コード例 #1
0
def test_prepare_for_db():
    """Confirm that the data is correctly prepared."""
    expected = {
        "description": "<br />",
        "tags": ["testing"],
    }
    indata = {"description": "<br />", "tags": ["testing"]}
    assert utils.prepare_for_db(indata) == expected
コード例 #2
0
def update_order(identifier: str):  # pylint: disable=too-many-branches
    """
    Update an existing order.

    Args:
        identifier (str): Order uuid.

    Returns:
        flask.Response: Status code of the request.
    """
    order = utils.req_get_entry("orders", identifier)
    if not order:
        flask.abort(status=404)

    # permission check
    if (not utils.req_has_permission("DATA_MANAGEMENT")
            and flask.g.current_user["_id"] not in order["editors"]):
        flask.abort(status=403)

    jsondata = flask.request.json
    if not jsondata or "order" not in jsondata or not isinstance(
            jsondata["order"], dict):
        flask.abort(status=400)
    indata = jsondata["order"]

    validation = utils.basic_check_indata(indata, order, ["_id", "datasets"])
    if not validation.result:
        flask.abort(status=validation.status)

    # DATA_EDIT may not delete itself from editors
    if (not utils.req_has_permission("DATA_MANAGEMENT")
            and indata.get("editors")
            and str(flask.g.current_user["_id"]) not in indata["editors"]):
        flask.abort(status=400)

    # convert all incoming uuids to uuid.UUID
    indata = utils.prepare_for_db(indata)

    is_different = False
    for field in indata:
        if indata[field] != order[field]:
            is_different = True
            break

    order.update(indata)

    if indata and is_different:
        result = utils.req_commit_to_db("orders", "edit", order)
        if not result.log or not result.data:
            flask.abort(status=500)

    return flask.Response(status=200)
コード例 #3
0
def add_dataset(identifier: str):  # pylint: disable=too-many-branches
    """
    Add a dataset to the given order.

    Args:
        identifier (str): The order to add the dataset to.
    """
    order = utils.req_get_entry("orders", identifier)
    if not order:
        flask.abort(status=404)

    if (not utils.req_has_permission("DATA_MANAGEMENT")
            and flask.g.current_user["_id"] not in order["editors"]):
        flask.abort(status=403)

    new_dataset = structure.dataset()

    jsondata = flask.request.json
    if not jsondata or "dataset" not in jsondata or not isinstance(
            jsondata["dataset"], dict):
        flask.abort(status=400)
    indata = jsondata["dataset"]

    validation = utils.basic_check_indata(indata, new_dataset, ["_id"])
    if not validation.result:
        flask.abort(status=validation.status)

    indata = utils.prepare_for_db(indata)

    new_dataset.update(indata)

    ds_result = utils.req_commit_to_db("datasets", "add", new_dataset)
    if not ds_result.log or not ds_result.data:
        flask.abort(status=500)

    order_result = flask.g.db["orders"].update_one(
        {"_id": order["_id"]}, {"$push": {
            "datasets": new_dataset["_id"]
        }})
    if not order_result.acknowledged:
        flask.current_app.logger.error("Failed to add dataset %s to order %s",
                                       new_dataset["_id"], order["_id"])
        flask.abort(status=500)
    order["datasets"].append(new_dataset["_id"])
    utils.req_make_log_new(
        data_type="order",
        action="edit",
        comment="Dataset added",
        data=order,
    )

    return utils.response_json({"_id": ds_result.ins_id})
コード例 #4
0
def update_dataset(identifier):
    """
    Update a dataset with new values.

    Args:
        identifier (str): uuid for the wanted dataset

    Returns:
        flask.Response: success: 200, failure: 400
    """
    perm_status = utils.req_check_permissions(["DATA_EDIT"])
    if perm_status != 200:
        flask.abort(status=perm_status)

    dataset = utils.req_get_entry("datasets", identifier)
    if not dataset:
        flask.abort(status=404)
    # permissions
    order = flask.g.db["orders"].find_one({"datasets": dataset["_id"]})
    if (
        not utils.req_has_permission("DATA_MANAGEMENT")
        and flask.g.current_user["_id"] not in order["editors"]
    ):
        flask.abort(status=403)

    jsondata = flask.request.json
    if not jsondata or "dataset" not in jsondata or not isinstance(jsondata["dataset"], dict):
        flask.abort(status=400)
    indata = jsondata["dataset"]

    validation = utils.basic_check_indata(indata, dataset, prohibited=("_id"))
    if not validation.result:
        flask.abort(status=validation.status)

    indata = utils.prepare_for_db(indata)

    is_different = False
    for field in indata:
        if indata[field] != dataset[field]:
            is_different = True
            break

    dataset.update(indata)

    if indata and is_different:
        result = utils.req_commit_to_db("datasets", "edit", dataset)
        if not result.log or not result.data:
            flask.abort(status=500)

    return flask.Response(status=200)
コード例 #5
0
def add_user():
    """
    Add a user.

