def add_role(self, role):
if role is None:
raise ApiException(400, "Role has to be specified.")
role = Role.query.filter_by(name=role, deleted=None).one_or_none()
if role is None:
raise ApiException(400, "Role with this name does not exists.")
self.roles.append(role)
def login():
"""
API function for user to login
Check credentials and returns User informations with access and refresh
JWT token.
"""
data = request.get_json()
if not data:
raise ApiException(422, "No data.")
form, errors = __loginSchema.load(data)
if errors:
return jsonify({'error': errors}), 422
user = User.query\
.filter(or_(User.email == form['username'],
User.username == form['username'],
User.deleted is None))\
.one_or_none()
if user is None:
raise ApiException(400, "Username or password mismatch.")
from moddoc import app
if app.bcrypt.check_password_hash(user.password, form['password']):
data = __userSchema.dump(user).data
data['access_token'] = create_access_token(identity=data)
data['refresh_token'] = create_refresh_token(identity=data)
add_token_to_database(data['access_token'],
app.config['JWT_IDENTITY_CLAIM'])
add_token_to_database(data['refresh_token'],
app.config['JWT_IDENTITY_CLAIM'])
return jsonify(data)
else:
raise ApiException(400, "Username or password mismatch.")
def add_role_by_id(self, role_id):
if role_id is None:
raise ApiException(400, "No role ID.")
role = Role.query.get_by_id(role_id)
if role is None:
raise ApiException(400, "Role with this ID does not exists.")
self.roles.append(role)
def registration():
"""
Registration action, create new User instance if data which are
send from client are valid.
"""
data = request.get_json()
if not data:
raise ApiException(422, "No data.")
form, errors = __registrationSchema.load(data)
if errors:
return jsonify(errors), 422
user = User.query\
.filter(User.username == form['username'])\
.one_or_none()
if user is not None:
raise ApiException(400, "Username taken.")
user = User.query\
.filter(User.email == form['email'])\
.one_or_none()
if user is not None:
raise ApiException(400, "Email taken.")
user = User(form['username'], form['email'], form['password'])
from moddoc import app
app.db.session.add(user)
app.db.session.commit()
return jsonify()
def update(role_model):
role = Role.query.get_by_id(role_model['id'])
if role is None:
raise ApiException(400, 'Role with this ID does not exists')
check_name = Role.query.get_by_name(role_model['name'])
if check_name is None or check_name.id == role.id:
role.name = role_model['name']
return role
else:
raise ApiException(400, 'This name is already in use.')
def delete_repository(repository_id):
"""Delete repository, only if user is owner of this repository"""
user = get_jwt_identity()
repository = Repository.query.get_by_id(repository_id, user)
if repository is None:
raise ApiException(400, "No module with this id was found.")
if str(repository.owner_id) != user['id']:
raise ApiException(400, "Not enough permissions for this action.")
repository.delete()
app.db.session.commit()
return jsonify()
def delete_module(module_id):
"""Delete module, only if user is owner of repository"""
user = get_jwt_identity()
module = Module.query.get_by_id(module_id, None)
if module is None:
raise ApiException(400, "No module with this id was found.")
if str(module.repository.owner_id) != user['id']:
raise ApiException(400, "Not enough permissions for this action.")
module.delete()
app.db.session.commit()
return jsonify()
def delete_document(document_id):
"""Delete document, document can be deleted only by its owner"""
user = get_jwt_identity()
document = Document.query.get_by_id(document_id, user)
if document is None:
raise ApiException(400, 'Document with this id does not exists.')
elif str(document.owner_id) != user['id']:
raise ApiException(400, 'You do not have permission for this action.')
else:
document.delete()
app.db.session.commit()
return jsonify()
def update(document_model, user):
document = Document.query.get_by_id(document_model['id'], user)
if document is None:
raise ApiException(400, "No document with this ID exists.")
check_name = Document.query.get_by_name(document_model['name'])
if check_name is None or check_name.id == document.id:
document.name = document_model['name']
document.body = document_model['body']
revision = Revision.create_revision(document)
return document, revision
else:
raise ApiException(400, 'Document with this name already exists.')
