def complete_export(export_id, file_path): export = Export.by_id(export_id) file_path = ensure_path(file_path) export.file_name = safe_filename(file_path) export.file_size = file_path.stat().st_size export.content_hash = checksum(file_path) try: archive.archive_file(file_path, content_hash=export.content_hash, mime_type=export.mime_type) export.set_status(status=Status.SUCCESS) except Exception: log.exception("Failed to upload export: %s", export) export.set_status(status=Status.FAILED) db.session.commit() params = {"export": export} role = Role.by_id(export.creator_id) log.info("Export [%r] complete: %s", export, export.status) publish( Events.COMPLETE_EXPORT, params=params, channels=[role], ) send_export_notification(export)
def create(): require(request.authz.logged_in) data = parse_request(CollectionSchema) role = Role.by_id(request.authz.id) collection = create_collection(data, role=role) refresh_index(collections_index()) return view(collection.id)
def index(): """ --- get: summary: Get notifications description: Get all the notifications for the user responses: '200': content: application/json: schema: type: object allOf: - $ref: '#/components/schemas/QueryResponse' properties: results: type: array items: $ref: '#/components/schemas/Notification' description: OK tags: - Notification """ require(request.authz.logged_in) role = Role.by_id(request.authz.id) query = Notification.by_channels(get_role_channels(role), role) result = DatabaseQueryResult(request, query) return NotificationSerializer.jsonify_result(result)
def mark_read(): """ --- delete: summary: Clear notifications description: Delete all notification for the user responses: '202': content: application/json: schema: properties: status: description: ok type: string type: object description: Accepted tags: - Notification """ require(request.authz.logged_in) role = Role.by_id(request.authz.id) role.notified_at = datetime.utcnow() db.session.commit() return jsonify({'status': 'ok'}, status=202)
def check_alerts(): """Go through all users and execute their alerts.""" for role_id, in Role.notifiable(): with current_app.test_request_context('/'): role = Role.by_id(role_id) authz = Authz(role=role) check_role_alerts(authz)
def index(): """ --- get: summary: Get notifications description: Get all the notifications for the user responses: '200': content: application/json: schema: type: object allOf: - $ref: '#/components/schemas/QueryResponse' properties: results: type: array items: $ref: '#/components/schemas/Notification' description: OK tags: - Notification """ require(request.authz.logged_in) role = Role.by_id(request.authz.id) parser = SearchQueryParser(request.args, request.authz) result = get_notifications(role, parser=parser) result = SearchQueryResult(request, parser, result) return NotificationSerializer.jsonify_result(result)
def index(): require(request.authz.logged_in) role = Role.by_id(request.authz.id) require(role is not None) query = Notification.by_role(role) result = DatabaseQueryResult(request, query, schema=NotificationSchema) return jsonify(result)
def create(): require(request.authz.logged_in) data = parse_request(CollectionSchema) role = Role.by_id(request.authz.id) sync = get_flag('sync') collection = create_collection(data, role=role, sync=sync) return serialize_data(collection, CollectionSchema)
def view(id): authz.require(authz.logged_in()) role = obj_or_404(Role.by_id(id)) data = role.to_dict() if role.id != request.auth_role.id: del data["email"] return jsonify(data)
def create(): require(request.authz.logged_in) data = parse_request(CollectionCreateSchema) role = Role.by_id(request.authz.id) sync = get_flag('sync') collection = create_collection(data, role=role, sync=sync) return CollectionSerializer.jsonify(collection)
def view(id): """Retrieve role details. --- post: summary: Retrieve role details description: > Fetch detailed information about a role that the user is entitled to access, e.g. their own role, or a group they are part of. parameters: - in: path name: id required: true description: role ID schema: type: integer responses: '200': description: OK content: application/json: schema: $ref: '#/components/schemas/Role' tags: - Role """ role = obj_or_404(Role.by_id(id)) require(request.authz.can_read_role(role.id)) return RoleSerializer.jsonify(role)
def view(id): authz.require(authz.logged_in()) role = obj_or_404(Role.by_id(id)) data = role.to_dict() if role.id != request.auth_role.id: del data['email'] return jsonify(data)
