Esempio n. 1
0
def read_annotation(id):
    annotation = Annotation.fetch(id)
    if not annotation:
        return jsonify('Annotation not found!', status=404)

    failure = _check_action(annotation, 'read', current_user_id())
    if failure:
        return failure

    return jsonify(annotation)
Esempio n. 2
0
def read_annotation(id):
    annotation = Annotation.fetch(id)
    if not annotation:
        return jsonify('Annotation not found!', status=404)

    failure = _check_action(annotation, 'read', current_user_id())
    if failure:
        return failure

    return jsonify(annotation)
Esempio n. 3
0
def create_annotation():
    # Only registered users can create annotations
    if not auth.verify_request(request):
        return _failed_auth_response()

    if request.json:
        annotation = Annotation(_filter_input(request.json))

        annotation['consumer'] = request.headers[auth.HEADER_PREFIX + 'consumer-key']
        annotation['user'] = request.headers[auth.HEADER_PREFIX + 'user-id']

        annotation.save()

        return jsonify(annotation)
    else:
        return jsonify('No JSON payload sent. Annotation not created.', status=400)
Esempio n. 4
0
def _failed_authz_response(msg=''):
    return jsonify(
        "Cannot authorize request{0}. Perhaps you're not logged in as "
        "a user with appropriate permissions on this annotation?".format(' (' +
                                                                         msg +
                                                                         ')'),
        status=401)
Esempio n. 5
0
def create_annotation():
    # Only registered users can create annotations
    if not auth.verify_request(request):
        return _failed_auth_response()

    if request.json:
        annotation = Annotation(_filter_input(request.json))

        annotation['consumer'] = request.headers[auth.HEADER_PREFIX +
                                                 'consumer-key']
        annotation['user'] = request.headers[auth.HEADER_PREFIX + 'user-id']

        annotation.save()

        return jsonify(annotation)
    else:
        return jsonify('No JSON payload sent. Annotation not created.',
                       status=400)
Esempio n. 6
0
def index():
    uid = current_user_id()

    if uid:
        if not auth.verify_request(request):
            return _failed_auth_response()
        annotations = Annotation.search(_user_id=uid)
    else:
        annotations = Annotation.search()

    return jsonify(annotations)
Esempio n. 7
0
def index():
    uid = current_user_id()

    if uid:
        if not auth.verify_request(request):
            return _failed_auth_response()
        annotations = Annotation.search(_user_id=uid)
    else:
        annotations = Annotation.search()

    return jsonify(annotations)
Esempio n. 8
0
def update_annotation(id):
    annotation = Annotation.fetch(id)
    if not annotation:
        return jsonify('Annotation not found! No update performed.', status=404)

    failure = _check_action(annotation, 'update', current_user_id())
    if failure:
        return failure

    if request.json:
        updated = _filter_input(request.json)
        updated['id'] = id # use id from URL, regardless of what arrives in JSON payload

        if 'permissions' in updated and updated['permissions'] != annotation.get('permissions', {}):
            if not authz.authorize(annotation, 'admin', current_user_id()):
                return _failed_authz_response('permissions update')

        annotation.update(updated)
        annotation.save()

    return jsonify(annotation)
Esempio n. 9
0
def delete_annotation(id):
    annotation = Annotation.fetch(id)

    if not annotation:
        return jsonify('Annotation not found. No delete performed.', status=404)

    failure = _check_action(annotation, 'delete', current_user_id())
    if failure:
        return failure

    annotation.delete()
    return None, 204
Esempio n. 10
0
def delete_annotation(id):
    annotation = Annotation.fetch(id)

    if not annotation:
        return jsonify('Annotation not found. No delete performed.',
                       status=404)

    failure = _check_action(annotation, 'delete', current_user_id())
    if failure:
        return failure

    annotation.delete()
    return None, 204
Esempio n. 11
0
def update_annotation(id):
    annotation = Annotation.fetch(id)
    if not annotation:
        return jsonify('Annotation not found! No update performed.',
                       status=404)

    failure = _check_action(annotation, 'update', current_user_id())
    if failure:
        return failure

    if request.json:
        updated = _filter_input(request.json)
        updated[
            'id'] = id  # use id from URL, regardless of what arrives in JSON payload

        if 'permissions' in updated and updated[
                'permissions'] != annotation.get('permissions', {}):
            if not authz.authorize(annotation, 'admin', current_user_id()):
                return _failed_authz_response('permissions update')

        annotation.update(updated)
        annotation.save()

    return jsonify(annotation)
Esempio n. 12
0
def search_annotations():
    kwargs = dict(request.args.items())
    uid = current_user_id()

    if uid:
        if not auth.verify_request(request):
            return _failed_auth_response()

    results = Annotation.search(**kwargs)
    results = filter(lambda a: authz.authorize(a, 'read', uid), results)
    total = Annotation.count(**kwargs)
    return jsonify({
        'total': total,
        'rows': results,
    })
Esempio n. 13
0
def search_annotations():
    kwargs = dict(request.args.items())
    uid = current_user_id()

    if uid:
        if not auth.verify_request(request):
            return _failed_auth_response()

    results = Annotation.search(**kwargs)
    results = filter(lambda a: authz.authorize(a, 'read', uid), results)
    total = Annotation.count(**kwargs)
    return jsonify({
        'total': total,
        'rows': results,
    })
Esempio n. 14
0
def auth_token():
    if g.user:
        return jsonify(auth.generate_token('annotateit', g.user.username))
    else:
        root = current_app.config['ROOT_URL']
        return jsonify('Please go to {0} to log in!'.format(root), status=401)
Esempio n. 15
0
def _failed_authz_response(msg=''):
    return jsonify("Cannot authorize request{0}. Perhaps you're not logged in as "
                   "a user with appropriate permissions on this annotation?".format(' (' + msg + ')'),
                   status=401)
Esempio n. 16
0
def _failed_auth_response():
    return jsonify("Cannot authenticate request. Perhaps you didn't send the "
                   "X-Annotator-* headers?",
                   status=401)
Esempio n. 17
0
def root():
    return jsonify("Annotator Store API")
Esempio n. 18
0
def _failed_auth_response():
    return jsonify(
        "Cannot authenticate request. Perhaps you didn't send the "
        "X-Annotator-* headers?",
        status=401)
Esempio n. 19
0
def root():
    return jsonify("Annotator Store API")
Esempio n. 20
0
def auth_token():
    if g.user:
        return jsonify(auth.generate_token('annotateit', g.user.username))
    else:
        root = current_app.config['ROOT_URL']
        return jsonify('Please go to {0} to log in!'.format(root), status=401)