def get(self): response = { "code": 200, "type": "List of Red Flags.", "method": "GET", "response": "OK", "data": [] } if not self.request.get('dataset_id'): self.error(400) return dataset_key = ndb.Key('APIData', normalize_id(self.request.get('dataset_id'))) redflags = RedFlag.query(RedFlag.links == dataset_key).fetch(50) redflag_objects = [] for redflag in redflags: redflag_objects.append(redflag.to_object()) response['data'] = redflag_objects if self.GET("callback"): callback = self.GET("callback") d = json.dumps(response) self.response.out.write(callback + "(" + d + ");") else: wrap_response(self, response)
def get(self, data_id=None): desc = "The GET method is not supported " desc += "for this endpoint." response = {} response["response"] = "UnsupportedMethodError" response["description"] = desc response["code"] = 405 wrap_response(self, response)
def get(self, data_id=None): """ Handles the /api/v1/data/[data_id] endpoint. Returns the details of the data_id provided. """ response = { "code": 200, "type": "Data details.", "method": "GET", "response": "OK", "data": {} } try: data_id = int(data_id) except ValueError: data_id = str(data_id) except Exception as e: logging.exception(e) wrap_response(self, response) return data = APIData.get_by_id(normalize_id(data_id)) if data: # TODO: Add check for authorization response["data"] = data.to_api_object() if self.request.get('show_environments'): public = False for environment_key in data.environment: logging.debug(str(data.environment)) if environment_key.id() == 'PUBLIC': public = True else: environment = environment_key.get() if environment: response["data"][ "environment_object"] = environment.to_api_object( ) if public: response["data"]["public"] = True else: response["data"]["public"] = False if self.GET("callback"): callback = self.GET("callback") d = json.dumps(response) self.response.out.write(callback + "(" + d + ");") else: wrap_response(self, response)
def get(self, user_id=None): response = { "code": 200, "type": "List of users", "method": "GET", "response": "OK", "data": [] } if self.request.get('check_email'): resp = {} resp['exist'] = False email = self.request.get('check_email').replace(' ', '+') resp['email'] = email user = User.query(User.current_email == email).get(keys_only=True) if user: resp['exist'] = True self.response.headers['Content-Type'] = 'application/json' self.response.write(json.dumps(resp)) else: if user_id: response["type"] = "Get user data." user = User.get_by_id(int(user_id)) if user: response["data"] = {} response["data"] = user.to_api_object( user_role=self.user.role, level=self.user.level) else: query = User.query() query = query.order(User.last_name) if self.GET("cursor"): curs = Cursor(urlsafe=self.GET("cursor")) users, cursor, more = query.fetch_page(50, start_cursor=curs) else: users, cursor, more = query.fetch_page(50) if users: for user in users: response["data"].append( user.to_api_object(user_role=self.user.role, level=self.user.level)) if more: response["cursor"] = cursor.urlsafe() wrap_response(self, response)
def post(self, data_id=None): # TODO: Rewrite this for environments if not data_id: desc = "ID is missing from the request." response["success"] = False response["response"] = "MissingParametersError" response["description"] = desc response["code"] = 400 wrap_response(self, response) return data = APIData.get_by_id(normalize_id(data_id)) if not data: desc = "Cannot find the package." response["success"] = False response["response"] = "InvalidIDError" response["description"] = desc response["code"] = 400 wrap_response(self, response) return if self.user.key != data.user: if not self.user.teams: msg = "You have insufficient rights to access this application." response["success"] = False response["response"] = "InvalidIDError" response["description"] = msg response["code"] = 400 wrap_response(self, response) return has_access = False for team in self.user.teams: if team in data.access_lock: has_access = True if not has_access: msg = "You have insufficient rights to access this application." response["success"] = False response["response"] = "InvalidIDError" response["description"] = msg response["code"] = 400 else: data.access_lock.remove("PRIVATE") data.access_lock.append("PUBLIC") data.access_lock = uniquify(data.access_lock) data.put() msg = "The data has been published and is now public." response["success"] = True response["response"] = "Success" response["description"] = msg response["code"] = 200 wrap_response(self, response)
def get(self): """ Handles the /admin/register endpoint. Agency Admin registration. """ if self.GET("ajax"): n = 50 if self.GET("n"): n = int(self.GET("n")) query = User.query() query = query.filter(User.role == "AGENCYADMIN") if self.GET("status"): query = query.filter(User.status == self.GET("status").upper()) if self.GET("cursor"): curs = Cursor(urlsafe=self.GET("cursor")) users, cursor, more = query.fetch_page(n, start_cursor=curs) else: users, cursor, more = query.fetch_page(n) response = {} response["more"] = False response["users"] = [] response["cursor"] = "" if users: for user in users: response["users"].append(user.to_approval_object()) if more: response["more"] = True response["cursor"] = cursor.urlsafe() response["url"] = CURRENT_URL response["url"] += "agency/admins?ajax=1&status=" response["url"] += self.GET("status") response["url"] += "&cursor=" + cursor.urlsafe() if self.GET("n"): response["url"] += "&n=" + self.GET("n") wrap_response(self, response) else: self.render("register-approve.html")
