"CONTENT_SECURITY_POLICY", "default-src 'none'; frame-ancestors 'none'") return response Compress(app) # Endpoints required for the Balrog 2.0 UI. # In the Mozilla deployments of Balrog, both the the admin API (these endpoints) # and the static admin UI are hosted on the same domain. This API wsgi app is # hosted at "/api", which is stripped away by the web server before we see # these requests. app.add_url_rule("/csrf_token", view_func=CSRFView.as_view("csrf")) app.add_url_rule("/users", view_func=UsersView.as_view("users")) app.add_url_rule("/users/roles", view_func=AllRolesView.as_view("all_users_roles")) app.add_url_rule("/users/<username>", view_func=SpecificUserView.as_view("specific_user")) app.add_url_rule("/users/<username>/permissions", view_func=PermissionsView.as_view("user_permissions")) app.add_url_rule( "/users/<username>/permissions/<permission>", view_func=SpecificPermissionView.as_view("specific_permission")) app.add_url_rule("/users/<username>/roles", view_func=UserRolesView.as_view("user_roles")) app.add_url_rule("/users/<username>/roles/<role>", view_func=UserRoleView.as_view("user_role")) app.add_url_rule("/rules", view_func=RulesAPIView.as_view("rules")) # Normal operations (get/update/delete) on rules can be done by id or alias... app.add_url_rule("/rules/<id_or_alias>", view_func=SingleRuleView.as_view("rule"))
def all_users_roles_get(): """GET /users/roles""" return AllRolesView().get()
response.headers['X-Frame-Options'] = 'SAMEORIGIN' else: response.headers["Content-Security-Policy"] = \ app.config.get("CONTENT_SECURITY_POLICY", "default-src 'none'; frame-ancestors 'none'") return response Compress(app) # Endpoints required for the Balrog 2.0 UI. # In the Mozilla deployments of Balrog, both the the admin API (these endpoints) # and the static admin UI are hosted on the same domain. This API wsgi app is # hosted at "/api", which is stripped away by the web server before we see # these requests. app.add_url_rule("/users/roles", view_func=AllRolesView.as_view("all_users_roles")) app.add_url_rule("/users/<username>", view_func=SpecificUserView.as_view("specific_user")) app.add_url_rule("/users/<username>/permissions", view_func=PermissionsView.as_view("user_permissions")) app.add_url_rule("/users/<username>/permissions/<permission>", view_func=SpecificPermissionView.as_view("specific_permission")) app.add_url_rule("/users/<username>/roles", view_func=UserRolesView.as_view("user_roles")) app.add_url_rule("/users/<username>/roles/<role>", view_func=UserRoleView.as_view("user_role")) # Normal operations (get/update/delete) on rules can be done by id or alias... app.add_url_rule("/rules/<id_or_alias>", view_func=SingleRuleView.as_view("rule")) app.add_url_rule("/rules/columns/<column>", view_func=SingleRuleColumnView.as_view("rule_columns")) # ...but anything to do with history must be done by id, beacuse alias may change over time app.add_url_rule("/rules/<int:rule_id>/revisions", view_func=RuleHistoryAPIView.as_view("rules_revisions")) app.add_url_rule("/releases", view_func=ReleasesAPIView.as_view("releases")) app.add_url_rule("/releases/<release>", view_func=SingleReleaseView.as_view("single_release")) app.add_url_rule("/releases/<release>/read_only", view_func=ReleaseReadOnlyView.as_view("read_only")) app.add_url_rule("/releases/<release>/builds/<platform>/<locale>", view_func=SingleLocaleView.as_view("single_locale")) app.add_url_rule("/releases/<release>/revisions", view_func=ReleaseHistoryView.as_view("release_revisions"))