def accounts_new():
name = request.params.get('name')
email = request.params.get('email')
#TODO: Check phone format
phone = request.params.get('phone')
try:
privilege_id = int(request.params.get('privilege_id'))
except ValueError:
abort(400, 'Invalid privilege_id')
if privilege_id > request.user.privilege_id:
unauthorized()
#TODO: Check for lengths, instead of relying on db?
password = generatePassword()
seed = generatePassword() + generatePassword()
passwordHash = hashlib.sha1(seed + password).hexdigest()
rowData = {
"name": name,
"email": email,
"password": passwordHash,
"seed": seed,
"privilege_id": privilege_id
}
if (phone):
rowData["phone"] = phone
id = util.insertRow("account", rowData)
#TODO: Send new account email
util.sendEmail(
email, '*****@*****.**', 'Welcome to Isadore',
"Welcome to the Isadore system. You can login by going to https://" +
request.urlparts[1] + "\n\n" +
"To login use the following\n\nEmail: " + email + "\nPassword: "******"\n\n")
return {'xlink': ['/resources/accounts/' + str(id)]}
def alarms_delete(alarm_id):
# get alarm info
row = util.getRowFromTableById('alarm',
int(alarm_id),
columns="account_id")
# is row there?
if not row:
abort(404, "Alarm " + str(alarm_id) + " not found")
if request.user.id == int(row["account_id"]) or request.user.is_power_user():
# get alarm info
row = util.getRowFromTableById('alarm', int(alarm_id))
# return error if row not found
if not row:
abort(404, "Alarm not found.")
# delete alarm
util.deleteRowFromTableById("alarm", alarm_id)
# TODO: manually delete all alarm contacts associated with this alarm? No delete cascade will take care of it.
else:
unauthorized()
return HTTPResponse(output="Alarm deleted.", status=204)
def accounts_delete(id):
row = util.getRowFromTableById('account', int(id), checkEnabled=True)
if (row):
if int(row['privilege_id']) > request.user.privilege_id:
unauthorized()
else:
util.deleteRowFromTableById('account',
int(id),
deleteIsDisable=True)
return HTTPResponse(output="Account removed.", status=204)
else:
abort(404, 'Account not found.')
def alarms_new():
# get parameter values
alarm_type_id = request.params.get("alarm_type_id")
account_id = request.params.get("account_id")
greater_than_p = request.params.get("greater_than_p", '').lower() == 'true'
alarm_contact_type_ids = request.params.get('alarm_contact_type_ids', None)
value = request.params.get("value")
# check parameter values
if not util.getRowFromTableById('alarm_type', alarm_type_id):
abort(400, 'Invalid alarm_type_id')
if not util.getRowFromTableById("account", account_id, checkEnabled=True):
abort(400, "Invalid account_id")
alarm_type = util.getRowFromTableById('alarm_type', alarm_type_id)
if not alarm_type:
abort(400, 'Invalid alarm type.')
# can only create alarms for self or be super-user
if not request.user.is_power_user() and not request.user.id == int(account_id):
# print("User " + str(request.user.id) + " cannot create account for " + account_id)
unauthorized()
contact_type_ids = []
if alarm_contact_type_ids:
try:
contact_type_ids = [int(c) for c in alarm_contact_type_ids.split(',')]
except:
abort(400, 'invalid alarm_contact_type_ids parameter.')
column_data = {"alarm_type_id": alarm_type_id,
"account_id": account_id}
if alarm_type['threshold_p']:
column_data["greater_than_p"] = greater_than_p
try:
column_data["value"] = float(value)
except:
abort(400, 'Invalid value.')