def post(self): """ Handles the /admin/register endpoint. Agency Admin registration. """ if self.POST("agency_admin_id") and self.POST("action"): user = User.get_by_id(int(self.POST("agency_admin_id"))) if user: if self.POST("action") == "approve": user.approved_by_name = " ".join( [self.user.first_name, self.user.last_name]) user.approved_by_key = self.user.key user.approved_on = datetime.datetime.now() user.status = "APPROVED" content = { "receiver_name": user.first_name, "receiver_email": user.current_email, "subject": "Account Approved", "email_type": "approve_account" } taskqueue.add(url="/tasks/email/send", params=content, method="POST") elif self.POST("action") == "disapprove": user.status = "DISAPPROVED" user.disapproved_on = datetime.datetime.now() user.disapproved_by_name = " ".join( [self.user.first_name, self.user.last_name]) user.disapproved_by_key = self.user.key else: wrap_response(self, {"status": "error"}) return user.put() wrap_response(self, {"status": "ok"}) return wrap_response(self, {"status": "error"})
def get(self): """ Handles the /api/v1/uacs endpoint. Returns list of uacs. """ response = { "code": 200, "type": "", "method": "GET", "response": "OK", "data": [] } department = "" agency = "" region = "" operating_unit = "" if self.request.get('department'): department = self.request.get('department').upper().strip() if self.request.get('agency'): agency = self.request.get('agency').upper().strip() if self.request.get('region'): region = self.request.get('region').upper().strip() if self.request.get('operating_unit'): operating_unit = self.request.get('operating_unit').upper().strip() uacs_json_file = json.load(open('uacs.json')) response_json = [] if department: if department in uacs_json_file: if agency: if agency in uacs_json_file[department]: if region: if region in uacs_json_file[department][agency]: response_json = uacs_json_file[department][agency][region] else: response["code"] = 404 response["response"] = "NOT FOUND" else: response_json = sorted(uacs_json_file[department][agency].keys()) else: response["code"] = 404 response["response"] = "NOT FOUND" else: response_json = sorted(uacs_json_file[department].keys()) else: response["code"] = 404 response["response"] = "NOT FOUND" else: response_json = sorted(uacs_json_file.keys()) response['data'] = response_json if self.GET("callback"): callback = self.GET("callback") d = json.dumps(response) self.response.out.write(callback + "(" + d + ");") else: wrap_response(self, response)
def get(self): """ Handles the /api/v1/uacs endpoint. Returns list of uacs. """ response = { "code": 200, "type": "", "method": "GET", "response": "OK", "description": "", "data": [] } if not self.GET("uacs_type"): response["response"] = "ERROR" response["desc"] = "Parameter uacs_type is required." wrap_response(self, response) return uacs_type = self.GET("uacs_type") if uacs_type.lower() not in [ "funding source", "organization", "location", "pap", "object code" ]: response["response"] = "ERROR" response["desc"] = "Invalid uacs_type: " + uacs_type + "." wrap_response(self, response) return if self.GET("uacs_code"): if uacs_type.lower() == "organization": if len(self.GET("uacs_code")) > 12 or len( self.GET("uacs_code")) == 0: response["response"] = "ERROR" response["desc"] = "Invalid uacs_code: " + self.GET( "uacs_code") + "." wrap_response(self, response) return if uacs_type.lower() == "organization": uacs_json_file = json.load(open('uacs_organization.json')) uacs_code = self.GET("uacs_code") if uacs_type.lower() == "organization" and uacs_code: if len(uacs_code) == 2: if uacs_code in uacs_json_file: response_json = uacs_json_file[uacs_code] response["type"] = "Department" response["description"] = "List of department agencies." response["data"] = response_json else: response["code"] = 404 response["response"] = "NOT FOUND" elif len(uacs_code) == 5: department_uacs = uacs_code[:2] if department_uacs in uacs_json_file: if uacs_code in uacs_json_file[department_uacs]["AGENCY"]: response_json = uacs_json_file[department_uacs][ "AGENCY"][uacs_code] response["type"] = "Agency" response[ "description"] = "List of regions in a department agency." response["data"] = response_json else: response["code"] = 404 response["response"] = "NOT FOUND" else: response["code"] = 404 response["response"] = "NOT FOUND" elif len(uacs_code) == 7: department_uacs = uacs_code[:2] agency_uacs = uacs_code[:5] region_uacs = uacs_code if department_uacs in uacs_json_file: if agency_uacs in uacs_json_file[department_uacs][ "AGENCY"]: if region_uacs in uacs_json_file[department_uacs][ "AGENCY"][agency_uacs]["REGION"]: response_json = uacs_json_file[department_uacs][ "AGENCY"][agency_uacs]["REGION"][region_uacs] response["type"] = "Region" response[ "description"] = "Low level operating unit in a department agency region." response["data"] = response_json else: response["code"] = 404 response["response"] = "NOT FOUND" else: response["code"] = 404 response["response"] = "NOT FOUND" else: response["code"] = 404 response["response"] = "NOT FOUND" elif len(uacs_code) == 12: department_uacs = uacs_code[:2] agency_uacs = uacs_code[:5] region_uacs = uacs_code[:7] lower_lvl_op_unit_uacs = uacs_code if department_uacs in uacs_json_file: if agency_uacs in uacs_json_file[department_uacs][ "AGENCY"]: if region_uacs in uacs_json_file[department_uacs][ "AGENCY"][agency_uacs]["REGION"]: if lower_lvl_op_unit_uacs in uacs_json_file[ department_uacs]["AGENCY"][agency_uacs][ "REGION"][region_uacs][ "LOWER LEVEL OPERATING UNIT"]: response_json = uacs_json_file[ department_uacs]["AGENCY"][agency_uacs][ "REGION"][region_uacs][ "LOWER LEVEL OPERATING UNIT"][ uacs_code] response["type"] = "Lower Level Operating Unit" response[ "description"] = "List of low level operating unit in a department agency region." response["data"] = response_json else: response["code"] = 404 response["response"] = "NOT FOUND" else: response["code"] = 404 response["response"] = "NOT FOUND" else: response["code"] = 404 response["response"] = "NOT FOUND" else: response["code"] = 404 response["response"] = "NOT FOUND" else: response["code"] = 404 response["response"] = "NOT FOUND" else: department = "" agency = "" region = "" operating_unit = "" if self.GET('department'): department = self.GET('department').upper().strip() if self.GET('agency'): agency = self.GET('agency').upper().strip() if self.GET('region'): region = self.GET('region').upper().strip() if self.GET('operating_unit'): operating_unit = self.GET('operating_unit').upper().strip() response_json = [] if department: if department in uacs_json_file: if agency: if agency in uacs_json_file[department]["AGENCY"]: if region: if region in uacs_json_file[department][ agency]: response_json = uacs_json_file[department][ agency][region] else: response["code"] = 404 response["response"] = "NOT FOUND" else: response_json = uacs_json_file[department][ "AGENCY"][agency] else: response["code"] = 404 response["response"] = "NOT FOUND" else: response_json = uacs_json_file[department] else: response["code"] = 404 response["response"] = "NOT FOUND" else: response_json = uacs_json_file response['data'] = response_json if self.GET("callback"): callback = self.GET("callback") d = json.dumps(response) self.response.out.write(callback + "(" + d + ");") else: wrap_response(self, response)
def post(self, data_id=None): response = { "code": 200, "type": "List of users", "method": "POST", "response": "OK", "data": [] } if data_id: user = User.get_by_id(int(data_id)) if self.POST("action") == "disable": response["type"] = "Disable user account." if user: user.status = "DISABLED" user.put() response["data"] = user.to_api_object( user_role=self.user.role, level=self.user.level) else: response["code"] = 400 response["response"] = "ERROR" wrap_response(self, response) return if self.POST("action") == "approve": response["type"] = "Enable user account." if user: user.status = "APPROVED" user.approved_by_key = self.user.key user.approved_by_name = self.user.name user.approved_on = datetime.datetime.utcnow() user.put() response["data"] = user.to_api_object( user_role=self.user.role, level=self.user.level) else: response["code"] = 400 response["response"] = "ERROR" wrap_response(self, response) return if self.POST("action") == "enable": response["type"] = "Enable user account." if user: user.status = "APPROVED" user.put() response["data"] = user.to_api_object( user_role=self.user.role, level=self.user.level) else: response["code"] = 400 response["response"] = "ERROR" wrap_response(self, response) return elif self.POST("action") == "update": if user: if self.POST("first_name"): user.first_name = self.POST("first_name") if self.POST("middle_name"): user.middle_name = self.POST("middle_name") if self.POST("last_name"): user.last_name = self.POST("last_name") if self.POST("role"): user.level = int(self.POST("role")) if user.level == 2: user.role = 'CLUSTERDIRECTOR' elif user.level == 3: user.role = 'AGENCYADMIN' elif user.level == 4: user.role = 'GEOSTOREADMIN' else: user.role = 'USER' if self.POST("email"): user.current_email = self.POST("email").strip().lower() user.email_list.append(user.current_email) if self.POST("access_key"): access_key = ["PUBLIC"] for key in self.POST("access_key").split(","): if key: access_key.append(key.upper().strip()) user.access_key = uniquify(access_key) user.put() msg = "User has been updated." success_message(self, msg) self.redirect("/dashboard")
def get(self): """ Handles the /api/v1/logs endpoint. Returns list of logs. """ response = { "code": 200, "type": "List of geostore logs.", "method": "GET", "response": "OK", "data": [] } # Default number of entities to be retrieved is 50. n = 150 if self.GET("n"): n = int(self.GET("n")) # if the number of entities to be retrieved given is # greater than 100. Switch back to default which is 100 if n > 500: n = 500 query = SL.query() for arg in self.request.arguments(): if arg.lower() == "callback" \ or arg.lower() == "_" \ or arg.lower() == "order" \ or arg.lower() == "cursor" \ or arg.lower() == "n" \ or arg.lower() == "_search_" \ or arg.lower() == "show_image_dates" \ or arg.lower() == "start_updated_from" \ or arg.lower() == "csv" \ or arg.lower() == "start_created_from": continue ad_value = self.GET(arg) tag = create_indexed_tag(arg, ad_value) query = query.filter(SL.indexed_data == tag) query = query.order(-SL.created) logging.info(query) if self.GET("cursor"): curs = Cursor(urlsafe=self.GET("cursor")) data, cursor, more = query.fetch_page(n, start_cursor=curs) else: data, cursor, more = query.fetch_page(n) if data: response["cursor"] = "" data.reverse() previous = None for d in data: try: response["data"].append(d.to_api_object(change_against=previous)) previous = d except Exception as e: logging.debug(e) response["data"].reverse() if more: response["cursor"] = cursor.urlsafe() if self.GET("callback"): callback = self.GET("callback") d = json.dumps(response) self.response.out.write(callback + "(" + d + ");") else: wrap_response(self, response)
