def get(self, root_node_id): args = self.get_parser.parse_args() max_depth = args['max_depth'] specific_resources_filter = jsonify_argument(args['sections_filter']) or {} annotations_filter = jsonify_argument(args['annotations_filter']) or {} root_node_projection = projection_helper.modified_projection( jsonify_argument(args['root_node_projection']), mandatory_attrs=['_id']) _validate_projection(root_node_projection) specific_resources_projection = projection_helper.modified_projection( jsonify_argument(args['sections_projection']), mandatory_attrs=['_id']) _validate_projection(specific_resources_projection) annotations_projection = projection_helper.modified_projection( jsonify_argument(args['annotations_projection']), mandatory_attrs=['_id']) _validate_projection(annotations_projection) try: tree = objstore_helper.read_tree( g.objstore_colln, root_node_id, max_depth, current_token.user_id, current_token.group_ids, specific_resources_filter=specific_resources_filter, annotations_filter=annotations_filter, root_node_projection=root_node_projection, specific_resources_projection=specific_resources_projection, annotations_projection=annotations_projection ) except ObjModelException as e: return error_response(message=e.message, code=e.http_response_code) return tree
def post(self): if g.current_user_id is None: return error_response(message='not authorized', code=401) current_user_group_ids = [ group['_id'] for group in groups_helper.get_user_groups( g.users_colln, g.current_user_id, groups_projection={"_id": 1}) ] args = self.post_parser.parse_args() client_json = jsonify_argument(args['client_json'], key='client_json') check_argument_type(client_json, (dict, ), key='client_json') client_type = args['client_type'] try: new_client_id = clients_helper.create_new_client( g.oauth_colln, client_json, client_type, g.current_user_id, current_user_group_ids, initial_agents=None) except ObjModelException as e: return error_response(message=e.message, code=e.http_response_code) except ValidationError as e: return error_response(message='invalid schema for client_json', code=403, details={"error": str(e)}) new_client_json = g.oauth_colln.find_one({"_id": new_client_id}) if not jsonify_argument(args['marshal_to_google_structure']): return new_client_json return marshal_to_google_structure(new_client_json)
def delete(self, agent_id): if not current_token.user_id: return error_response(message='not authorized', code=401) args = self.post_parser.parse_args() actions = jsonify_argument(args.get('actions'), key='actions') check_argument_type(actions, (list, ), key='actions') user_ids = jsonify_argument(args.get('user_ids', None), key='user_ids') or [] check_argument_type(user_ids, (list, ), key='user_ids') group_ids = jsonify_argument(args.get('group_ids', None), key='group_ids') or [] check_argument_type(group_ids, (list, ), key='group_ids') try: objstore_helper.remove_from_permissions_agent_set( g.users_colln, agent_id, current_token.user_id, current_token.group_ids, actions, args['agents_set_name'], user_ids=user_ids, group_ids=group_ids) except ObjModelException as e: return error_response(message=e.message, code=e.http_response_code) agent_json = g.users_colln.get(agent_id, projection={"permissions": 1}) agent_permissions = agent_json['permissions'] return agent_permissions
def post(self): args = self.post_parser.parse_args() if g.current_user_id: return error_response(message='you are already registered', code=403) user_json = jsonify_argument(args['user_json'], key='user_json') # type: dict check_argument_type(user_json, (dict, ), key='user_json') return_projection = jsonify_argument(args.get('return_projection', None), key='return_projection') check_argument_type(return_projection, (dict, ), key='return_projection', allow_none=True) _validate_projection(return_projection) return_projection = projection_helper.modified_projection( return_projection, mandatory_attrs=['_id', 'jsonClass']) try: new_user_id = users_helper.create_new_user( g.users_colln, user_json, initial_agents=g.initial_agents) except ObjModelException as e: return error_response(message=e.message, code=e.http_response_code) except ValidationError as e: return error_response(message='invalid schema for user_json', code=403, details={"error": str(e)}) new_user_json = g.users_colln.get(new_user_id, projection=return_projection) return new_user_json
