def generate_unauthorized_response(e, request): # We may need to check the roles of the users to show the real error eid = uuid.uuid4().hex message = _('Not authorized to render operation') + ' ' + eid user = get_authenticated_user_id(request) extra = { 'r': _url(request), 'u': user } logger.error( message, exc_info=e, extra=extra) return UnauthorizedResponse(message)
def install(self, site, request): registry = request.site_settings registry.for_interface(ILayers).active_layers |= {USERS_LAYER} user = get_authenticated_user_id(request) create_content_in_container(site, 'UserManager', 'users', creators=(user, ), title='Users') create_content_in_container(site, 'GroupManager', 'groups', creators=(user, ), title='Groups')
async def __call__(self): data = await self.request.json() if '@type' not in data and data['@type'] != 'Site': return ErrorResponse('NotAllowed', 'can not create this type %s' % data['@type'], status=401) if 'title' not in data and not data['title']: return ErrorResponse('NotAllowed', 'We need a title', status=401) if 'id' not in data: return ErrorResponse('NotAllowed', 'We need an id', status=401) if 'description' not in data: data['description'] = '' if data['id'] in self.context: # Already exist return ErrorResponse('NotAllowed', 'Duplicate id', status=401) site = create_content('Site', id=data['id'], title=data['title'], description=data['description']) # Special case we don't want the parent pointer site.__name__ = data['id'] self.context[data['id']] = site site.install() self.request._site_id = site.__name__ user = get_authenticated_user_id(self.request) # Local Roles assign owner as the creator user roleperm = IPrincipalRoleManager(site) roleperm.assignRoleToPrincipal('plone.Owner', user) await notify(ObjectFinallyCreatedEvent(site)) # await notify(ObjectAddedEvent(site, self.context, site.__name__)) resp = {'@type': 'Site', 'id': data['id'], 'title': data['title']} headers = {'Location': self.request.path + data['id']} return Response(response=resp, headers=headers)
def generate_error_response(e, request, error, status=400): # We may need to check the roles of the users to show the real error eid = uuid.uuid4().hex message = _('Error on execution of view') + ' ' + eid user = get_authenticated_user_id(request) extra = { 'r': _url(request), 'u': user } logger.error( message, exc_info=e, extra=extra) return ErrorResponse( error, message, status )
def begin(self, request=None): """Return new request specific transaction :param request: current request """ if request is None: request = get_current_request() user = get_authenticated_user_id(request) txn = getattr(request, '_txn', None) if txn is not None: txn.abort() txn = request._txn = transaction.Transaction(self._synchs, self) if user is not None: txn.user = user _new_transaction(txn, self._synchs) request._txn_time = time.time() return txn
async def __call__(self): """To create a content.""" data = await self.get_data() type_ = data.get('@type', None) id_ = data.get('id', None) behaviors = data.get('@behaviors', None) if not type_: return ErrorResponse('RequiredParam', _("Property '@type' is required")) # Generate a temporary id if the id is not given if not id_: new_id = None else: new_id = id_ user = get_authenticated_user_id(self.request) # Create object try: obj = create_content_in_container(self.context, type_, new_id, id=new_id, creators=(user, ), contributors=(user, )) except PreconditionFailed as e: return ErrorResponse('PreconditionFailed', str(e), status=412) except ConflictIdOnContainer as e: return ErrorResponse('ConflictId', str(e), status=409) except ValueError as e: return ErrorResponse('CreatingObject', str(e), status=400) for behavior in behaviors or (): obj.add_behavior(behavior) # Update fields deserializer = queryMultiAdapter((obj, self.request), IResourceDeserializeFromJson) if deserializer is None: return ErrorResponse('DeserializationError', 'Cannot deserialize type {}'.format( obj.portal_type), status=501) try: await deserializer(data, validate_all=True) except DeserializationError as e: return ErrorResponse('DeserializationError', str(e), exc=e, status=400) # Local Roles assign owner as the creator user roleperm = IPrincipalRoleManager(obj) roleperm.assignRoleToPrincipal('plone.Owner', user) await notify(ObjectFinallyCreatedEvent(obj)) absolute_url = queryMultiAdapter((obj, self.request), IAbsoluteURL) headers = { 'Access-Control-Expose-Headers': 'Location', 'Location': absolute_url() } serializer = queryMultiAdapter((obj, self.request), IResourceSerializeToJson) return Response(response=serializer(), headers=headers, status=201)
async def __call__(self): """To create a content.""" data = await self.get_data() type_ = data.get('@type', None) id_ = data.get('id', None) behaviors = data.get('@behaviors', None) if '__acl__' in data: # we don't allow to change the permisions on this patch del data['__acl__'] if not type_: return ErrorResponse( 'RequiredParam', _("Property '@type' is required")) # Generate a temporary id if the id is not given if not id_: new_id = None else: new_id = id_ user = get_authenticated_user_id(self.request) # Create object try: obj = create_content_in_container( self.context, type_, new_id, id=new_id, creators=(user,), contributors=(user,)) except PreconditionFailed as e: return ErrorResponse( 'PreconditionFailed', str(e), status=412) except ConflictIdOnContainer as e: return ErrorResponse( 'ConflictId', str(e), status=409) except ValueError as e: return ErrorResponse( 'CreatingObject', str(e), status=400) for behavior in behaviors or (): obj.add_behavior(behavior) # Update fields deserializer = queryMultiAdapter((obj, self.request), IResourceDeserializeFromJson) if deserializer is None: return ErrorResponse( 'DeserializationError', 'Cannot deserialize type {}'.format(obj.portal_type), status=501) try: await deserializer(data, validate_all=True) except DeserializationError as e: return ErrorResponse( 'DeserializationError', str(e), exc=e, status=400) # Local Roles assign owner as the creator user roleperm = IPrincipalRoleManager(obj) roleperm.assign_role_to_principal( 'plone.Owner', user) await notify(ObjectFinallyCreatedEvent(obj, data)) absolute_url = queryMultiAdapter((obj, self.request), IAbsoluteURL) headers = { 'Access-Control-Expose-Headers': 'Location', 'Location': absolute_url() } serializer = queryMultiAdapter( (obj, self.request), IResourceSerializeToJson ) return Response(response=serializer(), headers=headers, status=201)
async def __call__(self): data = await self.request.json() if '@type' not in data and data['@type'] != 'Site': return ErrorResponse( 'NotAllowed', 'can not create this type %s' % data['@type'], status=401) if 'title' not in data and not data['title']: return ErrorResponse( 'NotAllowed', 'We need a title', status=401) if 'id' not in data: return ErrorResponse( 'NotAllowed', 'We need an id', status=401) if 'description' not in data: data['description'] = '' if data['id'] in self.context: # Already exist return ErrorResponse( 'NotAllowed', 'Duplicate id', status=401) site = create_content( 'Site', id=data['id'], title=data['title'], description=data['description']) # Special case we don't want the parent pointer site.__name__ = data['id'] self.context[data['id']] = site site.install() self.request._site_id = site.__name__ user = get_authenticated_user_id(self.request) # Local Roles assign owner as the creator user roleperm = IPrincipalRoleManager(site) roleperm.assign_role_to_principal( 'plone.Owner', user) await notify(ObjectFinallyCreatedEvent(site)) # await notify(ObjectAddedEvent(site, self.context, site.__name__)) resp = { '@type': 'Site', 'id': data['id'], 'title': data['title'] } headers = { 'Location': self.request.path + data['id'] } return Response(response=resp, headers=headers)