def serve(iuid): """Return dataset's information (metadata), update it, or delete it. The content of the dataset cannot be updated via this resource. """ try: dataset = get_dataset(iuid) except ValueError as error: flask.abort(http.client.NOT_FOUND) if utils.http_GET(): if not allow_view(dataset): flask.abort(http.client.FORBIDDEN) set_links(dataset) return utils.jsonify(dataset, schema=flask.url_for("api_schema.dataset", _external=True)) elif utils.http_POST(csrf=False): if not allow_edit(dataset): flask.abort(http.client.FORBIDDEN) try: data = flask.request.get_json() with DatasetSaver(dataset) as saver: try: saver.set_title(data["title"]) except KeyError: pass try: saver.set_description(data["description"]) except KeyError: pass try: saver.set_public(data["public"]) except KeyError: pass try: saver.set_vega_lite_types(data["meta"]) except KeyError: pass except ValueError as error: return str(error), http.client.BAD_REQUEST dataset = saver.doc set_links(dataset) return utils.jsonify(dataset, schema=flask.url_for("api_schema.dataset", _external=True)) elif utils.http_DELETE(): if not possible_delete(dataset): flask.abort(http.client.FORBIDDEN) if not allow_delete(dataset): flask.abort(http.client.FORBIDDEN) flask.g.db.delete(dataset) for log in utils.get_logs(dataset["_id"], cleanup=False): flask.g.db.delete(log) return "", http.client.NO_CONTENT
def serve(iuid): "Return graphic information, update it, or delete it." try: graphic = get_graphic(iuid) except ValueError as error: flask.abort(http.client.NOT_FOUND) if utils.http_GET(): if not allow_view(graphic): flask.abort(http.client.FORBIDDEN) set_links(graphic) return utils.jsonify(graphic, schema=flask.url_for("api_schema.graphic", _external=True)) elif utils.http_POST(csrf=False): if not allow_edit(graphic): flask.abort(http.client.FORBIDDEN) try: data = flask.request.get_json() with GraphicSaver(graphic) as saver: try: saver.set_title(data["title"]) except KeyError: pass try: saver.set_description(data["description"]) except KeyError: pass try: saver.set_public(data["public"]) except KeyError: pass try: saver.set_specification(data["specification"]) except KeyError: pass except ValueError as error: return str(error), http.client.BAD_REQUEST graphic = saver.doc set_links(graphic) return utils.jsonify(graphic, schema=flask.url_for("api_schema.graphic", _external=True)) elif utils.http_DELETE(): if not allow_delete(graphic): flask.abort(http.client.FORBIDDEN) flask.g.db.delete(graphic) for log in utils.get_logs(graphic["_id"], cleanup=False): flask.g.db.delete(log) return "", http.client.NO_CONTENT
def logs(iuid): "Display the log records of the given graphic." try: graphic = get_graphic(iuid) except ValueError as error: utils.flash_error(str(error)) return flask.redirect(utils.url_referrer()) if not allow_view(graphic): utils.flash_error("View access to graphic not allowed.") return flask.redirect(utils.url_referrer()) return flask.render_template( "logs.html", title=f"Graphic {graphic['title']}", back_url=flask.url_for(".display", iuid=iuid), logs=utils.get_logs(iuid))
def logs(iuid): "Display the log records of the given dataset." try: dataset = get_dataset(iuid) except ValueError as error: utils.flash_error(str(error)) return flask.redirect(utils.url_referrer()) if not allow_view(dataset): utils.flash_error("View access to dataset not allowed.") return flask.redirect(utils.url_referrer()) return flask.render_template( "logs.html", title=f"Dataset {dataset['title'] or 'No title'}", cancel_url=flask.url_for(".display", iuid=iuid), logs=utils.get_logs(iuid))
def logs(username): "Display the log records of the given user." user = get_user(username=username) if user is None: utils.flash_error("No such user.") return flask.redirect(flask.url_for("home")) if not am_admin_or_self(user): utils.flash_error("Access not allowed.") return flask.redirect(flask.url_for("home")) return flask.render_template( "logs.html", title=f"User {user['username']}", back_url=flask.url_for(".display", username=user["username"]), api_logs_url=flask.url_for("api_user.logs", username=user["username"]), logs=utils.get_logs(user["_id"]))
def logs(username): "Return all log entries for the given user." user = datagraphics.user.get_user(username=username) if not user: flask.abort(http.client.NOT_FOUND) # XXX Use 'allow' function if not datagraphics.user.am_admin_or_self(user): flask.abort(http.client.FORBIDDEN) entity = {"type": "user", "username": user["username"], "href": flask.url_for(".serve", username=user["username"], _external=True)} return utils.jsonify({"entity": entity, "logs": utils.get_logs(user["_id"])}, schema=flask.url_for("api_schema.logs",_external=True))
