def api_delete_by_params(request, model_type): """Process delete requests for /api/{object_type} route match. Iterates over passed parameters.""" # FIXME: Should we enforce required parameters here? # Will be used for auditing au = get_authenticated_user(request) # FIXME: Should we allow this to be set on the client, or hard code it to true, requiring an # exact match? Might make sense since there is no confirmation, it just deletes. exact_get = True c = camel_to_underscore(model_type) try: payload = request.json_body s = '' q = DBSession.query(globals()[model_type]) for k,v in payload.items(): # FIXME: This is sub-par. Need a better way to distinguish # meta params from search params without having to # pre-define everything. if k == 'exact_get': continue s+='{0}={1},'.format(k, v) if exact_get: log.debug('Exact filtering on {0}={1}'.format(k, v)) q = q.filter(getattr(globals()[model_type] ,k)==v) else: log.debug('Loose filtering on {0}={1}'.format(k, v)) q = q.filter(getattr(globals()[model_type] ,k).like('%{0}%'.format(v))) log.debug('Searching for {0} with params: {1}'.format(c, s.rstrip(','))) q = q.one() # FIXME: Need auditing log.info('Deleting {0} with params: {1}'.format(c, s.rstrip(','))) DBSession.delete(q) DBSession.flush() return True except NoResultFound: return Response(content_type='application/json', status_int=404) except Exception as e: log.error('Error deleting {0} with params: {1} exception: {2}'.format(c, s.rstrip(','), e)) return Response(str(e), content_type='application/json', status_int=500)
def api_delete_by_id(request, model_type): """Process delete requests for /api/{object_type}/{id} route match.""" # FIXME: Will be used for auditing eventually. Would be nice to use # request.authenticated_userid, but I think this gets ugly when it's # an AD user. Need to test. au = get_authenticated_user(request) resource_id = request.matchdict['id'] c = camel_to_underscore(model_type) c_id = c + '_id' c_name = c + '_name' try: log.debug('Checking for {0}={1}'.format(c_id, resource_id)) # FIXME: Something better here than globals? q = DBSession.query(globals()[model_type]) q = q.filter(getattr(globals()[model_type], c_id) == resource_id) q = q.one() object_name = getattr(q, c_name) # FIXME: Need auditing # FIXME: What about orphaned assigments? Should we clean them up? log.info('Deleting {0}={1},{2}={3}'.format(c_name, object_name, c_id, resource_id)) DBSession.delete(q) DBSession.flush() return True except NoResultFound: return Response(content_type='application/json', status_int=404) except Exception as e: log.error('Error deleting {0}={1},exception={2}'.format(c_id, resource_id, e)) return Response(str(e), content_type='application/json', status_int=500)