def get(self, group_id=None): if self.user.role != 'CLUSTERDIRECTOR': self.redirect('/environment') return self.tv['page_user_groups'] = True if group_id: group = UserGroup.get_by_id(int(group_id)) if group: if self.GET("ta") == "join": if self.user.current_email in group.invited_users: if self.user.key in group.users: msg = "You are already a member of the " msg += group.title msg += " user group." error_message(self, msg) else: self.user.user_groups.append(str(group.key.id())) self.user.put() group.users.append(self.user.key) group.invited_users.remove(self.user.current_email) group.put() if group.environments: for environment in group.environments: environment = environment.get() if environment: if self.user.key not in environment.users: environment.users.append( self.user.key) environment.put() msg = "You have successfully joined the " msg += group.title msg += " user group." success_message(self, msg) else: msg = "Cannot find user group." error_message(self, msg) self.redirect("/groups") else: if self.user.role == "CLUSTERDIRECTOR": wrap_response(self, group.to_object()) else: self.redirect("/groups") else: if self.user.role == "CLUSTERDIRECTOR": wrap_response(self, {"error": "cannot find user group"}) else: self.redirect("/groups") else: query = UserGroup.query() if self.user.role == "CLUSTERDIRECTOR": query = query.filter(UserGroup.owner == self.user.key) else: query = query.filter( ndb.OR(UserGroup.users == self.user.key, UserGroup.invited_users == self.user.current_email)) groups = query.fetch() self.tv["user_groups"] = [] if groups: for g in groups: if self.GET('fetch'): if self.GET('environmentid'): environment = Environment.get_by_id( int(self.GET('environmentid'))) if self.GET('addusergroup'): if g.key not in environment.user_groups: self.tv["user_groups"].append( g.to_object()) elif self.GET('removeusergroup'): if g.key in environment.user_groups: self.tv["user_groups"].append( g.to_object()) else: self.tv["user_groups"].append(g.to_object()) if self.GET('fetch'): wrap_response(self, self.tv['user_groups']) return self.tv["breadcrumb"] = [{ "name": "User Groups", "link": "/groups" }] if self.user.role == "CLUSTERDIRECTOR": self.tv["show_new_group"] = True self.render("groups.html") else: self.render("groups-user.html")
def post(self, data_id=None): response = {} response["success"] = True logging.info(self.request.headers) content_type = self.request.headers["Content_Type"] if not self.user: if content_type == "application/json": if "Authorization" not in self.request.headers: logging.info("No Authorization in headers") desc = "You must be logged in to use the API." response["success"] = False response["response"] = "AuthorizationError" response["description"] = desc response["code"] = 400 wrap_response(self, response) return if self.request.headers["Authorization"] == API_KEY: if not self.request.headers["From"]: logging.info("No email defined") desc = "Cannot find user." response["success"] = False response["response"] = "InvalidUserError" response["description"] = desc response["code"] = 400 wrap_response(self, response) return user_email = self.request.headers["From"].lower() query = User.query() owner = query.filter( User.current_email == user_email).get() if not owner: logging.info("Cannot find user") desc = "Cannot find user." response["success"] = False response["response"] = "InvalidUserError" response["description"] = desc response["code"] = 400 wrap_response(self, response) return else: token = Token.get_by_id( self.request.headers["Authorization"]) if not token: logging.info( "Cannot find token: " + str(self.request.headers["Authorization"])) desc = "The token you provided is invalid." response["success"] = False response["response"] = "InvalidTokenError" response["description"] = desc response["code"] = 400 wrap_response(self, response) return logging.info(token) session = token.session.get() if not session: logging.info("Cannot find session") desc = "The token has already expired." response["error"] = False response["response"] = "InvalidTokenError" response["description"] = desc response["code"] = 400 wrap_response(self, response) return logging.info(session) if session.expires < datetime.datetime.now( ) or session.status is False: logging.info("token has expired or not active") desc = "The token has already expired." response["success"] = False response["response"] = "InvalidTokenError" response["description"] = desc response["code"] = 400 wrap_response(self, response) return else: desc = "You must be logged in to use the API." if self.POST("r"): url = urllib.unquote(str(self.POST("r"))) else: url = self.request.referer if url: if "?" in url: url = url.split("?")[0] url += "?error=" + urllib.quote(desc) self.redirect(url) if not data_id: desc = "ID is missing from the request." if content_type == "application/json": response["success"] = False response["response"] = "MissingParametersError" response["description"] = desc response["code"] = 400 wrap_response(self, response) else: if self.POST("r"): url = urllib.unquote(str(self.POST("r"))) else: url = self.request.referer if url: if "?" in url: url = url.split("?")