def _validate_readonly_relationship(obj_with_readonly_access, obj2): # type: (WithReadOnlyAccess, Any) -> None """Validate if relationship change allowed to obj2 Args: obj_with_readonly_access: object of type WithReadOnlyAccess obj2: another object which also can have type WithReadOnlyAccess """ if not obj_with_readonly_access.can_change_relationship_with(obj2): raise MethodNotAllowed( description="The object is in a read-only mode and is " "dedicated for SOX needs")
def mobile_app_handler(self, model, method, **parameters): odoo_obj = request.env.get(model) model_method = 'mobile_' + method if odoo_obj is None or not hasattr(odoo_obj, model_method): raise NotFound("Unknown API path called.") handler = getattr(odoo_obj.sudo(), model_method) if request.httprequest.method == 'GET': return handler(**parameters) elif request.httprequest.method == 'POST': return handler(request.jsonrequest, **parameters) else: raise MethodNotAllowed("Only POST and GET methods are supported")
def _process(self): """Dispatch to a method named ``_process_<verb>``. Except for RESTful endpoints it is usually best to just override this method, especially when using WTForms. """ method = getattr(self, '_process_' + request.method, None) if method is None: valid_methods = [ m for m in HTTP_VERBS if hasattr(self, '_process_' + m) ] raise MethodNotAllowed(valid_methods) return method()
def _process(self): """The default process method dispatches to a method containing the HTTP verb used for the current request, e.g. _process_POST. When implementing this please consider that you most likely want/need only GET and POST - the other verbs are not supported everywhere! """ method = getattr(self, '_process_' + request.method, None) if method is None: valid_methods = [ m for m in HTTP_VERBS if hasattr(self, '_process_' + m) ] raise MethodNotAllowed(valid_methods) return method()
def handle(self, experiment): """Dispatch request.""" if self.request.method != "POST": raise MethodNotAllowed() user_ids = self.request.form.getlist("u") with self.config.storage.transaction(read_only=True) as store: session = Session(store) try: experiment_config = Experiment.from_store(store, experiment) except LookupError: raise NotFound( "No experiment with ID {experiment_id!r}".format( experiment_id=experiment ) ) buckets = [ session.get(Bucket, idx, default=EMPTY) for idx in range(NUM_BUCKETS) ] branch_ids = [branch["id"] for branch in experiment_config.branches] branches = {x: [] for x in branch_ids} relevant_settings = set() for branch_config in experiment_config.branches: relevant_settings.update(branch_config["settings"].keys()) for user_id in user_ids: user_entry = self.config.directory.lookup(user_id) if not experiment_config.includes_user(user_entry): continue user_overrides = store.get( "overrides/{user_id}".format(user_id=user_id), {} ) if any(x in relevant_settings for x in user_overrides.keys()): continue bucket = buckets[user_bucket(user_id)] for branch_id, members in branches.items(): if bucket.covers([experiment_config.id, branch_id]): members.append(user_id) return {"branches": branches}
def update(self, circuit_id): """Update a circuit based on payload. The EVC required attributes (name, uni_a, uni_z) can't be updated. """ log.debug('update /v2/evc/%s', circuit_id) try: evc = self.circuits[circuit_id] except KeyError: result = f'circuit_id {circuit_id} not found' log.debug('update result %s %s', result, 404) raise NotFound(result) if evc.archived: result = f'Can\'t update archived EVC' log.debug('update result %s %s', result, 405) raise MethodNotAllowed(['GET'], result) try: data = request.get_json() except BadRequest: result = 'The request body is not a well-formed JSON.' log.debug('update result %s %s', result, 400) raise BadRequest(result) if data is None: result = 'The request body mimetype is not application/json.' log.debug('update result %s %s', result, 415) raise UnsupportedMediaType(result) try: enable, path = \ evc.update(**self._evc_dict_with_instances(data)) except ValueError as exception: log.error(exception) log.debug('update result %s %s', exception, 400) raise BadRequest(str(exception)) if evc.is_active(): if enable is False: # disable if active evc.remove() elif path is not None: # redeploy if active evc.remove() evc.deploy() else: if enable is True: # enable if inactive evc.deploy() result = {evc.id: evc.as_dict()} status = 200 log.debug('update result %s %s', result, status) return jsonify(result), status
