def obj_create(self, bundle, **kwargs): data = bundle.data LOG.info("Creating draw with data: {}".format(data)) for attr in self.FORBIDDEN_ATTRIBUTES: if attr in data: raise exceptions.ImmediateHttpResponse( response=http.HttpBadRequest("{0} is forbidden".format( attr))) try: type_ = data.pop('type') draw = draw_factory.create_draw(type_, data) draw.validate() except KeyError: raise exceptions.ImmediateHttpResponse( response=http.HttpBadRequest("Missing draw type")) except draw_factory.DrawNotRegistered: raise exceptions.ImmediateHttpResponse( response=http.HttpBadRequest("Invalid draw type")) except bom.InvalidDraw as e: raise exceptions.ImmediateHttpResponse( response=http.HttpBadRequest(e.serialize())) draw.owner = bundle.request.user.pk if not draw.is_shared: draw.toss() self._client.save_draw(draw) bundle.obj = draw return bundle
def obj_update(self, bundle, **kwargs): draw_id = kwargs['pk'] try: draw = self._client.retrieve_draw(draw_id) except mongodb.MongoDriver.NotFoundError: raise exceptions.ImmediateHttpResponse( response=http.HttpBadRequest("Draw not found")) if not draw.check_write_access(bundle.request.user): raise exceptions.ImmediateHttpResponse( response=http.HttpUnauthorized("Only the owner can update")) for name, value in bundle.data.items(): if not hasattr(draw, name): continue elif name in self.FROZEN_ATTRIBUTES + self.FORBIDDEN_ATTRIBUTES: if getattr(draw, name) != value: raise exceptions.ImmediateHttpResponse( response=http.HttpBadRequest("{0} is forbidden".format( name))) else: setattr(draw, name, value) try: draw.validate() except bom.InvalidDraw as e: raise exceptions.ImmediateHttpResponse( response=http.HttpBadRequest(e.serialize())) draw.add_audit("DRAW_PARAMETERS") self._client.save_draw(draw) bundle.obj = draw return bundle
def try_draw(self, request, **_): self.method_check(request, allowed=['post']) self.throttle_check(request) try: data = json.loads(request.body) except TypeError: data = json.loads(request.body.decode('utf-8')) try: type_ = data.pop('type') draw = draw_factory.create_draw(type_, data) draw.validate() except KeyError: raise exceptions.ImmediateHttpResponse( response=http.HttpBadRequest("Missing draw type")) except draw_factory.DrawNotRegistered: raise exceptions.ImmediateHttpResponse( response=http.HttpBadRequest("Invalid draw type")) except bom.InvalidDraw as e: raise exceptions.ImmediateHttpResponse( response=http.HttpBadRequest(e.serialize())) self._client.save_draw(draw) result = draw.toss() self.log_throttled_access(request) return self.create_response(request, result)
def _safe_get(self, bundle, **kwargs): filters = self.remove_api_resource_names(kwargs) try: return self.parent.cached_obj_get(bundle=bundle, **filters) except (queryset.DoesNotExist, exceptions.ObjectDoesNotExist): raise tastypie_exceptions.ImmediateHttpResponse(response=http.HttpNotFound())
def obj_get(self, bundle, **kwargs): try: user = self._client.retrieve_user(kwargs['pk']) except mongodb.MongoDriver.NotFoundError: raise exceptions.ImmediateHttpResponse( response=http.HttpNotFound()) else: return user
def apply_filters(self, request, applicable_filters): qs = super(OwnedResource, self).apply_filters(request, applicable_filters) try: qs = qs.for_user(request.user) except NotAuthenticatedError as e: raise exceptions.ImmediateHttpResponse(http.HttpUnauthorized(e)) return qs
def unauthorized_result(self, exception=None, bundle=None): kwargs = {} if bundle: kwargs['content'] = json.dumps({ 'one_time_salt': bundle.request.session['one_time_salt'], }) kwargs['content_type'] = 'application/json' raise exceptions.ImmediateHttpResponse(http.HttpUnauthorized(**kwargs))
def obj_create(self, bundle, **kwargs): bundle.obj = bom.User(_id=bundle.data["email"]) bundle.obj.set_password(bundle.data["password"]) try: self._client.create_user(bundle.obj) except mongodb.MongoDriver.UserExistsError as e: raise exceptions.ImmediateHttpResponse( response=http.HttpConflict(e)) return bundle
