def put(self, instance_id): """ Update a model with data given in the request body. JSON format is expected. Model performs the validation automatically when fields are modified. """ try: data = self.get_arguments() entity = self.get_model_or_404(instance_id) self.check_update_permissions(entity.serialize(), data) extra_data = copy.copy(entity.data) or {} if "data" not in data or data["data"] is None: data["data"] = {} extra_data.update(data["data"]) data["data"] = extra_data previous_version = entity.serialize() data = self.update_data(data, instance_id) if data.get("source_id", None) == "null": data["source_id"] = None is_ready_for_changed = \ str(entity.ready_for) != data.get("ready_for", "") entity.update(data) entity_dict = self.serialize_instance(entity) if shots_service.is_shot(entity_dict): shots_service.clear_shot_cache(entity_dict["id"]) self.save_version_if_needed(entity_dict, previous_version) elif assets_service.is_asset(entity): if is_ready_for_changed: breakdown_service.refresh_casting_stats(entity_dict) assets_service.clear_asset_cache(entity_dict["id"]) elif shots_service.is_sequence(entity_dict): shots_service.clear_sequence_cache(entity_dict["id"]) elif shots_service.is_episode(entity_dict): shots_service.clear_episode_cache(entity_dict["id"]) self.emit_update_event(entity_dict) return entity_dict, 200 except StatementError as exception: current_app.logger.error(str(exception), exc_info=1) return {"error": True, "message": str(exception)}, 400 except TypeError as exception: current_app.logger.error(str(exception), exc_info=1) return {"error": True, "message": str(exception)}, 400 except IntegrityError as exception: current_app.logger.error(str(exception), exc_info=1) return {"error": True, "message": str(exception)}, 400 except StatementError as exception: current_app.logger.error(str(exception), exc_info=1) return {"error": True, "message": str(exception)}, 400 except NotFound as exception: return {"error": True, "message": str(exception)}, 404 except Exception as exception: current_app.logger.error(str(exception), exc_info=1) return {"error": True, "message": str(exception)}, 400
def test_is_asset(self): self.assertTrue(assets_service.is_asset(self.entity)) self.assertFalse(assets_service.is_asset(self.shot))
def check_metadata_department_access(entity, new_data={}): """ Return true if current user is a manager and has a task assigned for this project or is a supervisor and is allowed to modify data accorded to his departments """ is_allowed = False if permissions.has_admin_permissions() or ( permissions.has_manager_permissions() and check_belong_to_project(entity["project_id"]) ): is_allowed = True elif permissions.has_supervisor_permissions() and check_belong_to_project( entity["project_id"] ): # checks that the supervisor only modifies columns # for which he is authorized allowed_columns = set(["data"]) if len(set(new_data.keys()) - allowed_columns) == 0: user_departments = persons_service.get_current_user( relations=True )["departments"] if user_departments == []: is_allowed = True else: entity_type = None if shots_service.is_shot(entity): entity_type = "Shot" elif assets_service.is_asset( entities_service.get_entity_raw(entity["id"]) ): entity_type = "Asset" elif edits_service.is_edit(entity): entity_type = "Edit" if entity_type: descriptors = [ descriptor for descriptor in projects_service.get_metadata_descriptors( entity["project_id"] ) if descriptor["entity_type"] == entity_type ] found_and_in_departments = False for descriptor_name in new_data["data"].keys(): found_and_in_departments = False for descriptor in descriptors: if descriptor["field_name"] == descriptor_name: found_and_in_departments = ( len( set(descriptor["departments"]) & set(user_departments) ) > 0 ) break if not found_and_in_departments: break if found_and_in_departments: is_allowed = True if not is_allowed: raise permissions.PermissionDenied return is_allowed