def find_func(cls, request): if request.method == "GET": cmd_name = request.args.get("method") else: cmd_name = request.form.get("method") entry = cls._cmd_table.get(cmd_name) if not entry: return entry _log.debug("Found method %s", cmd_name) func, only_post = entry if only_post and request.method != "POST": _log.warn("Method %s only allowed for POST", cmd_name) raise MethodNotAllowed() return func
def __call__(self, environ, start_response): method = environ.get('HTTP_X_HTTP_METHOD_OVERRIDE', '').upper() if method in self.allowed_methods: method = method.encode('ascii', 'replace') environ['REQUEST_METHOD'] = method elif method != '': return MethodNotAllowed(self.allowed_methods)(environ, start_response) if method in self.bodyless_methods: environ['CONTENT_LENGTH'] = '0' return self.app(environ, start_response)
def dispatch_request(self, pk=None): method = request.method.upper() if method == 'GET': if pk is None: return self.list() else: return self.retrieve(pk) elif method == 'POST': return self.create() elif method == 'PUT': return self.update(pk) elif method == 'DELETE': return self.destroy(pk) else: raise MethodNotAllowed()
def _dispatch_request(self, request, response): directory = self.configuration['upload_directory'] if request.method == 'GET': return elif request.method != 'POST': raise MethodNotAllowed() mapping = {} for name, uploaded_file in request.files.iteritems(): filename = mapping[name] = '%s_%s' % ( uniqid(), secure_filename(uploaded_file.filename)) uploaded_file.save(os.path.join(directory, filename)) response.mimetype = 'text/html' response.data = Json.serialize(mapping)
def application(self, request: Request) -> Union[Response, HTTPException]: """The Werkzeug WSGI request handler.""" if request.method != 'GET': return MethodNotAllowed(valid_methods=('GET', )) if request.path == '/health': return Response('') try: vote = Vote.parse(request.query_string) except ValueError: return BadRequest() self.connection.vote(vote) return Response(EMPTY_BMP, content_type='image/bmp')
def handle_form(): action = request.form.get('form_action', 'upload') app.logger.debug(action) if action == 'upload': return upload_file() elif action == 'confirm_deleteall': return confirm_delete_all() elif action == 'deleteall': return delete_all() elif action == 'combine': return combine_pdfs() elif action == 'cancel': return main() else: raise MethodNotAllowed()
def dispatch_request(self, *args, **kwargs): """ :param args: :param kwargs: """ methods = self._model.__methods__ if request.method not in methods: raise MethodNotAllowed(valid_methods=list(methods)) controller = getattr(self, request.method.lower(), None) if controller is None: raise NotImplemented() return controller(*args, **kwargs)
def on_assign_help_request(self, request): """Called when a fixer notifies a volunteer that the request to assist has been assigned to them""" if request.method == "GET": return MethodNotAllowed() if request.method == "POST": try: data = json.loads(request.get_data()) log.debug("Got help assign request: `%s`", data) except json.decoder.JSONDecodeError as err: return BadRequest("Request malformed: %s" % err) # if we got this far, it means we're ok, so we invoke the function that does the job # and pass it the input parameters self.assign_request_handler(data) return Response("Request handled")
def _try_run_request(self, environ): request = Request(environ) # We don't support anything else than GET requests since we're # previewing something that will be static later. if self.static_preview and request.method != 'GET': logger.error("Only GET requests are allowed, got %s" % request.method) raise MethodNotAllowed() # Also handle requests to a pipeline-built asset right away. response = self._try_serve_asset(environ, request) if response is not None: return response # Create the app for this request. app = get_app_for_server(self.root_dir, debug=self.debug, sub_cache_dir=self.sub_cache_dir) if (app.config.get('site/enable_debug_info') and self.enable_debug_info and '!debug' in request.args): app.config.set('site/show_debug_info', True) # We'll serve page assets directly from where they are. app.env.base_asset_url_format = '/_asset/%path%' # Let's see if it can be a page asset. response = self._try_serve_page_asset(app, environ, request) if response is not None: return response # Nope. Let's see if it's an actual page. try: response = self._try_serve_page(app, environ, request) return response except (RouteNotFoundError, SourceNotFoundError) as ex: raise NotFound() from ex except HTTPException: raise except Exception as ex: if app.debug: logger.exception(ex) raise logger.error(str(ex)) msg = "There was an error trying to serve: %s" % request.path raise InternalServerError(msg) from ex
