def to_representation(self, instance, **kwargs):
to_representation_dict = super(AdGroupSerializer,
self).to_representation(
instance, **kwargs)
user = REGISTRY.get('user', None)
try:
data = json.loads(to_representation_dict.get('targeting'),
object_pairs_hook=OrderedDict)
except:
data = None
else:
fields = ["targeting.%s" % f for f in data.keys()]
permitted_fields = user.get_permitted_instance_fields(
instance=instance, action='read', fields=fields)
for k in data.keys():
if "targeting.%s" % k not in permitted_fields:
del data[k]
to_representation_dict[
'targeting'] = '' if data is None else json.dumps(data)
return to_representation_dict
def post(self, request):
data = request.DATA
result = None
# check permissions
user = REGISTRY.get('user', None)
if not bool(user.get_permitted_model_fields(model='tools', action='read', fields=['resubmission'])):
raise PermissionDeniedException()
try:
src_ad_ids = [long(x) for x in data['src_ad_ids']]
# pylint: disable=broad-except
except Exception:
status = HTTP_400_BAD_REQUEST
else:
src_ads = self.model.objects.filter(pk__in=src_ad_ids)
if src_ads.exists():
ad_adx_new = []
for ad_entry in src_ads:
if ad_entry.adx_status == AD_STATUS_DISAPPROVED:
ad_entry.adx_status = AD_STATUS_NEW
ad_entry.save()
ad_adx_new.append(ad_entry.pk)
status = HTTP_200_OK
result = {'items': ad_adx_new}
else:
status = HTTP_400_BAD_REQUEST
result = self.no_ads_found_msg
return Response(data=result, status=status)
def dispatch(self, request, path):
self.items_cache = {}
self.path = path
user = REGISTRY.get('user', None)
self.user = user
select = request.GET.get('$select', None)
if select is not None:
self.select = select.split(',')
trading_desk = user.profile.trading_desk.first()
if trading_desk is None:
return HttpResponse('{"HTTP-STATUS": 403}', status=200)
self.trading_desk_key = trading_desk.trading_desk_key
trading_desk_ids = [str(t.pk) for t in TradingDesk.objects.all()]
filter_by_trading_desk_id = request.GET.get(
'filter_by_trading_desk_id', '')
if filter_by_trading_desk_id != '':
trading_desk_ids = [
i for i in trading_desk_ids
if i in filter_by_trading_desk_id.split(",")
]
if not trading_desk_ids:
return HttpResponse('{"HTTP-STATUS": 403}', status=200)
self.trading_desk_ids = trading_desk_ids
return super(TWReports, self).dispatch(request)
def is_own(self):
"""Returns True if agency entity belongs to the current user."""
user_advertiser_ids = REGISTRY.get('user_advertiser_ids')
if user_advertiser_ids and Agency.objects.filter(agency_advertisers__advertiser_id__in=user_advertiser_ids,
agency_id=self.agency_id).exists():
return True
user_agency_ids = REGISTRY.get('user_agency_ids')
if user_agency_ids and self.agency_id in user_agency_ids:
return True
user_trading_desk_ids = REGISTRY.get('user_trading_desk_ids')
if user_trading_desk_ids and self.trading_desk_id in user_trading_desk_ids:
return True
return False
def is_own(self):
"""Returns True if campaign entity belongs to the current user."""