def update(id): role = obj_or_404(Role.by_id(id)) authz.require(authz.logged_in()) authz.require(role.id == request.auth_role.id) role.update(request_data()) db.session.add(role) db.session.commit() return jsonify(role)
def index(): require(request.authz.logged_in) role = Role.by_id(request.authz.id) query = Notification.by_channels(get_role_channels(role), since=role.notified_at, exclude_actor_id=role.id) result = DatabaseQueryResult(request, query) return NotificationSerializer.jsonify_result(result)
def create(): require(request.authz.logged_in) data = parse_request(CollectionSchema) role = Role.by_id(request.authz.id) collection = Collection.create(data, role) db.session.commit() update_collection(collection) return view(collection.id)
def view(id): ## XXX seems to let any user get private info on other users? authz.require(authz.logged_in()) role = obj_or_404(Role.by_id(id)) data = role.to_dict() if role.id != request.auth_role.id: del data['email'] return jsonify(data)
def view(id): role = obj_or_404(Role.by_id(id)) request.authz.require(request.authz.logged_in) request.authz.require(check_visible(role)) data = role.to_dict() if role.id == request.authz.role.id: data['email'] = role.email return jsonify(data)
def update(id): role = obj_or_404(Role.by_id(id)) require(request.authz.session_write, role.id == request.authz.id) data = parse_request(schema=RoleSchema) role.update(data) db.session.add(role) db.session.commit() return view(role.id)
def update(id): role = obj_or_404(Role.by_id(id)) require(request.authz.session_write) require(check_editable(role, request.authz)) data = parse_request(RoleSchema) role.update(data) db.session.add(role) db.session.commit() return view(role.id)
def update(id): role = obj_or_404(Role.by_id(id)) require(request.authz.can_write_role(role.id)) data = parse_request(RoleSchema) role.update(data) db.session.add(role) db.session.commit() update_role(role) return RoleSerializer.jsonify(role)
def update(id): role = obj_or_404(Role.by_id(id)) request.authz.require(request.authz.session_write()) request.authz.require(role.id == request.authz.role.id) role.update(request_data()) db.session.add(role) db.session.commit() log_event(request) return jsonify(role)
def update(collection_id): """ --- post: summary: Update permissions for a collection description: > Update permissions for the collection with id `collection_id` parameters: - in: path name: collection_id required: true schema: type: integer requestBody: content: application/json: schema: $ref: '#/components/schemas/PermissionUpdateList' responses: '200': description: OK content: application/json: schema: type: object allOf: - $ref: '#/components/schemas/QueryResponse' properties: results: type: array items: $ref: '#/components/schemas/Permission' tags: - Permission - Collection """ collection = get_db_collection(collection_id, request.authz.WRITE) for permission in parse_request("PermissionUpdateList"): role_obj = ensure_dict(permission.get("role")) role_id = permission.get("role_id", role_obj.get("id")) role = Role.by_id(role_id) if not check_visible(role, request.authz): continue if role.is_public: permission["write"] = False if collection.casefile and role.is_public: permission["read"] = False update_permission( role, collection, permission["read"], permission["write"], editor_id=request.authz.id, ) update_collection(collection) return index(collection_id)
def update(id): role = obj_or_404(Role.by_id(id)) require(request.authz.session_write) require(check_editable(role, request.authz)) data = parse_request(RoleSchema) role.update(data) db.session.add(role) db.session.commit() update_role(role) return RoleSerializer.jsonify(role)
def ingest_complete(collection, role_id=None): """Operations supposed to be performed when an ingest process completes.""" from aleph.logic.collections import collection_url # noqa role = Role.by_id(role_id) if role is not None and not collection.managed: # notify the user that their import is completed. notify_role_template(role, collection.label, 'email/ingest.html', collection=collection, url=collection_url(collection.id))
def check_alerts(): for role_id, in Role.notifiable(): with current_app.test_request_context('/'): role = Role.by_id(role_id) request.auth_role = role request.logged_in = True # FIXME: can't re-gain access to implicit oauth rules. # -> https://github.com/pudo/aleph/issues/14 request.auth_roles = [Role.system(Role.SYSTEM_USER), Role.system(Role.SYSTEM_GUEST), role.id] check_role_alerts(role)
