def func_wrapper(*args, **kwargs): response = None with app.app_context(): # change the context in order to allow for use of request try: # fetch the user by id token = request.headers['Authorization'] the_user = User.nodes.get(id=token) # fetch the user by id if level == AuthenticationLevels.ANY: pass if level == AuthenticationLevels.USER and the_user.id != user_id: raise planit_error.WrongUserError() if level == AuthenticationLevels.EVENT_CREATOR and the_user.role not in [ UserRoles.EVENT_CREATOR_ROLE, UserRoles.ADMIN_ROLE]: raise planit_error.Forbidden() if level == AuthenticationLevels.ADMIN and the_user.role != UserRoles.ADMIN_ROLE: raise planit_error.Forbidden() response = func(*args, **kwargs) except DoesNotExist: # return an error message if token is bad response = application_codes.error_response([application_codes.BAD_AUTHENTICATION]) except KeyError: # return an error message if authentication not provided response = application_codes.error_response([application_codes.NO_AUTHENTICATION]) except planit_error.WrongUserError: response = application_codes.error_response([planit_appcodes.WRONG_USER]) except planit_error.Forbidden: response = application_codes.error_response([application_codes.FORBIDDEN_VIOLATION]) return response
def func_wrapper(*args, **kwargs): if debug_mode: response = func(*args, **kwargs) else: response = None with app.app_context(): # change the context in order to allow for use of request try: # fetch the user by id token = request.headers['Authorization'] the_user = accesstoken.AccessTokenV1.nodes.get(id=token).user.single() # fetch the user by id if level == AuthenticationLevels.ANY: pass if level == AuthenticationLevels.USER and the_user.id != user_id and the_user.role != UserRoles.SYS_ADMIN: raise katyscareerror.WrongUserError() if level == AuthenticationLevels.ADMIN and the_user.role != UserRoles.SYS_ADMIN: raise katyscareerror.Forbidden() response = func(*args, **kwargs) except DoesNotExist: # return an error message if token is bad response = application_codes.error_response([application_codes.BAD_AUTHENTICATION]) except KeyError: # return an error message if authentication not provided response = application_codes.error_response([application_codes.NO_AUTHENTICATION]) except katyscareerror.WrongUserError: response = application_codes.error_response([kc_appcodes.WRONG_USER]) except katyscareerror.Forbidden: response = application_codes.error_response([application_codes.FORBIDDEN_VIOLATION]) return response
def calf_wrapper(calf_id): """ NOTE: cid is case sensitive and determined by the user who creates the calf The id is made up of the cid and farm id. {farmid}_{cid} """ response = None req_data = json.loads(request.data) if request.data else dict() try: # Authorize here (not ideal, but this type of auth not supported by def at top of page) if calf_id: token = request.headers['Authorization'] the_user = accesstoken.AccessTokenV1.nodes.get(id=token).user.single() calf = Calf.nodes.get(id=calf_id) permitted_users = calf.farm.single().staff.all() if the_user in permitted_users: pass else: raise katyscareerror.KatysCareError except DoesNotExist: return application_codes.error_response([application_codes.BAD_AUTHENTICATION]) except katyscareerror.KatysCareError: return application_codes.error_response([application_codes.FORBIDDEN_VIOLATION]) except KeyError: return application_codes.error_response([application_codes.NO_AUTHENTICATION]) @authenticate(AuthenticationLevels.ANY) def public_calls(): if request.method == 'POST': try: farm_id = req_data["data"]["relationships"]["farm"]["data"]["id"] cid = req_data["data"]["attributes"]["cid"] req_data["data"]["attributes"]["id"] = "{fid}_{cid}".format(fid=farm_id, cid=cid) return Calf.create_resource(req_data) except KeyError: return application_codes.error_response([application_codes.BAD_FORMAT_VIOLATION]) elif request.method == 'GET' and calf_id: return Calf.get_resource(request.args, calf_id) elif request.method == 'GET': return Calf.get_collection(request.args) @authenticate(AuthenticationLevels.ANY) def private_calls(): if request.method == 'PATCH': return Calf.update_resource(req_data, calf_id) elif request.method == 'DELETE': # WARNING: THIS DOES A FULL DELETE NOT A DEACTIVATE try: the_calf = Calf.nodes.get(id=calf_id) the_calf.delete() except DoesNotExist: return application_codes.error_response([application_codes.RESOURCE_NOT_FOUND]) # return Calf.deactivate_resource(calf_id) (old behavior) return '', 204 if request.method in ['POST', 'GET']: response = public_calls() elif request.method in ['PATCH', 'DELETE']: response = private_calls() return response
def get_token(): request_json = json.loads(request.data) try: response = user_module.login(request_json, request.args) except KeyError: response = application_codes.error_response([application_codes.BAD_FORMAT_VIOLATION]) return response
