def get(self, request, schema, table):
if schema not in schema_whitelist:
raise Http404("Schema not accessible")
table_obj = Table.load(schema, table)
user_perms = login_models.UserPermission.objects.filter(
table=table_obj)
group_perms = login_models.GroupPermission.objects.filter(
table=table_obj)
is_admin = False
can_add = False
can_remove = False
level = login_models.NO_PERM
if not request.user.is_anonymous:
level = request.user.get_table_permission_level(table_obj)
is_admin = level >= login_models.ADMIN_PERM
can_add = level >= login_models.WRITE_PERM
can_remove = level >= login_models.DELETE_PERM
return render(
request,
"dataedit/table_permissions.html",
{
"table": table,
"schema": schema,
"user_perms": user_perms,
"group_perms": group_perms,
"choices": login_models.TablePermission.choices,
"can_add": can_add,
"can_remove": can_remove,
"is_admin": is_admin,
"own_level": level,
},
)
def get(self, request, schema, table):
if schema not in schema_whitelist:
raise Http404("Schema not accessible")
table_obj = Table.load(schema, table)
user_perms = login_models.UserPermission.objects.filter(
table=table_obj)
group_perms = login_models.GroupPermission.objects.filter(
table=table_obj)
is_admin = False
can_add = False
can_remove = False
level = login_models.NO_PERM
if not request.user.is_anonymous():
level = request.user.get_table_permission_level(table_obj)
is_admin = level >= login_models.ADMIN_PERM
can_add = level >= login_models.WRITE_PERM
can_remove = level >= login_models.DELETE_PERM
return render(
request, 'dataedit/table_permissions.html', {
'table': table,
'schema': schema,
'user_perms': user_perms,
'group_perms': group_perms,
'choices': login_models.TablePermission.choices,
'can_add': can_add,
'can_remove': can_remove,
'is_admin': is_admin,
'own_level': level,
})
def __add_group(self, request, schema, table):
group = get_object_or_404(login_models.UserGroup,
name=request.POST['name'])
table_obj = Table.load(schema, table)
p, _ = login_models.GroupPermission.objects.get_or_create(
holder=group, table=table_obj)
p.save()
return self.get(request, schema, table)
def __add_user(self, request, schema, table):
user = login_models.myuser.objects.filter(
name=request.POST['name']).first()
table_obj = Table.load(schema, table)
p, _ = login_models.UserPermission.objects.get_or_create(
holder=user, table=table_obj)
p.save()
return self.get(request, schema, table)
def wrapper(caller, request, *args, **kwargs):
schema = kwargs.get('schema')
table = kwargs.get('table')
if request.user.is_anonymous or request.user.get_table_permission_level(
DBTable.load(schema, table)) < permission:
raise PermissionDenied
else:
return f(caller, request,*args, **kwargs)
def __remove_group(self, request, schema, table):
group = get_object_or_404(login_models.UserGroup,
id=request.POST['group_id'])
table_obj = Table.load(schema, table)
p = get_object_or_404(login_models.GroupPermission,
holder=group,
table=table_obj)
p.delete()
return self.get(request, schema, table)
def __remove_user(self, request, schema, table):
user = get_object_or_404(login_models.myuser,
id=request.POST['user_id'])
table_obj = Table.load(schema, table)
p = get_object_or_404(login_models.UserPermission,
holder=user,
table=table_obj)
p.delete()
return self.get(request, schema, table)
def __change_user(self, request, schema, table):
user = login_models.myuser.objects.filter(
id=request.POST['user_id']).first()
table_obj = Table.load(schema, table)
p = get_object_or_404(login_models.UserPermission,
holder=user,
table=table_obj)
p.level = request.POST['level']
p.save()
return self.get(request, schema, table)
def __change_group(self, request, schema, table):
group = get_object_or_404(login_models.UserGroup,
id=request.POST["group_id"])
table_obj = Table.load(schema, table)
p = get_object_or_404(login_models.GroupPermission,
holder=group,
table=table_obj)
p.level = request.POST["level"]
p.save()
return self.get(request, schema, table)
def put(self, request, schema, table):
"""
Every request to unsave http methods have to contain a "csrftoken".
