def activity_update(self, activity_id, request_object): if not request_object.data: logger.error('No data was submitted with the activity_create request') return status_.status_400('You didn\'t include any `data` with your request.'), 400 activity_ = self.activity_get(activity_id) """ Prepare the content of the request_object to use in creating an Activity """ activity = json.loads(request_object.data) if hasattr(activity_, 'name'): activity_.name = sanitize.sanitize_string(activity.get('name', activity_.name)) if hasattr(activity_, 'description'): activity_.description = sanitize.sanitize_string(activity.get('description', activity_.description)) if hasattr(activity_, 'result'): activity_.result = sanitize.sanitize_string(activity.get('result', activity_.result)) if hasattr(activity_, 'template_id'): activity_.template_id = sanitize.sanitize_integer(activity.get('template_id', activity_.template_id)) if hasattr(activity_, 'status'): activity_.status = sanitize.sanitize_boolean(activity.get('status', activity_.status)) if hasattr(activity_, 'updated'): activity_.updated = activity.get('updated', activity_.updated) db.session.commit() return activity_
def user_update(self, user_object_): """ Before updating any information we first have to load the User object for the user we wish to act upon. To make extra sure that one user doesn't update another by sending an alertnative 'id' through with the post request. We only act on the `current_user` as defined by the security module. """ user_ = User.query.get(current_user.id) """ Content that needs sanitized """ user_.name = sanitize.sanitize_string(user_object_.get('name', current_user.name)) user_.email = sanitize.sanitize_string(user_object_.get('email', current_user.email)) """ Booleans and Arrays are not sanitized right now ... they probably should be """ # user_.active = user_object_.get('active', current_user.active) # user_.roles = user_object_.get('roles', current_user.roles) # user_.permissions = user_object_.get('permissions', current_user.permissions) """ Save all of our updates to the database """ db.session.commit() return user_
def activity_create(self, request_object): if not request_object.data: logger.error('No data was submitted with the activity_create request') return status_.status_400('You didn\'t include any `data` with your request.'), 400 """ Prepare the content of the request_object to use in creating an Activity """ activity = json.loads(request_object.data) new_activity = { 'name': sanitize.sanitize_string(statistic_content.get('name', '')), 'description': sanitize.sanitize_string(statistic_content.get('description', '')), 'result': sanitize.sanitize_string(statistic_content.get('result', '')), 'status': 'pending', 'template_id': sanitize.sanitize_integer(activity.get('template_id', '')) } activity_ = Activity(**new_activity) db.session.add(activity_) db.session.commit() return activity_
def application_update(self, application_id, request_object): allowed_applications = self.allowed_applications('write') if not application_id in allowed_applications: logger.warning('User %d with Applications %s tried to update Application %d', \ self.current_user.id, allowed_applications, application_id) return status_.status_401('You need to be logged in to access applications'), 401 application_ = Application.query.get(application_id) application_content = json.loads(request_object.data) """ Part 2: Update the fields that we have data for """ if hasattr(application_, 'name'): application_.name = sanitize.sanitize_string(application_content.get('name', application_.name)) if hasattr(application_, 'description'): application_.description = sanitize.sanitize_string(application_content.get('description', application_.description)) if hasattr(application_, 'url'): application_.url = sanitize.sanitize_string(application_content.get('url', application_.url)) db.session.commit() return application_