advertiser_ids = REGISTRY.get('user_advertiser_ids')
if advertiser_ids and self.advertiser_id_id in advertiser_ids:
return True
agency_ids = REGISTRY.get('user_agency_ids')
if agency_ids and Campaign.objects.filter(advertiser_id__agency_id__in=agency_ids,
campaign_id=self.campaign_id).exists():
return True
trading_desk_ids = REGISTRY.get('user_trading_desk_ids')
if trading_desk_ids and Campaign.objects.filter(advertiser_id__agency_id__trading_desk_id__in=trading_desk_ids,
campaign_id=self.campaign_id).exists():
return True
return False
def get(self, request, **unused_kwargs):
user = REGISTRY.get('user', None)
if not user.is_authenticated():
return HttpResponse(json.dumps({'HTTP-STATUS': 401}), status=401)
cache_key = 'restapi:%s:/perm' % user.pk
response = cache.get(cache_key)
if CACHE and response:
return Response(response)
permissions = OrderedDict()
for name, cls in SERIALIZERS:
if DEBUG_SERIALIZER and DEBUG_SERIALIZER != name:
continue
serializer = cls(context={'request': request})
fields = serializer.fields.keys()
fields += cls.permissions_extra_fields
if hasattr(cls, 'Meta') and getattr(cls.Meta.model,
'permission_check', False):
model = cls.Meta.model
permissions[name] = self.resource_permissions(
user, model, True, fields, getattr(model, 'actions', []))
for resource, data in six.iteritems(EXTRA_PERMISSIONS):
permissions[resource] = self.resource_permissions(
user, resource, True, data['properties'], data['actions'])
profile = OrderedDict()
trading_desks = list(
TradingDesk.objects_raw.filter(
trading_desk_userprofiles__user=user).values(
'trading_desk_id', 'trading_desk')[:1])
if trading_desks:
profile.update(trading_desks[0])
advertisers = list(
Advertiser.objects_raw.filter(
advertiser_userprofiles__user=user).values(
'advertiser_id', 'advertiser')[:1])
if advertisers:
profile.update(advertisers[0])
response = OrderedDict(username=user.username,
is_manage_user=user.is_manage_user,
profile=profile,
roles=user.profile.get_roles(),
permissions=permissions)
cache.set(cache_key, response, CACHE_TIME)
return Response(response)
def all(self, *args, **kwargs):
queryset = super(BaseManager, self).all(*args, **kwargs)
user = REGISTRY.get('user', None)
if not user or user.is_anonymous():
from restapi.models.User import User
if self.model == User:
return queryset
if self.model.permission_check:
queryset = self.filter_by_authorized_user(queryset)
return queryset
def is_own(self):
if self.pk is None:
return True
user = REGISTRY.get('user')
if not user:
return False
trading_desk = self.profile.trading_desk.first()
advertiser = self.profile.advertisers.first()
if not advertiser and trading_desk:
user_trading_desk = user.trading_desk.first()
return user_trading_desk and trading_desk.pk == user_trading_desk.pk
return user.pk == self.pk
def get(self, request):
params = request.data if request.method == 'POST' else request.query_params
bidder_name = params.get('bidder', None) or ''
bidder_name = bidder_name.lower()
server_name = params.get('bidder_machine', None) or 'insights-bidder'
is_trident = params.get('is_trident', None)
# check permissions
user = REGISTRY.get('user', None)
perm_field = 'publisher_bidder_insight' if bidder_name == 'appsponsor' else 'advertiser_bidder_insight'
if not bool(
user.get_permitted_model_fields(
model='tools', action='read', fields=[perm_field])):
raise PermissionDeniedException()
raw_input_str = params.get('raw_request', None)
is_raw = False
if raw_input_str:
payload = json.loads(raw_input_str)
payload['manage_debug'] = 1
is_raw = True
elif bidder_name == 'appsponsor': #L48
payload = self.get_payload_for_appsponsor(params)
is_raw = True
else: #L112
payload = self.get_payload(params)
bidder_data = bidder_api_call(payload, server_name, is_trident, is_raw,
bidder_name) #L153-158
if bidder_data is None:
bidder_data = dict()
result = OrderedDict()
# pylint: disable=unidiomatic-typecheck
if type(bidder_data) == dict and 'Fail' in bidder_data:
result['Fail'] = bidder_data['Fail']
del bidder_data['Fail']
# pylint: disable=unidiomatic-typecheck
elif type(bidder_data) == dict and len(bidder_data.keys()) < 2:
result['Fail'] = 'unknown reason'
for key in ['chosen_ad', 'raw_request']: #L435,439,445,459
if key in bidder_data:
del bidder_data[key]
# pylint: disable=invalid-name
fn = self.prepare_result_appsponsor if bidder_name == 'appsponsor' else self.prepare_result #L299
result.update(fn(request, bidder_data))
return Response({'result': result})
def get(self, *args, **kwargs):
instance = super(BaseManager, self).get(*args, **kwargs)
user = REGISTRY.get('user', None)
# pylint: disable=attribute-defined-outside-init
if self.model.permission_check and settings.SYSTEM_USER is False:
if not user or user.is_anonymous():
from restapi.models.User import User
if self.model == User:
return instance
raise ValueError('Unable resolve current user.')
