def search(self):
"""Return the list of file resources matching the input JSON query.
:URL: ``SEARCH /files`` (or ``POST /files/search``)
:request body: A JSON object of the form::
{"query": {"filter": [ ... ], "order_by": [ ... ]},
"paginator": { ... }}
where the ``order_by`` and ``paginator`` attributes are optional.
"""
try:
json_search_params = unicode(request.body, request.charset)
python_search_params = json.loads(json_search_params)
SQLAQuery = h.eagerload_file(
self.query_builder.get_SQLA_query(python_search_params.get('query')))
query = h.filter_restricted_models('File', SQLAQuery)
return h.add_pagination(query, python_search_params.get('paginator'))
except h.JSONDecodeError:
response.status_int = 400
return h.JSONDecodeErrorResponse
except (OLDSearchParseError, Invalid), e:
response.status_int = 400
return {'errors': e.unpack_errors()}
def edit(self, id):
"""Return a file and the data needed to update it.
:URL: ``GET /files/edit`` with optional query string parameters
:param str id: the ``id`` value of the file that will be updated.
:returns: a dictionary of the form::
{"file": {...}, "data": {...}}
where the value of the ``file`` key is a dictionary representation
of the file and the value of the ``data`` key is a dictionary
containing the objects necessary to update a file, viz. the return
value of :func:`FilesController.new`
.. note::
This action can be thought of as a combination of
:func:`FilesController.show` and :func:`FilesController.new`. See
:func:`get_new_edit_file_data` to understand how the query string
parameters can affect the contents of the lists in the ``data``
dictionary.
"""
response.content_type = 'application/json'
file = h.eagerload_file(Session.query(File)).get(id)
if file:
unrestricted_users = h.get_unrestricted_users()
if h.user_is_authorized_to_access_model(session['user'], file, unrestricted_users):
return {'data': get_new_edit_file_data(request.GET), 'file': file}
else:
response.status_int = 403
return h.unauthorized_msg
else:
response.status_int = 404
return {'error': 'There is no file with id %s' % id}
def show(self, id):
"""Return a file.
:URL: ``GET /files/id``
:param str id: the ``id`` value of the file to be returned.
:returns: a file model object.
"""
file = h.eagerload_file(Session.query(File)).get(id)
if file:
unrestricted_users = h.get_unrestricted_users()
user = session['user']
if h.user_is_authorized_to_access_model(user, file, unrestricted_users):
return file
else:
response.status_int = 403
return h.unauthorized_msg
else:
response.status_int = 404
return {'error': 'There is no file with id %s' % id}
def index(self):
"""Get all file resources.
:URL: ``GET /files`` with optional query string parameters for ordering
and pagination.
:returns: a list of all file resources.
.. note::
See :func:`utils.add_order_by` and :func:`utils.add_pagination` for the
query string parameters that effect ordering and pagination.
"""
try:
query = h.eagerload_file(Session.query(File))
query = h.add_order_by(query, dict(request.GET), self.query_builder)
query = h.filter_restricted_models('File', query)
return h.add_pagination(query, dict(request.GET))
except Invalid, e:
response.status_int = 400
return {'errors': e.unpack_errors()}
def update(self, id):
"""Update a file and return it.
:URL: ``PUT /files/id``
:Request body: JSON object representing the file with updated attribute values.
:param str id: the ``id`` value of the file to be updated.
:returns: the updated file model.
"""
file = h.eagerload_file(Session.query(File)).get(int(id))
if file:
unrestricted_users = h.get_unrestricted_users()
user = session['user']
if h.user_is_authorized_to_access_model(user, file, unrestricted_users):
try:
if getattr(file, 'parent_file', None):
file = update_subinterval_referencing_file(file)
elif getattr(file, 'url', None):
file = update_externally_hosted_file(file)
else:
file = update_file(file)
# file will be False if there are no changes
if file:
Session.add(file)
Session.commit()
return file
else:
response.status_int = 400
return {'error':
u'The update request failed because the submitted data were not new.'}
except h.JSONDecodeError:
response.status_int = 400
return h.JSONDecodeErrorResponse
except Invalid, e:
response.status_int = 400
return {'errors': e.unpack_errors()}
else:
response.status_int = 403
return h.unauthorized_msg
def delete(self, id):
"""Delete an existing file and return it.
:URL: ``DELETE /files/id``
:param str id: the ``id`` value of the file to be deleted.
:returns: the deleted file model.
.. note::
Only administrators and a file's enterer can delete it.
"""
file = h.eagerload_file(Session.query(File)).get(id)
if file:
if session['user'].role == u'administrator' or \
file.enterer is session['user']:
delete_file(file)
return file
else:
response.status_int = 403
return h.unauthorized_msg
else:
response.status_int = 404
return {'error': 'There is no file with id %s' % id}
