def delete(self, uid): menus_uid=request.args.get('menus_uid') if menus_uid is None: abort(400, 'Missing menus_uid parameter. Not allowed to delete items without a menu to be referenced') self.delete_entity(MenuItem, active=1, items_uid=uid, menus_uid=menus_uid) return self.delete_response()
def check_user_permission(user): #Fetch to see wether the user has the permission in one of the groups where he is. resource = request.endpoint.split('.')[0] permission = request.method result = GroupResourcePermission.query.join(Group,Permission, Resource)\ .filter(Permission.name == permission, Resource.name==resource).\ join(UserGroup).join(User).filter(User.uid==user.uid).all() if not result: abort(403,"Not authorized to access this resource")
def object_from_json(self,uid,json): menus_uid=request.args.get('menus_uid') if menus_uid is None: abort(400, 'Missing menus_uid parameter. Not allowed to create items without a menu to be referenced') addon = False if json.has_key('addon') and bool(json.has_key('addon')): addon = bool(json['addon']) item = Item(uid,json['title'],json['description'],json['price'], addon = addon) menu_item = MenuItem(menus_uid,uid) return [item,menu_item]
def get(self, uid=None, template=None, join= None, *join_criterion,**kwargs): """ Base method for retrieving objects from a resource it will by default: - Validate offset and limit as wel as other query string parameters. - Query from the schema_table a list or a single record (if uid was provided). - In case no record can be found a 404 will be thrown. """ self.offset= int(self.get_parameter('offset')) self.limit= int(self.get_parameter('limit',50)) self.expand=request.args.get('expand') self.template=template query = self.schema_table.query.filter_by(active=1) if uid: query = query.filter_by(uid=uid) model_object = query.first() return model_object if model_object else abort(404, "Resources was not found") if join: query = query.join(join) if len(kwargs)>0: query = query.filter_by(**kwargs) query.limit(self.limit).offset(self.offset) return query.all()
def put(self, uid=None): """ PUT a single menu item and return 200 repsonse if successful { uid:'unique_identifier', title:'TITLEMENU' } """ json=request.json try: getattr(self,"update_object")(json) except AttributeError as e: abort(501, "Method not implemented %s" % e.message) db.session.commit() return self.put_response()
def unauthorized_call(): #TODO: smellin code this should be in a utility best_match = request.accept_mimetypes.best_match(['application/json','text/html']) if request.mimetype =='application/json' or best_match == 'application/json': return abort(401,'Unauthorized call please provide the proper credentials' ) return redirect(login_url(login_manager.login_view, request.url))
def validate_request(): print current_app.config['SQLALCHEMY_DATABASE_URI'] """ Ensure that the request sent has the proper basic information to be handle by the endpoint. Otherwise it would be a waste of resources to proceed to following stages. """ if request.endpoint in ['user.loginService','file_uploads.upload_file']: return None #Validate mime type to always be json if request.mimetype != 'application/json' and request.method not in ['GET','DELETE']: abort(415) if request.method in ('POST','PUT') and not request.json: #in case there is no json data bad_request_response()
def update_object(self,json): menus_uid=request.args.get('menus_uid') if menus_uid is None: abort(400, 'Missing menus_uid parameter. Not allowed to update items without a menu to be referenced') item=Item.query.filter_by(active=1, uid=json['uid']).first() item.title = json['title'] item.description = json['description'] item.price = json['price'] addon = False if json.has_key('addon') and bool(json.has_key('addon')): addon = bool(json['addon']) item.addon = addon menu_item = MenuItem.query.filter_by(active=1, items_uid=json['uid']).first() menu_item.menus_uid = menus_uid
def post(self): """ Post a single menu item and return 204 repsonse if successful {title:'TITLEMENU'} """ json = request.json uid =str(uuid.uuid1()) try: data_objects = getattr(self, "object_from_json")(uid,json) except AttributeError as e: abort(501, 'Method not implemented %s' % e.message) except KeyError as e: abort(400, 'Bad request Resource, please check the posted data %s' % e.message) try: for data_object in data_objects: db.session.add(data_object) db.session.commit() except sqlalchemy.exc.IntegrityError as e: abort(409, 'Conflict on creating record. %s' % e.message) response_object = self.get(uid); return self.post_response(response_object.data, uid)
def validate_user(): if request.json: (username,password)=request.json['username'],request.json['password'] else: (username,password)=request.form['username'],request.form['password'] if not password or not username: abort(400, 'Password or user cannot be empty') user = User.query.filter_by( username = username ).first() if not user: return user meta_user = MetaUser.query.filter_by( user_uid = user.uid ).first() #record=db.get("select iteraction,product,modified_on from meta_users where user_uid=%s",record_user.uid,) #Ignore iterate, salt, time will not be use this time we just need the encrypted password password,_,_,_=encrypt_with_interaction(password,random_salt=meta_user.product,iterate=meta_user.iteraction,t=meta_user.modified_on) if password==user.password: return create_user_from_record(user)