int)
gateway_id = request.shift_data.get('gateway')
firewall_rule = json.loads(request.shift_data.get('firewall_rule'))
except Exception as e:
raise exceptions.ParseError(error.INVALID_PARAMS)
try:
scene_gateway = SceneGateway.objects.get(scene=scene_id, sub_id=gateway_id)
except SceneGateway.DoesNotExist as e:
raise exceptions.NotFound(error.GATEWAY_NOT_FOUND)
gateway_util = SceneHandler(request.user).get_gateway_util(scene_gateway)
try:
gateway_util.remove_firewall_rule(firewall_rule)
except SceneException as e:
raise exceptions.PermissionDenied(e.message)
return Response(status=status.HTTP_204_NO_CONTENT)
def create(self, validated_data):
"""Add desserts to cart."""
# Get current user
user = self.context['request'].user
# Get current car items
current_cart = CartItem.objects.filter(owner=user)
current_cart_items_ids = map(lambda item: item.dessert_id,
current_cart)
# List to prepare items in-memory for bulk save
cart_items = list()
for dessert_data in validated_data['desserts']:
dessert_id = dessert_data['dessert_id']
# Break and return 400 if a dessert already in cart
if dessert_id in current_cart_items_ids:
raise exceptions.ParseError(
detail="Dessert (%s) alraedy exists in the cart" %
dessert_id)
return
try: # Check if item_id added to cart is valid dessert_id else return 400
dessert = Dessert.objects.get(
id=dessert_id) # FIXME: Bulk query instead of looping
except Dessert.DoesNotExist:
raise exceptions.ParseError(detail="No such Dessert ID (%s)" %
dessert_id)
return
# Create CartItem in memory and add to cart_items list
quantity = dessert_data['quantity']
cart_items.append(
CartItem(owner=user, dessert=dessert, quantity=quantity))
# Bulk save cart_items to DB
result = CartItem.objects.bulk_create(cart_items)
# Merge recently added items with the current ones in 'shared_with'cart to resturn
# response with all items in cart
response = {'desserts': list(current_cart) + result}
return response
def _parse_mac_to_queryset(mac, queryset):
if not mac:
return queryset
try:
mac = MacPrefix(mac, min_prefix_len=2)
except ValueError as e:
raise exceptions.ParseError("mac: %s" % e)
low, high = mac[0], mac[-1]
return queryset.extra(where=["mac BETWEEN %s AND %s"],
params=[str(low), str(high)])
def destroy(self, request, *args, **kwargs):
instance = self.get_object()
try:
self.perform_destroy(instance)
return Response(status=status.HTTP_204_NO_CONTENT)
except Exception as e:
message = {
"An error was encoutered when closing the request: %s" %
e.message
}
logger.exception(e)
raise exceptions.ParseError(detail=message)
def mount(self, request, pk=None):
drive = self.get_object()
try:
storage_medium = StorageMedium.objects.get(pk=request.data['storage_medium'])
except KeyError:
raise exceptions.ParseError('Missing parameter storage_medium')
except StorageMedium.DoesNotExist:
raise exceptions.ParseError('Invalid storage_medium')
if storage_medium.get_type() != TAPE:
raise exceptions.ParseError('%s is not a tape' % storage_medium)
RobotQueue.objects.get_or_create(
user=self.request.user,
storage_medium_id=storage_medium,
tape_drive=drive,
req_type=10, status__in=[0, 2], defaults={'status': 0}
)
return Response()
def get_queryset(self):
search_word = self.kwargs.get('search_word')
if search_word is None:
raise exceptions.ParseError(
_('Please enter at least 2 characters.'))
if search_word == "":
raise exceptions.ParseError(
_('Please enter at least 2 characters.'))
if len(search_word) < 2:
raise exceptions.ParseError(
_('Please enter at least 2 characters.'))
return Post.objects.filter(
Q(subject__contains=search_word)
| Q(text_content__contains=search_word)
| Q(reply__text_content__contains=search_word)).order_by(
'-%s' % self.kwargs.get('order')).all().annotate(
reply_content=F('reply__content'))
def filter_queryset(self, request, queryset, view):
"""
Return a filtered queryset.
"""
if view.action == 'list':
target_type = request.query_params.get('target_type')
if target_type:
try:
target = get_target(target_type)
except TargetDoesNotExist:
raise exceptions.ParseError(
"Unknown target_type {}".format(target_type))
return queryset.filter(target_content_type=target)
raise exceptions.ParseError(
_("Parameter 'target_type' is missing."))
return queryset
def post(self, request, *args, **kwarg):
confirmation_id = kwarg.get('confirmation_id')
try:
subscription = Subscription.objects.get(
confirmation_id=confirmation_id)
except Subscription.DoesNotExist:
raise exceptions.ParseError(detail="ConfirmationId is invalid")
if self.is_confirmation_expired(subscription):
raise exceptions.ParseError(detail="ConfirmationId is expired")
isSubscribed = subscription.subscribed
if isSubscribed is True:
subscription.updated_at = timezone.now()
else:
subscription.subscribed = True
subscription.subscribed_at = timezone.now()
subscription.confirmation_id = None
subscription.confirmation_requested_at = None
subscription.save()
return Response(status=200 if isSubscribed is True else 201)
def attend_class_time(request, lesson_id, **kwargs):
try:
seconds = int(request.query_params.get('seconds'))
if seconds <= 0 or seconds > 60 * 3:
raise Exception()
lesson = Lesson.objects.filter(pk=lesson_id)
except Exception as e:
raise exceptions.ParseError()
add_attend_class_time(request.user, lesson, seconds)
return response.Response()
def _filter_queryset(self, queryset):
"""Filter queryset by queryparameters.
