def _delete(self, release, changed_by, transaction): releases = dbo.releases.getReleases(name=release) if not releases: return Response(status=404, response='bad release') release = releases[0] # Bodies are ignored for DELETE requests, so we need to force WTForms # to look at the arguments instead. # We only need the release name (which comes through the URL) and the # data version to process this request. Because of that, we can just # use this form to validate, because we're only validating CSRF # and data version. form = DbEditableForm(request.args) if not form.validate(): self.log.warning("Bad input: %s", form.errors) return Response(status=400, response=json.dumps(form.errors)) try: dbo.releases.delete(where={"name": release["name"]}, changed_by=changed_by, old_data_version=form.data_version.data, transaction=transaction) except ReadOnlyError as e: msg = "Couldn't delete release: %s" % e self.log.warning("Bad input: %s", msg) return Response(status=403, response=json.dumps({"data": e.args})) return Response(status=200)
def _delete(self, release, changed_by, transaction): releases = dbo.releases.getReleases(name=release) if not releases: return Response(status=404, response='bad release') release = releases[0] if not dbo.permissions.hasUrlPermission(changed_by, '/releases/:name', 'DELETE', urlOptions={'product': release['product']}): msg = "%s is not allowed to delete %s releases" % (changed_by, release['product']) cef_event('Unauthorized access attempt', CEF_ALERT, msg=msg) return Response(status=401, response=msg) # Bodies are ignored for DELETE requests, so we need to force WTForms # to look at the arguments instead. # We only need the release name (which comes through the URL) and the # data version to process this request. Because of that, we can just # use this form to validate, because we're only validating CSRF # and data version. form = DbEditableForm(request.args) if not form.validate(): cef_event("Bad input", CEF_WARN, errors=form.errors) return Response(status=400, response=form.errors) dbo.releases.deleteRelease(changed_by=changed_by, name=release['name'], old_data_version=form.data_version.data, transaction=transaction) return Response(status=200)
def _delete(self, release, changed_by, transaction): releases = dbo.releases.getReleases(name=release) if not releases: return Response(status=404, response='bad release') release = releases[0] if not dbo.permissions.hasUrlPermission(changed_by, '/releases/:name', 'DELETE', urlOptions={'product': release['product']}): msg = "%s is not allowed to delete %s releases" % (changed_by, release['product']) self.log.warning("Unauthorized access attempt: %s", msg) return Response(status=401, response=msg) # Bodies are ignored for DELETE requests, so we need to force WTForms # to look at the arguments instead. # We only need the release name (which comes through the URL) and the # data version to process this request. Because of that, we can just # use this form to validate, because we're only validating CSRF # and data version. form = DbEditableForm(request.args) if not form.validate(): self.log.warning("Bad input: %s", form.errors) return Response(status=400, response=json.dumps(form.errors)) try: dbo.releases.deleteRelease(changed_by=changed_by, name=release['name'], old_data_version=form.data_version.data, transaction=transaction) except ReadOnlyError as e: msg = "Couldn't delete release: %s" % e self.log.warning("Bad input: %s", msg) return Response(status=403, response=json.dumps({"data": e.args})) return Response(status=200)
def _delete(self, release, changed_by, transaction): releases = dbo.releases.getReleases(name=release) if not releases: return Response(status=404, response='bad release') release = releases[0] if not dbo.permissions.hasUrlPermission( changed_by, '/releases/:name', 'DELETE', urlOptions={'product': release['product']}): msg = "%s is not allowed to delete %s releases" % ( changed_by, release['product']) cef_event('Unauthorized access attempt', CEF_ALERT, msg=msg) return Response(status=401, response=msg) # Bodies are ignored for DELETE requests, so we need to force WTForms # to look at the arguments instead. # We only need the release name (which comes through the URL) and the # data version to process this request. Because of that, we can just # use this form to validate, because we're only validating CSRF # and data version. form = DbEditableForm(request.args) if not form.validate(): cef_event("Bad input", CEF_WARN, errors=form.errors) return Response(status=400, response=form.errors) dbo.releases.deleteRelease(changed_by=changed_by, name=release['name'], old_data_version=form.data_version.data, transaction=transaction) return Response(status=200)
