def template_get(self, template_id, is_public=False):
"""
If there's no template_id we can't do any, so display a 404
"""
if not template_id:
return status_.status_404('That template doesn\'t seem to exist')
"""
Before we make a database call to get the template, we should make sure the
user is allowed to access that template in the first place. Either because
they have explicit permission to access it (i.e., collaborator, owner) or
the template is marked as `is_public`
"""
if not is_public:
template_id_list_ = self.allowed_templates()
if not template_id in template_id_list_:
return status_.status_401('That isn\'t your template'), 401
"""
If we've made it this far, then the user can access the template, just show
it to them already.
"""
return Template.query.get(template_id)
def permission_get(self, template_id, user_id):
"""
Before we get the User permissions for this template, we need to make sure that
the user requesting them is authenticated and has the `is_admin` permission for the
template_id being requested.
"""
allowed_templates = self.allowed_templates('is_admin')
if not user_id is self.current_user.id and not template_id in allowed_templates:
logger.warning('User %d tried to access Users for Template %d', \
self.current_user.id, template_id)
return status_.status_401('You are not allowed to view this User\'s permissions because you are not an administrator of this Template'), 401
permissions = UserTemplates.query.filter_by(template_id=template_id,user_id=user_id).first()
if not permissions:
return status_.status_404('We couldn\'t find the user permissions you were looking for. This user may have been removed from the Template or the Template may have been deleted.'), 404
return {
'read': permissions.read,
'write': permissions.write,
'is_moderator': permissions.is_moderator,
'is_admin': permissions.is_admin
}
def user_get(self, user_id):
user_ = User.query.get(user_id)
if not user_:
return status_.status_404('We couldn\'t find the user you were looking for.'), 404
return {
'active': user_.active,
'member_since': user_.confirmed_at.strftime('%b %d, %Y'),
'picture': self.user_picture(user_.email),
'email': user_.email,
'id': user_.id,
'name': user_.name
}
def statistic_update(self, template_id, statistic_id, request_object):
explicitly_allowed_templates_ = self.explicitly_allowed_templates()
if not template_id in explicitly_allowed_templates_:
logger.error('User %d update Statistic request failed because they are\'t allowed to modify the associated Template', \
self.current_user.id)
return status_.status_401('You are\'t allowed to modify the Template you\'re trying to add a statistic to'), 401
"""
Make sure that some data was submitted before proceeding
"""
if not request_object.data:
logger.error('User %d update Statistic request failed because they didn\'t submit any `data` with their request', \
self.current_user.id)
return status_.status_400('You didn\'t include any `data` with your request.'), 400
"""
Make sure we can use the request data as json
"""
statistic_ = Statistic.query.get(statistic_id)
if not statistic_.id:
logger.error('User %d Statistic request failed because Statistic does\'t exist', \
self.current_user.id)
return status_.status_404('The Statistic you\'re looking for doesn\'t exist'), 404
statistic_content = json.loads(request_object.data)
if hasattr(statistic_, 'name'):
statistic_.name = sanitize.sanitize_string(statistic_content.get('name', statistic_.name))
if hasattr(statistic_, 'units'):
statistic_.units = sanitize.sanitize_string(statistic_content.get('units', statistic_.units))
if hasattr(statistic_, 'function'):
statistic_.function = sanitize.sanitize_string(statistic_content.get('function', statistic_.function))
if hasattr(statistic_, 'field_id'):
statistic_.field_id = sanitize.sanitize_integer(statistic_content.get('field_id', statistic_.field_id))
if hasattr(statistic_, 'status'):
statistic_.status = sanitize.sanitize_boolean(statistic_content.get('status', statistic_.status))
db.session.commit()
return statistic_
def application_get(self, application_id, is_public=False):
"""
So we'll send a request to the database for the requested applciation_id and display a Response
to the user based on the return from the database
"""
application = Application.query.get(application_id)
"""
We need to check if the return from the database has return an Application
object or a None value. If it's a None value, then we need to tell the user the application_id doesn't
exist within the current system.
"""
if application is None:
return status_.status_404('The Application Requested does not exist'), 404
"""
Check to see if the Application is_public or can be view at it's endpoint[1]
without a bearer token.
[1] //api.commonscloud.org/v2/applications/[ApplicationID].json
"""
if not is_public:
"""
Since the Application requested is_public returned false, a bearer token
is required to see View this application.
