def run_custom_method(doctype, name, custom_method): """cmd=run_custom_method&doctype={doctype}&name={name}&custom_method={custom_method}""" bean = webnotes.bean(doctype, name) controller = bean.get_controller() if getattr(controller, custom_method, webnotes._dict()).is_whitelisted: webnotes.call(getattr(controller, custom_method), **webnotes.local.form_dict) else: webnotes.throw("Not Allowed")
def run_method(self, method, *args, **kwargs): if not args: args = [] self.make_controller() def add_to_response(out, new_response): if isinstance(new_response, dict): out.update(new_response) if hasattr(self.controller, method): add_to_response(webnotes.local.response, webnotes.call(getattr(self.controller, method), *args, **kwargs)) args = [self, method] + list(args) for handler in webnotes.get_hooks("bean_event:" + self.doc.doctype + ":" + method) \ + webnotes.get_hooks("bean_event:*:" + method): add_to_response(webnotes.local.response, webnotes.call(webnotes.get_attr(handler), *args, **kwargs)) self.set_doclist(self.controller.doclist) return webnotes.local.response return out
def execute_cmd(cmd): """execute a request as python module""" method = get_attr(cmd) # check if whitelisted if webnotes.session['user'] == 'Guest': if (method not in webnotes.guest_methods): raise webnotes.PermissionError('Not Allowed, %s' % str(method)) else: if not method in webnotes.whitelisted: webnotes._response.status_code = 403 webnotes.msgprint('Not Allowed, %s' % str(method)) raise webnotes.PermissionError('Not Allowed, %s' % str(method)) ret = webnotes.call(method, **webnotes.form_dict) # returns with a message if ret: webnotes.response['message'] = ret # update session if "session_obj" in webnotes.local: webnotes.local.session_obj.update()
def handle(): """ /api/method/{methodname} will call a whitelisted method /api/resource/{doctype} will query a table examples: ?fields=["name", "owner"] ?filters=[["Task", "name", "like", "%005"]] ?limit_start=0 ?limit_page_length=20 /api/resource/{doctype}/{name} will point to a resource GET will return doclist POST will insert PUT will update DELETE will delete /api/resource/{doctype}/{name}?run_method={method} will run a whitelisted controller method """ parts = webnotes.request.path[1:].split("/") call = doctype = name = None if len(parts) > 1: call = parts[1] if len(parts) > 2: doctype = parts[2] if len(parts) > 3: name = parts[3] try: if call=="method": webnotes.local.form_dict.cmd = doctype webnotes.handler.handle() return elif call=="resource": if "run_method" in webnotes.local.form_dict: bean = webnotes.bean(doctype, name) if webnotes.local.request.method=="GET": if not bean.has_permission("read"): webnotes.throw("No Permission", webnotes.PermissionError) bean.run_method(webnotes.local.form_dict.run_method, **webnotes.local.form_dict) if webnotes.local.request.method=="POST": if not bean.has_permission("write"): webnotes.throw("No Permission", webnotes.PermissionError) bean.run_method(webnotes.local.form_dict.run_method, **webnotes.local.form_dict) webnotes.conn.commit() else: if name: if webnotes.local.request.method=="GET": webnotes.local.response.update({ "doclist": webnotes.client.get(doctype, name)}) if webnotes.local.request.method=="POST": webnotes.local.response.update({ "doclist": webnotes.client.insert(webnotes.local.form_dict.doclist)}) webnotes.conn.commit() if webnotes.local.request.method=="PUT": webnotes.local.response.update({ "doclist":webnotes.client.save(webnotes.local.form_dict.doclist)}) webnotes.conn.commit() if webnotes.local.request.method=="DELETE": webnotes.client.delete(doctype, name) webnotes.local.response.message = "ok" elif doctype: if webnotes.local.request.method=="GET": webnotes.local.response.update({ "data": webnotes.call(webnotes.widgets.reportview.execute, doctype, **webnotes.local.form_dict)}) else: raise webnotes.DoesNotExistError else: raise webnotes.DoesNotExistError except webnotes.DoesNotExistError, e: report_error(404)