def get_role(role_id): if role_id is None: return key = cache.object_key(Role, role_id) data = cache.get_complex(key) if data is None: role = Role.by_id(role_id) if role is None: return data = role.to_dict() cache.set_complex(key, data, expires=cache.EXPIRE) return data
def ingest_complete(collection, role_id=None): """Operations supposed to be performed when an ingest process completes.""" from aleph.logic.collections import update_collection # noqa update_collection(collection) role = Role.by_id(role_id) if role is not None: # notify the user that their import is completed. url = '%scollections/%s' % (app_url, collection.id) notify_role_template(role, collection.label, 'email/ingest.html', collection=collection, url=url)
def get_role(role_id): if role_id is None: return key = cache.object_key(Role, role_id) data = cache.get_complex(key) if data is None: log.debug("Role [%s]: object cache miss", role_id) role = Role.by_id(role_id) if role is None: return data = role.to_dict() cache.set_complex(key, data, expire=cache.EXPIRE) return data
def load_role(): role = None if 'Authorization' in request.headers: credential = request.headers.get('Authorization') if ' ' in credential: mechanism, credential = credential.split(' ', 1) data = check_token(credential) if data is not None: role = Role.by_id(data.get('id')) else: role = Role.by_api_key(credential) elif 'api_key' in request.args: role = Role.by_api_key(request.args.get('api_key')) request.authz = Authz(role=role)
def update_subscriptions(role_id): role = Role.by_id(role_id, deleted=True) if role is None: return Subscription.unsubscribe(role=role, channel=channel(role)) for group in Role.all_groups(): Subscription.unsubscribe(role=role, channel=channel(group)) if role.deleted_at is None and role.type == Role.USER: Subscription.subscribe(role, channel(role)) Subscription.subscribe(role, Notification.GLOBAL) for group in role.roles: Subscription.subscribe(role, channel(group)) db.session.commit()
def complete_export(export_id, file_path=None): export = Export.by_id(export_id) if file_path: export.set_filepath(file_path) export.publish() db.session.commit() params = {"export": export} role = Role.by_id(export.creator_id) publish( Events.COMPLETE_EXPORT, params=params, channels=[role], ) send_export_notification(export)
def load_role(): request.authz = Authz(role=None) if session.get('user'): role = Role.by_id(session.get('user')) request.authz = Authz(role=role) else: api_key = request.args.get('api_key') if api_key is None: auth_header = request.headers.get('Authorization') or '' if auth_header.lower().startswith('apikey'): api_key = auth_header.split(' ', 1).pop() role = Role.by_api_key(api_key) if role is not None: request.authz = Authz(role=role)
def get_role(role_id): key = cache.object_key(Role, role_id) data = cache.get_complex(key) if data is None: role = Role.by_id(role_id) if role is None: return data = { 'id': role.id, 'name': role.name, 'label': role.label, 'type': role.type } cache.set_complex(key, data, expire=cache.EXPIRE) return data
def update(id): collection = get_db_collection(id, request.authz.WRITE) for permission in parse_request(PermissionSchema, many=True): role_id = permission.get('role_id') role = Role.by_id(role_id) if not check_visible(role, request.authz): continue if role.is_public: permission['write'] = False if collection.casefile and role.is_public: permission['read'] = False update_permission(role, collection, permission['read'], permission['write'], editor_id=request.authz.id) update_collection(collection) return index(id)
def load_role(): request.auth_roles = set([Role.system(Role.SYSTEM_GUEST)]) request.auth_role = None request.logged_in = False if session.get('user'): request.auth_roles.update(session.get('roles', [])) request.auth_role = Role.by_id(session.get('user')) request.logged_in = True else: api_key = request.args.get('api_key') if api_key is None: auth_header = request.headers.get('Authorization') or '' if auth_header.lower().startswith('apikey'): api_key = auth_header.split(' ', 1).pop() role = Role.by_api_key(api_key) if role is None: return request.auth_role = role request.auth_roles.update([Role.system(Role.SYSTEM_USER), role.id]) request.logged_in = True
def view(id): role = obj_or_404(Role.by_id(id)) require(check_editable(role, request.authz)) return RoleSerializer.jsonify(role)
def mark_read(): require(request.authz.logged_in) role = Role.by_id(request.authz.id) role.notified_at = datetime.utcnow() db.session.commit() return jsonify({'status': 'ok'}, status=202)
def view(id): role = obj_or_404(Role.by_id(id)) data = role.to_dict() if role.id != request.auth_role.id: del data['email'] return jsonify(data)