This token is used to deny cross site reference forwarding.
In every request the header had to contain "X-CSRFToken" with the actual csrftoken.
The token can be requested at / and will be returned as cookie.
:param request:
:return:
"""
if schema not in PLAYGROUNDS and schema not in UNVERSIONED_SCHEMAS:
raise PermissionDenied
if schema.startswith("_"):
raise PermissionDenied
if request.user.is_anonymous:
raise PermissionDenied
if actions.has_table(dict(schema=schema, table=table), {}):
raise APIError("Table already exists")
json_data = request.data["query"]
constraint_definitions = []
column_definitions = []
for constraint_definiton in json_data.get("constraints", []):
constraint_definiton.update({
"action": "ADD",
"c_table": table,
"c_schema": schema
})
constraint_definitions.append(constraint_definiton)
if "columns" not in json_data:
raise actions.APIError("Table contains no columns")
for column_definition in json_data["columns"]:
column_definition.update({"c_table": table, "c_schema": schema})
column_definitions.append(column_definition)
metadata = json_data.get("metadata")
result = self.__create_table(request,
schema,
table,
column_definitions,
constraint_definitions,
metadata=metadata)
perm, _ = login_models.UserPermission.objects.get_or_create(
table=DBTable.load(schema, table), holder=request.user)
perm.level = login_models.ADMIN_PERM
perm.save()
request.user.save()
return JsonResponse({}, status=status.HTTP_201_CREATED)
def get(self, request, schema='model_draft', table=None):
"""Handle GET request (render the page).
"""
engine = actions._get_engine()
can_add = False
columns = None
pk_fields = None
n_rows = None
if table:
# get information about the table
# if upload: table must exist in schema model_draft
if schema != 'model_draft':
raise Http404('Can only upload to schema model_draft')
if not engine.dialect.has_table(engine, table, schema=schema):
raise Http404('Table does not exist')
table_obj = Table.load(schema, table)
if not request.user.is_anonymous:
user_perms = login_models.UserPermission.objects.filter(
table=table_obj)
level = request.user.get_table_permission_level(table_obj)
can_add = level >= login_models.WRITE_PERM
columns = get_column_description(schema, table)
# get number of rows
sql = "SELECT COUNT(*) FROM {schema}.{table}".format(schema=schema,
table=table)
res = actions.perform_sql(sql)
n_rows = res['result'].fetchone()[0]
context = {
"config":
json.dumps({ # pass as json string
"canAdd": can_add,
"columns": columns,
"schema": schema,
"table": table,
"nRows": n_rows
}),
"schema":
schema,
"table":
table,
"can_add":
can_add
}
return render(request, "dataedit/wizard.html", context=context)
def put(self, request, schema, table):
"""
Every request to unsave http methods have to contain a "csrftoken".
This token is used to deny cross site reference forwarding.
In every request the header had to contain "X-CSRFToken" with the actual csrftoken.
The token can be requested at / and will be returned as cookie.