[0] url += "?error=" + urllib.quote(desc) self.redirect(url) return data = APIData.get_by_id(normalize_id(data_id)) if not data: desc = "Cannot find the package." if content_type == "application/json": response["success"] = False response["response"] = "InvalidIDError" response["description"] = desc response["code"] = 400 wrap_response(self, response) else: if self.POST("r"): url = urllib.unquote(str(self.POST("r"))) else: url = self.request.referer if url: if "?" in url: url = url.split("?")[0] url += "?error=" + urllib.quote(desc) self.redirect(url) return if data.archived: desc = "Cannot find the package." if content_type == "application/json": response["success"] = False response["response"] = "InvalidIDError" response["description"] = desc response["code"] = 400 wrap_response(self, response) else: if self.POST("r"): url = urllib.unquote(str(self.POST("r"))) else: url = self.request.referer if url: if "?" in url: url = url.split("?")[0] url += "?error=" + urllib.quote(desc) self.redirect(url) return desc = "There are missing parameters in your request." if content_type == "application/json": if not self.request.body: response["success"] = False response["response"] = "MissingParametersError" response["description"] = desc response["code"] = 400 wrap_response(self, response) return try: body = json.loads(self.request.body) except Exception as e: logging.info(e) desc = "Invalid JSON format." response["success"] = False response["response"] = "InvalidJSONError" response["description"] = desc response["code"] = 400 wrap_response(self, response) return tags = [] try: for key, value in body.items(): try: tags += create_tags(value) except Exception as e: logging.info("Cannot create tag from: ") logging.info(e) if key.startswith('unindexed_'): # unindexed_ ad_key = key.replace("unindexed_", "") data.additional_data[ad_key] = value.strip() if key.startswith('indexed_'): ad_key = key.replace("indexed_", "") data.additional_data[ad_key] = value for d in data.indexed_data: ad_key = key.replace("indexed_", "") if d.startswith(ad_key.upper()): try: data.indexed_data.remove(d) except Exception as e: logging.exception(e) logging.info("Cannot remove from list") data.indexed_data.append(create_indexed_tag( key, value)) if self.user: data.username = self.user.name data.user = self.user.key data.indexed_data = uniquify(data.indexed_data) data.tags = uniquify(tags) data.put() desc = "Data has been saved." response["success"] = True response["response"] = "Success" response["description"] = desc response["code"] = 200 response["data"] = data.to_api_object() wrap_response(self, response) except Exception as e: logging.exception(e) desc = "A server error occured. Please try again later." response["success"] = False response["response"] = "ServerError" response["description"] = desc response["code"] = 500 wrap_response(self, response) else: if not self.request.arguments(): if self.POST("r"): url = urllib.unquote(str(self.POST("r"))) else: url = self.request.referer if url: if "?" in url: url = url.split("?")[0] url += "?error=" + urllib.quote(desc) self.redirect(url) return tags = [] try: for arg in self.request.arguments(): for d in data.indexed_data: ad_key = arg.replace("indexed_", "") if d.startswith(ad_key.upper()): try: data.indexed_data.remove(d) except Exception as e: logging.exception(e) logging.info("Cannot remove from list") if arg.startswith('unindexed_'): ad_key = arg.replace("unindexed_", "") ad_value = self.request.POST.get(arg) data.additional_data[ad_key] = ad_value.strip() try: tags += create_tags(ad_value) except Exception as e: logging.info("Cannot create tag from: ") logging.info(e) if arg.startswith('indexed_'): ad_key = arg.replace("indexed_", "") ad_value = self.request.POST.get(arg) data.additional_data[ad_key] = ad_value try: tags += create_tags(ad_value) except Exception as e: logging.info("Cannot create tag from: ") logging.info(e) data.indexed_data.append( create_indexed_tag(arg, self.request.POST.get(arg))) if arg.startswith('file_'): filename = BUCKET_NAME filename += random_string(20) + "/" ad_key = arg.replace("file_", "") data.additional_data[ad_key] = {} try: # try: file_name = self.request.POST.get(arg).filename filename += file_name gcs_file = gcs.open( filename, 'w', options={'x-goog-acl': 'public-read'}) gcs_file.write(self.request.get(arg)) gcs_file.close() full_url = "https://storage.googleapis.com" + filename # data.additional_data["file"]["file_url"] = full_url data.file_url = full_url data.additional_data[ad_key]["file_url"] = full_url try: blob_key = blobstore.create_gs_key("/gs" + filename) data.serving_url = images.get_serving_url( blob_key) data.additional_data[ad_key][ "serving_url"] = data.serving_url data.gcs_key = blobstore.BlobKey(blob_key) except Exception as e: logging.exception(e) logging.error("not an image??") data.additional_data[ad_key][ "serving_url"] = full_url except AttributeError, e: logging.exception(e) logging.exception("NO FILE ATTACHED") if self.user: data.username = self.user.name data.user = self.user.key data.indexed_data = uniquify(data.indexed_data) data.tags = uniquify(tags) data.put() desc = "Data has been updated." if self.POST("r"): url = urllib.unquote(str(self.POST("r"))) else: url = self.request.referer if url: if "?" in url: url = url.split("?")[0] url += "?success=" + urllib.quote(desc) self.redirect(url) else: response["success"] = True response["response"] = "Success" response["description"] = desc response["code"] = 200 response["data"] = data.to_api_object() wrap_response(self, response) except Exception as e: logging.exception(e) desc = "A server error occured. Please try again later." if self.POST("r"): url = urllib.unquote(str(self.POST("r"))) else: url = self.request.referer if url: if "?" in url: url = url.split("?")[0] url += "?error=" + urllib.quote(desc) self.redirect(url) else: response["success"] = False response["response"] = "ServerError" response["description"] = desc response["code"] = 500 wrap_response(self, response)