def _delete(self, username, role, changed_by, transaction): if role not in dbo.permissions.getUserRoles(username): return Response(status=404) form = DbEditableForm(request.args) if not form.validate(): self.log.warning("Bad input: %s", form.errors) return Response(status=400, response=json.dumps(form.errors)) dbo.permissions.revokeRole(username, role, changed_by=changed_by, old_data_version=form.data_version.data, transaction=transaction) return Response(status=200)
def _delete(self, rule_id, transaction, changed_by): # Verify that the rule_id exists. rule = dbo.rules.getRuleById(rule_id, transaction=transaction) if not rule: return Response(status=404) # Bodies are ignored for DELETE requests, so we need to force WTForms # to look at the arguments instead. # Even though we aren't going to use most of the form fields (just # rule_id and data_version), we still want to create and validate the # form to make sure that the CSRF token is checked. form = DbEditableForm(request.args) if not dbo.permissions.hasUrlPermission( changed_by, '/rules/:id', 'DELETE', urlOptions={'product': rule['product']}): msg = "%s is not allowed to alter rules that affect %s" % ( changed_by, rule['product']) cef_event('Unauthorized access attempt', CEF_ALERT, msg=msg) return Response(status=401, response=msg) dbo.rules.deleteRule(changed_by=changed_by, rule_id=rule_id, old_data_version=form.data_version.data, transaction=transaction) return Response(status=200)
def _delete(self, sc_id, transaction, changed_by): where = {"sc_id": sc_id} sc = self.sc_table.select(where, transaction, columns=["sc_id"]) if not sc: return Response(status=404, response="Scheduled change does not exist") form = DbEditableForm(request.args) self.sc_table.delete(where, changed_by, form.data_version.data, transaction) return Response(status=200)
def _delete(self, release, changed_by, transaction): releases = dbo.releases.getReleases(name=release) if not releases: return Response(status=404, response='bad release') release = releases[0] if not dbo.permissions.hasUrlPermission( changed_by, '/releases/:name', 'DELETE', urlOptions={'product': release['product']}): msg = "%s is not allowed to delete %s releases" % ( changed_by, release['product']) self.log.warning("Unauthorized access attempt: %s", msg) return Response(status=401, response=msg) # Bodies are ignored for DELETE requests, so we need to force WTForms # to look at the arguments instead. # We only need the release name (which comes through the URL) and the # data version to process this request. Because of that, we can just # use this form to validate, because we're only validating CSRF # and data version. form = DbEditableForm(request.args) if not form.validate(): self.log.warning("Bad input: %s", form.errors) return Response(status=400, response=json.dumps(form.errors)) try: dbo.releases.deleteRelease(changed_by=changed_by, name=release['name'], old_data_version=form.data_version.data, transaction=transaction) except ReadOnlyError as e: msg = "Couldn't delete release: %s" % e self.log.warning("Bad input: %s", msg) return Response(status=403, response=json.dumps({"data": e.args})) return Response(status=200)
def _delete(self, id_or_alias, transaction, changed_by): # Verify that the rule_id or alias exists. rule = dbo.rules.getRule(id_or_alias, transaction=transaction) if not rule: return Response(status=404) # Bodies are ignored for DELETE requests, so we need to force WTForms # to look at the arguments instead. # Even though we aren't going to use most of the form fields (just # rule_id and data_version), we still want to create and validate the # form to make sure that the CSRF token is checked. form = DbEditableForm(request.args) dbo.rules.delete(where={"rule_id": id_or_alias}, changed_by=changed_by, old_data_version=form.data_version.data, transaction=transaction) return Response(status=200)