:param request:
:return:
"""
if schema not in ['model_draft', 'sandbox', 'test']:
raise PermissionDenied
if schema.startswith('_'):
raise PermissionDenied
if request.user.is_anonymous():
raise PermissionDenied
if actions.has_table(dict(schema=schema, table=table), {}):
raise APIError('Table already exists')
json_data = request.data['query']
constraint_definitions = []
column_definitions = []
for constraint_definiton in json_data.get('constraints', []):
constraint_definiton.update({
"action": "ADD",
"c_table": table,
"c_schema": schema
})
constraint_definitions.append(constraint_definiton)
if 'columns' not in json_data:
raise actions.APIError("Table contains no columns")
for column_definition in json_data['columns']:
column_definition.update({"c_table": table, "c_schema": schema})
column_definitions.append(column_definition)
result = actions.table_create(schema, table, column_definitions,
constraint_definitions)
perm, _ = login_models.UserPermission.objects.get_or_create(
table=DBTable.load(schema, table), holder=request.user)
perm.level = login_models.ADMIN_PERM
perm.save()
request.user.save()
return JsonResponse(result, status=status.HTTP_201_CREATED)
def post(self, request, schema, table):
table_obj = Table.load(schema, table)
if request.user.is_anonymous(
) or request.user.get_table_permission_level(
table_obj) < login_models.ADMIN_PERM:
raise PermissionDenied
if request.POST['mode'] == 'add_user':
return self.__add_user(request, schema, table)
if request.POST['mode'] == 'alter_user':
return self.__change_user(request, schema, table)
if request.POST['mode'] == 'remove_user':
return self.__remove_user(request, schema, table)
if request.POST['mode'] == 'add_group':
return self.__add_group(request, schema, table)
if request.POST['mode'] == 'alter_group':
return self.__change_group(request, schema, table)
if request.POST['mode'] == 'remove_group':
return self.__remove_group(request, schema, table)
def get(self, request, schema, table):
columns = get_column_description(schema, table)
can_add = False
table_obj = Table.load(schema, table)
if not request.user.is_anonymous:
level = request.user.get_table_permission_level(table_obj)
can_add = level >= login_models.WRITE_PERM
context_dict = {
"config":
json.dumps({
"schema":
schema,
"table":
table,
"columns":
columns,
"url_api_meta":
reverse('api_table_meta',
kwargs={
"schema": schema,
"table": table
}),
"url_view_table":
reverse('view', kwargs={
"schema": schema,
"table": table
}),
}),
"can_add":
can_add
}
return render(
request,
"dataedit/meta_edit.html",
context=context_dict,
)
def get(self, request, schema, table):
"""
Collects the following information on the specified table:
* Postgresql comment on this table
* A list of all columns
* A list of all revisions of this table
:param request: An HTTP-request object sent by the Django framework
:param schema: Name of a schema
:param table: Name of a table stored in this schema
:return:
"""
if schema not in schema_whitelist or schema.startswith("_"):
raise Http404("Schema not accessible")
tags = [] # TODO: Unused - Remove
db = sec.dbname
engine = actions._get_engine()
if not engine.dialect.has_table(engine, table, schema=schema):
raise Http404
# create a table for the metadata linked to the given table
actions.create_meta(schema, table)
# the metadata are stored in the table's comment
metadata = load_metadata_from_db(schema, table)
meta_widget = MetaDataWidget(metadata)
revisions = []
# load the admin interface
api_changes = change_requests(schema, table)
data = api_changes.get("data")
display_message = api_changes.get("display_message")
display_items = api_changes.get("display_items")
is_admin = False
can_add = False # can upload data
table_obj = Table.load(schema, table)
if request.user and not request.user.is_anonymous:
is_admin = request.user.has_admin_permissions(schema, table)
level = request.user.get_table_permission_level(table_obj)
can_add = level >= login_models.WRITE_PERM
table_views = DBView.objects.filter(table=table).filter(schema=schema)
default = DBView(name="default",
type="table",
table=table,
schema=schema)
view_id = request.GET.get("view")
if view_id == "default":
current_view = default
else:
try:
# at first, try to use the view, that is passed as get argument
current_view = table_views.get(id=view_id)
except ObjectDoesNotExist:
current_view = default
table_views = list(chain((default, ), table_views))
context_dict = {
"comment_on_table": dict(metadata),
"meta_widget": meta_widget.render(),
"revisions": revisions,
"kinds": ["table", "map", "graph"],
"table": table,
"schema": schema,
"tags": tags,
"data": data,
"display_message": display_message,
"display_items": display_items,
"views": table_views,
"filter": current_view.filter.all(),
"current_view": current_view,
"is_admin": is_admin,
"can_add": can_add,
"host": request.get_host(),
}
context_dict.update(current_view.options)
return render(request, "dataedit/dataview.html", context=context_dict)