def base_preprocessor_delete_many(search_params=None, **kw):
"""Create a generic DELETE_MANY preprocessor.
Accepts a single argument, `search_params`, which is a dictionary
containing the search parameters for the request.
"""
logger.info('`base_preprocessor_delete_many` used for endpoint')
def remote_authorize(*args, **kwargs):
"""Login via JSON from another application.
:param string email: Email associated with user account
:param string password: Password assocaited with user account
:return bool
"""
form_class = _security.login_form
error_message = 'No credentials provided'
if request.json:
form = form_class(MultiDict(request.json))
else:
error_message = "Request did not use Content-Type:application/json"
logger.info('[OAUTH::remote_authorize] %s', error_message)
abort(403, error_message)
if form.validate_on_submit():
login_user(form.user, remember=form.remember.data)
after_this_request(_commit)
current_user = form.user
else:
logger.error(
'[OAUTH::remote_authorize] Validation Failed with '
'message: %s', form.errors)
return abort(403, form.errors)
return True
def base_preprocessor_get_many(search_params=None, **kw):
"""Create a generic GET_MANY preprocessor.
Accepts a single argument, `search_params`, which is a dictionary
containing the search parameters for the request.
"""
logger.info('`base_preprocessor_get_many` responded to request')
def base_preprocessor_get_single(instance_id=None, **kw):
"""Create a generic GET_SINGLE preprocessor.
Accepts a single argument, `instance_id`, the primary key of the
instance of the model to get.
"""
logger.info('`base_preprocessor_get_single` responded to request')
def base_preprocessor_post(data=None, **kw):
"""Create a generic POST preprocessor.
Accepts a single argument, `data`, which is the dictionary of
fields to set on the new instance of the model.
"""
logger.info('`base_preprocessor_post` used for endpoint')
def user_postprocessor_post(result=None, **kw):
"""Create an User specific POST postprocessor.
Accepts a single argument, `result`, which is the dictionary
representation of the created instance of the model.
"""
logger.info('`user_postprocessor_post` used for endpoint')
authorization = verify_authorization()
role = verify_roles(authorization, ['admin'])
"""
HACK: We really shouldn't be doing this, however, it's quicker and
more straight forward than converting the <dict> to enable
dot sytnax that is compatible with Flask-Security
"""
user = db.session.query(Model).get(result['id'])
"""
Sends the reset password instructions email for the specified user.
:param user: The user to send the instructions to
"""
token = generate_reset_password_token(user)
reset_link = url_for_security('reset_password',
token=token,
_external=True)
send_mail('An administrator has created an account for you',
user.email,
'staff',
user=user,
confirmation_link=reset_link)
def base_postprocessor_post(result=None, **kw):
"""Create a generic POST postprocessor.
Accepts a single argument, `result`, which is the dictionary
representation of the created instance of the model.
"""
logger.info('`base_postprocessor_post` used for endpoint')
def base_preprocessor_delete_single(instance_id=None, **kw):
"""Create a generic DELETE_SINGLE preprocessor.
Accepts a single argument, `instance_id`, which is the primary key
of the instance which will be deleted.
"""
logger.info('`base_preprocessor_delete_single` used for endpoint')
def base_postprocessor_delete_single(was_deleted=None, **kw):
"""Create a generic DELETE_SINGLE postprocessor.
Accepts a single argument, `was_deleted`, which represents whether
the instance has been deleted.
"""
logger.info('`base_postprocessor_delete_single` used for endpoint')
def base_postprocessor_update_single(result=None, **kw):
"""Create a generic PATCH_SINGLE and PUT_SINGLE postprocessor.
Accepts a single argument, `result`, which is the dictionary
representation of the requested instance of the model.
"""
logger.info('`base_postprocessor_update_single` used for endpoint')
def base_postprocessor_get_single(result=None, **kw):
"""Create a generic GET_SINGLE postprocessor.
Accepts a single argument, `result`, which is the dictionary
representation of the requested instance of the model.
"""
logger.info('`base_postprocessor_get_single` responded to request')
def base_preprocessor_update_single(instance_id=None, **kw):
"""Create a generic PATCH_SINGLE and PUT_SINGLE preprocessor.
Accepts two arguments, `instance_id`, the primary key of the
instance of the model to patch, and `data`, the dictionary of fields
to change on the instance.
"""
logger.info('`base_preprocessor_update_single` used for endpoint')
def base_preprocessor_update_many(search_params=None, **kw):
"""Create a generic PATCH_MANY and PATCH_SINGLE preprocessor.
Accepts two arguments: `search_params`, which is a dictionary
containing the search parameters for the request, and `data`, which
is a dictionary representing the fields to change on the matching
instances and the values to which they will be set.
"""
logger.info('`base_preprocessor_update_many` used for endpoint')
def base_postprocessor_delete_many(result=None, search_params=None, **kw):
"""Create a generic DELETE_MANY postprocessor.
Accepts two arguments: `result`, which is the dictionary
representation of which is the dictionary representation of the JSON
response which will be returned to the client, and `search_params`,
which is a dictionary containing the search parameters for the
request.