def post(self, group_identifier): args = self.get_parser.parse_args() identifier_type = args.get('identifier_type', '_id') group_selector_doc = self._group_selector_doc(group_identifier, identifier_type) update_doc = jsonify_argument(args['update_doc'], key='update_doc') check_argument_type(update_doc, (dict, ), key='update_doc') if 'jsonClass' not in update_doc: update_doc['jsonClass'] = 'UsersGroup' if update_doc['jsonClass'] != 'UsersGroup': return error_response(message='invalid jsonClass', code=403) if identifier_type == '_id': update_doc.pop('groupName', None) if update_doc['_id'] != group_identifier: return error_response(message='invalid user_id', code=403) else: group_id = groups_helper.get_group_id(g.users_colln, group_identifier) if not group_id: return error_response(message='no group with group_name {}'. format(group_identifier)) update_doc['_id'] = group_id return_projection = jsonify_argument(args.get('return_projection', None), key='return_projection') check_argument_type(return_projection, (dict, ), key='return_projection', allow_none=True) _validate_projection(return_projection) return_projection = projection_helper.modified_projection( return_projection, mandatory_attrs=['_id', 'jsonClass']) try: group_update = JsonObject.make_from_dict(update_doc) updated_group_id = objstore_helper.update_resource( g.users_colln, group_update.to_json_map(), current_token.user_id, current_token.group_ids, not_allowed_attributes=['members', 'groupName']) if updated_group_id is None: raise ObjModelException('group not exist', 404) except ObjModelException as e: return error_response(message=e.message, code=e.http_response_code) except ValueError as e: return error_response(message='schema validation error', code=403, details={"error": str(e)}) group_json = g.users_colln.find_one(group_selector_doc, projection=return_projection) return group_json
def get_requested_agents(args, colln, user_id, group_ids, filter_doc=None): selector_doc = jsonify_argument(args.get('selector_doc', None), key='selector_doc') or {} check_argument_type(selector_doc, (dict, ), key='selector_doc') if filter_doc is not None: selector_doc.update(filter_doc) projection = jsonify_argument(args.get('projection', None), key='projection') check_argument_type(projection, (dict, ), key='projection', allow_none=True) _validate_projection(projection) projection = projection_helper.modified_projection( projection, mandatory_attrs=["_id", "jsonClass"]) lrs_request_doc = jsonify_argument(args.get('linked_resources', None), 'linked_resources') check_argument_type(lrs_request_doc, (dict, ), key='linked_resources', allow_none=True) sort_doc = jsonify_argument(args.get('sort_doc', None), key='sort_doc') check_argument_type(sort_doc, (dict, list), key='sort_doc', allow_none=True) ops = OrderedDict() if sort_doc is not None: ops['sort'] = [sort_doc] if args.get('start', None) is not None and args.get('count', None) is not None: ops['skip'] = [args['start']] ops['limit'] = [args['count']] try: resource_repr_jsons = objstore_helper.get_read_permitted_resource_jsons( colln, user_id, group_ids, selector_doc, projection=projection, ops=ops) except (TypeError, ValueError): error = error_response(message='arguments to operations seems invalid', code=400) abort_with_error_response(error) if lrs_request_doc is not None: # noinspection PyUnboundLocalVariable for rj in resource_repr_jsons: linked_resources = objstore_helper.get_linked_resource_ids( colln, rj['_id'], lrs_request_doc) rj['linked_resources'] = linked_resources return resource_repr_jsons
def post(self, user_id): ''' if not current_token.user_id: return error_response(message='not authorized', code=401) ''' args = self.post_parser.parse_args() user_selector_doc = users_helper.get_user_selector_doc(_id=user_id) update_doc = jsonify_argument(args['update_doc'], key='update_doc') check_argument_type(update_doc, (dict, ), key='update_doc') if '_id' not in update_doc: update_doc['_id'] = user_id if 'jsonClass' not in update_doc: update_doc['jsonClass'] = 'User' if update_doc['_id'] != user_id: return error_response(message='invalid user_id', code=403) if update_doc['jsonClass'] != 'User': return error_response(message='invalid jsonClass', code=403) return_projection = jsonify_argument(args.get('return_projection', None), key='return_projection') check_argument_type(return_projection, (dict, ), key='return_projection', allow_none=True) _validate_projection(return_projection) return_projection = projection_helper.modified_projection( return_projection, mandatory_attrs=['_id', 'jsonClass']) try: user_update = JsonObject.make_from_dict(update_doc) updated_user_id = objstore_helper.update_resource( g.users_colln, user_update.to_json_map(), current_token.user_id, current_token.group_ids, not_allowed_attributes=[ 'hashedPassword', 'externalAuthentications', 'password' ]) if updated_user_id is None: raise ObjModelException('user not exist', 404) except ObjModelException as e: return error_response(message=e.message, code=e.http_response_code) except (ValueError, ValidationError, TypeError) as e: return error_response(message='schema validation error', code=403, details={"error": str(e)}) user_json = g.users_colln.find_one(user_selector_doc, projection=return_projection) return user_json
def get(self, user_id): args = self.get_parser.parse_args() user_selector_doc = users_helper.get_user_selector_doc(_id=user_id) projection = jsonify_argument(args.get('projection', None), key='projection') check_argument_type(projection, (dict, ), key='projection', allow_none=True) _validate_projection(projection) projection = projection_helper.modified_projection( projection, mandatory_attrs=["_id", "jsonClass"]) user = JsonObject.make_from_dict( g.users_colln.find_one(user_selector_doc, projection=None)) if user is None: return error_response(message='user not found', code=404) if not PermissionResolver.resolve_permission( user, ObjectPermissions.READ, current_token.user_id, current_token.group_ids, g.users_colln): return error_response(message='permission denied', code=403) user_json = user.to_json_map() projected_user_json = users_helper.project_user_json( user_json, projection=projection) return projected_user_json
def get(self): args = self.get_parser.parse_args() projection = jsonify_argument(args.get('projection', None), key='projection') check_argument_type(projection, (dict, ), key='projection', allow_none=True) _validate_projection(projection) projection = projection_helper.modified_projection( projection, mandatory_attrs=["_id", "jsonClass"]) args_copy = args.copy() args_copy.pop('projection', None) user_jsons = get_requested_agents(args_copy, g.users_colln, current_token.user_id, current_token.group_ids, filter_doc={"jsonClass": "User"}) projected_user_jsons = [ users_helper.project_user_json(uj, projection=projection) for uj in user_jsons ] return projected_user_jsons
def get(self, provider_name): args = self.get_parser.parse_args() state = jsonify_argument(args.get('state', None), key='state') check_argument_type(state, (dict, ), key='state') oauth_client = get_oauth_client(provider_name, client_name=state.get( 'provider_client_name', None)) # type: OAuthClient if not oauth_client: return error_response( message= 'currently oauth provider "{}" not supported. or client_name is invalid' .format(provider_name), code=400) auth_code = oauth_client.extract_auth_code() callback_url = api.url_for(OauthCallback, provider_name=provider_name, _external=True) access_token_response = oauth_client.exchange_code_for_access_token( auth_code, registered_callback_url=callback_url) redirect_furl = furl(state.get('client_callback_url', None)) redirect_furl.args.update(access_token_response) return redirect_js_response(redirect_furl.url, message_if_none='error', message_if_invalid='error')
def delete(self, group_identifier): args = self.delete_parser.parse_args() identifier_type = args.get('identifier_type', '_id') # noinspection PyProtectedMember group_selector_doc = GroupResource._group_selector_doc( group_identifier, identifier_type) user_ids = jsonify_argument(args['member_ids'], key='member_ids') check_argument_type(user_ids, (list, ), key='member_ids') for user_id in user_ids: if not isinstance(user_id, six.string_types): return error_response(message='invalid user_ids', code=400) try: # noinspection PyUnusedLocal modified_count = groups_helper.remove_users_from_group( g.users_colln, group_selector_doc, user_ids, current_token.user_id, current_token.group_ids) except ObjModelException as e: return error_response(message=e.message, code=e.http_response_code) member_ids = g.users_colln.find_one(group_selector_doc, projection={ "members": 1 }).get('members', []) return member_ids