def application_create(self, request_object): """ Make sure that some data was submitted before proceeding """ if not request_object.data: logger.error('User %d new Application request failed because they didn\'t submit any `data` with their request', \ self.current_user.id) return status_.status_400('You didn\'t include any `data` with your request.'), 400 """ Prepare the data for use """ application_content = json.loads(request_object.data) """ Make sure we have at least a name for our Application """ if not application_content.get('name', ''): logger.error('User %d new Application request failed because the did not include a `name` in the `data`', \ self.current_user.id) return status_.status_400('You didn\'t include a `name` in the `data` of your request. You have to do that with Applications.'), 400 """ Add the new application to the database """ new_application = { 'name': sanitize.sanitize_string(application_content.get('name', '')), 'description': sanitize.sanitize_string(application_content.get('description', '')), 'url': application_content.get('url', ''), 'is_public': application_content.get('is_public', False) } application_ = Application(**new_application) db.session.add(application_) db.session.commit() """ Tell the system what user should have permission to access the newly created application """ permission = { 'user_id': self.current_user.id, 'application_id': application_.id, 'read': True, 'write': True, 'is_admin': True } self.set_user_application_permissions(application_, permission, self.current_user) """ Return the newly created Application """ return application_
def statistic_update(self, template_id, statistic_id, request_object): explicitly_allowed_templates_ = self.explicitly_allowed_templates() if not template_id in explicitly_allowed_templates_: logger.error('User %d update Statistic request failed because they are\'t allowed to modify the associated Template', \ self.current_user.id) return status_.status_401('You are\'t allowed to modify the Template you\'re trying to add a statistic to'), 401 """ Make sure that some data was submitted before proceeding """ if not request_object.data: logger.error('User %d update Statistic request failed because they didn\'t submit any `data` with their request', \ self.current_user.id) return status_.status_400('You didn\'t include any `data` with your request.'), 400 """ Make sure we can use the request data as json """ statistic_ = Statistic.query.get(statistic_id) if not statistic_.id: logger.error('User %d Statistic request failed because Statistic does\'t exist', \ self.current_user.id) return status_.status_404('The Statistic you\'re looking for doesn\'t exist'), 404 statistic_content = json.loads(request_object.data) if hasattr(statistic_, 'name'): statistic_.name = sanitize.sanitize_string(statistic_content.get('name', statistic_.name)) if hasattr(statistic_, 'units'): statistic_.units = sanitize.sanitize_string(statistic_content.get('units', statistic_.units)) if hasattr(statistic_, 'function'): statistic_.function = sanitize.sanitize_string(statistic_content.get('function', statistic_.function)) if hasattr(statistic_, 'field_id'): statistic_.field_id = sanitize.sanitize_integer(statistic_content.get('field_id', statistic_.field_id)) if hasattr(statistic_, 'status'): statistic_.status = sanitize.sanitize_boolean(statistic_content.get('status', statistic_.status)) db.session.commit() return statistic_
def statistic_create(self, template_id, request_object): """ Make sure that some data was submitted before proceeding """ if not request_object.data: logger.error('User %d new Statistic request failed because they didn\'t submit any `data` with their request', \ self.current_user.id) return status_.status_400('You didn\'t include any `data` with your request.'), 400 """ Make sure we can use the request data as json """ statistic_content = json.loads(request_object.data) field_id = sanitize.sanitize_integer(statistic_content.get('field_id', '')) explicitly_allowed_fields_ = self.explicitly_allowed_fields() template_fields_ = self.template_field_list(template_id) if not field_id in explicitly_allowed_fields_ or \ not field_id in template_fields_: logger.error('User %d new Statistic request failed because they are\'t allowed to modify the associated field', \ self.current_user.id) return status_.status_400('You are\'t allowed to modify the field you\'re trying to add a statistic to'), 400 new_statistic = { 'name': sanitize.sanitize_string(statistic_content.get('name', '')), 'units': sanitize.sanitize_string(statistic_content.get('units', '')), 'function': sanitize.sanitize_string(statistic_content.get('function', '')), 'field_id': field_id } statistic_ = Statistic(**new_statistic) db.session.add(statistic_) db.session.commit() return statistic_
