def role_update(user, data, roleid, params):
role = get_by_roleid_or_404(user, roleid)
# ToDo: Implement forceupdate after rolegrant for role_update
# ToDo: Accept update for device-role
if role.name == 'device' or data.get('name', '') == 'device':
# Dont allow chaning device-role
raise ApiExp.RoleUpdateNotAllowed
if 'attributePermissions' in data:
devicetype = role.devicetype
per_dict = generate_role_dict(devicetype, data['attributePermissions'],
False)
role.permissions = per_dict
if 'description' in data:
role.description = data['description']
if 'name' in data:
new_name = data['name']
if new_name != role.name:
check_unique_role_name(user, new_name, role.devicetype)
role.name = new_name
db.session.commit()
return get_ok_response_body(data=dict(id=role.roleid))
def role_add(user, data, params):
devicetype = get_by_devicetypeid_or_404(user, data['deviceTypeId'])
name = data['name']
check_unique_role_name(user, name, devicetype)
is_device_role = (name == 'device')
per_dict = generate_role_dict(devicetype, data['attributePermissions'],
is_device_role)
new_role = Role(name=name,
owner=user,
devicetype=devicetype,
description=data.get('description', ''))
new_role.permissions = per_dict
new_role_id = new_role.roleid
db.session.add(new_role)
db.session.commit()
return get_ok_response_body(data=dict(id=new_role_id))
def write_send_common_validate(user, data, deviceid, params, is_write):
# Check if any device is assigned to this user:
device = get_by_deviceid_or_404(user, deviceid, look_in_granted=True)
devicetype = device.devicetype
user_data_dict = convert_attribute_list_to_dict(data['attributes'])
# Validate user request body based on device-type
devicedata_validator(devicetype.attributes, user_data_dict)
data_fileds, metadata_fields = app.devicetype.get_devicefields_metadata(
devicetype)
# Validate if user is writing to meta-data and sending data to the metadata
validate_data_metadatafileds(metadata_fields if is_write else data_fileds,
user_data_dict)
# Check if user (based on roles) has access to the requested fields
check_user_write_field_access(user, device, user_data_dict.keys())
dds = app.get_dds()
if is_write:
# Only store data in meta fields
dds.store_data(user_data_dict, device.deviceid)
else:
# This is send-to-device operation
# As mongo adds '_id' to the dict new copy required
user_data_dict = convert_attribute_list_to_dict(data['attributes'])
msg = create_msg_for_device(device, user_data_dict)
dds.send_to_device(msg, device.deviceid)
return get_ok_response_body(data={})
def device_add(user, payload, params):
devicetype_id = payload['deviceTypeId']
name = payload['name']
devicetype = get_by_devicetypeid_or_404(user, devicetype_id)
check_unique_name(user, name)
# Make sure device-role is defined
if not devicetype.roles.filter_by(name='device').first():
raise ApiExp.DeviceRoleNotDefined
# ToDo: Implement attributeValues for setting initial of meta-data
new_device = Device(
name=name,
serial_number=payload.get('serialNumber', ''),
label=payload.get('label', ''),
push_url=payload.get('pushURL', ''),
owner=user,
devicetype=devicetype
)
db.session.add(new_device)
db.session.commit()
return get_ok_response_body(
data=dict(
id=new_device.deviceid,
encryptionKey=new_device.enc_key,
deviceToken=new_device.device_token,
)
)
def device_list(user, params):
condition = [(Device.owner == user),
(Device.grantroles.any(RoleGrant.granted_user == user))]
if 'isOwned' in params:
if params['isOwned']:
condition = [(Device.owner == user)]
else:
condition = [(Device.grantroles.any(
RoleGrant.granted_user == user))]
q = Device.query.filter(or_(*condition))
q = contains_string_query(q, params, 'name', Device.name)
ret = paginate(q, params, dict(
id=Device.deviceid,
name=Device.name
))
dev_list = [
dict(
id=x.deviceid,
name=x.name,
isOwned=(user == x.owner)
) for x in ret.items
]
return get_ok_response_body(
data=dict(devices=dev_list),
pageCnt=ret.pages,
)
def role_show(user, roleid, params):
role = get_by_roleid_or_404(user, roleid)
per_list = generate_role_response_list(role)
return get_ok_response_body(data=dict(name=role.name,
description=role.description,
deviceTypeId=role.devicetype.typeid,
attributePermissions=per_list))
def device_delete(user, deviceid):
device = get_by_deviceid_or_404(user, deviceid)
db.session.delete(device)
db.session.commit()
return get_ok_response_body(
data=dict(id=deviceid)
)
def devicetype_show(user, devicetypeid, params):
dt = get_by_devicetypeid_or_404(user, devicetypeid)
return get_ok_response_body(
name=dt.name,
encrypted=dt.enc,
id=dt.typeid,
description=dt.description,
attributeTypes=convert_dict_to_attribute_list(dt.attributes),
)
def devicedata_read(user, deviceid, params):
# Check if any device is assigned to this user:
device = get_by_deviceid_or_404(user, deviceid, look_in_granted=True)
read_fields = get_device_fields_with_read_permission(user, device)
dds = app.get_dds()
x = dds.read_data(read_fields, device.deviceid)