def get(self, environment_key_urlsafe=None): """ Returns the list of environments of a logged in user """ n = 50 response = { "code": 200, "type": "List of geostore environments.", "method": "GET", "response": "OK", "data": [] } if self.user: if environment_key_urlsafe: environment = Environment.get_by_id(ndb.Key(urlsafe=environment_key_urlsafe).id()) if not environment: self.error(404) return response['data'] = [environment.to_object()] else: query = Environment.query() query = query.filter(Environment.users == self.user.key) if self.GET("cursor"): curs = Cursor(urlsafe=self.GET("cursor")) data, cursor, more = query.fetch_page(n, start_cursor=curs) else: data, cursor, more = query.fetch_page(n) if data: response["cursor"] = "" for d in data: try: response["data"].append(d.to_object()) except Exception as e: logging.exception(e) if more: response["cursor"] = cursor.urlsafe() else: if self.GET('user'): user = ndb.Key('User', int(self.GET('user'))) if user.get(): query = Environment.query() query = query.filter(Environment.users == user) if self.GET("cursor"): curs = Cursor(urlsafe=self.GET("cursor")) data, cursor, more = query.fetch_page(n, start_cursor=curs) else: data, cursor, more = query.fetch_page(n) if data: response["cursor"] = "" for d in data: try: response["data"].append(d.to_object()) except Exception as e: logging.exception(e) if more: response["cursor"] = cursor.urlsafe() wrap_response(self, response)
def get(self): """ Handles the /api/v1/data endpoint. Returns list of datasets. """ response = { "code": 200, "type": "List of geostore saved data.", "method": "GET", "response": "OK", "data": [] } # Default number of entities to be retrieved is 50. n = 50 if self.GET("n"): n = int(self.GET("n")) # if the number of entities to be retrieved given is # greater than 100. Switch back to default which is 100 if n > 100: n = 100 query = APIData.query() query = query.filter(APIData.archived == False) if not self.user: if "Authorization" in self.request.headers: token = Token.get_by_id(self.request.headers["Authorization"]) if not token: logging.info("Cannot find token: " + str(self.request.headers["Authorization"])) desc = "The token you provided is invalid." response["success"] = False response["response"] = "InvalidTokenError" response["description"] = desc response["code"] = 400 wrap_response(self, response) return logging.info(token) session = token.session.get() if not session: logging.info("Cannot find session") desc = "The token has already expired." response["error"] = False response["response"] = "InvalidTokenError" response["description"] = desc response["code"] = 400 wrap_response(self, response) return logging.info(session) if session.expires < datetime.datetime.now( ) or session.status is False: logging.info("token has expired or not active") desc = "The token has already expired." response["success"] = False response["response"] = "InvalidTokenError" response["description"] = desc response["code"] = 400 wrap_response(self, response) return owner = session.owner.get() if not owner: logging.info("Cannot find user") desc = "Cannot find user." response["success"] = False response["response"] = "InvalidUserError" response["description"] = desc response["code"] = 400 wrap_response(self, response) return self.user = owner if self.user and self.GET('workspace'): environment = ndb.Key(urlsafe=self.GET('workspace')).get() if environment: if self.user.key in environment.users: environment_key = environment.key query = query.filter( APIData.environment == environment_key) elif self.user and not self.GET('workspace') and ( not self.GET('type') or not self.GET('type') in ['PROJECT', 'SUBPROJECT']): environments_user = Environment.query( Environment.users == self.user.key).fetch(keys_only=True) environments_user.append(ndb.Key('Environment', 'PUBLIC')) query = query.filter( APIData.environment.IN(environments_user)).order(APIData._key) else: query = query.filter( APIData.environment == ndb.Key('Environment', 'PUBLIC')) if self.GET("_search_"): response["type"] = "Search geostore saved data." response["query"] = self.GET("_search_") search = self.GET("_search_").strip().upper() query = query.filter(APIData.tags >= search) query = query.order(APIData.tags) else: for arg in self.request.arguments(): if arg.lower() == "callback" \ or arg.lower() == "_" \ or arg.lower() == "order" \ or arg.lower() == "cursor" \ or arg.lower() == "n" \ or arg.lower() == "_search_" \ or arg.lower() == "show_image_dates" \ or arg.lower() == "start_updated_from" \ or arg.lower() == "start_created_from": continue ad_value = self.GET(arg) tag = create_indexed_tag(arg, ad_value) query = query.filter(APIData.indexed_data == tag) if self.GET("order"): if self.GET("order").lower() in ["asc", "ascending"]: query = query.order(APIData.updated_time) elif