def delete_role(role_id):
"""
Delete role
:param role_id:
"""
role = Role.query.get_by_id(role_id)
if role is None:
raise ApiException(400, 'No role with this ID was found.')
if role.default:
raise ApiException(400, 'This role cannot be deleted')
role.deleted = datetime.utcnow()
app.db.session.commit()
return jsonify()
def update(self, userModel):
if self.username != userModel['username']:
user = User.query.filter(User.username == userModel['username'])\
.one_or_none()
if user is None:
self.username = userModel['username']
else:
raise ApiException(400, "Username is already taken.")
if self.email != userModel['email']:
user = User.query.filter(User.email == userModel['email'])\
.one_or_none()
if user is None:
self.email = userModel['email']
else:
raise ApiException(400, "Email is already taken.")
def update(module_data, user):
module = Module.query.get_by_id(module_data['id'], user)
if module is None:
raise ApiException(400, 'Module with id does not exists.')
check_name = Module.query.get_by_name(module_data['name'],
module.repository_id)
if check_name is None or check_name.id == module.id:
module.name = module_data['name']
module.body = module_data['body']
history = ModuleHistory.create_history(module)
return module, history
else:
raise ApiException(
400,
'Module with this name is already present in this repository'
) # noqa 501
def unassign_permission_repository(repository_id, user_id):
"""Remove permission for user from document"""
user = get_jwt_identity()
repository = Document.query.get_by_id(repository_id, user)
if repository is None:
raise ApiException(400, 'No document with this id exists.')
if str(repository.owner_id) != user['id']:
raise ApiException(400, 'You do not have permission for this action.')
permission = RepositoryPermission.query\
.filter_by(repository_id=repository_id, user_id=user_id, deleted=None)\
.one_or_none()
if permission is None:
raise ApiException(400, "This permission does not exists.")
permission.delete()
app.db.session.add()
return jsonify()
def function_wrapper(*args, **kwargs):
roles = get_jwt_claims()
for role in roles['roles']:
if role['flag'] > minimum_flag:
return func(*args, **kwargs)
raise ApiException(403, "You do not have enough permission for\
this action.")
def add_repository(self, repository_id):
from moddoc.model import Repository
repository = Repository.query.soft_get(repository_id)
if repository is None:
raise ApiException(400, "Repository with this id does not exists.")
self.repositories.append(repository)
return self
def update(self, repository_model):
reposiotory = Repository.query.filter(
Repository.name == repository_model['name']).one_or_none()
if reposiotory is None:
self.name = repository_model['name']
else:
raise ApiException(400,
'This name of repository is already taken.')
def assign_roles_to_users():
"""Assing one or more roles to
one or more users"""
data = request.get_json()
if not data:
raise ApiException(422, "No data.")
assignRoles, errors = __assignRolesSchema.load(data)
if errors:
return jsonify({'error': errors}), 422
for user_id in assignRoles['users']:
user = User.query.soft_get(user_id)
if user is None:
raise ApiException(400, "One of the users does not exists.")
for role_id in assignRoles['roles']:
user.add_role_by_id(role_id)
app.db.session.commit()
return jsonify()
def assign_permission_repository(repository_id):
user = get_jwt_identity()
data = request.get_json()
repository = Repository.query.get_by_id(repository_id, user)
if data is None:
raise ApiException(422, 'No data.')
if repository is None:
raise ApiException(400, 'No repository with this id exists.')
if str(repository.owner_id) != user['id']:
raise ApiException(400, 'You do not have permission for this action.')
data, errors = __permissionSchema.load(data)
if errors:
return jsonify({'error': errors}), 422
for user_id in data['users']:
puser = User.query.soft_get(user_id)
repository.grant_permission(puser, data['write'])
app.db.session.commit()
return jsonify()
def create(repository_model):
repository = Repository.query.filter(
Repository.name == repository_model['name']).one_or_none()
if repository is None:
return Repository(name=repository_model['name'],
owner_id=repository_model['owner_id'])
else:
raise ApiException(400,
'This name of repository is already taken.')