def edit(iuid): "Edit the dataset, or delete it." try: dataset = get_dataset(iuid) except ValueError as error: utils.flash_error(str(error)) return flask.redirect(utils.url_referrer()) if utils.http_GET(): if not allow_edit(dataset): utils.flash_error("Edit access to dataset not allowed.") return flask.redirect(flask.url_for(".display", iuid=iuid)) return flask.render_template("dataset/edit.html", am_owner=am_owner(dataset), dataset=dataset) elif utils.http_POST(): if not allow_edit(dataset): utils.flash_error("Edit access to dataset not allowed.") return flask.redirect(flask.url_for(".display", iuid=iuid)) try: with DatasetSaver(dataset) as saver: saver.set_title() if flask.g.am_admin: saver.change_owner() if am_owner(dataset): saver.set_editors() saver.set_description() saver.upload_file() saver.set_vega_lite_types() except ValueError as error: utils.flash_error(str(error)) return flask.redirect(flask.url_for(".display", iuid=iuid)) elif utils.http_DELETE(): if not possible_delete(dataset): utils.flash_error("Dataset cannot be deleted; use by graphics.") return flask.redirect(flask.url_for(".display", iuid=iuid)) if not allow_delete(dataset): utils.flash_error("Delete access to dataset not allowed.") return flask.redirect(flask.url_for(".display", iuid=iuid)) flask.g.db.delete(dataset) for log in utils.get_logs(dataset["_id"], cleanup=False): flask.g.db.delete(log) utils.flash_message("The dataset was deleted.") return flask.redirect(flask.url_for("datasets.display"))
def edit(iuid): "Edit the graphic, or delete it." try: graphic = get_graphic(iuid) except ValueError as error: utils.flash_error(str(error)) return flask.redirect(utils.url_referrer()) if utils.http_GET(): if not allow_edit(graphic): utils.flash_error("Edit access to graphic not allowed.") return flask.redirect(flask.url_for(".display", iuid=iuid)) return flask.render_template("graphic/edit.html", am_owner=am_owner(graphic), graphic=graphic) elif utils.http_POST(): if not allow_edit(graphic): utils.flash_error("Edit access to graphic not allowed.") return flask.redirect(flask.url_for(".display", iuid=iuid)) try: with GraphicSaver(graphic) as saver: saver.set_title() if flask.g.am_admin: saver.change_owner() if am_owner(graphic): saver.set_editors() saver.set_description() saver.set_specification() except ValueError as error: utils.flash_error(str(error)) return flask.redirect(utils.url_referrer()) return flask.redirect(flask.url_for(".display", iuid=saver.doc["_id"])) elif utils.http_DELETE(): if not allow_delete(graphic): utils.flash_error("Delete access to graphic not allowed.") return flask.redirect(flask.url_for(".display", iuid=iuid)) flask.g.db.delete(graphic) for log in utils.get_logs(graphic["_id"], cleanup=False): flask.g.db.delete(log) utils.flash_message("The graphic was deleted.") return flask.redirect( flask.url_for("dataset.display", iuid=graphic["dataset"]))
def logs(iuid): "Return all log entries for the given dataset." try: dataset = get_dataset(iuid) except ValueError as error: flask.abort(http.client.NOT_FOUND) if not allow_view(dataset): flask.abort(http.client.FORBIDDEN) entity = { "type": "dataset", "iuid": iuid, "href": flask.url_for("api_dataset.serve", iuid=iuid, _external=True) } return utils.jsonify( { "entity": entity, "logs": utils.get_logs(dataset["_id"]) }, schema=flask.url_for("api_schema.logs", _external=True))
def edit(username): "Edit the user display. Or delete the user." user = get_user(username=username) if user is None: utils.flash_error("No such user.") return flask.redirect(flask.url_for("home")) if not am_admin_or_self(user): utils.flash_error("Access not allowed.") return flask.redirect(flask.url_for("home")) if utils.http_GET(): return flask.render_template("user/edit.html", user=user, deletable=is_empty(user)) elif utils.http_POST(): with UserSaver(user) as saver: if flask.g.am_admin: email = flask.request.form.get("email") if email != user["email"]: saver.set_email(email) if am_admin_and_not_self(user): saver.set_role(flask.request.form.get("role")) if flask.request.form.get("apikey"): saver.set_apikey() return flask.redirect( flask.url_for(".display", username=user["username"])) elif utils.http_DELETE(): if not is_empty(user): utils.flash_error("Cannot delete non-empty user account.") return flask.redirect(flask.url_for(".display", username=username)) for log in utils.get_logs(user["_id"], cleanup=False): flask.g.db.delete(log) flask.g.db.delete(user) utils.flash_message(f"Deleted user {username}.") utils.get_logger().info(f"deleted user {username}") if flask.g.am_admin: return flask.redirect(flask.url_for(".all")) else: return flask.redirect(flask.url_for("home"))