def unsubscribe_sbe(token): expired, invalid, user = get_token_status(token, TOKEN_SERIALIZER_NAME) if expired or invalid: return render_template_i18n("notifications/invalid-token.html") if request.method == 'GET': return render_template_i18n("notifications/confirm-unsubscribe.html", token=token) elif request.method == 'POST': preferences = app.services['preferences'] preferences.set_preferences(user, **{'sbe:notifications:daily': False}) db.session.commit() return render_template_i18n("notifications/unsubscribed.html", token=token) else: raise MethodNotAllowed()
def on_help_request(self, request): """Called when a fixer used the front-end to add a new request to the system, and the system is looking for a volunteer to assist the person in need""" if request.method == "GET": return MethodNotAllowed() if request.method == "POST": try: data = json.loads(request.get_data()) log.debug("Got help request: `%s`", data) except json.decoder.JSONDecodeError as err: return BadRequest("Request malformed: %s" % err) # if we got this far, it means we're ok, so we invoke the function that does the job # and pass it the input parameters self.help_request_handler(data) return Response("Request handled")
def on_message(self, request): """Called when /message is opened""" if request.method == "GET": return MethodNotAllowed() # we only allow POST requests, we'll check if both # parameters we need are present, and if so, invoke the # actual messaging function if request.method == "POST": if "chat_id" not in request.form: return BadRequest("Must specify chat_id") if "message" not in request.form: return BadRequest("Must specify text") # if we got this far, it means we're ok self.messageFun(request.form["chat_id"], request.form["message"]) return Response("Message sent")
def find_route() -> _RouteMatcher: matchers = [_RouteMatcher(h, path, arguments) for h in handlers] matching_paths = [m for m in matchers if m.matches] if not matching_paths: raise NotFound() matching_routes = [ m for m in matching_paths if m.method == request.method ] if not matching_routes: valid_methods = sorted(set(m.method for m in matching_paths)) raise MethodNotAllowed(valid_methods) assert len(matching_routes) >= 1 # Workaround for https://github.com/python/mypy/issues/4345 assert isinstance(matching_routes[0], _RouteMatcher) return matching_routes[0]
def dispatch_request(self): try: if request.method.lower() not in ('get', 'post'): raise HttpError( MethodNotAllowed( ['GET', 'POST'], 'GraphQL only supports GET and POST requests.')) data = self.parse_body(request) show_graphiql = self.graphiql and self.can_display_graphiql(data) if self.batch: responses = [ self.get_response(request, entry) for entry in data ] result = '[{}]'.format(','.join( [response[0] for response in responses])) status_code = max(responses, key=lambda response: response[1])[1] else: result, status_code = self.get_response( request, data, show_graphiql) if show_graphiql: query, variables, operation_name, id = self.get_graphql_params( request, data) return render_graphiql( graphiql_version=self.graphiql_version, graphiql_template=self.graphiql_template, query=query, variables=variables, operation_name=operation_name, result=result) return Response(status=status_code, response=result, content_type='application/json') except HttpError as e: return Response(self.json_encode( request, {'errors': [self.format_error(e)]}), status=e.response.code, headers={'Allow': ['GET, POST']}, content_type='application/json')
