def get_or_add_objects(api_root, id_): # TODO: Check if user has access to read or write objects in collection - right now just check for permissions on the collection. if request.method == "GET": if permission_to_read(api_root, id_): objects = get_backend().get_objects(api_root, id_, request.args, ("id", "type", "version")) if objects: return Response(response=flask.json.dumps(objects), status=200, mimetype=MEDIA_TYPE_STIX_V20) else: abort(404) else: abort(403) elif request.method == "POST": if permission_to_write(api_root, id_): # can't I get this from the request itself? request_time = common.format_datetime(common.get_timestamp()) status = get_backend().add_objects(api_root, id_, request.get_json(force=True), request_time) return Response(response=flask.json.dumps(status), status=202, mimetype=MEDIA_TYPE_TAXII_V20) else: abort(403)
def server_discovery(): # Having access to the discovery method is only related to having a credentials on the server # The metadata returned might be different depending upon the credentials return Response(response=flask.json.dumps( get_backend().server_discovery()), status=200, mimetype=MEDIA_TYPE_TAXII_V20)
def get_status(api_root, id_): # TODO: Check if user has access to objects in collection. status = get_backend().get_status(api_root, id_) if status: return Response(response=flask.json.dumps(status), status=200, mimetype=MEDIA_TYPE_TAXII_V20) abort(404)
def get_collection(api_root, id_): # TODO: Check if user has access to the collection's metadata - unrelated to can_read, can_write attributes collection = get_backend().get_collection(api_root, id_) if collection: return Response(response=flask.json.dumps(collection), status=200, mimetype=MEDIA_TYPE_TAXII_V20) abort(404)
def get_api_root_information(api_root): # TODO: Check if user has access to objects in collection. root_info = get_backend().get_api_root_information(api_root) if root_info: return Response(response=flask.json.dumps(root_info), status=200, mimetype=MEDIA_TYPE_TAXII_V20) abort(404)
def get_object_manifest(api_root, id_): # TODO: Check if user has access to objects in collection. manifest = get_backend().get_object_manifest(api_root, id_, request.args, ("id", "type", "version")) if manifest: return Response(response=flask.json.dumps({"objects": manifest}), status=200, mimetype=MEDIA_TYPE_TAXII_V20) abort(404)
def backend(): reset_db() init({ "backend": { "type": "mongodb", "url": "mongodb://localhost:27017/" }, "users": [] }) return get_backend()
def test_client_object_versioning(backend): new_id = "indicator--%s" % uuid.uuid4() new_bundle = copy.deepcopy(API_OBJECTS_2) new_bundle["objects"][0]["id"] = new_id resp = backend.add_objects("trustgroup1", "91a7b528-80eb-42ed-a74d-c6fbd5a26116", new_bundle, common.format_datetime(common.get_timestamp())) for i in range(0, 5): new_bundle = copy.deepcopy(API_OBJECTS_2) new_bundle["objects"][0]["id"] = new_id new_bundle["objects"][0]["modified"] = common.format_datetime( common.get_timestamp()) resp = backend.add_objects( "trustgroup1", "91a7b528-80eb-42ed-a74d-c6fbd5a26116", new_bundle, common.format_datetime(common.get_timestamp())) time.sleep(1) objs = backend.get_objects("trustgroup1", "91a7b528-80eb-42ed-a74d-c6fbd5a26116", { "match[id]": new_id, "match[version]": "all" }, ("id", "type", "version")) assert objs["objects"][0]["id"] == new_id assert objs["objects"][-1]["modified"] == new_bundle["objects"][0][ "modified"] objs = backend.get_objects("trustgroup1", "91a7b528-80eb-42ed-a74d-c6fbd5a26116", { "match[id]": new_id, "match[version]": "first" }, ("id", "type", "version")) assert objs["objects"][0]["id"] == new_id assert objs["objects"][0]["modified"] == "2017-01-27T13:49:53.935Z" objs = backend.get_objects("trustgroup1", "91a7b528-80eb-42ed-a74d-c6fbd5a26116", { "match[id]": new_id, "match[version]": "last" }, ("id", "type", "version")) assert objs["objects"][0]["id"] == new_id assert objs["objects"][0]["modified"] == new_bundle["objects"][0][ "modified"] objs = backend.get_objects("trustgroup1", "91a7b528-80eb-42ed-a74d-c6fbd5a26116", { "match[id]": new_id, "match[version]": "2017-01-27T13:49:53.935Z" }, ("id", "type", "version")) assert objs["objects"][0]["id"] == new_id assert objs["objects"][0]["modified"] == "2017-01-27T13:49:53.935Z" resp2 = get_backend().get_status("trustgroup1", resp["id"]) assert resp2["success_count"] == 1 mani = backend.get_object_manifest("trustgroup1", "91a7b528-80eb-42ed-a74d-c6fbd5a26116", {"match[id]": new_id}, ("id", "type", "version")) assert mani[0]["id"] == new_id assert mani[0]["versions"][0] == new_bundle["objects"][0]["modified"]
def get_object(api_root, id_, object_id): # TODO: Check if user has access to objects in collection - right now just check for permissions on the collection if permission_to_read(api_root, id_): objects = get_backend().get_object(api_root, id_, object_id, request.args, ("version", )) if objects: return Response(response=flask.json.dumps(objects), status=200, mimetype=MEDIA_TYPE_STIX_V20) abort(404) else: abort(403)
def test_saving_data_file(backend): new_bundle = copy.deepcopy(API_OBJECTS_2) new_id = "indicator--%s" % uuid.uuid4() new_bundle["objects"][0]["id"] = new_id with tempfile.NamedTemporaryFile() as f: backend.add_objects("trustgroup1", "91a7b528-80eb-42ed-a74d-c6fbd5a26116", new_bundle, common.format_datetime(common.get_timestamp())) backend.save_data_to_file(f.name) assert os.path.isfile(f.name) init({"backend": {"type": "memory", "data_file": f.name}, "users": []}) backend2 = get_backend() obj = backend2.get_object("trustgroup1", "91a7b528-80eb-42ed-a74d-c6fbd5a26116", new_id, None, ("version",)) assert obj["objects"][0]["id"] == new_id
def backend(data_file=DATA_FILE): init_backend({"type": "memory", "data_file": data_file}) return get_backend()
def backend(): reset_db() init_backend({"type": "mongodb", "url": "mongodb://localhost:27017/"}) return get_backend()
def permission_to_write(api_root, collection_id): collection_info = get_backend().get_collection(api_root, collection_id) return collection_info["can_write"]
def backend(data_file=DATA_FILE): init({"backend": {"type": "memory", "data_file": data_file}, "users": []}) return get_backend()