def get_virtual_flag_from_url(request):
"""
import inspect
print 'caller 1:', inspect.stack()[1]
print 'caller 2:', inspect.stack()[2]
print 'caller 3:', inspect.stack()[3]
print 'caller 4:', inspect.stack()[4]
print 'caller 5:', inspect.stack()[5]
print 'caller 6:', inspect.stack()[6]
print 'caller 7:', inspect.stack()[7]
print 'caller 8:', inspect.stack()[8]
print 'caller 9:', inspect.stack()[9]
print 'caller 10:', inspect.stack()[10]
print 'caller 11:', inspect.stack()[11]
print 'caller 12:', inspect.stack()[12]
"""
## retrieve the value of the virtual flag
virtual = str(request.GET.get('virtual'))
if virtual is None:
raise ImmediateHttpResponse(response = http.HttpBadRequest(content='No "virtual" flag in request url'))
try:
virtual = str2bool(virtual)
except ValueError:
raise ImmediateHttpResponse(response = http.HttpBadRequest(content='"virtual" flag could not be parsed to a boolean'))
return virtual
def is_authorized(self, request, object=None):
from client.api import FeatureResource
from coresql.models import Environment, Area
from coresql.utils import str2bool
if request.method.upper() == "GET":
if hasattr(request, 'user') and not request.user.is_anonymous():
env_obj = None
area_obj = None
''' try first to obtain info from the feature_obj itself if this is a detail request '''
feature_res_uri = request.path
try:
feature_obj = FeatureResource().get_via_uri(feature_res_uri, request=request)
env_obj = feature_obj.environment
area_obj = feature_obj.area
except Exception:
env_obj = None
area_obj = None
#print "FeatureAuthorization environment: ", env_obj
#print "FeatureAuthorization area: ", area_obj
if env_obj is None and area_obj is None:
''' if not, try to retrieve environment and area objects from request filters '''
if 'environment' in request.GET:
try:
env_obj = Environment.objects.get(pk=request.GET['environment'])
except:
env_obj = None
if 'area' in request.GET:
try:
area_obj = Area.objects.get(pk=request.GET['area'])
except:
area_obj = None
''' We check if there is a virtual access flag set in the request.
If the flag is not set, the default behavior is to assume physical check-in '''
if 'virtual' in request.GET:
try:
virtual = str2bool(request.GET['virtual'])
if virtual and (area_obj or env_obj):
''' if the virtual flag is set to TRUE, then allow access, otherwise, check that
the user is actually checked-in where he says he is '''
return True
except ValueError:
return False
user_profile = request.user.get_profile() ## will be an instance of UserProfile => available context
return is_checked_in(user_profile, env_obj, area_obj)
return False
def is_authorized(self, request, object=None):
from client.api import FeatureResource
from coresql.models import Environment, Area
from coresql.utils import str2bool
if request.method.upper() == "GET":
if hasattr(request, 'user') and not request.user.is_anonymous():
env_obj = None
area_obj = None
''' try first to obtain info from the feature_obj itself if this is a detail request '''
feature_res_uri = request.path
try:
feature_obj = FeatureResource().get_via_uri(
feature_res_uri, request=request)
env_obj = feature_obj.environment
area_obj = feature_obj.area
except Exception:
env_obj = None
area_obj = None
#print "FeatureAuthorization environment: ", env_obj
#print "FeatureAuthorization area: ", area_obj
if env_obj is None and area_obj is None:
''' if not, try to retrieve environment and area objects from request filters '''
if 'environment' in request.GET:
try:
env_obj = Environment.objects.get(
pk=request.GET['environment'])
except:
env_obj = None
if 'area' in request.GET:
try:
area_obj = Area.objects.get(pk=request.GET['area'])
except:
area_obj = None
''' We check if there is a virtual access flag set in the request.
If the flag is not set, the default behavior is to assume physical check-in '''
if 'virtual' in request.GET:
try:
virtual = str2bool(request.GET['virtual'])
if virtual and (area_obj or env_obj):
''' if the virtual flag is set to TRUE, then allow access, otherwise, check that
the user is actually checked-in where he says he is '''
return True
except ValueError:
return False
user_profile = request.user.get_profile(
) ## will be an instance of UserProfile => available context
return is_checked_in(user_profile, env_obj, area_obj)
return False
def get_virtual_flag_from_url(request):
## retrieve the value of the virtual flag
virtual = str(request.GET.get('virtual'))
if virtual is None:
raise ImmediateHttpResponse(response = http.HttpBadRequest(content='No "virtual" flag in request url'))
try:
virtual = str2bool(virtual)
except ValueError:
raise ImmediateHttpResponse(response = http.HttpBadRequest(content='"virtual" flag could not be parsed to a boolean'))
return virtual
def get_virtual_flag_from_url(request):
## retrieve the value of the virtual flag
virtual = str(request.GET.get('virtual'))
if virtual is None:
raise ImmediateHttpResponse(response=http.HttpBadRequest(
content='No "virtual" flag in request url'))
try:
virtual = str2bool(virtual)
except ValueError:
raise ImmediateHttpResponse(response=http.HttpBadRequest(
content='"virtual" flag could not be parsed to a boolean'))
return virtual
def is_authorized(self, request, object=None):
from client.api import EnvironmentResource, AreaResource, AnnotationResource
from coresql.models import Environment, Area
from coresql.utils import str2bool
if hasattr(request, 'user') and not request.user.is_anonymous():
env_obj = None
area_obj = None
if request.method.upper() == "GET":
if 'environment' in request.GET:
try:
env_obj = Environment.objects.get(
pk=request.GET['environment'])
except:
env_obj = None
if 'area' in request.GET:
try:
area_obj = Area.objects.get(pk=request.GET['area'])
except:
area_obj = None
''' For GET requests we check if there is a virtual access flag set in the request.
