def get_token(request):
user_id = authenticated_userid(request)
if not user_id:
raise HTTPUnauthorized()
discussion_id = request.context.get_discussion_id()
permission_sets = request.GET.getall('permissions')
if permission_sets:
permission_sets = [s.split(',') for s in permission_sets]
for permissions in permission_sets:
if P_READ in permissions:
permissions.append(P_READ_PUBLIC_CIF)
permission_sets = [
sorted(set(permissions)) for permissions in permission_sets
]
else:
permission_sets = [[P_READ, P_READ_PUBLIC_CIF]]
random_str = urandom(8)
data = {
','.join(permissions): permission_token(user_id, discussion_id,
permissions, random_str)
for permissions in permission_sets
}
user_ids = request.GET.getall("user_id")
if user_ids:
from assembl.semantic.virtuoso_mapping import (
AssemblQuadStorageManager, AESObfuscator)
obfuscator = AESObfuscator(random_str)
user_ids = "\n".join(user_ids)
data["user_ids"] = AssemblQuadStorageManager.obfuscate(
user_ids, obfuscator.encrypt).split("\n")
return data
def get_token(request):
user_id = authenticated_userid(request)
if not user_id:
raise HTTPUnauthorized()
discussion_id = request.context.get_discussion_id()
permission_sets = request.GET.getall('permissions')
if permission_sets:
permission_sets = [s.split(',') for s in permission_sets]
for permissions in permission_sets:
if P_READ in permissions:
permissions.append(P_READ_PUBLIC_CIF)
permission_sets = [sorted(set(permissions))
for permissions in permission_sets]
else:
permission_sets = [[P_READ, P_READ_PUBLIC_CIF]]
random_str = urandom(8)
data = {','.join(permissions): permission_token(
user_id, discussion_id, permissions, random_str)
for permissions in permission_sets}
user_ids = request.GET.getall("user_id")
if user_ids:
from assembl.semantic.virtuoso_mapping import (
AssemblQuadStorageManager, AESObfuscator)
obfuscator = AESObfuscator(random_str)
user_ids = "\n".join(user_ids)
data["user_ids"] = AssemblQuadStorageManager.obfuscate(
user_ids, obfuscator.encrypt).split("\n")
return data
def user_private_view_jsonld(request):
discussion_id = request.context.get_discussion_id()
user_id, permissions, salt = read_user_token(request)
if P_READ not in permissions:
raise HTTPUnauthorized()
if not salt and P_ADMIN_DISC not in permissions:
salt = base64.urlsafe_b64encode(urandom(6))
jdata = userprivate_jsonld(discussion_id)
if salt:
from assembl.semantic.virtuoso_mapping import (
AssemblQuadStorageManager, hash_obfuscator)
obfuscator = partial(hash_obfuscator, salt=salt)
jdata = AssemblQuadStorageManager.obfuscate(jdata, obfuscator)
if "callback" in request.GET:
jdata = handle_jsonp(request.GET['callback'], jdata)
content_type = "application/json-p"
else:
content_type = "application/ld+json"
return Response(body=jdata, content_type=content_type)
def discussion_instance_view_jsonld(request):
discussion = request.context._instance
user_id, permissions, salt = read_user_token(request)
if not (P_READ in permissions or P_READ_PUBLIC_CIF in permissions):
raise HTTPUnauthorized()
if not salt and P_ADMIN_DISC not in permissions:
salt = base64.urlsafe_b64encode(urandom(6))
jdata = discussion_jsonld(discussion.id)
if salt:
from assembl.semantic.virtuoso_mapping import (
AssemblQuadStorageManager, AESObfuscator)
obfuscator = AESObfuscator(salt)
jdata = AssemblQuadStorageManager.obfuscate(jdata, obfuscator.encrypt)
# TODO: Add age
if "callback" in request.GET:
jdata = handle_jsonp(request.GET['callback'], jdata)
content_type = "application/json-p"
else:
content_type = "application/ld+json"
return Response(body=jdata, content_type=content_type)
def discussion_instance_view_jsonld(request):
discussion = request.context._instance
user_id, permissions, salt = read_user_token(request)
if not (P_READ in permissions or P_READ_PUBLIC_CIF in permissions):
raise HTTPUnauthorized()
if not salt and P_ADMIN_DISC not in permissions:
salt = base64.urlsafe_b64encode(urandom(6))
jdata = discussion_jsonld(discussion.id)
if salt:
from assembl.semantic.virtuoso_mapping import (
AssemblQuadStorageManager, AESObfuscator)
obfuscator = AESObfuscator(salt)
jdata = AssemblQuadStorageManager.obfuscate(jdata, obfuscator.encrypt)
# TODO: Add age
if "callback" in request.GET:
jdata = handle_jsonp(request.GET['callback'], jdata)
content_type = "application/json-p"
else:
content_type = "application/ld+json"
return Response(body=jdata, content_type=content_type)
def user_private_view_jsonld(request):
if request.scheme == "http" and asbool(request.registry.settings.get("accept_secure_connection", False)):
return HTTPFound("https://" + request.host + request.path_qs)
discussion_id = request.context.get_discussion_id()
user_id, permissions, salt = read_user_token(request)
if P_READ not in permissions:
raise HTTPUnauthorized()
if not salt and P_ADMIN_DISC not in permissions:
salt = base64.urlsafe_b64encode(urandom(6))
jdata = userprivate_jsonld(discussion_id)
if salt:
from assembl.semantic.virtuoso_mapping import AssemblQuadStorageManager, AESObfuscator
obfuscator = AESObfuscator(salt)
jdata = AssemblQuadStorageManager.obfuscate(jdata, obfuscator.encrypt)
if "callback" in request.GET:
jdata = handle_jsonp(request.GET["callback"], jdata)
content_type = "application/json-p"
else:
content_type = "application/ld+json"
return Response(body=jdata, content_type=content_type)
def user_private_view_jsonld(request):
if request.scheme == "http" and asbool(
request.registry.settings.get('accept_secure_connection', False)):
return HTTPFound("https://" + request.host + request.path_qs)
discussion_id = request.context.get_discussion_id()
user_id, permissions, salt = read_user_token(request)
if P_READ not in permissions:
raise HTTPUnauthorized()
if not salt and P_ADMIN_DISC not in permissions:
salt = base64.urlsafe_b64encode(urandom(6))
jdata = userprivate_jsonld(discussion_id)
if salt:
from assembl.semantic.virtuoso_mapping import (
AssemblQuadStorageManager, AESObfuscator)
obfuscator = AESObfuscator(salt)
jdata = AssemblQuadStorageManager.obfuscate(jdata, obfuscator.encrypt)
if "callback" in request.GET:
jdata = handle_jsonp(request.GET['callback'], jdata)
content_type = "application/json-p"
else:
content_type = "application/ld+json"
return Response(body=jdata, content_type=content_type)
