class Meta(MarketplaceModelResource.Meta):
always_return_data = True
authentication = (SharedSecretAuthentication(), OAuthAuthentication())
authorization = OwnerAuthorization()
detail_allowed_methods = ['get']
queryset = Contribution.objects.filter(type=amo.CONTRIB_PURCHASE)
resource_name = 'status'
def obj_create(self, bundle, request, **kwargs):
form = UploadForm(bundle.data)
if not request.amo_user.read_dev_agreement:
log.info(u'Attempt to use API without dev agreement: %s'
% request.amo_user.pk)
raise http_error(http.HttpUnauthorized,
'Terms of service not accepted.')
if not form.is_valid():
raise self.form_errors(form)
if not (OwnerAuthorization()
.is_authorized(request, object=form.obj)):
raise http_error(http.HttpForbidden,
'You do not own that app.')
plats = [Platform.objects.get(id=amo.PLATFORM_ALL.id)]
# Create app, user and fetch the icon.
bundle.obj = Addon.from_upload(form.obj, plats,
is_packaged=form.is_packaged)
AddonUser(addon=bundle.obj, user=request.amo_user).save()
self._icons_and_images(bundle.obj)
record_action('app-submitted', request, {'app-id': bundle.obj.pk})
log.info('App created: %s' % bundle.obj.pk)
return bundle
class Meta(AppResource.Meta):
authentication = (SharedSecretAuthentication(), OAuthAuthentication())
authorization = OwnerAuthorization()
detail_allowed_methods = []
list_allowed_methods = ['get']
resource_name = 'installed/mine'
slug_lookup = None
class Meta(MarketplaceModelResource.Meta):
authentication = (SharedSecretAuthentication(), OAuthAuthentication())
authorization = OwnerAuthorization()
detail_allowed_methods = ['get']
list_allowed_methods = []
fields = ['resource_uri']
queryset = UserProfile.objects.filter()
resource_name = 'permissions'
class Meta(MarketplaceModelResource.Meta):
authentication = (SharedSecretAuthentication(), OAuthAuthentication())
authorization = OwnerAuthorization()
detail_allowed_methods = ['get', 'patch', 'put']
fields = ['display_name']
list_allowed_methods = []
queryset = UserProfile.objects.filter()
resource_name = 'settings'
def obj_get(self, request=None, **kwargs):
if kwargs.get('pk') == 'mine':
kwargs['pk'] = request.amo_user.pk
# TODO: put in acl checks for admins to get other users information.
obj = super(Mine, self).obj_get(request=request, **kwargs)
if not OwnerAuthorization().is_authorized(request, object=obj):
raise ImmediateHttpResponse(response=http.HttpForbidden())
return obj
def obj_get(self, request=None, **kwargs):
if kwargs.get('pk') == 'mine':
kwargs['pk'] = request.amo_user.pk
# TODO: put in acl checks for admins to get other users information.
obj = super(Mine, self).obj_get(request=request, **kwargs)
if not OwnerAuthorization().is_authorized(request, object=obj):
raise http_error(http.HttpForbidden,
'You do not have access to that account.')
return obj
class Meta(MarketplaceModelResource.Meta):
queryset = Preview.objects.all()
list_allowed_methods = ['post']
allowed_methods = ['get', 'delete']
always_return_data = True
fields = ['id', 'filetype']
authentication = OAuthAuthentication()
authorization = OwnerAuthorization()
resource_name = 'preview'
filtering = {'addon': ALL_WITH_RELATIONS}
def obj_delete(self, request, **kwargs):
obj = self.get_by_resource_or_404(request, **kwargs)
if not (AppOwnerAuthorization().is_authorized(request,
object=obj.addon)
or OwnerAuthorization().is_authorized(request, object=obj) or
PermissionAuthorization('Users', 'Edit').is_authorized(request)
or PermissionAuthorization('Addons',
'Edit').is_authorized(request)):
raise ImmediateHttpResponse(response=http.HttpForbidden())
log.info('Rating %s deleted from addon %s' % (obj.pk, obj.addon.pk))
return super(RatingResource, self).obj_delete(request, **kwargs)
def obj_delete(self, request, **kwargs):
obj = self.get_by_resource_or_404(request, **kwargs)
if not (AppOwnerAuthorization().is_authorized(request,
object=obj.addon)
or OwnerAuthorization().is_authorized(request, object=obj) or
PermissionAuthorization('Users', 'Edit').is_authorized(request)
or PermissionAuthorization('Addons',
'Edit').is_authorized(request)):
raise http_error(
http.HttpForbidden,
'You do not have permission to delete this review.')
log.info('Rating %s deleted from addon %s' % (obj.pk, obj.addon.pk))
return super(RatingResource, self).obj_delete(request, **kwargs)
def obj_get(self, request=None, **kw):
try:
obj = super(StatusPayResource, self).obj_get(request=request, **kw)
except ObjectDoesNotExist:
# Anything that's not correct will be raised as a 404 so that it's
# harder to iterate over contribution values.
log.info('Contribution not found')
return None
if not OwnerAuthorization().is_authorized(request, object=obj):
raise ImmediateHttpResponse(response=http.HttpForbidden())
if not obj.addon.has_purchased(request.amo_user):
log.info('Not in AddonPurchase table')
return None
return obj