Filtering is supported by ``name``, ``collection``, ``entities``
and ``positions``.
If ``positions`` parameter is given, it is combined with
coresponding id in ``samples`` parameter and relations are
filtered by (sample, position) pairs. Because of this, if
``positions`` is given, also ``samples`` must be given and
they must be of the same length.
NOTE: Because of complex filtering requirements it is not
possible to use django_restframework_filters (at least
not in a straight foreward way)
"""
# query_params must be casted to dict, otherwise list values cannot be retrieved
query_params = dict(self.request.query_params)
id_ = query_params.get('id', None)
relation_type = query_params.get('type', None)
label = query_params.get('label', None)
entities = query_params.get('entity', None)
positions = query_params.get('position', None)
collection = query_params.get('collection', None)
if id_:
queryset = queryset.filter(id=id_[0])
if relation_type:
queryset = queryset.filter(type__name=relation_type[0])
if label:
queryset = queryset.filter(label=label[0])
if positions is not None and (entities is None
or len(positions) != len(entities)):
raise exceptions.ParseError(
'If `positions` query parameter is given, also `entities` '
'must be given and they must be of the same length.')
if collection:
queryset = queryset.filter(collection__pk=collection[0])
if entities:
for entity, position in six.moves.zip_longest(
entities, positions or []):
filter_params = {'entities__pk': entity}
if position:
filter_params['positioninrelation__position'] = position
queryset = queryset.filter(**filter_params)
return queryset
def change_email(self, request, serializer):
code = serializer.validated_data.get("verify_code", None)
if code is None:
verify_phone(serializer.validated_data['email'])
return Response(status=status.HTTP_204_NO_CONTENT)
else:
if verify_phone(serializer.validated_data['email'], code):
self.object.username = serializer.validated_data['email']
self.object.save()
return Response(status=status.HTTP_204_NO_CONTENT)
else:
raise exceptions.ParseError(detail="verify code not valid.")
def new_structure(self, request, pk=None):
try:
name = request.data['name']
except KeyError:
raise exceptions.ParseError('Missing "name" parameter')
with transaction.atomic():
structure = Structure.objects.create(name=name)
tag = self.get_tag_object()
tag.get_active_structure().create_new(structure)
return Response()
def update(self, request, pk, *args, **kwargs):
if 'xls_file' in request.FILES or 'text_xls_form' in request.data:
# A new XLSForm has been uploaded and will replace the existing
# form
existing_xform = get_object_or_404(XForm, pk=pk)
# Behave like `onadata.apps.main.views.update_xform`: only allow
# the update to proceed if the user is the owner
owner = existing_xform.user
if request.user.pk != owner.pk:
raise exceptions.PermissionDenied(
detail=_("Only a form's owner can overwrite its contents"))
survey = utils.publish_xlsform(request, owner, existing_xform)
if not isinstance(survey, XForm):
if isinstance(survey, dict) and 'text' in survey:
# Typical error text; pass it along
raise exceptions.ParseError(detail=survey['text'])
else:
# Something odd; hopefully it can be coerced into a string
raise exceptions.ParseError(detail=survey)
# Let the superclass handle updates to the other fields
return super(XFormViewSet, self).update(request, pk, *args, **kwargs)
def retry(self, request, pk=None):
obj = self.get_object()
if obj.status not in celery_states.EXCEPTION_STATES:
raise exceptions.ParseError('Only failed tasks can be retried')
root = obj.get_root_step()
if root is not None:
root.resume()
else:
obj.retry()
return Response({'status': 'retries task'})
def _validate_vote_value(self, vote):
if vote is None:
raise exceptions.ParseError(detail={
'detail':
f'A vote_value must be provided in the json data.'
})
try:
vote = int(vote)
if not vote in [-1, 0, 1]:
raise exceptions.ParseError(
detail={
'detail':
f'Vote value \'{vote}\' outside allowed range (-1<=vote<=1).'
})
except ValueError:
raise exceptions.ParseError(
detail={
'detail': f'The vote value must be an integer: -1 | 0 | 1.'
})
return vote
def create(self, request, *args, **kwargs):
user = request.user
data = request.data
subscribed_event_id = self.get_event_id(data)
if not subscribed_event_id:
raise exceptions.ParseError(
'Please, transmit event as dict or str.')
subscribed_event = self.get_obj_by_id(subscribed_event_id, Event)
if not subscribed_event.is_available_for_subscription:
raise exceptions.PermissionDenied('Too late to subscribe.')
response = self.create_subscription(user, subscribed_event)
return response