def field_update(self, request_object, template_id, field_id): """ Make sure that we have everything we need to created the template successfully, including things like a Name, an associated Application, and a Storage mechanism """ if not field_id: logger.error('User %d update Field request failed because they didn\'t submit a Field ID with their request', \ self.current_user.id) return status_.status_400('You didn\'t include a Field ID to update this field with'), 400 """ Fields are directly tied to Templates and really have no life of their own outside of Templates. Because of that we need to instantiate a Template object that we can work with """ allowed_fields = self.allowed_fields(permission_type='write') if not field_id in allowed_fields: logger.warning('User %d with Fields %s tried to access Field %d', \ self.current_user.id, allowed_fields, field_id) return status_.status_401('You can\'t edit this Field because it\'s not yours'), 401 """ Make sure that some data was submitted before proceeding """ if not request_object.data: logger.error('User %d update Field request failed because they didn\'t submit any `data` with their request', \ self.current_user.id) return status_.status_400('You didn\'t include any `data` with your request.'), 400 """ Convert our request object into usable data """ field_content = json.loads(request_object.data) """ Fields are directly tied to Templates and really have no life of their own outside of Templates. Because of that we need to instantiate a Template object that we can work with """ field_ = Field().query.get(field_id) """ Part 2: Update the fields that we have data for """ if hasattr(field_, 'label'): field_.label = sanitize.sanitize_string(field_content.get('label', field_.label)) if hasattr(field_, 'help'): field_.help = sanitize.sanitize_string(field_content.get('help', field_.help)) if hasattr(field_, 'is_listed'): field_.is_listed = sanitize.sanitize_boolean(field_content.get('is_listed', field_.is_listed)) if hasattr(field_, 'is_searchable'): field_.is_searchable = sanitize.sanitize_boolean(field_content.get('is_searchable', field_.is_searchable)) if hasattr(field_, 'is_required'): field_.is_required = sanitize.sanitize_boolean(field_content.get('is_required', field_.is_required)) if hasattr(field_, 'weight'): field_.weight = sanitize.sanitize_integer(field_content.get('weight', field_.weight)) if hasattr(field_, 'status'): field_.status = sanitize.sanitize_boolean(field_content.get('status', field_.status)) if hasattr(field_, 'options'): field_.options = sanitize.sanitize_string(field_content.get('options', field_.options)) # # @todo # We probably need to make the API capable of changing # data_types, after all, PostgreSQL does it out of the box # # @see # http://www.postgresql.org/docs/9.3/static/sql-altertable.html # db.session.commit() return field_
def field_create(self, request_object, template_id): """ Make sure that we have everything we need to created the template successfully, including things like a Name, an associated Application, and a Storage mechanism """ if not template_id: logger.error('User %d new Field request failed because they didn\'t submit an Template ID with their request', \ self.current_user.id) return status_.status_400('You didn\'t include a Template to add this field to ... or else you\'re not the admin of this Template'), 400 """ Make sure that some data was submitted before proceeding """ if not request_object.data: logger.error('User %d new Field request failed because they didn\'t submit any `data` with their request', \ self.current_user.id) return status_.status_400('You didn\'t include any `data` with your request.'), 400 """ Convert our request object into usable data """ content_ = json.loads(request_object.data) """ Fields are directly tied to Templates and really have no life of their own outside of Templates. Because of that we need to instantiate a Template object that we can work with """ allowed_fields = self.allowed_fields(template_id) if not template_id in allowed_fields: logger.warning('User %d with Templates %s tried to access Template %d', \ self.current_user.id, allowed_fields, template_id) return status_.status_401(), 401 Template_ = Template().query.get(template_id) """ To create a Field you must at least provide a name for your field """ if not content_.get('name', ''): logger.error('User %d new Field request failed because they didn\'t submit any `name` in the `data` of their request', \ self.current_user.id) return status_.status_400('You didn\'t include a `name` in the `data` of your request.'), 400 """ To create a Field you must at least provide a data_type for your field """ if not content_.get('data_type', ''): logger.error('User %d new Field request failed because they didn\'t submit any `data_type` in the `data` of their request', \ self.current_user.id) return status_.status_400('You didn\'t include a `data_type` in the `data` of your request.'), 400 elif 'relationship' in