if not user.check_instance_permission(instance=instance,
action='read'):
raise PermissionDeniedException(
"user=%s; action=%s; model=%s; all_permissions=%s;" %
(user.username, 'read', self.model.__name__,
repr(user.get_all_permissions())))
return instance
def get(self, request, **unused_kwargs):
user = REGISTRY.get('user', None)
if not user.is_authenticated():
return HttpResponse('{"HTTP-STATUS": 401}', status=200)
data = {
'username': user.username,
'roles': user.profile.get_roles(),
'tabs_urls': settings.TABS_URLS,
'advertisers':
{a.pk: a.advertiser
for a in Advertiser.objects.own()},
'placement_sources':
{s.pk: s.source
for s in Source.objects.all()},
'osv': {
'ios': settings.OSV_LATEST_IOS,
'android': settings.OSV_LATEST_ANDROID
}
}
for name, choices in CHOICES:
data[name] = {d[0]: d[1] for d in choices}
return Response(data)
def device_id(request):
# check permissions
user = REGISTRY.get('user', None)
if not bool(
user.get_permitted_model_fields(
model='tools', action='read', fields=['device_id'])):
raise PermissionDeniedException()
advertiser_id = request.GET.get('advertiser_id', '')
advertiser = None
if advertiser_id:
qs = Advertiser.objects.filter(pk=advertiser_id)
if qs.exists():
advertiser = qs.first()
else:
advertiser_id = ''
campaign_id = request.GET.get('campaign_id', '') if advertiser else ''
if campaign_id:
qs = advertiser.campaign_set.filter(campaign_id=campaign_id)
if not qs.exists():
campaign_id = ''
params = {
'type': request.GET.get('type', ''),
'start': request.GET.get('start', ''),
'end': request.GET.get('end', ''),
'advertiser_id': advertiser_id,
'campaign_id': campaign_id
}
if not params['start']:
params['start'] = '2011-09-01'
if not params['end']:
end = datetime.now() + timedelta(days=1)
params['end'] = end.strftime("%Y-%m-%d")
for key in ['start', 'end']:
params[key] = re.sub(r'-(\d)-', r'-0\1-', params[key])
params[key] = re.sub(r'-(\d)$', r'-0\1', params[key])
api_file = '2/download-device-ids.php'
api_root = settings.STATS_API_DOMAIN + api_file + '?key=' + settings.STATS_API_KEY
query_string = urllib.urlencode(params)
api_for_sql_query = api_root + '&' + query_string
request = Request(api_for_sql_query)
response = HttpResponse(content_type='text/csv')
try:
api_response = urlopen(request)
def stream_response_generator():
while True:
data = api_response.read(1024)
if not data:
return
yield data
response = StreamingHttpResponse(stream_response_generator(),
content_type='text/csv')
response[
'Content-Disposition'] = 'attachment; filename="device_id.csv"'
# pylint: disable=bare-except
except:
response.write('Data invalid')
return response
def __permitted_instance_fields(self, instance, action):
user = REGISTRY.get('user', None)
return user.get_permitted_instance_fields(instance=instance,
action=action,
fields=self.fields.keys())
def get(self, request, **kwargs):
user = REGISTRY.get('user', None)
if not user.is_authenticated():
return HttpResponse('{"HTTP-STATUS": 401}', status=200)
CACHE_KEY = "restapi:%s:/schema" % user.pk
metadata = cache.get(CACHE_KEY)
if CACHE and metadata:
return Response(metadata)
simple_meta = SimpleMetadata()
metadata = OrderedDict()
for name, cls in SERIALIZERS:
if DEBUG_SERIALIZER and DEBUG_SERIALIZER != name:
continue
serializer = cls(context={'request': request})
info = OrderedDict()
for field_name, field in serializer.fields.items():
field_info = OrderedDict()
field_info['type'] = simple_meta.label_lookup[field]
