def _delete(self, release, changed_by, transaction):
releases = dbo.releases.getReleases(name=release)
if not releases:
return Response(status=404, response='bad release')
release = releases[0]
# Bodies are ignored for DELETE requests, so we need to force WTForms
# to look at the arguments instead.
# We only need the release name (which comes through the URL) and the
# data version to process this request. Because of that, we can just
# use this form to validate, because we're only validating CSRF
# and data version.
form = DbEditableForm(request.args)
if not form.validate():
self.log.warning("Bad input: %s", form.errors)
return Response(status=400, response=json.dumps(form.errors))
try:
dbo.releases.delete(where={"name": release["name"]}, changed_by=changed_by, old_data_version=form.data_version.data,
transaction=transaction)
except ReadOnlyError as e:
msg = "Couldn't delete release: %s" % e
self.log.warning("Bad input: %s", msg)
return Response(status=403, response=json.dumps({"data": e.args}))
return Response(status=200)
def _delete(self, release, changed_by, transaction):
releases = dbo.releases.getReleases(name=release)
if not releases:
return Response(status=404, response='bad release')
release = releases[0]
# Bodies are ignored for DELETE requests, so we need to force WTForms
# to look at the arguments instead.
# We only need the release name (which comes through the URL) and the
# data version to process this request. Because of that, we can just
# use this form to validate, because we're only validating CSRF
# and data version.
form = DbEditableForm(request.args)
if not form.validate():
self.log.warning("Bad input: %s", form.errors)
return Response(status=400, response=json.dumps(form.errors))
try:
dbo.releases.delete(where={"name": release["name"]},
changed_by=changed_by,
old_data_version=form.data_version.data,
transaction=transaction)
except ReadOnlyError as e:
msg = "Couldn't delete release: %s" % e
self.log.warning("Bad input: %s", msg)
return Response(status=403, response=json.dumps({"data": e.args}))
return Response(status=200)
def _delete(self, release, changed_by, transaction):
releases = dbo.releases.getReleases(name=release)
if not releases:
return Response(status=404, response='bad release')
release = releases[0]
if not dbo.permissions.hasUrlPermission(changed_by, '/releases/:name', 'DELETE', urlOptions={'product': release['product']}):
msg = "%s is not allowed to delete %s releases" % (changed_by, release['product'])
cef_event('Unauthorized access attempt', CEF_ALERT, msg=msg)
return Response(status=401, response=msg)
# Bodies are ignored for DELETE requests, so we need to force WTForms
# to look at the arguments instead.
# We only need the release name (which comes through the URL) and the
# data version to process this request. Because of that, we can just
# use this form to validate, because we're only validating CSRF
# and data version.
form = DbEditableForm(request.args)
if not form.validate():
cef_event("Bad input", CEF_WARN, errors=form.errors)
return Response(status=400, response=form.errors)
dbo.releases.deleteRelease(changed_by=changed_by, name=release['name'],
old_data_version=form.data_version.data, transaction=transaction)
return Response(status=200)
def _delete(self, release, changed_by, transaction):
releases = dbo.releases.getReleases(name=release)
if not releases:
return Response(status=404, response='bad release')
release = releases[0]
if not dbo.permissions.hasUrlPermission(changed_by, '/releases/:name', 'DELETE', urlOptions={'product': release['product']}):
msg = "%s is not allowed to delete %s releases" % (changed_by, release['product'])
self.log.warning("Unauthorized access attempt: %s", msg)
return Response(status=401, response=msg)
# Bodies are ignored for DELETE requests, so we need to force WTForms
# to look at the arguments instead.
# We only need the release name (which comes through the URL) and the
# data version to process this request. Because of that, we can just
# use this form to validate, because we're only validating CSRF
# and data version.
form = DbEditableForm(request.args)
if not form.validate():
self.log.warning("Bad input: %s", form.errors)
return Response(status=400, response=json.dumps(form.errors))
try:
dbo.releases.deleteRelease(changed_by=changed_by, name=release['name'],
old_data_version=form.data_version.data, transaction=transaction)
except ReadOnlyError as e:
msg = "Couldn't delete release: %s" % e
self.log.warning("Bad input: %s", msg)
return Response(status=403, response=json.dumps({"data": e.args}))
return Response(status=200)
def _delete(self, release, changed_by, transaction):
releases = dbo.releases.getReleases(name=release)
if not releases:
return Response(status=404, response='bad release')
release = releases[0]
if not dbo.permissions.hasUrlPermission(
changed_by,
'/releases/:name',
'DELETE',
urlOptions={'product': release['product']}):
msg = "%s is not allowed to delete %s releases" % (
changed_by, release['product'])
cef_event('Unauthorized access attempt', CEF_ALERT, msg=msg)
return Response(status=401, response=msg)
