def wrapper(*args, **kwargs): method = 'POST' validate_method((method), self.role_key, self.admin_methods) try: self.lookup() if not self.is_authorized(): raise UnauthorizedError('WOKAPI0009E') model_args = list(self.model_args) request = parse_request() validate_params(request, self, action_name) if action_args is not None: model_args.extend( request[key] if key in request.keys() else None for key in action_args) action_fn = getattr(self.model, model_fn(self, action_name)) action_result = action_fn(*model_args) # log request reqParams = utf8_dict(self.log_args, request) RequestRecord( self.getRequestMessage(method, action_name) % reqParams, app=get_plugin_from_request(), req=method, user=cherrypy.session.get(USER_NAME, 'N/A')).log() if destructive is False or \ ('persistent' in self.info.keys() and self.info['persistent'] is True): return render_fn(self, action_result) except MissingParameter, e: raise cherrypy.HTTPError(400, e.message)
def index(self, *args, **kwargs): params = {} method = validate_method(('GET', 'POST'), self.role_key, self.admin_methods) try: if method == 'GET': params = cherrypy.request.params validate_params(params, self, 'get_list') return self.get(params) elif method == 'POST': params = parse_request() result = self.create(params, *args) # log request reqParams = utf8_dict(self.log_args, params) RequestRecord(self.getRequestMessage(method) % reqParams, app=get_plugin_from_request(), req=method, user=cherrypy.session.get(USER_NAME, 'N/A')).log() return result except InvalidOperation, e: raise cherrypy.HTTPError(400, e.message)
def logout(self): method = 'POST' code = self.getRequestMessage(method, 'logout') params = {'username': cherrypy.session.get(auth.USER_NAME, 'N/A')} msg = WokMessage(code, params).get_text(prepend_code=False) RequestRecord(msg, app=get_plugin_from_request(), req=method, user=params['username']).log() auth.logout() return '{}'
def logout(self): method = 'POST' params = {'username': cherrypy.session.get(auth.USER_NAME, 'N/A')} RequestRecord( self.getRequestMessage(method, 'logout') % params, app=get_plugin_from_request(), req=method, user=params['username'] ).log() auth.logout() return '{}'
def logout(self): method = 'POST' code = self.getRequestMessage(method, 'logout') params = {'username': cherrypy.session.get(auth.USER_NAME, 'N/A')} msg = WokMessage(code, params).get_text(prepend_code=False) ip = cherrypy.request.remote.ip auth.logout() RequestRecord( msg, app='wok', req=method, status=200, user=params['username'], ip=ip ).log() return '{}'
class WokRoot(Root): def __init__(self, model, dev_env=False): super(WokRoot, self).__init__(model, dev_env) self.default_page = 'wok-ui.html' for ident, node in sub_nodes.items(): setattr(self, ident, node(model)) with open(os.path.join(wok_paths.src_dir, 'API.json')) as f: self.api_schema = json.load(f) self.paths = wok_paths self.domain = 'wok' self.messages = messages self.log_map = ROOT_REQUESTS self.extends = None @cherrypy.expose def login(self, *args): try: params = parse_request() username = params['username'] password = params['password'] except KeyError, item: e = MissingParameter('WOKAUTH0003E', {'item': str(item)}) raise cherrypy.HTTPError(400, e.message) try: user_info = auth.login(username, password) except OperationFailed: raise cherrypy.HTTPError(401) finally: method = 'POST' code = self.getRequestMessage(method, 'login') msg = WokMessage(code, params).get_text(prepend_code=False) RequestRecord(msg, app=get_plugin_from_request(), req=method, user=cherrypy.session.get(auth.USER_NAME, 'N/A')).log() return json.dumps(user_info)
def login(self, *args): method = 'POST' code = self.getRequestMessage(method, 'login') app = 'wok' ip = cherrypy.request.remote.ip try: params = parse_request() msg = WokMessage(code, params).get_text(prepend_code=False) username = params['username'] password = params['password'] except KeyError, item: RequestRecord( msg, app=app, req=method, status=400, user='******', ip=ip ).log() e = MissingParameter('WOKAUTH0003E', {'item': str(item)}) raise cherrypy.HTTPError(400, e.message)
raise cherrypy.HTTPError(400, e.message) except InvalidParameter, e: raise cherrypy.HTTPError(400, e.message) except UnauthorizedError, e: raise cherrypy.HTTPError(403, e.message) except NotFoundError, e: raise cherrypy.HTTPError(404, e.message) except OperationFailed, e: raise cherrypy.HTTPError(500, e.message) except WokException, e: raise cherrypy.HTTPError(500, e.message) # log request if method not in LOG_DISABLED_METHODS: RequestRecord(self.getRequestMessage(method) % self.log_args, app=get_plugin_from_request(), req=method, user=cherrypy.session.get(USER_NAME, 'N/A')).log() return result def is_authorized(self): user_name = cherrypy.session.get(USER_NAME, '') user_groups = cherrypy.session.get(USER_GROUPS, []) user_role = cherrypy.session.get(USER_ROLES, {}).get(self.role_key) users = self.data.get("users", None) groups = self.data.get("groups", None) if (users is None and groups is None) or user_role == 'admin': return True
).log() e = MissingParameter('WOKAUTH0003E', {'item': str(item)}) raise cherrypy.HTTPError(400, e.message) try: status = 200 user_info = auth.login(username, password) except cherrypy.HTTPError, e: status = e.status raise finally: RequestRecord( msg, app=app, req=method, status=status, user='******', ip=ip ).log() return json.dumps(user_info) @cherrypy.expose def logout(self): method = 'POST' code = self.getRequestMessage(method, 'logout') params = {'username': cherrypy.session.get(auth.USER_NAME, 'N/A')} msg = WokMessage(code, params).get_text(prepend_code=False) ip = cherrypy.request.remote.ip auth.logout()
except UnauthorizedError, e: raise cherrypy.HTTPError(403, e.message) except NotFoundError, e: raise cherrypy.HTTPError(404, e.message) except OperationFailed, e: raise cherrypy.HTTPError(500, e.message) except WokException, e: raise cherrypy.HTTPError(500, e.message) # log request if method not in LOG_DISABLED_METHODS: code = self.getRequestMessage(method) msg = WokMessage(code, self.log_args).get_text(prepend_code=False) RequestRecord( msg, app=get_plugin_from_request(), req=method, user=cherrypy.session.get(USER_NAME, 'N/A') ).log() return result def is_authorized(self): user_name = cherrypy.session.get(USER_NAME, '') user_groups = cherrypy.session.get(USER_GROUPS, []) user_role = cherrypy.session.get(USER_ROLES, {}).get(self.role_key) users = self.data.get("users", None) groups = self.data.get("groups", None) if (users is None and groups is None) or user_role == 'admin': return True
self.info['persistent'] is True): result = render_fn(self, action_result) status = cherrypy.response.status return result except WokException, e: status = e.getHttpStatusCode() raise cherrypy.HTTPError(status, e.message) finally: # log request code = self.getRequestMessage(method, action_name) reqParams = utf8_dict(self.log_args, request) msg = WokMessage(code, reqParams).get_text(prepend_code=False) RequestRecord( msg, app=get_plugin_from_request(), req=method, status=status, user=cherrypy.session.get(USER_NAME, 'N/A'), ip=cherrypy.request.remote.ip ).log() wrapper.__name__ = action_name wrapper.exposed = True return wrapper def lookup(self): try: lookup = getattr(self.model, model_fn(self, 'lookup')) self.info = lookup(*self.model_args) except AttributeError: self.info = {}