attributes = convert_field_dict_to_list(x)
return get_ok_response_body(data=dict(attributes=attributes))
def role_delete(user, roleid, params):
role = get_by_roleid_or_404(user, roleid)
# ToDo: Implement "forceDelete" after rolegrant for role-delete
if role.name == 'device':
# Dont allow deleting device role
raise ApiExp.RoleUpdateNotAllowed
db.session.delete(role)
db.session.commit()
return get_ok_response_body(data=dict(id=role.roleid))
def devicetype_delete(user, devicetypeid, params):
dt = get_by_devicetypeid_or_404(user, devicetypeid)
# Check if this devicetype is used by any device
if dt.devices.count() != 0:
raise ApiExp.DeviceInUse
db.session.delete(dt)
db.session.commit()
return get_ok_response_body(
data=dict(id=devicetypeid)
)
def role_take(user, data, params):
grant_user = get_by_username_or_404(data['username'])
role = get_by_roleid_or_404(user, data['roleId'])
device = get_by_deviceid_or_404(user, data['deviceId'])
# Don't allow using device-role
if role.name == 'device':
raise ApiExp.RoleUpdateNotAllowed
rg = get_rolegrant_or_404(user, grant_user, role, device)
db.session.delete(rg)
db.session.commit()
return get_ok_response_body()
def devicetype_add(user, payload, params):
name = payload['name']
enc = payload['encryptionEnabled']
description = payload.get('description', '')
check_unique_name(user, name)
dt = DeviceType(name=name, owner=user, enc=enc, description=description)
dt.attributes = convert_attribute_list_to_dict(payload['attributeTypes'])
new_devtype_id = dt.typeid
db.session.add(dt)
db.session.commit()
return get_ok_response_body(data={"id": new_devtype_id})
def device_show(user, deviceid, params):
device = get_by_deviceid_or_404(user, deviceid)
ret_data = dict(
id=device.deviceid,
name=device.name,
deviceTypeId=device.devicetype.typeid,
deviceTypeName=device.devicetype.name,
serialNumber=device.serial_number,
encryptionKey=device.enc_key,
deviceToken=device.device_token,
pushURL=device.push_url
)
return get_ok_response_body(
data=ret_data
)
def device_edit(user, data, deviceid, params):
device = get_by_deviceid_or_404(user, deviceid)
# If new name is provided check for a device with same name
if 'name' in data:
new_name = data['name']
if new_name != device.name:
check_unique_name(user, new_name)
device.name = new_name
if 'serialNumber' in data:
device.serial_number = data['serialNumber']
db.session.commit()
return get_ok_response_body(
data=dict(id=device.deviceid)
)
def devicetype_list(user, params):
q = DeviceType.query.filter_by(owner=user)
q = contains_string_query(q, params, 'name', DeviceType.name)
ret = paginate(q, params, dict(
id=DeviceType.typeid,
name=DeviceType.name
))
devt_list = [dict(
id=x.typeid,
name=x.name
) for x in ret.items]
return get_ok_response_body(
data=dict(deviceTypes=devt_list),
pageCnt=ret.pages
)
def role_list(user, params):
q = Role.query.join(Role.devicetype).filter_by(owner=user)
q = contains_string_query(q, params, 'name', Role.name)
q = field_equal_query(q, params, 'deviceTypeId', Role.devicetype, 'typeid')
ret = paginate(
q, params,
dict(id=Role.roleid,
name=Role.name,
deviceTypeName=DeviceType.name,
deviceTypeId=DeviceType.typeid))
role_list = [
dict(id=x.roleid,
name=x.name,
deviceTypeName=x.devicetype.name,
deviceTypeId=x.devicetype.typeid) for x in ret.items
]
return get_ok_response_body(data=dict(roles=role_list), pageCnt=ret.pages)
def role_grant_list(user, params):
q = RoleGrant.query.filter_by(owner=user)
q = q.join(RoleGrant.role, RoleGrant.granted_user, RoleGrant.device,
Device.devicetype)
q = field_equal_query(q, params, 'deviceId', RoleGrant.device, 'deviceid')
q = field_equal_query(q, params, 'username', RoleGrant.granted_user,
'username')
q = field_equal_query(q, params, 'roleId', RoleGrant.role, 'roleid')
ret = paginate(
q, params,
dict(
deviceTypeName=DeviceType.name,
deviceName=Device.name,
roleName=Role.name,
username=User.username,
))
# ToDo: Implement pagination for rolegrant_list plus sortby
rolegrants = [
dict(
deviceTypeName=rg.device.devicetype.name,
deviceTypeId=rg.device.devicetype.typeid,
deviceName=rg.device.name,
deviceId=rg.device.deviceid,
roleName=rg.role.name,
roleId=rg.role.roleid,
username=rg.granted_user.username,
userid=rg.granted_user.username,
) for rg in ret.items
]
return get_ok_response_body(data=dict(roles=rolegrants), pageCnt=ret.pages)
def role_grant(user, data, params):
grant_user = get_by_username_or_404(data['username'])
role = get_by_roleid_or_404(user, data['roleId'])
device = get_by_deviceid_or_404(user, data['deviceId'])
# Don't allow using device-role
if role.name == 'device':
raise ApiExp.RoleUpdateNotAllowed
check_unique_rolegrant(user, grant_user, role, device)
# Check if role is defined for decicetype
check_role_defined_for_devicetype(role, device)
rg = RoleGrant(owner=user,
granted_user=grant_user,
role=role,
device=device)
db.session.add(rg)
db.session.commit()
return get_ok_response_body()