def execute_graphql_request(self, data, query, variables, operation_name, show_graphiql=False): if not query: if show_graphiql: return None raise HttpError(BadRequest('Must provide query string.')) try: source = Source(query, name='GraphQL request') ast = parse(source) validation_errors = validate(self.schema, ast) if validation_errors: return ExecutionResult( errors=validation_errors, invalid=True, ) except Exception as e: return ExecutionResult(errors=[e], invalid=True) if request.method.lower() == 'get': operation_ast = get_operation_ast(ast, operation_name) if operation_ast and operation_ast.operation != 'query': if show_graphiql: return None raise HttpError( MethodNotAllowed( ['POST'], 'Can only perform a {} operation from a POST request.'. format(operation_ast.operation))) try: return self.execute(ast, root_value=self.get_root_value(request), variable_values=variables or {}, operation_name=operation_name, context_value=self.get_context(request), middleware=self.get_middleware(request), executor=self.get_executor(request)) except Exception as e: return ExecutionResult(errors=[e], invalid=True)
def _dispatch(request: Request, endpoint: object, args: RequestArguments) -> Response: fn_name = f"on_{request.method.lower()}" fn = getattr(endpoint, fn_name, None) if fn: if pass_response: response = Response() fn(request, response, **args) else: result = fn(request, **args) if isinstance(result, Response): return result response = Response() _populate_response(response, result) return response else: raise MethodNotAllowed()
def on_call_function(self, request, db=None, collection=None, action=None): output = StringIO.StringIO() args = request.values # let's patch args so they are closer to cgi.FieldStorage args.getvalue = lambda x: args.get(x) name = args.get("name", "default") func = getattr(self.mh, action, None) if callable(func): func(args, output.write, name=name, db=db, collection=collection, method=request.method) return Response(output.getvalue(), mimetype="application/json") else: raise MethodNotAllowed()
def detail(entityName, entityId): # type: (str, int) -> Response try: entity = EntityClasses.getClassByName(entityName)[entityId] except ObjectNotFound as e: if entityId != 0: raise NotFound(description='Entity not found: %s' % e.message) try: entity = EntityFactory.build(entityName) flush() except NotImplementedError: raise MethodNotAllowed( description='Manual entity creation not allowed for this entity' ) except NoChildEntitiesFound as e: raise BadRequest(description=e.message) if request.method == 'DELETE': entity.delete() return Response('Entity successfully removed') if request.method == 'POST': nullableFieldNames = entity.getNullableFieldClass().keys() manyToManyFields = entity.getManyToManyFields() for fieldName, fieldValue in request.form.iteritems(): if fieldName in manyToManyFields.keys(): continue if fieldName in nullableFieldNames and len(fieldValue) == 0: fieldValue = None setattr(entity, fieldName, fieldValue) for fieldName, fieldClass in manyToManyFields.iteritems(): setattr(entity, fieldName, (fieldClass[entityId] for entityId in request.form.getlist(fieldName))) return renderInLayout('page/detail.html', entity=entity, entityName=entityName, goBackLink=url_for('listEntities', entityName=entityName), formProcessLink=url_for('detail', entityName=entityName, entityId=entity.id))
def file_process(method: str, params: MultiDict, session: Session, submission_id: int, token: str, **kwargs) -> Response: """ Process the file compilation project. Parameters ---------- method : str ``GET`` or ``POST`` session : :class:`Session` The authenticated session for the request. submission_id : int The identifier of the submission for which the upload is being made. token : str The original (encrypted) auth token on the request. Used to perform subrequests to the file management service. Returns ------- dict Response data, to render in template. int HTTP status code. This should be ``200`` or ``303``, unless something goes wrong. dict Extra headers to add/update on the response. This should include the `Location` header for use in the 303 redirect response, if applicable. """ logger.debug("%s: %s, %s, %s, %s", method, params, session, submission_id, token) if method == "GET": return compile_status(params, session, submission_id, token) elif method == "POST": if params.get('action') in ['previous', 'next', 'save_exit']: _check_status(params, session, submission_id, token) # User is not actually trying to process anything; let flow control # in the routes handle the response. return {}, status.SEE_OTHER, {} return start_compilation(params, session, submission_id, token) raise MethodNotAllowed('Unsupported request')