def get(self, group_identifier): args = self.get_parser.parse_args() identifier_type = args.get('identifier_type', '_id') group_selector_doc = self._group_selector_doc(group_identifier, identifier_type) projection = jsonify_argument(args.get('projection', None), key='projection') check_argument_type(projection, (dict, ), key='projection', allow_none=True) _validate_projection(projection) projection = projection_helper.modified_projection( projection, mandatory_attrs=["_id", "jsonClass"]) group = JsonObject.make_from_dict( g.users_colln.find_one(group_selector_doc, projection=None)) if group is None: return error_response(message='group not found', code=404) if not PermissionResolver.resolve_permission( group, ObjectPermissions.READ, current_token.user_id, current_token.group_ids, g.users_colln): return error_response(message='permission denied', code=403) group_json = group.to_json_map() projected_group_json = projection_helper.project_doc( group_json, projection) return projected_group_json
def get(self, agent_id): if not current_token.user_id: return error_response( message='request should be on behalf of a user', code=400) args = self.get_parser.parse_args() actions = jsonify_argument(args.get( 'actions', None), key='actions') or list(ObjectPermissions.ACTIONS) check_argument_type(actions, (list, ), key='actions') agent = objstore_helper.get_resource(g.users_colln, agent_id, projection=None) if not agent: return error_response(message='resource not found', code=404) resolved_permissions = dict( (action, PermissionResolver.resolve_permission(agent, action, current_token.user_id, current_token.group_ids, g.users_colln, true_if_none=False)) for action in actions) return resolved_permissions
def delete(self): args = self.delete_parser.parse_args() resource_ids = jsonify_argument(args['resource_ids']) check_argument_type(resource_ids, (list, )) ids_validity = False not in [ isinstance(_id, str) for _id in resource_ids ] if not ids_validity: return error_response(message='ids should be strings', code=404) delete_report = [] for resource_id in resource_ids: deleted, deleted_res_ids = objstore_helper.delete_tree( g.registry_colln, resource_id, current_token.user_id, current_token.group_ids) delete_report.append({ "deleted": deleted, "deleted_resource_ids": deleted_res_ids }) return delete_report
def post(self): user_id = resolve_user_id() group_ids = [ group['_id'] for group in groups_helper.get_user_groups( g.users_colln, user_id, groups_projection={"_id": 1}) ] args = self.post_parser.parse_args() update_doc = jsonify_argument(args['update_doc'], key='update_doc') check_argument_type(update_doc, (dict,), key='update_doc') if '_id' not in update_doc: update_doc['_id'] = user_id if 'jsonClass' not in update_doc: update_doc['jsonClass'] = 'User' if update_doc['_id'] != user_id: return error_response(message='invalid _id', code=403) if update_doc['jsonClass'] != 'User': return error_response(message='invalid jsonClass', code=403) if 'password' in update_doc: update_doc['hashedPassword'] = bcrypt.hashpw( update_doc['password'].encode('utf-8'), bcrypt.gensalt()).decode('utf-8') update_doc.pop('password') return_projection = jsonify_argument(args.get('return_projection', None), key='return_projection') check_argument_type(return_projection, (dict,), key='return_projection', allow_none=True) _validate_projection(return_projection) return_projection = projection_helper.modified_projection( return_projection, mandatory_attrs=['_id', 'jsonClass']) try: user_update = JsonObject.make_from_dict(update_doc) updated_user_id = objstore_helper.update_resource( g.users_colln, user_update.to_json_map(), user_id, group_ids, not_allowed_attributes=('externalAuthentications', 'password')) if updated_user_id is None: raise ObjModelException('user not exist', 404) except ObjModelException as e: return error_response(message=e.message, code=e.http_response_code) except ValueError as e: return error_response(message='schema validation error', code=403, details={"error": str(e)}) user_json = g.users_colln.get(user_id, projection=return_projection) return user_json
