def account_login(request, *args, **kwargs):
username = request.POST.get('username', None)
password = request.POST.get('password', None)
user = auth.authenticate(username=username, password=password)
if not user or not user.is_active:
return WebAPIResponseError(request, LOGIN_FAILED)
auth.login(request, user)
return WebAPIResponse(request)
def get(self, request, api_format, *args, **kwargs):
"""Handles HTTP GETs to individual object resources.
By default, this will check for access permissions and query for
the object. It will then return a serialized form of the object.
This may need to be overridden if needing more complex logic.
"""
if (not self.model
or (self.uri_object_key is None and not self.singleton)):
return HttpResponseNotAllowed(self.allowed_methods)
try:
obj = self.get_object(request, *args, **kwargs)
except self.model.DoesNotExist:
return DOES_NOT_EXIST
if not self.has_access_permissions(request, obj, *args, **kwargs):
if request.user.is_authenticated():
return PERMISSION_DENIED
else:
return NOT_LOGGED_IN
last_modified_timestamp = self.get_last_modified(request, obj)
if (last_modified_timestamp
and get_modified_since(request, last_modified_timestamp)):
return HttpResponseNotModified()
etag = self.get_etag(request, obj)
if etag and etag_if_none_match(request, etag):
return HttpResponseNotModified()
data = {
self.item_result_key:
self.serialize_object(obj, request=request, *args, **kwargs),
}
response = WebAPIResponse(request,
status=200,
obj=data,
api_format=api_format,
**self.build_response_args(request))
if last_modified_timestamp:
set_last_modified(response, last_modified_timestamp)
if etag:
set_etag(response, etag)
return response
def _get_diff_data(self, request, mimetype, *args, **kwargs):
try:
resources.review_request.get_object(request, *args, **kwargs)
filediff = self.get_object(request, *args, **kwargs)
except ObjectDoesNotExist:
return DOES_NOT_EXIST
highlighting = request.GET.get('syntax-highlighting', False)
files = get_diff_files(filediff.diffset, filediff, request=request)
populate_diff_chunks(files, highlighting, request=request)
if not files:
# This may not be the right error here.
return DOES_NOT_EXIST
assert len(files) == 1
f = files[0]
payload = {
'diff_data': {
'binary': f['binary'],
'chunks': f['chunks'],
'num_changes': f['num_changes'],
'changed_chunk_indexes': f['changed_chunk_indexes'],
'new_file': f['newfile'],
}
}
# XXX: Kind of a hack.
api_format = mimetype.split('+')[-1]
resp = WebAPIResponse(request, payload, api_format=api_format)
set_last_modified(resp, filediff.diffset.timestamp)
return resp
def account_logout(request, *args, **kwargs):
auth.logout(request)
return WebAPIResponse(request)
def __call__(self, request, api_format=None, *args, **kwargs):
"""Invokes the correct HTTP handler based on the type of request."""
check_login(request)
method = request.method
if method == 'POST':
# Not all clients can do anything other than GET or POST.
# So, in the case of POST, we allow overriding the method
# used.
method = request.POST.get('_method', kwargs.get('_method', method))
elif method == 'PUT':
# Normalize the PUT data so we can get to it.
# This is due to Django's treatment of PUT vs. POST. They claim
# that PUT, unlike POST, is not necessarily represented as form
# data, so they do not parse it. However, that gives us no clean way
# of accessing the data. So we pretend it's POST for a second in
# order to parse.
#
# This must be done only for legitimate PUT requests, not faked
# ones using ?method=PUT.
try:
request.method = 'POST'
request._load_post_and_files()
request.method = 'PUT'
except AttributeError:
request.META['REQUEST_METHOD'] = 'POST'
request._load_post_and_files()
request.META['REQUEST_METHOD'] = 'PUT'
request.PUT = request.POST
if method in self.allowed_methods:
if (method == "GET" and
not self.singleton and
(self.uri_object_key is None or
self.uri_object_key not in kwargs)):
view = self.get_list
else:
view = getattr(self, self.method_mapping.get(method, None))
else:
view = None
if view and callable(view):
result = view(request, api_format=api_format, *args, **kwargs)
if isinstance(result, WebAPIResponse):
return result
elif isinstance(result, WebAPIError):
return WebAPIResponseError(request, err=result,
api_format=api_format)
elif isinstance(result, tuple):
headers = {}
if method == 'GET':
request_params = request.GET
else:
request_params = request.POST
if len(result) == 3:
headers = result[2]
if 'Location' in headers:
extra_querystr = '&'.join([
'%s=%s' % (param, request_params[param])
for param in SPECIAL_PARAMS
if param in request_params
])
if extra_querystr:
if '?' in headers['Location']:
headers['Location'] += '&' + extra_querystr
else:
headers['Location'] += '?' + extra_querystr
if isinstance(result[0], WebAPIError):
return WebAPIResponseError(request,
err=result[0],
headers=headers,
extra_params=result[1],
api_format=api_format)
else:
return WebAPIResponse(request,
status=result[0],
obj=result[1],
headers=headers,
api_format=api_format)
elif isinstance(result, HttpResponse):
return result
else:
raise AssertionError(result)
else:
return HttpResponseNotAllowed(self.allowed_methods)