def _try_run_request(self, environ): request = Request(environ) # We don't support anything else than GET requests since we're # previewing something that will be static later. if self.static_preview and request.method != 'GET': logger.error("Only GET requests are allowed, got %s" % request.method) raise MethodNotAllowed() # Handle requests to a pipeline-built asset right away. response = self._try_serve_asset(environ, request) if response is not None: return response # Same for page assets. response = self._try_serve_page_asset(self.appfactory.root_dir, environ, request) if response is not None: return response # Create the app for this request. app = get_app_for_server(self.appfactory, root_url=self.root_url) if (app.config.get('server/enable_debug_info') and self.enable_debug_info and '!debug' in request.args): app.config.set('site/show_debug_info', True) # Let's try to serve a page. try: response = self._try_serve_page(app, environ, request) return response except (RouteNotFoundError, SourceNotFoundError) as ex: raise NotFound() from ex except HTTPException: raise except Exception as ex: if app.debug: logger.exception(ex) raise logger.error(str(ex)) msg = "There was an error trying to serve: %s" % request.path raise InternalServerError(msg) from ex
def mobile_app_handler(self, model, method, **parameters): """ Main entry point for all authenticated calls (user is logged in). :param model: odoo model object in which we are requesting something :param method: method that will be called on the odoo model :param parameters: all other optional parameters sent by the request :return: json data for mobile app """ odoo_obj = request.env.get(model) model_method = 'mobile_' + method if odoo_obj is None or not hasattr(odoo_obj, model_method): raise NotFound("Unknown API path called.") handler = getattr(odoo_obj, model_method) if request.httprequest.method == 'GET': return handler(**parameters) elif request.httprequest.method == 'POST': return handler(request.jsonrequest, **parameters) else: raise MethodNotAllowed("Only POST and GET methods are supported")
def default_route(self, request: Request) -> Union[Response, HTTPException]: """ Default route that calls the injected view. """ # Check request method if request.method != self.view.method: return MethodNotAllowed(valid_methods=[self.view.method]) self.logger.debug(f"Request method is {request.method}.") # Check mimetype and arse JSON body. The result is cached in request.json. if not request.is_json: return BadRequest( "Wrong media type. Use 'Content-Type: application/json' instead." ) try: request_body = request.get_json() except BadRequest as exception: return exception self.logger.debug(f"Request contains JSON: {request_body}.") # Dispatch view and return response. view_instance = self.view(self.logging, self.services) try: response_body = view_instance.dispatch(request_body, request.headers) except ViewException as exception: if exception.status_code == 400: return BadRequest(exception.message) elif exception.status_code == 403: return Forbidden(exception.message) else: text = ( f"Unknown ViewException with status_code {exception.status_code} " f"raised: {exception.message}") self.logger.error(text) raise self.logger.debug( f"All done. Application sends HTTP 200 with body {response_body}.") return Response(json.dumps(response_body), content_type="application/json")
def ws_php(request): if request.method not in ("GET", "POST"): _log.error("Method %r not supported", request.method) raise MethodNotAllowed() func = CmdTable.find_func(request) if not func: _log.warn("wsphp: Unhandled %s %r %r", request.method, request.args, request.form) raise NotImplemented() with PWGSession(request) as session: result = func(request) if isinstance(result, BaseResponse): return result response = response_xml(result) session.save_to_cookie(response) return response
def dispatch_request(self, *args, **kwargs): meth = getattr(self, request.method.lower(), None) print('meth :', meth) # print('methodes: ', lower_methods,request.method.lower() ) # If the request method is HEAD and we don't have a handler for it # retry with GET. if meth is None and request.method == 'HEAD': meth = getattr(self, 'get', None) if meth is None: raise MethodNotAllowed('%s method not allowed.' % request.method.lower()) assert meth is not None, 'Unimplemented method %r' % request.method try: meth = self.apply_decorators(meth) return meth(*args, **kwargs) except (ApiException, ValidationError) as e: if isinstance(e, ValidationError): errors = [InvalidDataError(e.messages)] return self.data_formater.build_error_response(errors) return self.data_formater.build_error_response(e.errors)