def post(self, agent_id): args = self.post_parser.parse_args() actions = jsonify_argument(args.get('actions'), key='actions') check_argument_type(actions, (list, ), key='actions') user_ids = jsonify_argument(args.get('user_ids', None), key='user_ids') or [] check_argument_type(user_ids, (list, ), key='user_ids') group_ids = jsonify_argument(args.get('group_ids', None), key='group_ids') or [] check_argument_type(group_ids, (list, ), key='group_ids') def get_user_fn(user_id, projection=None): return users_helper.get_user( g.users_colln, users_helper.get_user_selector_doc(_id=user_id), projection=projection) def get_group_fn(group_id, projection=None): return groups_helper.get_group( g.users_colln, groups_helper.get_group_selector_doc(_id=group_id), projection=projection) try: objstore_helper.add_to_permissions_agent_set( g.users_colln, agent_id, current_token.user_id, current_token.group_ids, actions, args['agents_set_name'], get_user_fn, get_group_fn, user_ids=user_ids, group_ids=group_ids) except ObjModelException as e: return error_response(message=e.message, code=e.http_response_code) resource_json = g.users_colln.get(agent_id, projection={"permissions": 1}) resource_permissions = resource_json['permissions'] return resource_permissions
def get(self, resource_id): args = self.get_parser.parse_args() filter_doc = jsonify_argument(args['filter_doc'], key='filter_doc') or {} check_argument_type(filter_doc, (dict,), key='filter_doc') selector_doc = objstore_helper.annotations_selector_doc(resource_id, custom_filter_doc=filter_doc) args['selector_doc'] = json.dumps(selector_doc) return get_requested_resource_jsons(args)
def post(self): args = self.post_parser.parse_args() service_json = jsonify_argument(args['service_json'], key='service_json') check_argument_type(service_json, (dict, )) if service_json.get('jsonClass', None) != VedavaapiService.json_class: return error_response(message='invalid jsonClass', code=400) if 'source' not in service_json: service_json['source'] = g.registry_resource_id if service_json['source'] != g.registry_resource_id: return error_response(message='invalid service', code=403) return_projection = jsonify_argument( args.get('return_projection', None), key='return_projection') or { "permissions": 0 } try: projection_helper.validate_projection(return_projection) except ObjModelException as e: return error_response(message=e.message, code=e.http_response_code) try: service_id = objstore_helper.create_or_update( g.registry_colln, service_json, current_token.user_id, current_token.group_ids, initial_agents=get_initial_agents(), non_updatable_attributes=['service_name']) except ObjModelException as e: return error_response(message=e.message, code=e.http_response_code) except ValidationError as e: return error_response(message='schema validation error', code=400, details={"error": str(e)}) updated_service_json = g.registry_colln.find_one( {"_id": service_id}, projection=return_projection) return updated_service_json
def get(self): if g.current_user_id is None: return error_response(message='not authorized', code=401) args = self.get_parser.parse_args() projection = jsonify_argument(args.get('projection', None), key='projection') try: projection_helper.validate_projection(projection) except ObjModelException as e: return error_response(message=e.message, code=e.http_response_code) clients_selector_doc = { "jsonClass": "OAuth2Client", "user_id": g.current_user_id } client_jsons = (g.oauth_colln.find(clients_selector_doc, projection=projection)) print(args['marshal_to_google_structure']) if not jsonify_argument(args['marshal_to_google_structure']): return client_jsons return [marshal_to_google_structure(cj) for cj in client_jsons]
def post(self): args = self.post_parser.parse_args() root_node_return_projection = projection_helper.modified_projection( jsonify_argument(args['root_node_return_projection']), mandatory_attrs=['_id']) _validate_projection(root_node_return_projection) specific_resources_return_projection = projection_helper.modified_projection( jsonify_argument(args['sections_return_projection']), mandatory_attrs=['_id']) _validate_projection(specific_resources_return_projection) annotations_return_projection = projection_helper.modified_projection( jsonify_argument(args['annotations_return_projection']), mandatory_attrs=['_id']) _validate_projection(annotations_return_projection) trees = jsonify_argument(args['trees'], key='trees') check_argument_type(trees, (list,), key='trees') result_trees = [] try: for i, tree