def post(self): data = request.get_json() name = data['name'] optional = parse_optional_parameters(data) optional["position"] = parse_position(data) if optional["link"]: if not (len(optional["link"]) <= 200): abort(400, __error__=[u'Maks lengde for lenke er 200 tegn']) if not (optional["link"].strip().startswith('http://') or optional["link"].strip().startswith('https://')): abort(400, __error__=[u'Lenke må starte med http eller https']) if 'contact_person' in data: optional['contact_person'] = parse_contact_person(data) if 'facility_type' in data and 'id' in data['facility_type']: optional['facility_type'] = parse_facility_type(data) if 'unit_type' in data and 'id' in data['unit_type']: optional['unit_type'] = parse_unit_type(data) fac = Facility(name, **optional) fac.amenities = parse_dict(data, "amenities") fac.accessibility = parse_dict(data, "accessibility") fac.equipment = parse_dict(data, "equipment") fac.suitability = parse_dict(data, "suitability") fac.facilitators = parse_dict(data, "facilitators") if 'is_deleted' in data: fac.is_deleted = data['is_deleted'] if 'is_published' in data: fac.is_published = data['is_published'] current_app.db_session.add(fac) current_app.db_session.commit() current_app.db_session.refresh(fac) # Make sure the user who created the facility is allowed to edit it user_id = repo.get_user_id_for_user(cookies=request.cookies) if user_id: added_credentials = repo.add_edit_credentials(user_id, fac.id, request.cookies) if fac.id and added_credentials: return marshal(fac, facility_fields_admin), 201 # If we were NOT successful all the way above, we have to delete the facility try: current_app.db_session.delete(fac) current_app.db_session.commit() except: current_app.logger.warn( "Not able to delete facility#id " + str(fac.id) + ", after updating credentials failed.") pass abort(500, __error__=["Error creating facility."]) else: return marshal(fac, facility_fields_admin), 201
def validate(self, f, *args, **kwargs): if kwargs.get("facility_id", None): # the normal case: a faility facility_id = kwargs["facility_id"] elif kwargs.get("image_id", None): # an image related to a facility image = current_app.db_session.query(Image).get(kwargs["image_id"]) facility_id = image.facility_id elif kwargs.get("document_id", None): # a document related to a facility document = current_app.db_session.query(Document).get(kwargs["document_id"]) facility_id = document.facility_id elif request.form.get('facilityId', None): # POST image/document with facility id in form facility_id = request.form.get('facilityId') #this should cover all cases where this decorator is used user_id = repo.get_user_id_for_user(cookies=request.cookies) valid = user_id and repo.can_user_edit_facility(user_id, facility_id, cookies=request.cookies) if not valid: self.fail("You do not have privileges to edit facility %s." % facility_id, f, 403, None, *args, **kwargs)
def validate(self, f, *args, **kwargs): user_id = repo.get_user_id_for_user(cookies=request.cookies) valid = user_id and repo.can_user_create_facility(user_id, cookies=request.cookies) if not valid: self.fail("You do not have privileges to create a facility.", f, 403, None, *args, **kwargs)