# create new alarm
# TODO: alarm and alarm_contact should be in single transaction.
alarm_id = util.insertRow("alarm", column_data)
for alarm_contact_type_id in contact_type_ids:
util.insertRow('alarm_contact', {'alarm_id': alarm_id, 'alarm_contact_type_id': alarm_contact_type_id})
# return the newly created alarm's id url
return {'xlink': ['/resources/alarms/' + str(alarm_id)]}
def r_accounts_get(id):
if request.user.id == int(id) or request.user.is_power_user():
row = util.getRowFromTableById(
'account',
int(id),
columns=
"id, name, email, phone, privilege_id, configs, contact_news",
checkEnabled=True)
if (row):
if int(row['privilege_id']) > request.user.privilege_id:
unauthorized()
else:
return row
else:
abort(404, 'Account not found.')
else:
unauthorized()
def accounts_update(id):
if request.user.id == int(id) or request.user.is_power_user():
row = util.getRowFromTableById('account', int(id), checkEnabled=True)
if (row):
if int(row['privilege_id']) > request.user.privilege_id:
unauthorized()
else:
parameters = {}
parameters['name'] = request.params.get('name', None)
parameters['email'] = request.params.get('email', None)
parameters['contact_news'] = request.params.get(
'contact_news', None)
configs = request.params.get('configs', None)
if configs:
try:
json.loads(configs)
except:
abort(400, 'Invalid configs')
parameters['configs'] = configs
password = request.params.get('password', None)
if (password):
parameters['seed'] = generatePassword() + generatePassword(
)
parameters['password'] = hashlib.sha1(
parameters['seed'] + password).hexdigest()
#TODO: Check phone format
privilege_id = request.params.get('privilege_id', None)
#TODO: Check for lengths, instead of relying on db?
if privilege_id:
try:
privilege_id = int(privilege_id)
except:
abort(400, 'Invalid privilege_id')
if privilege_id > request.user.privilege_id:
unauthorized()
parameters['privilege_id'] = privilege_id
newParameters = {}
for key, value in parameters.items():
if (value):
newParameters[key] = value
parameters = newParameters
parameters['phone'] = request.params.get('phone', None)
#This 400 will never happen because will always assume phone should be removed.
if (not parameters):
abort(400, 'No parameters given.')
#TODO: What about password?
util.updateRowById('account', id, parameters)
#TODO: Send email to account that got change informing them?
return HTTPResponse(output="Account updated.", status=204)
else:
abort(404, 'Account not found.')
else:
unauthorized()
def alarms_update(alarm_id):
# get alarm info
alarm = util.getRowFromTableById('alarm', int(alarm_id))
# return error if row not found
if not alarm:
abort(404, "Alarm not found.")
if request.user.id == int(alarm["account_id"]) or request.user.is_power_user():
# get parameter values
alarm_type_id = request.params.get("alarm_type_id")
account_id = request.params.get("account_id")
greater_than_p = request.params.get("greater_than_p", '').lower() == 'true'
alarm_contact_type_ids = request.params.get('alarm_contact_type_ids', None)
value = request.params.get("value")
# check parameter values
if not util.getRowFromTableById('alarm_type', alarm_type_id):
abort(400, 'Invalid alarm_type_id')
if not util.getRowFromTableById("account", account_id, checkEnabled=True):
abort(400, "Invalid account_id")
alarm_type = util.getRowFromTableById('alarm_type', alarm_type_id)
if not alarm_type:
abort(400, 'Invalid alarm type.')
# can only create alarms for self or be super-user
if not request.user.is_power_user() and not request.user.id == int(account_id):
# print("User " + str(request.user.id) + " cannot change alarm to " + account_id)
unauthorized()
conctact_type_ids = []
contact_type_ids = []
if alarm_contact_type_ids:
try:
contact_type_ids = [int(c) for c in alarm_contact_type_ids.split(',')]
except:
abort(400, 'invalid alarm_contact_type_ids parameter.')
column_data = {"alarm_type_id": alarm_type_id,
"account_id": account_id}
if alarm_type['threshold_p']:
column_data["greater_than_p"] = greater_than_p
try:
column_data["value"] = float(value)
except:
abort(400, 'Invalid value.')
else:
column_data['greater_than_p'] = None
column_data['value'] = None
# TODO: alarm and alarm_contact should be in single transaction.
util.updateRowById('alarm', alarm['id'], column_data)
conn = util.getConn()
cur = conn.cursor()
cur.execute('DELETE from alarm_contact WHERE alarm_id = %s', (alarm['id'],))
conn.commit()
cur.close()
conn.close()
for alarm_contact_type_id in contact_type_ids:
util.insertRow('alarm_contact', {'alarm_id': alarm['id'], 'alarm_contact_type_id': alarm_contact_type_id})
else:
unauthorized()
return HTTPResponse(output="Alarm updated.", status=202)