def view(id): """Retrieve role details. --- post: summary: Retrieve role details description: > Fetch detailed information about a role that the user is entitled to access, e.g. their own role, or a group they are part of. parameters: - in: path name: id required: true description: role ID schema: type: integer responses: '200': description: OK content: application/json: schema: $ref: '#/components/schemas/Role' tags: - Role """ role = obj_or_404(Role.by_id(id)) require(request.authz.can_read_role(role.id)) return RoleSerializer.jsonify(role)
def index(): """ --- get: summary: List groups description: >- Get the list of groups the user belongs to. Groups are used for authorization. responses: '200': description: OK content: application/json: schema: type: object allOf: - $ref: '#/components/schemas/QueryResponse' properties: results: type: array items: $ref: '#/components/schemas/Role' tags: - Role """ require(request.authz.logged_in) q = Role.all_groups(request.authz) return jsonify( {"total": q.count(), "results": RoleSerializer().serialize_many(q.all())} )
def create(): require(not request.authz.in_maintenance, settings.PASSWORD_LOGIN) data = parse_request(RoleCreateSchema) try: email = Role.SIGNATURE.loads(data.get('code'), max_age=Role.SIGNATURE_MAX_AGE) except BadSignature: return jsonify({ 'status': 'error', 'message': gettext('Invalid code') }, status=400) role = Role.by_email(email) if role is not None: return jsonify({ 'status': 'error', 'message': gettext('Email is already registered') }, status=409) role = Role.load_or_create( foreign_id='password:{}'.format(email), type=Role.USER, name=data.get('name') or email, email=email ) role.set_password(data.get('password')) db.session.add(role) db.session.commit() update_role(role) # Let the serializer return more info about this user request.authz.id = role.id return RoleSerializer.jsonify(role, status=201)
def create(): require(not request.authz.in_maintenance, settings.PASSWORD_LOGIN) data = parse_request(RoleCreateSchema) try: email = Role.SIGNATURE.loads(data.get('code'), max_age=Role.SIGNATURE_MAX_AGE) except BadSignature: return jsonify({ 'status': 'error', 'message': gettext('Invalid code') }, status=400) role = Role.by_email(email) if role is not None: return jsonify({ 'status': 'error', 'message': gettext('Email is already registered') }, status=409) role = Role.load_or_create( foreign_id='password:{}'.format(email), type=Role.USER, name=data.get('name') or email, email=email ) role.set_password(data.get('password')) db.session.add(role) db.session.commit() update_role(role) # Let the serializer return more info about this user request.authz.id = role.id tag_request(role_id=role.id) return RoleSerializer.jsonify(role, status=201)
def index(): require(request.authz.logged_in) q = Role.all_groups(request.authz) return jsonify({ 'total': q.count(), 'results': RoleSerializer().serialize_many(q.all()) })
def update(id): role = obj_or_404(Role.by_id(id)) require(request.authz.can_write_role(role.id)) data = parse_request(RoleSchema) role.update(data) db.session.add(role) db.session.commit() update_role(role) return RoleSerializer.jsonify(role)
def update(id): role = obj_or_404(Role.by_id(id)) require(request.authz.session_write) require(check_editable(role, request.authz)) data = parse_request(RoleSchema) role.update(data) db.session.add(role) db.session.commit() update_role(role) return RoleSerializer.jsonify(role)
def create(): """Create a user role. --- post: summary: Create a user account description: > Create a user role by supplying the required account details. requestBody: content: application/json: schema: $ref: '#/components/schemas/RoleCreate' responses: '200': description: OK content: application/json: schema: $ref: '#/components/schemas/Role' tags: - Role """ require(settings.PASSWORD_LOGIN) require(not request.authz.in_maintenance) data = parse_request("RoleCreate") try: email = Role.SIGNATURE.loads(data.get("code"), max_age=Role.SIGNATURE_MAX_AGE) except BadSignature: return jsonify({ "status": "error", "message": gettext("Invalid code") }, status=400) role = Role.by_email(email) if role is not None: return jsonify( { "status": "error", "message": gettext("Email is already registered") }, status=409, ) role = create_user(email, data.get("name"), data.get("password")) # Let the serializer return more info about this user request.authz = Authz.from_role(role) tag_request(role_id=role.id) return RoleSerializer.jsonify(role, status=201)
