def wrapper(*args, **kwargs): method = 'POST' validate_method((method), self.role_key, self.admin_methods) try: self.lookup() if not self.is_authorized(): raise UnauthorizedError('WOKAPI0009E') model_args = list(self.model_args) request = parse_request() validate_params(request, self, action_name) if action_args is not None: model_args.extend( request[key] if key in request.keys() else None for key in action_args ) action_fn = getattr(self.model, model_fn(self, action_name)) action_result = action_fn(*model_args) # log request reqParams = utf8_dict(self.log_args, request) RequestRecord( self.getRequestMessage(method, action_name) % reqParams, app=get_plugin_from_request(), req=method, user=cherrypy.session.get(USER_NAME, 'N/A') ).log() if destructive is False or \ ('persistent' in self.info.keys() and self.info['persistent'] is True): return render_fn(self, action_result) except MissingParameter, e: raise cherrypy.HTTPError(400, e.message)
def index(self, *args, **kwargs): params = {} method = validate_method(('GET', 'POST'), self.role_key, self.admin_methods) try: if method == 'GET': params = cherrypy.request.params validate_params(params, self, 'get_list') return self.get(params) elif method == 'POST': params = parse_request() result = self.create(params, *args) # log request reqParams = utf8_dict(self.log_args, params) RequestRecord( self.getRequestMessage(method) % reqParams, app=get_plugin_from_request(), req=method, user=cherrypy.session.get(USER_NAME, 'N/A') ).log() return result except InvalidOperation, e: raise cherrypy.HTTPError(400, e.message)
def update(self, *args, **kargs): params = parse_request() try: update = getattr(self.model, model_fn(self, 'update')) except AttributeError: e = InvalidOperation('WOKAPI0003E', {'resource': get_class_name(self)}) raise cherrypy.HTTPError(405, e.message) finally: method = 'PUT' RequestRecord( self.getRequestMessage(method) % params, app=get_plugin_from_request(), req=method, user=cherrypy.session.get(USER_NAME, 'N/A') ).log() validate_params(params, self, 'update') args = list(self.model_args) + [params] ident = update(*args) self._redirect(ident) self.lookup() return self.get()
def wrapper(*args, **kwargs): method = 'POST' validate_method((method), self.role_key, self.admin_methods) try: self.lookup() if not self.is_authorized(): raise UnauthorizedError('WOKAPI0009E') model_args = list(self.model_args) request = parse_request() validate_params(request, self, action_name) if action_args is not None: model_args.extend( request[key] if key in request.keys() else None for key in action_args) action_fn = getattr(self.model, model_fn(self, action_name)) action_result = action_fn(*model_args) # log request reqParams = utf8_dict(self.log_args, request) RequestRecord( self.getRequestMessage(method, action_name) % reqParams, app=get_plugin_from_request(), req=method, user=cherrypy.session.get(USER_NAME, 'N/A')).log() if destructive is False or \ ('persistent' in self.info.keys() and self.info['persistent'] is True): return render_fn(self, action_result) except MissingParameter, e: raise cherrypy.HTTPError(400, e.message)
def index(self, *args, **kwargs): params = {} method = validate_method(('GET', 'POST'), self.role_key, self.admin_methods) try: if method == 'GET': params = cherrypy.request.params validate_params(params, self, 'get_list') return self.get(params) elif method == 'POST': params = parse_request() result = self.create(params, *args) # log request reqParams = utf8_dict(self.log_args, params) RequestRecord(self.getRequestMessage(method) % reqParams, app=get_plugin_from_request(), req=method, user=cherrypy.session.get(USER_NAME, 'N/A')).log() return result except InvalidOperation, e: raise cherrypy.HTTPError(400, e.message)