def toss(self, request, **kwargs): self.method_check(request, allowed=['post']) self.throttle_check(request) draw_id = kwargs['pk'] try: bom_draw = self._client.retrieve_draw(draw_id) except mongodb.MongoDriver.NotFoundError: raise exceptions.ImmediateHttpResponse( response=http.HttpNotFound()) if not bom_draw.check_write_access(request.user): raise exceptions.ImmediateHttpResponse( response=http.HttpUnauthorized("Only the owner can toss")) result = bom_draw.toss() if bom_draw.is_shared: mail_toss(bom_draw) self._client.save_draw(bom_draw) self.log_throttled_access(request) return self.create_response(request, result)
def obj_update(self, bundle, **kwargs): if bundle.obj.pk != bundle.request.user.pk: raise exceptions.ImmediateHttpResponse( response=http.HttpUnauthorized("An user can only update " "his own details")) for key, value in bundle.data.items(): if key in self.FROZEN_ATTRIBUTES: if getattr(bundle.obj, key, value) != value: raise exceptions.ImmediateHttpResponse( response=http.HttpBadRequest( "Invalid attribute {0}".format(key))) elif key == 'password': bundle.obj.set_password(bundle.data['password']) else: setattr(bundle.obj, key, value) self._client.save_user(bundle.obj) return bundle
def method_check(self, request, allowed=None): if allowed is None: allowed = [] request_method = request.method.lower() allows = ','.join([meth.upper() for meth in allowed]) if request_method == "options": response = http.HttpResponse(allows) response['Allow'] = allows self.add_cors_headers(response) raise exceptions.ImmediateHttpResponse(response=response) if request_method not in allowed: response = tastypie_http.HttpMethodNotAllowed(allows) response['Allow'] = allows raise exceptions.ImmediateHttpResponse(response=response) return request_method
def post_detail(self, request, **kwargs): draw_id = kwargs['pk'] try: draw = self._client.retrieve_draw(draw_id) except mongodb.MongoDriver.NotFoundError: return http.HttpBadRequest("Draw not found") try: data = json.loads(request.body) except TypeError: data = json.loads(request.body.decode('utf-8')) if 'add_user' in data: if not draw.check_write_access(request.user): raise exceptions.ImmediateHttpResponse( response=http.HttpUnauthorized( "Only the owner can add users")) new_users = { str(user) for user in data['add_user'] if '@' in str(user) } new_users = [user for user in new_users if user not in draw.users] draw.users.extend(new_users) self._client.save_draw(draw) invite_user(new_users, draw) if 'remove_user' in data: if not draw.check_write_access(request.user): raise exceptions.ImmediateHttpResponse( response=http.HttpUnauthorized( "Only the owner can remove users")) try: draw.users.remove(str(data['remove_user'])) self._client.save_draw(draw) except ValueError: pass if request.user.is_authenticated( ) and request.user.pk not in draw.users: draw.users.append(request.user.pk) self._client.save_draw(draw) return http.HttpCreated()
def register_in_raffle(self, request, **kwargs): from server.bom.raffle import Participant self.method_check(request, allowed=['post']) self.throttle_check(request) draw_id = kwargs['pk'] try: data = json.loads(request.body) except TypeError: data = json.loads(request.body.decode('utf-8')) try: participant_id = data['participant_id'] participant_name = data['participant_name'] except KeyError: raise exceptions.ImmediateHttpResponse( response=http.HttpBadRequest( "Missing participant_id or participant_name")) participant = Participant(id=participant_id, name=participant_name) try: bom_draw = self._client.retrieve_draw(draw_id) except mongodb.MongoDriver.NotFoundError: raise exceptions.ImmediateHttpResponse( response=http.HttpNotFound("the draw does not exists")) if not isinstance(bom_draw, bom.RaffleDraw): raise exceptions.ImmediateHttpResponse( response=http.HttpBadRequest( "Registration is only available in Raffles")) try: bom_draw.register_participant(participant) except bom.RaffleDraw.RegistrationError as e: raise exceptions.ImmediateHttpResponse( response=http.HttpBadRequest(e)) except bom.RaffleDraw.AlreadyRegisteredError: raise exceptions.ImmediateHttpResponse( response=http.HttpNotModified()) self._client.save_draw(bom_draw) self.log_throttled_access(request) return http.HttpResponse()
