def create_or_update(collection=None, source=None):
if collection is not None:
authz.require(authz.collection(authz.WRITE, collection))
if source is not None:
authz.require(authz.source(authz.WRITE, source))
resource_type = Permission.COLLECTION if collection else Permission.SOURCE
resource_id = collection or source
data = request_data()
validate(data, permissions_schema)
# check that the role exists.
rq = session.query(Role).filter(Role.id == data['role'])
if rq.first() is None:
raise BadRequest()
q = session.query(Permission)
q = q.filter(Permission.role_id == data['role'])
q = q.filter(Permission.resource_type == resource_type)
q = q.filter(Permission.resource_id == resource_id)
permission = q.first()
if permission is None:
permission = Permission()
permission.role_id = data['role']
permission.resource_type = resource_type
permission.resource_id = resource_id
permission.read = data['read']
permission.write = data['write']
session.add(permission)
session.commit()
return jsonify({
'status': 'ok',
'updated': permission
})
def collection_entity_save(collection):
collection = get_collection(collection, authz.WRITE)
data = request_data()
update_operation = 'id' in data
entities = get_loom_config().entities
schema = data.get('$schema')
if update_operation and schema is None:
schema = entities.get_schema(data['id'], right=authz.entity_right())
if schema not in get_loom_config().schemas.values():
raise BadRequest()
# this will raise if it fails:
validate(data, schema)
subject = entities.save(schema, data, collection_id=collection.id,
author=request.auth_user,
right=authz.entity_right())
collection_add_entity(collection, subject)
get_loom_indexer().index_one(subject, schema=schema)
entity = entities.get(subject, schema=schema, depth=2,
right=authz.entity_right())
return jsonify({
'status': 'ok',
'data': entity
}, status=200 if update_operation else 201)
def collection_entity_save(collection):
collection = get_collection(collection, authz.WRITE)
data = request_data()
update_operation = 'id' in data
entities = get_loom_config().entities
schema = data.get('$schema')
if update_operation and schema is None:
schema = entities.get_schema(data['id'], right=authz.entity_right())
if schema not in get_loom_config().schemas.values():
raise BadRequest()
# this will raise if it fails:
validate(data, schema)
subject = entities.save(schema,
data,
collection_id=collection.id,
author=request.auth_user,
right=authz.entity_right())
collection_add_entity(collection, subject)
get_loom_indexer().index_one(subject, schema=schema)
entity = entities.get(subject,
schema=schema,
depth=2,
right=authz.entity_right())
return jsonify({
'status': 'ok',
'data': entity
},
status=200 if update_operation else 201)
def update(id):
collection = get_collection(id, authz.WRITE)
data = request_data()
validate(data, collections_schema)
collection.title = data.get('title')
session.add(collection)
update_subjects(collection, data)
session.commit()
return jsonify({'status': 'ok', 'data': collection})
def update(id):
source = session.query(Source).filter(Source.id == id).first()
source = obj_or_404(source)
authz.require(authz.source(authz.WRITE, source.id))
data = request_data()
validate(data, sources_schema)
source.title = data.get('title')
source.url = data.get('url')
session.add(source)
session.commit()
return jsonify({'status': 'ok', 'data': source})
def create():
authz.require(authz.logged_in())
data = request_data()
validate(data, collections_schema)
collection = Collection()
collection.title = data.get('title')
session.add(collection)
update_subjects(collection, data)
session.flush()
permission = Permission()
permission.resource_id = collection.id
permission.resource_type = Permission.COLLECTION
permission.read = True
permission.write = True
permission.role_id = request.auth_user
session.add(permission)
session.commit()
return jsonify({'status': 'ok', 'data': collection}, status=201)