def login(request_form, request_args): try: email = request_form['email'].lower() password = request_form['password'] password = hashlib.sha256(password).hexdigest() u = UserV1.nodes.get(email=email, password=password) # get user from id and password new_token = token_representation(u.id) if u.token: accesstoken.AccessTokenV1.update_resource(new_token, u.token.single().id) r = accesstoken.AccessTokenV1.get_resource(request_args, u.token.single().id) else: r = accesstoken.AccessTokenV1.create_resource(new_token, request_args) # create the new token then connect it except DoesNotExist: r = application_codes.error_response([application_codes.RESOURCE_NOT_FOUND]) except KeyError: r = application_codes.error_response([application_codes.BAD_FORMAT_VIOLATION]) return r
def private_calls(): if request.method == 'PATCH': return Calf.update_resource(req_data, calf_id) elif request.method == 'DELETE': # WARNING: THIS DOES A FULL DELETE NOT A DEACTIVATE try: the_calf = Calf.nodes.get(id=calf_id) the_calf.delete() except DoesNotExist: return application_codes.error_response([application_codes.RESOURCE_NOT_FOUND]) # return Calf.deactivate_resource(calf_id) (old behavior) return '', 204
def public_calls(): if request.method == 'POST': try: farm_id = req_data["data"]["relationships"]["farm"]["data"]["id"] cid = req_data["data"]["attributes"]["cid"] req_data["data"]["attributes"]["id"] = "{fid}_{cid}".format(fid=farm_id, cid=cid) return Calf.create_resource(req_data) except KeyError: return application_codes.error_response([application_codes.BAD_FORMAT_VIOLATION]) elif request.method == 'GET' and calf_id: return Calf.get_resource(request.args, calf_id) elif request.method == 'GET': return Calf.get_collection(request.args)
def user_wrapper(id): """Methods related to the user resource""" response = None if id: id = id.lower() req_data = None try: if request.data: req_data = json.loads(request.data) if "email" in req_data["data"]["attributes"]: req_data["data"]["attributes"]["email"] = req_data["data"]["attributes"]["email"].lower() # emails should be lower case if "id" in req_data["data"]["attributes"]: req_data["data"]["attributes"]["id"] = req_data["data"]["attributes"]["id"].lower() except KeyError: return application_codes.error_response([application_codes.BAD_FORMAT_VIOLATION]) def post_user(): return User.create_resource(req_data) @authenticate(AuthenticationLevels.USER, id) def patch_user(): return User.update_resource(req_data, id) @authenticate(AuthenticationLevels.USER, id) def delete_user(): return User.deactivate_resource(id) @authenticate(AuthenticationLevels.USER, id) def get_user(): return User.get_resource(request.args, id) @authenticate(AuthenticationLevels.ADMIN) def get_user_collection(): return User.get_collection(request.args) # pick method to execute if request.method == 'POST': # no auth required response = post_user() elif request.method == 'PATCH': # must be user response = patch_user() elif request.method == 'DELETE': # must be user response = delete_user() elif request.method == 'GET' and id: # must be user response = get_user() elif request.method == 'GET': # must be administrator response = get_user_collection() return response
def post_event(): req_data = eval(request.data) try: # convert dates to datetime format st = req_data['data']['attributes'].get('start_time') et = req_data['data']['attributes'].get('end_time') # set the owner req_data['data']['relationships']['owner'] = dict() req_data['data']['relationships']['owner']['data'] = {'id': request.headers['Authorization'], 'type': 'users'} if st: req_data['data']['attributes']['start_time'] = datetime.strptime(st, '%Y-%m-%d %H:%M:%S') if et: req_data['data']['attributes']['end_time'] = datetime.strptime(et, '%Y-%m-%d %H:%M:%S') except KeyError: return application_codes.error_response([application_codes.BAD_FORMAT_VIOLATION]) # set the owner return Event.create_resource(req_data)
def treatment_plan_wrapper(tp_id): response = None tp_id = tp_id.lower() if tp_id else tp_id req_data = json.loads(request.data) if request.data else dict() tp_owner_id = None try: # Attempt to find user associated with treatment plan if tp_id: tp = TreatmentPlan.nodes.get(id=tp_id) tp_owner = tp.veterinarian.single() if tp_owner: tp_owner_id = tp_owner.id except DoesNotExist: return application_codes.error_response([application_codes.RESOURCE_NOT_FOUND]) @authenticate(AuthenticationLevels.ANY) def public_calls(): if request.method == 'POST': user_id = user_from_token(request.headers['Authorization']) if 'relationships' not in req_data['data']: req_data['data']['relationships'] = dict() req_data['data']['relationships']['veterinarian'] = dict() req_data['data']['relationships']['veterinarian']['data'] = {'type': 'users', 'id': user_id} return TreatmentPlan.create_resource(req_data) elif request.method == 'GET' and tp_id: return TreatmentPlan.get_resource(request.args, tp_id) elif request.method == 'GET': return TreatmentPlan.get_collection(request.args) @authenticate(AuthenticationLevels.USER, user_id=tp_owner_id) def private_calls(): if request.method == 'PATCH': return TreatmentPlan.update_resource(req_data, tp_id) elif request.method == 'DELETE': return TreatmentPlan.deactivate_resource(tp_id) if request.method in ['POST', 'GET']: response = public_calls() elif request.method in ['PATCH', 'DELETE']: response = private_calls() return response
def method_not_allowed(error): return application_codes.error_response([application_codes.METHOD_NOT_ALLOWED])
def not_found(error): return application_codes.error_response([application_codes.RESOURCE_NOT_FOUND])