if getattr(
field, 'required',
False) or field_name in serializer.required_in_schema:
field_info['required'] = True
attrs = [
'read_only', 'label', 'help_text', 'min_length',
'max_length', 'min_value', 'max_value'
]
for attr in attrs:
value = getattr(field, attr, None)
if value is not None and value is not False and value != '':
field_info[attr] = force_text(value, strings_only=True)
if isinstance(field, PrimaryKeyRelatedField):
field_info['relation'] = self.relation_name_lookup(
field.queryset.model)
elif hasattr(field, 'choices'):
choices = []
field_info['choices'] = choices
data = ALL_GROUPS if name == 'user' else field.choices.items(
)
for choice_value, choice_name in data:
choices.append({
'value':
choice_value,
'display_name':
force_text(choice_name, strings_only=True)
})
if name == 'user':
field_info['manage_choices'] = []
for choice_value, choice_name in MANAGE_GROUPS:
field_info['manage_choices'].append({
'value':
choice_value,
'display_name':
force_text(choice_name, strings_only=True)
})
field_info['td_choices'] = []
for choice_value, choice_name in TD_GROUPS:
field_info['td_choices'].append({
'value':
choice_value,
'display_name':
force_text(choice_name, strings_only=True)
})
info[field_name] = field_info
primary_key = None
unique_keys = []
if hasattr(serializer, 'Meta') and hasattr(serializer.Meta,
'model'):
model_meta = serializer.Meta.model._meta
primary_key = model_meta.pk.name
unique_keys = model_meta.unique_together
metadata[name] = OrderedDict()
metadata[name]['type'] = 'object'
metadata[name]['primary_key'] = primary_key
metadata[name]['unique_keys'] = unique_keys
metadata[name]['properties'] = info
cache.set(CACHE_KEY, metadata, CACHE_TIME)
return Response(metadata)
def advertiser_stats_proxy(request, token, path):
"""
Proxy to use cross domain Ajax GET requests
request: Django request object
"""
user = REGISTRY.get('user', None)
trading_desk = user.profile.trading_desk.first()
if trading_desk:
token = trading_desk.trading_desk_key
else:
advertiser = user.profile.advertisers.first()
if advertiser is None:
raise PermissionDeniedException()
token = advertiser.advertiser_key
if request.GET.get('source_type') == '2':
url = ''.join([
settings.TWITTER_STATS_API_DOMAIN,
settings.ADVERTISER_STATS_API_PATH, path
])
else:
url = ''.join([
settings.STATS_API_DOMAIN, settings.ADVERTISER_STATS_API_PATH, path
])
trading_desk_ids = map(
str,
TradingDesk.TradingDesk.objects.values_list('trading_desk_id',
flat=True))
get_params = copy(request.GET)
should_cache = get_params.get('should_cache')
if should_cache:
del get_params['should_cache']
# get end date (frontend user timezone) user timezone yesterday could be today in stats API timezone
end_date = get_params['date_to']
# get today str (Monarch, Stats API timezone)
_today = datetime.date.today().strftime('%Y-%m-%d')
should_cache = _today > end_date and datetime.datetime.now().hour > 7
filter_by_trading_desk_id = get_params.get('filter_by_trading_desk_id', '')
if filter_by_trading_desk_id != '':
filter_ids = get_params['filter_by_trading_desk_id'].split(',')
trading_desk_ids = map(
str, [i for i in trading_desk_ids if i in filter_ids])
ad_id = get_params.get('filter_by_ad_id')
ad_group_id = get_params.get('filter_by_ad_group_id')
if ad_id and not ad_group_id:
try:
ad_group_id = Ad.Ad.objects.get(pk=ad_id).ad_group_id.pk
get_params['filter_by_ad_group_id'] = ad_group_id
except:
pass
campaign_id = get_params.get('filter_by_campaign_id')