"""
logger.info('`base_postprocessor_delete_many` used for endpoint')
def base_postprocessor_get_many(result=None, search_params=None, **kw):
"""Create a generic GET_MANY postprocessor.
Accepts two arguments, `result`, which is the dictionary
representation of the JSON response which will be returned to the
client, and `search_params`, which is a dictionary containing the
search parameters for the request (that produced the specified
`result`).
"""
logger.info('`base_postprocessor_get_many` responded to request')
def base_postprocessor_update_many(query=None,
data=None,
search_params=None,
**kw):
"""Create a generic PATCH_MANY and PATCH_SINGLE postprocessor.
Accepts three arguments: `query`, which is the SQLAlchemy query
which was inferred from the search parameters in the query string,
`data`, which is the dictionary representation of the JSON response
which will be returned to the client, and `search_params`, which is a
dictionary containing the search parameters for the request.
"""
logger.info('`base_postprocessor_update_many` used for endpoint')
def user_preprocessor_update_single(instance_id=None, **kw):
"""Create an User specific PATCH_SINGLE and PUT_SINGLE preprocessor.
Accepts two arguments, `instance_id`, the primary key of the
instance of the model to patch, and `data`, the dictionary of fields
to change on the instance.
"""
logger.info('`user_preprocessor_update_single` used for endpoint')
if request.args.get('access_token', '') or \
request.headers.get('Authorization'):
authorization = verify_authorization()
if (int(authorization.id) == int(instance_id)):
logger.debug('User %d updating their account' %
(authorization.id))
pass
elif check_roles('admin', authorization.roles):
logger.info('Administrator with id %d is updating user id %d' %
(authorization.id, int(instance_id)))
pass
else:
logger.info('User %d attempted to access a User UPDATE_SINGLE '
'for another user account' % (authorization.id))
abort(403)
else:
logger.info('Anonymous user attempted to access User'
'UPDATE_SINGLE')
abort(403)
def user_preprocessor_post(data=None, **kw):
"""Create an User specific POST preprocessor.
Accepts a single argument, `data`, which is the dictionary of
fields to set on the new instance of the model.
"""
logger.info('`user_preprocessor_post` used for endpoint')
if request.args.get('access_token', '') or \
request.headers.get('Authorization'):
authorization = verify_authorization()
if check_roles('generic', authorization.roles) and \
not check_roles('admin', authorization.roles):
logger.warning('User %d %s access failed User POST' %
(authorization.id, 'generic'))
logger.warning('generic role unauthorized to access '
'User POST')
abort(401)
elif check_roles('admin', authorization.roles):
logger.info('User %d accessed User POST as %s' %
(authorization.id, 'admin'))
pass
else:
logger.info('User %d accessed User POST with no role' %
(authorization.id))
abort(403)
else:
logger.info('Anonymous user attempted to access User POST')
abort(403)
def file_preprocessor_delete_single(instance_id=None, **kw):
"""Create an File specific DELETE_SINGLE preprocessor.
Accepts a single argument, `instance_id`, which is the primary key
of the instance which will be deleted.
"""
logger.info('`file_preprocessor_delete_single` used for endpoint')
if request.args.get('access_token', '') or \
request.headers.get('Authorization'):
authorization = verify_authorization()
else:
abort(403)
def file_preprocessor_get_single(instance_id=None, **kw):
"""Create an File specific GET_SINGLE preprocessor.
Accepts a single argument, `instance_id`, the primary key of the
instance of the model to get.
"""
logger.info('`file_preprocessor_get_single` responded to request')
if request.args.get('access_token', '') or \
request.headers.get('Authorization'):
authorization = verify_authorization()
else:
abort(403)
def token_preprocessor_post(data=None, **kw):
"""Create an Token specific POST preprocessor.
Accepts a single argument, `data`, which is the dictionary of
fields to set on the new instance of the model.
"""
logger.info('`token_preprocessor_post` used for endpoint')
if request.args.get('access_token', '') or \
request.headers.get('Authorization'):
authorization = verify_authorization()
else:
abort(403)
def file_preprocessor_get_many(search_params=None, **kw):
"""Create an File specific GET_MANY preprocessor.
Accepts a single argument, `search_params`, which is a dictionary
containing the search parameters for the request.
"""
logger.info('`file_preprocessor_get_many` responded to request')
if request.args.get('access_token', '') or \
request.headers.get('Authorization'):
authorization = verify_authorization()
else:
abort(403)
def role_preprocessor_post(data=None, **kw):
"""Create an Role specific POST preprocessor.
Accepts a single argument, `data`, which is the dictionary of
fields to set on the new instance of the model.
"""
logger.info('`role_preprocessor_post` used for endpoint')
if request.args.get('access_token', '') or \
request.headers.get('Authorization'):
authorization = verify_authorization()
else:
logger.info('Anonymous user attempted to access User GET_MANY')
abort(403)
def file_preprocessor_update_single(instance_id=None, **kw):
"""Create an File specific PATCH_SINGLE and PUT_SINGLE preprocessor.
