def username(username): acc = models.Account.pull(username) if acc is None: abort(404) elif ( request.method == 'DELETE' or ( request.method == 'POST' and request.values.get('submit',False) == 'Delete' ) ): if current_user.id != acc.id and not current_user.is_super: abort(401) else: acc.delete() flash('Account ' + acc.id + ' deleted') return redirect(url_for('.index')) elif request.method == 'POST': if current_user.id != acc.id and not current_user.is_super: abort(401) newdata = request.json if request.json else request.values if newdata.get('id',False): if newdata['id'] != username: acc = models.Account.pull(newdata['id']) else: newdata['api_key'] = acc.data['api_key'] # attempt to do password updates first if 'password' in newdata and not newdata['password'].startswith('sha1'): if "confirm" in newdata and newdata.get("confirm") != newdata.get("password"): flash("Passwords do not match") return render_template("account/view.html", account=acc) acc.set_password(newdata['password']) # update everything else for k, v in newdata.items(): if k not in ['submit','password','confirm']: acc.data[k] = v # save the record and return the new view acc.save() flash("Record updated") return render_template('account/view.html', account=acc) else: if util.request_wants_json(): resp = make_response( json.dumps(acc.data, sort_keys=True, indent=4) ) resp.mimetype = "application/json" return resp else: return render_template('account/view.html', account=acc)
def username(username): acc = models.Account.pull(username) if acc is None: abort(404) elif request.method == "DELETE" or (request.method == "POST" and request.values.get("submit", False) == "Delete"): if current_user.id != acc.id and not current_user.is_super: abort(401) else: acc.delete() flash("Account " + acc.id + " deleted") return redirect(url_for(".index")) elif request.method == "POST": if current_user.id != acc.id and not current_user.is_super: abort(401) newdata = request.json if request.json else request.values if newdata.get("id", False): if newdata["id"] != username: acc = models.Account.pull(newdata["id"]) else: newdata["api_key"] = acc.data["api_key"] # attempt to do password updates first if "password" in newdata and not newdata["password"].startswith("sha1"): if "confirm" in newdata and newdata.get("confirm") != newdata.get("password"): flash("Passwords do not match") return render_template("account/view.html", account=acc) acc.set_password(newdata["password"]) # update everything else for k, v in newdata.items(): if k not in ["submit", "password", "confirm"]: acc.data[k] = v # save the record and return the new view acc.save() flash("Record updated") return render_template("account/view.html", account=acc) else: if util.request_wants_json(): resp = make_response(json.dumps(acc.data, sort_keys=True, indent=4)) resp.mimetype = "application/json" return resp else: return render_template("account/view.html", account=acc)
def index(): if current_user.is_anonymous(): abort(401) users = models.Account.all() #{"sort":{'id':{'order':'asc'}}},size=1000000 if len(users) > 0: accs = [models.Account.pull(i['_source']['id']) for i in users['hits']['hits']] # explicitly mapped to ensure no leakage of sensitive data. augment as necessary users = [] for acc in accs: user = {'id':acc.id, "email" : acc.email} if 'created_date' in acc.data: user['created_date'] = acc.data['created_date'] users.append(user) if util.request_wants_json(): resp = make_response( json.dumps(users, sort_keys=True, indent=4) ) resp.mimetype = "application/json" return resp else: return render_template('account/users.html', users=users)
def api_lookup(path='',ids=[]): givejson = util.request_wants_json() path = path.replace('.json','') idlist = [] if ids and isinstance(ids,basestring): idlist = [ {"id":i} for i in ids.split(',') ] elif ids: for i in ids: if isinstance(i,basestring): idlist.append({"id":i}) else: idlist.append(i) elif request.json: for item in request.json: if isinstance(item,dict): idlist.append(item) else: idlist.append({"id":item}) elif path and len(path) > 0: idlist = [ {"id":i} for i in path.split(',') ] if len(idlist) > 1000: abort(400) if idlist: results = workflow.lookup(idlist).json() else: results = json.dumps({}) if request.method == 'GET' and not givejson: if path: triggered = idlist else: triggered = False return render_template('index.html', results=results, triggered=triggered) else: resp = make_response( results ) resp.mimetype = "application/json" return resp
def api_lookup(path='',ids=[]): givejson = util.request_wants_json() path = path.replace('.json','') idlimit = config.LOOKUP_LIMIT # have we been asked to prioritise? priority = bool(request.values.get("priority", False)) if priority: idlimit = config.PRIORITY_LOOKUP_LIMIT idlist = [] # look for JSON in the incoming request data if request.json: # the MIME type of the request is set properly - this is how it # should be request_json = request.json else: request_json = None # check if somebody just POST-ed without bothering to request # the right MIME type try: request_json = json.loads(request.data) except ValueError: pass # now check if the client mislabeled the request really badly, # i.e. saying it's HTML form data when it's actually JSON try: request_json = json.loads(str(request.form)) except ValueError: pass if ids and isinstance(ids,basestring): idlist = [ {"id":i} for i in ids.split(',') ] elif ids: for i in ids: if isinstance(i,basestring): idlist.append({"id":i}) else: idlist.append(i) elif request_json: for item in request_json: if isinstance(item,dict): idlist.append(item) else: idlist.append({"id":item}) elif path and len(path) > 0: idlist = [ {"id":i} for i in path.split(',') ] log.debug('LOOKUP: About to do a request size test. Len of idlist: ' + str(len(idlist))) if len(idlist) > idlimit: abort(400) if idlist: results = workflow.lookup(idlist, priority).json() else: results = json.dumps({}) if request.method == 'GET' and not givejson: if path: triggered = idlist else: triggered = False return render_template('index.html', results=results, triggered=triggered) else: resp = make_response( results ) resp.mimetype = "application/json" return resp
def issue(path=''): givejson = util.request_wants_json() path = path.replace('.json','') i = False if path: i = models.Issue.pull(path) if request.method == 'GET': if givejson: resp = make_response( i.data ) resp.mimetype = "application/json" return resp else: return render_template('issue.html', issue=i) elif request.method == 'POST': if not i: i = models.Issue() if request.json: i.data = request.json elif request.values: i.data['about'] = request.values['about'] i.data['issue'] = request.values['issue'] i.data['email'] = request.values['email'] else: abort(404) # only save an issue about an ID we actually have a record for if len(i.data['about']) < 9: cid = 'pmid:' else: cid = 'doi:' check = models.Record.pull(cid + i.data['about'].replace('/','_')) if check is not None: i.save() elif givejson: abort(404) else: flash("Sorry, your issue is about an identifier for which we do not hold a record.", 'error') return render_template('issue.html', issue=i) if app.config['CONTACT_EMAIL'] and not app.config['DEBUG']: text = 'Hey, an issue has been raised for ' + i.data['about'] + '\n\nView it at http://oag.cottagelabs.com/issue/' + i.id util.send_mail([app.config['CONTACT_EMAIL']], app.config['CONTACT_EMAIL'], "issue raised", text) if givejson: resp = make_response( i.data ) resp.mimetype = "application/json" return resp else: flash("Thanks, your issue has been raised", 'success') return redirect('/issue/' + i.id) elif request.method == 'DELETE' and i: i.delete() return "" else: abort(404)