    Returns:
        flask.Response: Information about the user as json.
    """
    perm_status = utils.req_check_permissions(["USER_ADD"])
    if perm_status != 200:
        flask.abort(status=perm_status)

    new_user = structure.user()
    jsondata = flask.request.json
    if not jsondata.get("user") or not isinstance(jsondata["user"], dict):
        flask.abort(status=400)
    indata = jsondata["user"]

    validation = utils.basic_check_indata(
        indata, new_user, ("_id", "api_key", "api_salt", "auth_ids"))
    if not validation.result:
        flask.abort(status=validation.status)

    indata = utils.prepare_for_db(indata)
    if not indata:
        flask.abort(status=400)

    if "email" not in indata:
        flask.current_app.logger.debug("Email must be set")
        flask.abort(status=400)

    old_user = flask.g.db["users"].find_one({"email": indata["email"]})
    if old_user:
        flask.current_app.logger.debug("User already exists")
        flask.abort(status=400)

    if not utils.req_has_permission(
            "USER_MANAGEMENT") and "permissions" in indata:
        flask.current_app.logger.debug(
            "USER_MANAGEMENT required for permissions")
        flask.abort(403)

    new_user.update(indata)

    new_user["auth_ids"] = [new_user["email"]]

    result = utils.req_commit_to_db("users", "add", new_user)
    if not result.log or not result.data:
        flask.abort(status=500)

    return utils.response_json({"_id": result.ins_id})
コード例 #6
0
def add_collection():
    """
    Add a collection.

    Returns:
        flask.Response: Json structure with the ``_id`` of the collection.
    """
    perm_status = utils.req_check_permissions(["DATA_EDIT"])
    if perm_status != 200:
        flask.abort(status=perm_status)

    # create new collection
    collection = structure.collection()

    jsondata = flask.request.json
    if not jsondata or "collection" not in jsondata or not isinstance(
            jsondata["collection"], dict):
        flask.abort(status=400)
    indata = jsondata["collection"]

    # indata validation
    validation = utils.basic_check_indata(indata,
                                          collection,
                                          prohibited=["_id"])
    if not validation.result:
        flask.abort(status=validation.status)

    if not indata.get("editors"):
        indata["editors"] = [flask.g.current_user["_id"]]
    # add current user if missing and only DATA_EDIT
    elif (not utils.req_has_permission("DATA_MANAGEMENT")
          and str(flask.g.current_user["_id"]) not in indata["editors"]):
        indata["editors"].append(flask.g.current_user["_id"])

    indata = utils.prepare_for_db(indata)

    collection.update(indata)

    # add to db
    result = utils.req_commit_to_db("collections", "add", collection)
    if not result.log or not result.data:
        flask.abort(status=500)

    return utils.response_json({"_id": result.ins_id})
コード例 #7
0
def add_order():
    """
    Add an order.

    Returns:
        flask.Response: Json structure with ``_id`` of the added order.
    """
    # create new order
    new_order = structure.order()

    jsondata = flask.request.json
    if not jsondata or "order" not in jsondata or not isinstance(
            jsondata["order"], dict):
        flask.abort(status=400)
    indata = jsondata["order"]

    validation = utils.basic_check_indata(indata, new_order,
                                          ["_id", "datasets"])
    if not validation.result:
        flask.abort(status=validation.status)

    # add current user to editors if no editors are defined
    if not indata.get("editors"):
        indata["editors"] = [flask.g.current_user["_id"]]
    # add current user if missing and only DATA_EDIT
    elif (not utils.req_has_permission("DATA_MANAGEMENT")
          and str(flask.g.current_user["_id"]) not in indata["editors"]):
        indata["editors"].append(flask.g.current_user["_id"])

    # convert all incoming uuids to uuid.UUID
    indata = utils.prepare_for_db(indata)

    new_order.update(indata)

    result = utils.req_commit_to_db("orders", "add", new_order)
    if not result.log or not result.data:
        flask.abort(status=500)

    return utils.response_json({"_id": result.ins_id})
コード例 #8
0
def update_collection(identifier):
    """
    Update a collection.

    Args:
        identifier (str): The collection uuid.

    Returns:
        flask.Response: Status code.
    """
    perm_status = utils.req_check_permissions(["DATA_EDIT"])
    if perm_status != 200:
        flask.abort(status=perm_status)

    collection = utils.req_get_entry("collections", identifier)
    if not collection:
        flask.abort(status=404)

    jsondata = flask.request.json
    if not jsondata or "collection" not in jsondata or not isinstance(
            jsondata["collection"], dict):
        flask.abort(status=400)
    indata = jsondata["collection"]

    # permission check
    if (not utils.req_has_permission("DATA_MANAGEMENT")
            and flask.g.current_user["_id"] not in collection["editors"]):
        flask.current_app.logger.debug(
            "Unauthorized update attempt (collection %s, user %s)",
            collection["_id"],
            flask.g.current_user["_id"],
        )
        flask.abort(status=403)

    # indata validation
    validation = utils.basic_check_indata(indata,
                                          collection,
                                          prohibited=["_id"])
    if not validation.result:
        flask.abort(status=validation.status)

    # DATA_EDIT may not delete itself from editors
    if (not utils.req_has_permission("DATA_MANAGEMENT")
            and indata.get("editors")
            and str(flask.g.current_user["_id"]) not in indata["editors"]):
        flask.abort(status=400)

    indata = utils.prepare_for_db(indata)

    is_different = False
    for field in indata:
        if indata[field] != collection[field]:
            is_different = True
            break

    if indata and is_different:
        collection.update(indata)
        result = utils.req_commit_to_db("collections", "edit", collection)
        if not result.log or not result.data:
            flask.abort(status=500)

    return flask.Response(status=200)