in enumerate(trees): result_tree = objstore_helper.update_tree( g.objstore_colln, current_token.user_id, current_token.group_ids, tree, 'tree{}'.format(i), None, root_node_return_projection=root_node_return_projection, specific_resources_return_projection=specific_resources_return_projection, annotations_return_projection=annotations_return_projection, initial_agents=g.initial_agents) result_trees.append(result_tree) except objstore_helper.TreeValidationError as e: return error_response( message="error in posting tree", code=e.http_status_code, invalid_node_path=e.invalid_node_path, invalid_node_json=e.invalid_node_json, error=str(e.error), succeded_trees=result_trees ) except (ValidationError, TypeError) as e: return error_response(message='schema validation error', error=str(e), code=400) return result_trees
def get(self): user_id = resolve_user_id() args = self.get_parser.parse_args() projection = jsonify_argument(args.get('projection', None), key='projection') check_argument_type(projection, (dict,), key='projection', allow_none=True) _validate_projection(projection) projection = projection_helper.modified_projection(projection, mandatory_attrs=["_id", "jsonClass"]) current_user_json = g.users_colln.find_one( users_helper.get_user_selector_doc(_id=user_id), projection=projection) if current_user_json is None: sign_out_user(g.current_org_name) return error_response(message='not authorized', code=401) return current_user_json, 200
def get(self): user_id = resolve_user_id() args = self.get_parser.parse_args() groups_projection = jsonify_argument(args.get('groups_projection', None), key='groups_projection') check_argument_type(groups_projection, (dict, ), allow_none=True) _validate_projection(groups_projection) user_group_jsons = groups_helper.get_user_groups(g.users_colln, user_id, groups_projection=None) for group_json in user_group_jsons: projection_helper.project_doc(group_json, groups_projection, in_place=True) return user_group_jsons, 200
def get(self): args = self.get_parser.parse_args() filter_doc = jsonify_argument(args.get('filter_doc', None), key='filter_doc') or {} check_argument_type(filter_doc, (dict, ), key='filter_doc') projection = jsonify_argument(args.get('projection', None), key='projection') or { "permissions": 0 } try: projection_helper.validate_projection(projection) except ObjModelException as e: return error_response(message=e.message, code=e.http_response_code) selector_doc = filter_doc.copy() selector_doc.update({"jsonClass": VedavaapiService.json_class}) try: service_jsons = objstore_helper.get_read_permitted_resource_jsons( g.registry_colln, current_token.user_id, current_token.group_ids, selector_doc) except ObjModelException as e: return error_response(message=e.message, code=e.http_response_code) services_map = {} for service_json in service_jsons: service_name = service_json['service_name'] if service_name not in services_map: services_map[service_name] = [] projected_service_json = projection_helper.project_doc( service_json, projection) services_map[service_name].append(projected_service_json) return services_map
def get(self, user_id): ''' if not current_token.user_id: return error_response() ''' args = self.get_parser.parse_args() user_selector_doc = users_helper.get_user_selector_doc(_id=user_id) groups_projection = jsonify_argument(args.get('groups_projection', None), key='groups_projection') check_argument_type(groups_projection, (dict, ), allow_none=True) _validate_projection(groups_projection) user_json = g.users_colln.find_one(user_selector_doc, projection={ "_id": 1, "permissions": 1 }) if not user_json: return error_response(message='user not found', code=404) if not PermissionResolver.resolve_permission( user_json, ObjectPermissions.READ, current_token.user_id, current_token.group_ids, g.users_colln): return error_response(message='permission denied', code=403) user_group_jsons = groups_helper.get_user_groups( g.users_colln, user_id, groups_projection=None) permitted_user_group_jsons = [] for group_json in user_group_jsons: if PermissionResolver.resolve_permission(group_json, ObjectPermissions.READ, current_token.user_id, current_token.group_ids, g.users_colln): projection_helper.project_doc(group_json, groups_projection, in_place=True) permitted_user_group_jsons.append(group_json) return permitted_user_group_jsons, 200