def obj_delete(self, bundle, **kwargs): if not bundle.request.user.is_authenticated(): self.unauthorized_result(None) draw_id = kwargs['pk'] try: draw = self._client.retrieve_draw(draw_id) except mongodb.MongoDriver.NotFoundError: raise exceptions.ImmediateHttpResponse( response=http.HttpNotFound()) if bundle.request.user.pk in draw.users: draw.users.remove(bundle.request.user.pk) self._client.save_draw(draw) elif bundle.request.user.pk == draw.owner: draw.owner = None self._client.save_draw(draw)
def schedule_toss(self, request, **kwargs): self.method_check(request, allowed=['post']) self.throttle_check(request) draw_id = kwargs['pk'] try: schedule = kwargs['schedule'] schedule = dateutil.parser.parse(schedule).astimezone(pytz.utc) bom_draw = self._client.retrieve_draw(draw_id) except (ValueError, KeyError): raise exceptions.ImmediateHttpResponse( response=http.HttpBadRequest("Invalid 'schedule'")) except mongodb.MongoDriver.NotFoundError: raise exceptions.ImmediateHttpResponse( response=http.HttpNotFound()) if not bom_draw.check_write_access(request.user): raise exceptions.ImmediateHttpResponse( response=http.HttpUnauthorized( "Only the owner can schedule a toss")) result = bom_draw.timed_toss(schedule) self._client.save_draw(bom_draw) if bom_draw.is_shared: mail_toss(bom_draw) self.log_throttled_access(request) return self.create_response(request, result)
def user_login(self, request, **_): self.method_check(request, allowed=['post']) self.throttle_check(request) try: data = json.loads(request.body) except TypeError: data = json.loads(request.body.decode('utf-8')) email = data.pop('email') password = data.pop('password') user = authenticate(username=email, password=password) if user: if user.is_active: if 'keep-logged' in request.POST: request.session.set_expiry(31556926) # 1 year login(request, user) user = self._client.retrieve_user(user.pk) user.last_login = datetime.datetime.utcnow().replace( tzinfo=pytz.utc) self._client.save_user(user) return self.create_response(request, "User authenticated") else: raise exceptions.ImmediateHttpResponse( response=http.HttpUnauthorized( "The user is not activated")) else: try: self._client.retrieve_user(email) except mongodb.MongoDriver.NotFoundError: raise exceptions.ImmediateHttpResponse( response=http.HttpNotFound( "The email {0} is not registered".format(email))) else: raise exceptions.ImmediateHttpResponse( response=http.HttpUnauthorized("Incorrect password"))
def chat(self, request, **kwargs): self.method_check(request, allowed=['post', 'get']) self.throttle_check(request) draw_id = kwargs['pk'] try: draw = self._client.retrieve_draw(draw_id) # check exists except mongodb.MongoDriver.NotFoundError: raise exceptions.ImmediateHttpResponse( response=http.HttpNotFound()) if request.method == 'POST': try: data = json.loads(request.body) except TypeError: data = json.loads(request.body.decode('utf-8')) try: message = data['message'] if request.user.is_authenticated(): self._client.add_chat_message(draw_id, message, user_id=request.user.pk) else: self._client.add_chat_message( draw_id, message, anonymous_alias=data['anonymous_alias']) except KeyError: raise exceptions.ImmediateHttpResponse( response=http.HttpBadRequest("Missing message or alias")) return self.create_response(request, {}) elif request.method == 'GET': # TODO: return only the list of messages def get_user_details(username): """function to get either the user avatar or an empty string""" try: user = self._client.retrieve_user(username) except Exception: return {} else: return { "user_alias": user.alias, "avatar": user.user_image } try: messages = self._client.retrieve_chat_messages(draw_id) except mongodb.MongoDriver.NotFoundError: messages = [] users = { message["user"] for message in messages if 'user' in message } users_map = {name: get_user_details(name) for name in users} for message in messages: if 'user' in message: message.update(users_map[message["user"]]) return self.create_response( request, { "messages": messages, "enable_chat": draw.enable_chat, "last_updated_time": draw.last_updated_time })