def logout(self): method = 'POST' code = self.getRequestMessage(method, 'logout') params = {'username': cherrypy.session.get(auth.USER_NAME, 'N/A')} msg = WokMessage(code, params).get_text(prepend_code=False) RequestRecord(msg, app=get_plugin_from_request(), req=method, user=params['username']).log() auth.logout() return '{}'
def logout(self): method = 'POST' params = {'username': cherrypy.session.get(auth.USER_NAME, 'N/A')} RequestRecord( self.getRequestMessage(method, 'logout') % params, app=get_plugin_from_request(), req=method, user=params['username'] ).log() auth.logout() return '{}'
def logout(self): method = 'POST' code = self.getRequestMessage(method, 'logout') params = {'username': cherrypy.session.get(auth.USER_NAME, 'N/A')} msg = WokMessage(code, params).get_text(prepend_code=False) RequestRecord( msg, app=get_plugin_from_request(), req=method, user=params['username'] ).log() auth.logout() return '{}'
class WokRoot(Root): def __init__(self, model, dev_env=False): super(WokRoot, self).__init__(model, dev_env) self.default_page = 'wok-ui.html' for ident, node in sub_nodes.items(): setattr(self, ident, node(model)) with open(os.path.join(wok_paths.src_dir, 'API.json')) as f: self.api_schema = json.load(f) self.paths = wok_paths self.domain = 'wok' self.messages = messages self.log_map = ROOT_REQUESTS self.extends = None @cherrypy.expose def login(self, *args): try: params = parse_request() username = params['username'] password = params['password'] except KeyError, item: e = MissingParameter('WOKAUTH0003E', {'item': str(item)}) raise cherrypy.HTTPError(400, e.message) try: user_info = auth.login(username, password) except OperationFailed: raise cherrypy.HTTPError(401) finally: method = 'POST' code = self.getRequestMessage(method, 'login') msg = WokMessage(code, params).get_text(prepend_code=False) RequestRecord(msg, app=get_plugin_from_request(), req=method, user=cherrypy.session.get(auth.USER_NAME, 'N/A')).log() return json.dumps(user_info)
except InvalidParameter, e: raise cherrypy.HTTPError(400, e.message) except UnauthorizedError, e: raise cherrypy.HTTPError(403, e.message) except NotFoundError, e: raise cherrypy.HTTPError(404, e.message) except OperationFailed, e: raise cherrypy.HTTPError(500, e.message) except WokException, e: raise cherrypy.HTTPError(500, e.message) # log request if method not in LOG_DISABLED_METHODS: RequestRecord( self.getRequestMessage(method) % self.log_args, app=get_plugin_from_request(), req=method, user=cherrypy.session.get(USER_NAME, 'N/A') ).log() return result def is_authorized(self): user_name = cherrypy.session.get(USER_NAME, '') user_groups = cherrypy.session.get(USER_GROUPS, []) user_role = cherrypy.session.get(USER_ROLES, {}).get(self.role_key) users = self.data.get("users", None) groups = self.data.get("groups", None) if (users is None and groups is None) or user_role == 'admin':
raise cherrypy.HTTPError(400, e.message) except InvalidParameter, e: raise cherrypy.HTTPError(400, e.message) except UnauthorizedError, e: raise cherrypy.HTTPError(403, e.message) except NotFoundError, e: raise cherrypy.HTTPError(404, e.message) except OperationFailed, e: raise cherrypy.HTTPError(500, e.message) except WokException, e: raise cherrypy.HTTPError(500, e.message) # log request if method not in LOG_DISABLED_METHODS: RequestRecord(self.getRequestMessage(method) % self.log_args, app=get_plugin_from_request(), req=method, user=cherrypy.session.get(USER_NAME, 'N/A')).log() return result def is_authorized(self): user_name = cherrypy.session.get(USER_NAME, '') user_groups = cherrypy.session.get(USER_GROUPS, []) user_role = cherrypy.session.get(USER_ROLES, {}).get(self.role_key) users = self.data.get("users", None) groups = self.data.get("groups", None) if (users is None and groups is None) or user_role == 'admin': return True