if ad_group_id and not campaign_id:
try:
campaign_id = AdGroup.AdGroup.objects.get(
pk=ad_group_id).campaign_id.pk
get_params['filter_by_campaign_id'] = campaign_id
except:
pass
advertiser_id = get_params.get('filter_by_advertiser_id')
if campaign_id and not advertiser_id:
try:
advertiser_id = Campaign.Campaign.objects.get(
pk=campaign_id).advertiser_id.pk
get_params['filter_by_advertiser_id'] = advertiser_id
except:
pass
if not trading_desk_ids:
return http.JsonResponse({
'HTTP-STATUS': 403,
'success': False
},
safe=True,
status=403)
get_params['filter_by_trading_desk_id'] = ','.join(trading_desk_ids)
break_by = get_params.get('break_by', '')
break_by = break_by.split(',') if break_by else []
for param in get_params.keys():
if param[:7] == 'filter_' and param[-5:] == '_like':
filter_name = param[7:-5]
if filter_name not in break_by:
break_by.append(filter_name)
get_params['break_by'] = ','.join(break_by)
params = ['%s=%s' % (k, get_params[k]) for k in get_params.keys()]
query = '&'.join(params)
data = redis_cache.get(query, False)
if data:
content_type = 'application/json'
status_code = 200
else:
url = url + '?' + query
headers = {'Authorization': 'token token="%s"' % token}
response = requests.get(url, headers=headers, verify=False)
status_code = int(response.status_code)
data = response.text
content_type = response.headers.get('content-type', 'application/json')
if content_type == 'text/json':
content_type = 'application/json'
if content_type == 'text/csv':
csv_reader = csv.DictReader(six.StringIO(response.text))
permitted_fields = set(
request.user.get_permitted_model_fields(
'metrics', 'read', csv_reader.fieldnames))
remap_fields = {}
if request.user.profile.advertisers.exists():
# IMPORTANT: If user has advertiser than it's advertiser user and we should display cost as a spend.
remap_fields['cost'] = 'spend'
out = six.StringIO()
field_names = [
f for f in csv_reader.fieldnames if f in permitted_fields
]
csv_writer = csv.DictWriter(
out, [remap_fields.get(f, f) for f in field_names])
csv_writer.writeheader()
for row in csv_reader:
csv_writer.writerow({
remap_fields.get(k, k): v
for k, v in six.iteritems(row) if k in field_names
})
data = out.getvalue()
elif content_type == 'application/json':
json_data = json.loads(data)
entity_by_id_by_model_name = collections.defaultdict(dict)
for name in {'advertiser', 'campaign', 'ad_group', 'ad'}:
key = '{}_id'.format(name)
ids = list(
set(
core.safe_to_int(item_id)
for item_id in (i.get(key) for i in json_data)
if item_id))
if ids:
model = _MODEL_BY_NAME[name]
fields = _FIELDS_BY_MODEL_NAME[name]
if key not in fields:
fields += (key, )
for item in model.objects.filter(**{
'{}__in'.format(key): ids
}).values(*fields):
entity_by_id_by_model_name[name][item[key]] = {
k.split('__')[-1]: v
for k, v in six.iteritems(item) if k != key
}
for i in json_data:
item_id = core.safe_to_int(i[key])
if item_id in entity_by_id_by_model_name[name]:
i.update(entity_by_id_by_model_name[name][item_id])
data = json.dumps(json_data)
if status_code != 200:
data = json.dumps({'info': data})
elif should_cache and content_type != 'text/csv':
# cache only if status_code is 200
# expire after 2 days
redis_cache.set(query, data, 60 * 60 * 24 * 2)
response = HttpResponse(data,
status=status_code,
content_type=content_type)
if content_type == 'text/csv':
response['Content-Disposition'] = 'inline; filename="report.csv"'
return response