def get_token(request): user_id = authenticated_userid(request) if not user_id: raise HTTPUnauthorized() discussion_id = request.context.get_discussion_id() permission_sets = request.GET.getall('permissions') if permission_sets: permission_sets = [s.split(',') for s in permission_sets] for permissions in permission_sets: if P_READ in permissions: permissions.append(P_READ_PUBLIC_CIF) permission_sets = [ sorted(set(permissions)) for permissions in permission_sets ] else: permission_sets = [[P_READ, P_READ_PUBLIC_CIF]] random_str = urandom(8) data = { ','.join(permissions): permission_token(user_id, discussion_id, permissions, random_str) for permissions in permission_sets } user_ids = request.GET.getall("user_id") if user_ids: from assembl.semantic.virtuoso_mapping import ( AssemblQuadStorageManager, AESObfuscator) obfuscator = AESObfuscator(random_str) user_ids = "\n".join(user_ids) data["user_ids"] = AssemblQuadStorageManager.obfuscate( user_ids, obfuscator.encrypt).split("\n") return data
def get_token(request): user_id = authenticated_userid(request) if not user_id: raise HTTPUnauthorized() discussion_id = request.context.get_discussion_id() permission_sets = request.GET.getall('permissions') if permission_sets: permission_sets = [s.split(',') for s in permission_sets] for permissions in permission_sets: if P_READ in permissions: permissions.append(P_READ_PUBLIC_CIF) permission_sets = [sorted(set(permissions)) for permissions in permission_sets] else: permission_sets = [[P_READ, P_READ_PUBLIC_CIF]] random_str = urandom(8) data = {','.join(permissions): permission_token( user_id, discussion_id, permissions, random_str) for permissions in permission_sets} user_ids = request.GET.getall("user_id") if user_ids: from assembl.semantic.virtuoso_mapping import ( AssemblQuadStorageManager, AESObfuscator) obfuscator = AESObfuscator(random_str) user_ids = "\n".join(user_ids) data["user_ids"] = AssemblQuadStorageManager.obfuscate( user_ids, obfuscator.encrypt).split("\n") return data
def user_private_view_jsonld(request): discussion_id = request.context.get_discussion_id() user_id, permissions, salt = read_user_token(request) if P_READ not in permissions: raise HTTPUnauthorized() if not salt and P_ADMIN_DISC not in permissions: salt = base64.urlsafe_b64encode(urandom(6)) jdata = userprivate_jsonld(discussion_id) if salt: from assembl.semantic.virtuoso_mapping import ( AssemblQuadStorageManager, hash_obfuscator) obfuscator = partial(hash_obfuscator, salt=salt) jdata = AssemblQuadStorageManager.obfuscate(jdata, obfuscator) if "callback" in request.GET: jdata = handle_jsonp(request.GET['callback'], jdata) content_type = "application/json-p" else: content_type = "application/ld+json" return Response(body=jdata, content_type=content_type)
def discussion_instance_view_jsonld(request): discussion = request.context._instance user_id, permissions, salt = read_user_token(request) if not (P_READ in permissions or P_READ_PUBLIC_CIF in permissions): raise HTTPUnauthorized() if not salt and P_ADMIN_DISC not in permissions: salt = base64.urlsafe_b64encode(urandom(6)) jdata = discussion_jsonld(discussion.id) if salt: from assembl.semantic.virtuoso_mapping import ( AssemblQuadStorageManager, AESObfuscator) obfuscator = AESObfuscator(salt) jdata = AssemblQuadStorageManager.obfuscate(jdata, obfuscator.encrypt) # TODO: Add age if "callback" in request.GET: jdata = handle_jsonp(request.GET['callback'], jdata) content_type = "application/json-p" else: content_type = "application/ld+json" return Response(body=jdata, content_type=content_type)
def discussion_instance_view_jsonld(request): discussion = request.context._instance user_id, permissions, salt = read_user_token(request) if not (P_READ in permissions or P_READ_PUBLIC_CIF in permissions): raise HTTPUnauthorized() if not salt and P_ADMIN_DISC not in permissions: salt = base64.urlsafe_b64encode(urandom(6)) jdata = discussion_jsonld(discussion.id) if salt: from assembl.semantic.virtuoso_mapping import ( AssemblQuadStorageManager, AESObfuscator) obfuscator = AESObfuscator(salt) jdata = AssemblQuadStorageManager.obfuscate(jdata, obfuscator.encrypt) # TODO: Add age if "callback" in request.GET: jdata = handle_jsonp(request.GET['callback'], jdata) content_type = "application/json-p" else: content_type = "application/ld+json" return Response(body=jdata, content_type=content_type)
def user_private_view_jsonld(request): if request.scheme == "http" and asbool(request.registry.settings.get("accept_secure_connection", False)): return HTTPFound("https://" + request.host + request.path_qs) discussion_id = request.context.get_discussion_id() user_id, permissions, salt = read_user_token(request) if P_READ not in permissions: raise HTTPUnauthorized() if not salt and P_ADMIN_DISC not in permissions: salt = base64.urlsafe_b64encode(urandom(6)) jdata = userprivate_jsonld(discussion_id) if salt: from assembl.semantic.virtuoso_mapping import AssemblQuadStorageManager, AESObfuscator obfuscator = AESObfuscator(salt) jdata = AssemblQuadStorageManager.obfuscate(jdata, obfuscator.encrypt) if "callback" in request.GET: jdata = handle_jsonp(request.GET["callback"], jdata) content_type = "application/json-p" else: content_type = "application/ld+json" return Response(body=jdata, content_type=content_type)
def user_private_view_jsonld(request): if request.scheme == "http" and asbool( request.registry.settings.get('accept_secure_connection', False)): return HTTPFound("https://" + request.host + request.path_qs) discussion_id = request.context.get_discussion_id() user_id, permissions, salt = read_user_token(request) if P_READ not in permissions: raise HTTPUnauthorized() if not salt and P_ADMIN_DISC not in permissions: salt = base64.urlsafe_b64encode(urandom(6)) jdata = userprivate_jsonld(discussion_id) if salt: from assembl.semantic.virtuoso_mapping import ( AssemblQuadStorageManager, AESObfuscator) obfuscator = AESObfuscator(salt) jdata = AssemblQuadStorageManager.obfuscate(jdata, obfuscator.encrypt) if "callback" in request.GET: jdata = handle_jsonp(request.GET['callback'], jdata) content_type = "application/json-p" else: content_type = "application/ld+json" return Response(body=jdata, content_type=content_type)