content_.get('data_type', '') and not content_.get('relationship', ''): logger.error('User %d new Field request failed because they didn\'t submit any `data_type` in the `data` of their request', \ self.current_user.id) return status_.status_400('You can\'t create a Relationship field without specifying the `relationship` ... this starts with type_'), 400 user_defined_label = sanitize.sanitize_string(content_.get('name', '')) """ If someone's creating a relationship the storage string they've specified needs to belong to a template that they are allowed to access """ if content_.get('relationship', ''): relationship_storage = content_.get('relationship', '') storage_check = Template().query.filter_by(storage=relationship_storage).first() if not storage_check.id in allowed_fields: logger.error('User %d tried to add a Field to a Template %d which they do not own', \ self.current_user.id, template_id) return status_.status_401('The Template `relationship` string you entered either doesn\'t exist or you don\'t have permission to use it'), 401 """ Lastly, make sure that an identical relationship doesn't already exist. If the type_ and the template type_ already have a relationship it will cause bad things to happen when searching via the API """ duplicate_check = self.check_relationship_field_duplicate(Template_.fields, relationship_storage) if duplicate_check: logger.warning('User %d tried to add a duplicate relationship type', \ self.current_user.id) return status_.status_400('You already defined a relationship with this Template, you cannot create two relationship fields with the same relationship table.'), 400 new_field = { 'label': user_defined_label, 'name': self.generate_machine_name(user_defined_label), 'help': sanitize.sanitize_string(content_.get('help', '')), 'data_type': sanitize.sanitize_string(content_.get('data_type', 'text')), 'relationship': sanitize.sanitize_string(content_.get('relationship', None)), 'is_public': sanitize.sanitize_boolean(content_.get('is_public', False)), 'is_visible': sanitize.sanitize_boolean(content_.get('is_visible', False)), 'is_listed': sanitize.sanitize_boolean(content_.get('is_listed', False)), 'is_searchable': sanitize.sanitize_boolean(content_.get('is_searchable', True)), 'is_required': sanitize.sanitize_boolean(content_.get('is_required', False)), 'weight': sanitize.sanitize_integer(content_.get('created', 1)), 'status': sanitize.sanitize_boolean(content_.get('status', True)), 'options': sanitize.sanitize_string(content_.get('options', '')), 'templates': [Template_] } logger.debug('Checking Field, %s', new_field) field_ = Field(**new_field) db.session.add(field_) db.session.commit() logger.warning('field %s', field_) """ Section 2: Relate the Template with the Field and the User with the Field """ permission = { 'read': True, 'write': True, 'is_admin': True } self.set_user_field_permissions(field_, permission, self.current_user) self.set_template_field_relationship(field_, Template_) """ Section 3: Create the Field in the Template Storage, if the field will hold data. Some fields, like fieldset, are only for visual and aesthetic purposes and do not need added to the Storage """ if not 'fieldset' in field_.data_type: field_storage = self.create_storage_field(Template_, field_) if 'relationship' in content_.get('data_type', 'text') or 'file' in content_.get('data_type', 'text'): field_.association = field_storage['association'] field_.relationship = field_storage['relationship'] db.session.commit() return field_
def template_update(self, template_id, request_object): """ If there's no template_id we can't do any, so display a 404 """ if not template_id: return status_.status_404('That template doesn\'t seem to exist') """ Before we make a database call to get the template, we should make sure the user is allowed to access that template in the first place. Either because they have explicit permission to access it (i.e., collaborator, owner) or the template is marked as `is_public` """ template_id_list_ = self.allowed_templates(permission_type='is_admin') if not template_id in template_id_list_: return status_.status_401('That isn\'t your template'), 401 """ Part 1: Load the application we wish to make changes to """ template_ = Template.query.get(template_id) """ Make sure that some data was submitted before proceeding """ if not request_object.data: logger.error('User %d updating Template failed because they didn\'t submit any `data` with their request', \ self.current_user.id) return status_.status_400('You didn\'t include any `data` with your request.'), 