def create_link():
"""Create link between repository and document. This is used to
declare which repositories are used in document."""
user = get_jwt_identity()
data = request.get_json()
if data is None:
raise ApiException(422, "No data.")
data, error = __linkSchema.load(data)
if error:
return jsonify({'error': error}), 422
document = Document.query.get_by_id(data['document_id'], user)
if document is None:
raise ApiException(400, 'Document with this id does not exists.')
else:
document.add_repository(data['repository_id'])
app.db.session.commit()
result = __documentSchema.dump(document).data
return jsonify(result)
def create(document_model):
check_name = Document.query.filter_by(name=document_model['name'],
deleted=None).one_or_none()
if check_name is None:
document = Document(document_model)
revision = Revision.create_revision(document)
return document, revision
else:
raise ApiException(400, 'Document with this name already exists.')
def get_role(role_id):
"""
Get single role by id
:param role_id:
"""
role = Role.query.get_by_id(role_id)
if role is None:
raise ApiException(400, 'No role with this ID was found.')
result = __roleSchema.dump(role).data
return jsonify(result)
def build_document(document_id):
"""
Creates document for given document id.
"""
user = get_jwt_identity()
document = Document.query.get_by_id(document_id, user)
if document is None:
raise ApiException(400, 'Document with this id does not exists.')
generated = document.build()
return send_file(generated, mimetype='application/pdf')
def remove_link(link_id):
"""Remove once created link between repository and document."""
link = LinkedRepositories.query.soft_get(link_id, None)
if None:
raise ApiException(
400, "Link could not be removed, because it does not exists"
) # noqa 501
else:
link.delete()
app.db.session.commit()
return jsonify()
def delete_profile():
"""
Remove profile
"""
user = get_jwt_identity()
dbUser = User.query.soft_get(user['id'])
if dbUser is None:
raise ApiException(404, "Your account has been deleted.")
dbUser.delete()
app.db.session.commit()
return jsonify()
def unrevoke_token(token_id, user):
"""
Unrevokes the given token. Raises a TokenNotFound error if the token does
not exist in the database
"""
try:
token = TokenBlacklist.query.filter_by(id=token_id,
user_identity=user['id'])\
.one()
token.revoked = False
app.db.session.commit()
except NoResultFound:
raise ApiException("Could not find the token {}".format(token_id))
def create(module_data):
check_name = Module.query.get_by_name(module_data['name'],
module_data['repository_id'])
if check_name is None:
module = Module(name=module_data['name'],
body=module_data['body'],
repository_id=module_data['repository_id'])
history = ModuleHistory.create_history(module)
return module, history
else:
raise ApiException(
400,
'Module with this name is already present in this repository'
) # noqa 501
def update_your_profile():
"""
Changes users personal info
"""
data = request.get_json()
if not data:
raise ApiException(422, "No data.")
userData, errors = __userSchema.load(data)
if errors:
return jsonify({'error': errors}), 422
user = User.query.soft_get(userData['id'])
user.update(userData)
result = __userSchema.dump(user).data
app.db.session.commit()
return jsonify(result)
def create_or_update():
"""Create or update module for repository"""
data = request.get_json()
if data is None:
raise ApiException(422, "No data.")
data, errors = __moduleSchema.load(data)
if errors:
return jsonify({'error': errors}), 422
if 'id' not in data or data['id'] is None:
module, history = Module.create(data)
app.db.session.add(module)
app.db.session.add(history)
else:
module, history = Module.update(data)
app.db.session.add(history)
app.db.session.commit()
data = __moduleSchema.dump(module).data
return jsonify(data)
def post_role():
"""
Create or update role
"""
data = request.get_json()
if data is None:
raise ApiException(422, 'No data.')
data, errors = __roleSchema.load(data)
if errors:
return jsonify({'error': errors}), 422
if 'id' not in data or data['id'] is None:
role = Role.create(data)
app.db.session.add(role)
else:
role = Role.update(data)
app.db.session.commit()
data = __roleSchema.dump(role).data
return jsonify(data)