# Bodies are ignored for DELETE requests, so we need to force WTForms
# to look at the arguments instead.
# We only need the release name (which comes through the URL) and the
# data version to process this request. Because of that, we can just
# use this form to validate, because we're only validating CSRF
# and data version.
form = DbEditableForm(request.args)
if not form.validate():
cef_event("Bad input", CEF_WARN, errors=form.errors)
return Response(status=400, response=form.errors)
dbo.releases.deleteRelease(changed_by=changed_by,
name=release['name'],
old_data_version=form.data_version.data,
transaction=transaction)
return Response(status=200)
def _delete(self, username, role, changed_by, transaction):
if role not in dbo.permissions.getUserRoles(username):
return Response(status=404)
form = DbEditableForm(request.args)
if not form.validate():
self.log.warning("Bad input: %s", form.errors)
return Response(status=400, response=json.dumps(form.errors))
dbo.permissions.revokeRole(username, role, changed_by=changed_by, old_data_version=form.data_version.data, transaction=transaction)
return Response(status=200)
def _delete(self, username, role, changed_by, transaction):
if role not in dbo.permissions.getUserRoles(username):
return Response(status=404)
form = DbEditableForm(request.args)
if not form.validate():
self.log.warning("Bad input: %s", form.errors)
return Response(status=400, response=json.dumps(form.errors))
dbo.permissions.revokeRole(username,
role,
changed_by=changed_by,
old_data_version=form.data_version.data,
transaction=transaction)
return Response(status=200)
def _delete(self, rule_id, transaction, changed_by):
# Verify that the rule_id exists.
rule = dbo.rules.getRuleById(rule_id, transaction=transaction)
if not rule:
return Response(status=404)
# Bodies are ignored for DELETE requests, so we need to force WTForms
# to look at the arguments instead.
# Even though we aren't going to use most of the form fields (just
# rule_id and data_version), we still want to create and validate the
# form to make sure that the CSRF token is checked.
form = DbEditableForm(request.args)
if not dbo.permissions.hasUrlPermission(
changed_by,
'/rules/:id',
'DELETE',
urlOptions={'product': rule['product']}):
msg = "%s is not allowed to alter rules that affect %s" % (
changed_by, rule['product'])
cef_event('Unauthorized access attempt', CEF_ALERT, msg=msg)
return Response(status=401, response=msg)
dbo.rules.deleteRule(changed_by=changed_by,
rule_id=rule_id,
old_data_version=form.data_version.data,
transaction=transaction)
return Response(status=200)
def _delete(self, sc_id, transaction, changed_by):
where = {"sc_id": sc_id}
sc = self.sc_table.select(where, transaction, columns=["sc_id"])
if not sc:
return Response(status=404, response="Scheduled change does not exist")
form = DbEditableForm(request.args)
self.sc_table.delete(where, changed_by, form.data_version.data, transaction)
return Response(status=200)
def _delete(self, release, changed_by, transaction):
releases = dbo.releases.getReleases(name=release)
if not releases:
return Response(status=404, response='bad release')
release = releases[0]
if not dbo.permissions.hasUrlPermission(
changed_by,
'/releases/:name',
'DELETE',
urlOptions={'product': release['product']}):
msg = "%s is not allowed to delete %s releases" % (
changed_by, release['product'])
self.log.warning("Unauthorized access attempt: %s", msg)
return Response(status=401, response=msg)
# Bodies are ignored for DELETE requests, so we need to force WTForms
# to look at the arguments instead.
# We only need the release name (which comes through the URL) and the
# data version to process this request. Because of that, we can just
# use this form to validate, because we're only validating CSRF
# and data version.
form = DbEditableForm(request.args)
if not form.validate():
self.log.warning("Bad input: %s", form.errors)
return Response(status=400, response=json.dumps(form.errors))
try:
dbo.releases.deleteRelease(changed_by=changed_by,
name=release['name'],
old_data_version=form.data_version.data,
transaction=transaction)
except ReadOnlyError as e:
msg = "Couldn't delete release: %s" % e
self.log.warning("Bad input: %s", msg)
return Response(status=403, response=json.dumps({"data": e.args}))
return Response(status=200)
def _delete(self, id_or_alias, transaction, changed_by):
# Verify that the rule_id or alias exists.
rule = dbo.rules.getRule(id_or_alias, transaction=transaction)
if not rule:
return Response(status=404)
# Bodies are ignored for DELETE requests, so we need to force WTForms
# to look at the arguments instead.
# Even though we aren't going to use most of the form fields (just
# rule_id and data_version), we still want to create and validate the
# form to make sure that the CSRF token is checked.
form = DbEditableForm(request.args)
dbo.rules.delete(where={"rule_id": id_or_alias}, changed_by=changed_by, old_data_version=form.data_version.data,
transaction=transaction)
return Response(status=200)