400 template_content = json.loads(request_object.data) """ Part 2: Update the fields that we have data for """ if hasattr(template_, 'name'): template_.name = sanitize.sanitize_string(template_content.get('name', template_.name)) if hasattr(template_, 'help'): template_.help = sanitize.sanitize_string(template_content.get('help', template_.help)) if hasattr(template_, 'is_crowdsourced'): template_.is_crowdsourced = sanitize.sanitize_boolean(template_content.get('is_crowdsourced', template_.is_crowdsourced)) if hasattr(template_, 'is_listed'): template_.is_listed = sanitize.sanitize_boolean(template_content.get('is_listed', template_.is_listed)) if hasattr(template_, 'is_moderated'): template_.is_moderated = sanitize.sanitize_boolean(template_content.get('is_moderated', template_.is_moderated)) if hasattr(template_, 'is_public'): template_.is_public = sanitize.sanitize_boolean(template_content.get('is_public', template_.is_public)) if hasattr(template_, 'is_geospatial'): template_.is_geospatial = sanitize.sanitize_boolean(template_content.get('is_geospatial', template_.is_geospatial)) if hasattr(template_, 'is_community'): template_.is_community = sanitize.sanitize_boolean(template_content.get('is_community', template_.is_community)) if hasattr(template_, 'status'): template_.status = sanitize.sanitize_boolean(template_content.get('status', template_.status)) db.session.commit() return template_
def template_create(self, request_object, application_id): """ Make sure that we have everything we need to created the template successfully, including things like a Name, an associated Application, and a Storage mechanism """ if not application_id: logger.error('User %d new Template request failed because they didn\'t submit an Application ID with their request', \ self.current_user.id) return status_.status_400('You didn\'t include an Application to associated with the Template'), 400 """ Make sure that some data was submitted before proceeding """ if not request_object.data: logger.error('User %d new Template request failed because they didn\'t submit any `data` with their request', \ self.current_user.id) return status_.status_400('You didn\'t include any `data` with your request.'), 400 """ Part 1: Make sure we can use the request data as json """ content_ = json.loads(request_object.data) allowed_applications = self.allowed_applications('read') if not application_id in allowed_applications: logger.warning('User %d with Applications %s tried to access Application %d', \ self.current_user.id, allowed_applications, application_id) return status_.status_401(), 401 """ Part 3: Make sure we have a table that has been created in the database to associate our Template features with """ storage_name = self.create_storage() """ Part X: Add the new application to the database """ new_template = { 'name': sanitize.sanitize_string(content_.get('name', 'Untitled Template from %s' % (datetime.today()) )), 'help': sanitize.sanitize_string(content_.get('help', '')), 'storage': storage_name, 'is_public': sanitize.sanitize_boolean(content_.get('is_public', True)), 'is_crowdsourced': sanitize.sanitize_boolean(content_.get('is_crowdsourced', False)), 'is_moderated': sanitize.sanitize_boolean(content_.get('is_moderated', False)), 'is_listed': sanitize.sanitize_boolean(content_.get('is_listed', True)), 'is_geospatial': sanitize.sanitize_boolean(content_.get('is_geospatial', True)), 'is_community': sanitize.sanitize_boolean(content_.get('is_community', False)), 'created': datetime.now(), 'status': sanitize.sanitize_boolean(content_.get('status', True)) } template_ = Template(**new_template) db.session.add(template_) db.session.commit() """ Tell the system what user should have permission to access the newly created application """ permission = { 'user_id': self.current_user.id, 'template_id': template_.id, 'read': True, 'write': True, 'is_moderator': True, 'is_admin': True } self.set_user_template_permissions(template_, permission, self.current_user) """ Tell the system what Application this template belongs to """ application_ = Application().query.get(application_id) self.set_application_template_relationship(template_, application_) """ Add an 'owner' field to the Storage engine here, because we can't do it in the 'create_storage' because of the User model stepping on itself and causing problems with permissions """ self.create_owner_field(template_) """ Once the new table is created, we can create a permissions table for this feature table """ self.create_storage_permissions(storage_name) return template_