Accepts two arguments, `instance_id`, the primary key of the
instance of the model to patch, and `data`, the dictionary of fields
to change on the instance.
"""
logger.info('`file_preprocessor_update_single` used for endpoint')
if request.args.get('access_token', '') or \
request.headers.get('Authorization'):
authorization = verify_authorization()
else:
abort(403)
def token_preprocessor_update_many(search_params=None, **kw):
"""Create an Token specific PATCH_MANY and PATCH_SINGLE preprocessor.
Accepts two arguments: `search_params`, which is a dictionary
containing the search parameters for the request, and `data`, which
is a dictionary representing the fields to change on the matching
instances and the values to which they will be set.
"""
logger.info('`token_preprocessor_update_many` used for endpoint')
if request.args.get('access_token', '') or \
request.headers.get('Authorization'):
authorization = verify_authorization()
else:
abort(403)
def file_preprocessor_post(data=None, **kw):
"""Create an File specific POST preprocessor.
Accepts a single argument, `data`, which is the dictionary of
fields to set on the new instance of the model.
"""
logger.info('`file_preprocessor_post` used for endpoint')
if request.args.get('access_token', '') or \
request.headers.get('Authorization'):
authorization = verify_authorization()
data['created_on'] = datetime.now().isoformat()
data['modified_on'] = datetime.now().isoformat()
data['creator_id'] = authorization.id
data['last_modified_by_id'] = authorization.id
else:
abort(403)
def user_preprocessor_update_many(search_params=None, **kw):
"""Create an User specific PATCH_MANY and PATCH_SINGLE preprocessor.
Accepts two arguments: `search_params`, which is a dictionary
containing the search parameters for the request, and `data`, which
is a dictionary representing the fields to change on the matching
instances and the values to which they will be set.
"""
logger.info('`user_preprocessor_update_many` used for endpoint')
if request.args.get('access_token', '') or \
request.headers.get('Authorization'):
authorization = verify_authorization()
if check_roles('generic', authorization.roles):
logger.warning('User %d %s access failed User '
'UPDATE_MANY' % (authorization.id, 'generic'))
logger.warning('generic role unauthorized to access '
'User UPDATE_MANY')
abort(401)
else:
logger.info('User %d accessed User UPDATE_MANY '
'with no role' % (authorization.id))
abort(403)
else:
logger.info('Anonymous user attempted to access User'
'UPDATE_MANY')
abort(403)
def user_preprocessor_delete_single(instance_id=None, **kw):
"""Create an User specific DELETE_SINGLE preprocessor.
Accepts a single argument, `instance_id`, which is the primary key
of the instance which will be deleted.
"""
logger.info('`user_preprocessor_delete_single` used for endpoint')
if request.args.get('access_token', '') or \
request.headers.get('Authorization'):
authorization = verify_authorization()
if check_roles('generic', authorization.roles) and\
not check_roles('admin', authorization.roles):
logger.warning('User %d %s access failed User '
'DELETE_SINGLE' % (authorization.id, 'generic'))
logger.warning('generic role unauthorized to access '
'User DELETE_SINGLE')
abort(401)
elif check_roles('admin', authorization.roles):
pass
else:
logger.info('User %d accessed User DELETE_SINGLE with '
'no role' % (authorization.id))
abort(403)
else:
logger.info('Anonymous user attempted to access User '
'DELETE_SINGLE')
abort(403)
def user_preprocessor_get_single(instance_id=None, **kw):
"""Create an User specific GET_SINGLE preprocessor.
Accepts a single argument, `instance_id`, the primary key of the
instance of the model to get.
"""
logger.info('`user_preprocessor_get_single` responded to request')
if request.args.get('access_token', '') or \
request.headers.get('Authorization'):
authorization = verify_authorization()
if check_roles('generic', authorization.roles):
logger.warning('User %d %s access failed User GET_SINGLE' %
(authorization.id, 'grantee'))
logger.warning('generic role unauthorized to access '
'User GET_SINGLE')
pass
else:
logger.info('User %d accessed User GET_SINGLE with no'
'role' % (authorization.id))
abort(403)
else:
logger.info('Anonymous user attempted to access User' 'GET_SINGLE')
abort(403)
def user_preprocessor_get_many(search_params=None, **kw):
"""Create an User specific GET_MANY preprocessor.
Accepts a single argument, `search_params`, which is a dictionary
containing the search parameters for the request.
"""
logger.info('`user_preprocessor_get_many` responded to request')
if request.args.get('access_token', '') or \
request.headers.get('Authorization'):
authorization = verify_authorization()
if check_roles('generic', authorization.roles):
logger.warning('User %d %s access failed User GET_MANY' %
(authorization.id, 'generic'))
logger.warning('generic role unauthorized to access '
'User GET_MANY')
pass
else:
logger.info('User %d accessed User GET_MANY with no role' %
(authorization.id))
abort(403)
else:
logger.info('Anonymous user attempted to access User GET_MANY')
abort(403)