If the flag is not set, the default behavior is to assume physical check-in '''
if 'virtual' in request.GET:
try:
virtual = str2bool(request.GET['virtual'])
if virtual and (area_obj or env_obj):
''' if the virtual flag is set to TRUE, then allow access, otherwise, check that
the user is actually checked-in where he says he is '''
return True
except ValueError:
return False
elif request.method.upper() == "POST":
''' for the rest of the methods check that the requesting user is actually checked in '''
serdes = Serializer()
deserialized = None
try:
deserialized = serdes.deserialize(request.raw_post_data,
format=request.META.get(
'CONTENT_TYPE',
'application/json'))
except Exception:
return False
if deserialized is None:
return False
if 'environment' in deserialized:
try:
#env_pk = int(deserialized['env'])
env_obj = EnvironmentResource().get_via_uri(
deserialized['environment'], request=request)
except:
env_obj = None
if 'area' in deserialized:
try:
#area_pk = int(deserialized['area'])
area_obj = AreaResource().get_via_uri(
deserialized['area'], request=request)
except:
area_obj = None
elif request.method.upper() in ["DELETE", "PUT"]:
ann_res_uri = request.path
try:
ann_obj = AnnotationResource().get_via_uri(ann_res_uri,
request=request)
env_obj = ann_obj.environment
area_obj = ann_obj.area
#print "[authorization] env_obj: ", env_obj
#print "[authorization] area_obj: ", area_obj
except Exception:
#print "[authorization] exception in getting annotation resource for deletion: ", ex
env_obj = None
area_obj = None
user_profile = request.user.get_profile(
) ## will be an instance of UserProfile => available context
return is_checked_in(user_profile, env_obj, area_obj)
return False
def is_authorized(self, request, object=None):
from client.api import EnvironmentResource, AreaResource, AnnotationResource
from coresql.models import Environment, Area
from coresql.utils import str2bool
if hasattr(request, 'user') and not request.user.is_anonymous():
env_obj = None
area_obj = None
if request.method.upper() == "GET":
if 'environment' in request.GET:
try:
env_obj = Environment.objects.get(pk=request.GET['environment'])
except:
env_obj = None
if 'area' in request.GET:
try:
area_obj = Area.objects.get(pk=request.GET['area'])
except:
area_obj = None
''' For GET requests we check if there is a virtual access flag set in the request.
If the flag is not set, the default behavior is to assume physical check-in '''
if 'virtual' in request.GET:
try:
virtual = str2bool(request.GET['virtual'])
if virtual and (area_obj or env_obj):
''' if the virtual flag is set to TRUE, then allow access, otherwise, check that
the user is actually checked-in where he says he is '''
return True
except ValueError:
return False
elif request.method.upper() == "POST":
''' for the rest of the methods check that the requesting user is actually checked in '''
serdes = Serializer()
deserialized = None
try:
deserialized = serdes.deserialize(request.raw_post_data, format=request.META.get('CONTENT_TYPE', 'application/json'))
except Exception:
return False
if deserialized is None:
return False
if 'environment' in deserialized:
try:
#env_pk = int(deserialized['env'])
env_obj = EnvironmentResource().get_via_uri(deserialized['environment'], request=request)
except:
env_obj = None
if 'area' in deserialized:
try:
#area_pk = int(deserialized['area'])
area_obj = AreaResource().get_via_uri(deserialized['area'], request=request)
except:
area_obj = None
elif request.method.upper() in ["DELETE", "PUT"]:
ann_res_uri = request.path
try:
ann_obj = AnnotationResource().get_via_uri(ann_res_uri, request=request)
env_obj = ann_obj.environment
area_obj = ann_obj.area
#print "[authorization] env_obj: ", env_obj
#print "[authorization] area_obj: ", area_obj
except Exception:
#print "[authorization] exception in getting annotation resource for deletion: ", ex
env_obj = None
area_obj = None
user_profile = request.user.get_profile() ## will be an instance of UserProfile => available context
return is_checked_in(user_profile, env_obj, area_obj)
return False