self.GET("order").lower() in ["desc", "descending"]: query = query.order(-APIData.updated_time) elif self.GET("order").lower() == "created_asc": query = query.order(APIData.created_time) elif self.GET("order").lower() == "created_desc": query = query.order(-APIData.created_time) elif self.GET("order").lower() == "modified": query = query.order(APIData.updated_time) else: query = query.order(-APIData.created_time) if self.GET("start_updated_from"): logging.debug(self.GET("start_updated_from")) if self.GET("order").lower() in ["desc", "descending"]: query = query.filter( APIData.updated_time <= datetime.datetime. fromtimestamp(int(self.GET("start_updated_from")))) else: query = query.filter( APIData.updated_time >= datetime.datetime. fromtimestamp(int(self.GET("start_updated_from")))) elif self.GET('start_created_from'): logging.debug(self.GET("start_created_from")) if self.GET("order").lower() in ["desc", "descending"]: query = query.filter( APIData.created_time <= datetime.datetime. fromtimestamp(int(self.GET("start_created_from")))) else: query = query.filter( APIData.created_time >= datetime.datetime. fromtimestamp(int(self.GET("start_created_from")))) logging.info(query) if self.GET("cursor"): curs = Cursor(urlsafe=self.GET("cursor")) data, cursor, more = query.fetch_page(n, start_cursor=curs) else: data, cursor, more = query.fetch_page(n) if data: response["cursor"] = "" for d in data: try: response["data"].append(d.to_api_object()) except Exception as e: logging.exception(e) if more: response["cursor"] = cursor.urlsafe() if self.GET('show_image_dates'): if self.GET('type'): if self.GET('type').upper() == 'CLASSIFICATION': if 'data' in response: image_ids = [] for classification in response['data']: image_ids.append( ndb.Key('APIData', int(classification['image_id']))) images = ndb.get_multi(image_ids) for image in images: date = '' image_latlng = image.additional_data['latlng'] if 'date' in image.additional_data: date = image.additional_data['date'] else: date = image.created_time.strftime( '%Y:%m:%d %H:%M:%S') for i in range(0, len(response['data'])): if response['data'][i]['image_id'] == str( image.key.id()): response['data'][i]['image_date'] = date response['data'][i][ 'image_latlng'] = image_latlng if self.GET("callback"): callback = self.GET("callback") d = json.dumps(response) self.response.out.write(callback + "(" + d + ");") else: wrap_response(self, response)
def post(self): """ Handles the /api/v1/data endpoint. Creates a dataset. """ owner = None response = {} response["success"] = True content_type = self.request.headers[ "Content_Type"] or self.request.headers["Content-Type"] if not self.user: if content_type == "application/json": if "Authorization" not in self.request.headers: logging.info("No Authorization in headers") desc = "You must be logged in to use the API." response["success"] = False response["response"] = "AuthorizationError" response["description"] = desc response["code"] = 400 wrap_response(self, response) return if self.request.headers["Authorization"] == API_KEY: if not self.request.headers["From"]: logging.info("No email defined") desc = "Cannot find user." response["success"] = False response["response"] = "InvalidUserError" response["description"] = desc response["code"] = 400 wrap_response(self, response) return user_email = self.request.headers["From"].lower() query = User.query() owner = query.filter( User.current_email == user_email).get() if not owner: logging.info("Cannot find user") desc = "Cannot find user." response["success"] = False response["response"] = "InvalidUserError" response["description"] = desc response["code"] = 400 wrap_response(self, response) return else: token = Token.get_by_id( self.request.headers["Authorization"]) if not token: logging.info( "Cannot find token: " + str(self.request.headers["Authorization"])) desc = "The token you provided is invalid." response["success"] = False response["response"] = "InvalidTokenError" response["description"] = desc response["code"] = 400 wrap_response(self, response) return logging.info(token) session = token.session.get() if not session: logging.info("Cannot find session") desc = "The token has already expired." response["error"] = False response["response"] = "InvalidTokenError" response["description"] = desc response["code"] = 400 wrap_response(self, response) return logging.info(session) if session.expires < datetime.datetime.now( ) or session.status is False: logging.info("token has expired or not active") desc = "The token has already expired." response["success"] = False response["response"] = "InvalidTokenError" response["description"] = desc response["code"] = 400 wrap_response(self, response) return owner = session.owner.get() if not owner: logging.info("Cannot find user") desc = "Cannot find user." response["success"] = False response["response"] = "InvalidUserError" response["description"] = desc response["code"] = 400 wrap_response(self, response) return else: if "Authorization" in self.request.headers: token = Token.get_by_id( self.request.headers["Authorization"]) if not token: logging.info( "Cannot find token: " + str(self.request.headers["Authorization"])) desc = "The token you provided is invalid." response["success"] = False response["response"] = "InvalidTokenError" response["description"] = desc response["code"] = 400 wrap_response(self, response) return logging.info(token) session = token.session.get() if