This `allowed_applications` check compiles a list of `application_id` integers from the
`user_applications` table of the database, that the user has access to 'read'
"""
allowed_applications = self.allowed_applications('read')
"""
If application_id requested by the user is not in the allowed_applications 'read' list
then we need to give the user an 401 UNAUTHORIZED Response
"""
if not application_id in allowed_applications:
return status_.status_401('You need to be logged in to access applications'), 401
"""
If the Application exists, go ahead and send it back to our View for formatting and display to the user
"""
return application
def statistic_delete(self, template_id, statistic_id):
explicitly_allowed_templates_ = self.explicitly_allowed_templates()
if not template_id in explicitly_allowed_templates_:
logger.error('User %d delete Statistic request failed because they are\'t allowed to modify the associated Template', \
self.current_user.id)
return status_.status_401('You are\'t allowed to modify the Template you\'re trying to add a statistic to'), 401
statistic_ = Statistic.query.get(statistic_id)
if not statistic_.id:
logger.error('User %d delete Statistic request failed because Statistic does\'t exist', \
self.current_user.id)
return status_.status_404('The Statistic you\'re looking for doesn\'t exist'), 404
db.session.delete(statistic_)
db.session.commit()
return True
def template_delete(self, template_id):
"""
If there's no template_id we can't do any, so display a 404
"""
if not template_id:
return status_.status_404('That template doesn\'t seem to exist')
"""
Before we make a database call to get the template, we should make sure the
user is allowed to access that template in the first place. Either because
they have explicit permission to access it (i.e., collaborator, owner) or
the template is marked as `is_public`
"""
template_id_list_ = self.allowed_templates(permission_type='is_admin')
if not template_id in template_id_list_:
return status_.status_401('That isn\'t your template'), 401
template_ = Template.query.get(template_id)
db.session.delete(template_)
db.session.commit()
return True
def permission_get(self, application_id, user_id):
"""
Before we get the User permissions for this application, we need to make sure that
the user requesting them is authenticated and has the `is_admin` permission for the
application_id being requested.
"""
allowed_applications = self.allowed_applications('is_admin')
if not application_id in allowed_applications:
logger.warning('User %d with Applications %s tried to access Users for Application %d', \
self.current_user.id, allowed_applications, application_id)
return status_.status_401('You are not allowed to view this User\'s permissions because you are not an administrator of this Application'), 401
permissions = UserApplications.query.filter_by(application_id=application_id,user_id=user_id).first()
if not permissions:
return status_.status_404('We couldn\'t find the user permissions you were looking for. This user may have been removed from the Application or the Application may have been deleted.'), 404
return {
'read': permissions.read,
'write': permissions.write,
'is_admin': permissions.is_admin
}
def template_update(self, template_id, request_object):
"""
If there's no template_id we can't do any, so display a 404
"""
if not template_id:
return status_.status_404('That template doesn\'t seem to exist')
"""
Before we make a database call to get the template, we should make sure the
user is allowed to access that template in the first place. Either because
they have explicit permission to access it (i.e., collaborator, owner) or
the template is marked as `is_public`
"""
template_id_list_ = self.allowed_templates(permission_type='is_admin')
if not template_id in template_id_list_:
return status_.status_401('That isn\'t your template'), 401
"""
Part 1: Load the application we wish to make changes to
"""
template_ = Template.query.get(template_id)
"""
Make sure that some data was submitted before proceeding
"""
if not request_object.data:
logger.error('User %d updating Template failed because they didn\'t submit any `data` with their request', \
self.current_user.id)
return status_.status_400('You didn\'t include any `data` with your request.'), 400
template_content = json.loads(request_object.data)
"""
Part 2: Update the fields that we have data for
"""
if hasattr(template_, 'name'):
template_.name = sanitize.sanitize_string(template_content.get('name', template_.name))
if hasattr(template_, 'help'):
template_.help = sanitize.sanitize_string(template_content.get('help', template_.help))
if hasattr(template_, 'is_crowdsourced'):
template_.is_crowdsourced = sanitize.sanitize_boolean(template_content.get('is_crowdsourced', template_.is_crowdsourced))
if hasattr(template_, 'is_listed'):
template_.is_listed = sanitize.sanitize_boolean(template_content.get('is_listed', template_.is_listed))
if hasattr(template_, 'is_moderated'):
template_.is_moderated = sanitize.sanitize_boolean(template_content.get('is_moderated', template_.is_moderated))
if hasattr(template_, 'is_public'):
template_.is_public = sanitize.sanitize_boolean(template_content.get('is_public', template_.is_public))
if hasattr(template_, 'is_geospatial'):
template_.is_geospatial = sanitize.sanitize_boolean(template_content.get('is_geospatial', template_.is_geospatial))
if hasattr(template_, 'is_community'):
template_.is_community = sanitize.sanitize_boolean(template_content.get('is_community', template_.is_community))
if hasattr(template_, 'status'):
template_.status = sanitize.sanitize_boolean(template_content.get('status', template_.status))
db.session.commit()
return template_
def internal_error(error):
logger.error('Error 404, %s', error)
logger.exception(error)
return status_.status_404(), 404