not session: logging.info("Cannot find session") desc = "The token has already expired." response["error"] = False response["response"] = "InvalidTokenError" response["description"] = desc response["code"] = 400 wrap_response(self, response) return logging.info(session) if session.expires < datetime.datetime.now( ) or session.status is False: logging.info("token has expired or not active") desc = "The token has already expired." response["success"] = False response["response"] = "InvalidTokenError" response["description"] = desc response["code"] = 400 wrap_response(self, response) return owner = session.owner.get() if not owner: logging.info("Cannot find user") desc = "Cannot find user." response["success"] = False response["response"] = "InvalidUserError" response["description"] = desc response["code"] = 400 wrap_response(self, response) return else: desc = "You must be logged in to use the API." if self.POST("r"): url = urllib.unquote(str(self.POST("r"))) if "?" in url: url = url.split("?")[0] url += "?error=" + urllib.quote(desc) self.redirect(url) else: logging.info("User is not logged in") desc = "You must be logged in to use the api." response["success"] = False response["response"] = "InvalidRequestError" response["description"] = desc response["code"] = 400 wrap_response(self, response) return else: owner = self.user logging.debug(content_type) if content_type == 'application/json': # d = write_to_api(json.loads(self.request.body), owner, content_type) d = write_to_api(json.loads(self.request.body), owner) else: d = write_to_api_params(self.request.arguments(), owner, content_type, False, self) wrap_response(self, d.to_api_object())
def post(self, group_id=None): if group_id: response = {} response["code"] = 200 response["data"] = [] response["description"] = "" response["success"] = True group = UserGroup.get_by_id(int(group_id)) if group: if self.POST("action"): if self.POST("action") == "delete_invited_user": if self.POST("email").strip().lower( ) in group.invited_users: group.invited_users.remove( self.POST("email").strip().lower()) group.put() response[ 'description'] = 'Invitation to ' + self.POST( 'email').strip().lower( ) + ' has been cancelled.' response["data"] = group.to_object() elif self.POST("action") == "remove_member": user_key = ndb.Key('User', int(self.POST('user_id'))) if user_key in group.users: if group.environments: for environment in group.environments: environment = environment.get() if environment: if user_key in environment.users: environment.users.remove(user_key) environment.put() group.users.remove(user_key) group.put() response["data"] = group.to_object() response['description'] = 'User has been removed.' else: response['success'] = False response[ 'description'] = 'User is not a member of the user group.' elif self.POST("action") == "invite_users": if self.POST("email"): for email in self.POST("email").strip().split(","): email = email.strip().lower() query = User.query() query = query.filter( User.current_email == email) user = query.get() if user: user.user_groups.append(str( group.key.id())) user.put() group.users.append(user.key) else: group.invited_users.append(email) group.put() response["data"] = group.to_object() elif self.POST("action") == "leave_group": if self.user.key in group.users: group.users.remove(self.user.key) group.put() response["data"] = group.to_object() response[ "description"] = "You have successfully left the " + group.title.upper( ) + " user group." else: response["success"] = False response[ "description"] = "User is not part of the team." elif self.POST("action") == "update_group": if self.POST("group_name"): query = Teams.query() query = query.filter(Teams.team_name == self.POST( "group_name").strip().upper()) group2 = query.get() logging.info(group2) logging.info(group) if group2: if str(group2.key.id()) != str(group.key.id()): response["success"] = False response[ "description"] = "User group already exists." wrap_response(self, response) return group.title = self.POST( "group_name").strip().upper() if self.POST("group_description"): group.description = self.POST("group_description") group.put() response["data"] = group.to_object() wrap_response(self, response) else: if self.POST("group_name") \ and self.POST("group_description") \ and self.POST("group_member_emails"): # Create Environment # Only CLUSTERDIRECTOR role can create an environment if self.user.role != "CLUSTERDIRECTOR": msg = "You have insufficient rights to access this application." error_message(self, msg) self.redirect("/groups") return query = UserGroup.query() query = query.filter( UserGroup.title == self.POST("group_name").strip().upper()) group = query.get() if group: msg = "Could not create the user group. " msg += self.POST("group_name").strip() msg += " already exists." error_message(self, msg) else: group = UserGroup() group.title = self.POST("group_name").strip().upper() group.description = self.POST("group_description").strip() group.owner = self.user.key for email in self.POST("group_member_emails").split(","): email = email.strip().lower() query = User.query() query = query.filter(User.current_email == email) user = query.get() if user: group.users.append(user.key) else: group.invited_users.append(email) group.put() self.user.user_groups.append(str(group.key.id())) self.user.put() msg = "User group has been saved." success_message(self, msg) self.redirect("/groups")