def suggest(): require(request.authz.logged_in) parser = QueryParser(request.args, request.authz, limit=10) if parser.prefix is None or len(parser.prefix) < 3: # Do not return 400 because it's a routine event. return jsonify({ 'status': 'error', 'message': gettext('prefix filter is too short'), 'results': [], 'total': 0 }) # this only returns users, not groups q = Role.by_prefix(parser.prefix, exclude=parser.exclude) result = DatabaseQueryResult(request, q, parser=parser) return RoleSerializer.jsonify_result(result)
def suggest(): require(request.authz.logged_in) parser = QueryParser(request.args, request.authz, limit=10) if parser.prefix is None or len(parser.prefix) < 3: # Do not return 400 because it's a routine event. return jsonify({ 'status': 'error', 'message': gettext('prefix filter is too short'), 'results': [], 'total': 0 }) # this only returns users, not groups q = Role.by_prefix(parser.prefix, exclude=parser.exclude) result = DatabaseQueryResult(request, q, parser=parser) return RoleSerializer.jsonify_result(result)
def update(id): """Change user settings. --- post: summary: Change user settings description: > Update a role to change its display name, or to define a new login password. Users can only update roles they have write access to, i.e. their own. parameters: - in: path name: id required: true description: role ID schema: type: integer requestBody: content: application/json: schema: $ref: '#/components/schemas/RoleUpdate' responses: '200': description: OK content: application/json: schema: $ref: '#/components/schemas/Role' tags: - Role """ role = obj_or_404(Role.by_id(id)) require(request.authz.can_write_role(role.id)) data = parse_request("RoleUpdate") # When changing passwords, check the old password first. # cf. https://github.com/alephdata/aleph/issues/718 if data.get("password"): current_password = data.get("current_password") if not role.check_password(current_password): raise BadRequest(gettext("Incorrect password.")) role.update(data) db.session.add(role) db.session.commit() update_role(role) return RoleSerializer.jsonify(role)
def suggest(): """ --- get: summary: Suggest users matching a search prefix description: >- For a given `prefix`, suggest matching user accounts. For security reasons, the prefix must be more than three characters long. parameters: - in: query name: prefix required: true schema: type: string responses: '200': description: OK content: application/json: schema: type: object allOf: - $ref: '#/components/schemas/QueryResponse' properties: results: type: array items: $ref: '#/components/schemas/Role' tags: - Role """ require(request.authz.logged_in) parser = QueryParser(request.args, request.authz, limit=10) if parser.prefix is None or len(parser.prefix) < 3: # Do not return 400 because it's a routine event. return jsonify({ "status": "error", "message": gettext("prefix filter is too short"), "results": [], "total": 0, }) # this only returns users, not groups exclude = ensure_list(parser.excludes.get("id")) q = Role.by_prefix(parser.prefix, exclude=exclude) result = DatabaseQueryResult(request, q, parser=parser) return RoleSerializer.jsonify_result(result)
def update(id): role = obj_or_404(Role.by_id(id)) require(request.authz.can_write_role(role.id)) data = parse_request(RoleSchema) # When changing passwords, check the old password first. # cf. https://github.com/alephdata/aleph/issues/718 if data.get('password'): current_password = data.get('current_password') if not role.check_password(current_password): raise BadRequest(gettext('Incorrect password.')) role.update(data) db.session.add(role) db.session.commit() update_role(role) return RoleSerializer.jsonify(role)
def statistics(): """Get a summary of the data acessible to the current user.""" enable_cache() collections = request.authz.collections(request.authz.READ) for collection_id in collections: resolver.queue(request, Collection, collection_id) for role_id in request.authz.roles: resolver.queue(request, Role, role_id) resolver.resolve(request) # Summarise stats. This is meant for display, so the counting is a bit # inconsistent between counting all collections, and source collections # only. schemata = defaultdict(int) countries = defaultdict(int) categories = defaultdict(int) for collection_id in collections: data = resolver.get(request, Collection, collection_id) if data is None or data.get('casefile'): continue categories[data.get('category')] += 1 for schema, count in data.get('schemata', {}).items(): schemata[schema] += count for country in data.get('countries', []): countries[country] += 1 # Add a users roles to the home page: groups = [] for role_id in request.authz.roles: data = resolver.get(request, Role, role_id) if data is None or data.get('type') != Role.GROUP: continue groups.append(RoleSerializer().serialize(data)) return jsonify({ 'collections': len(collections), 'schemata': dict(schemata), 'countries': dict(countries), 'categories': dict(categories), 'groups': groups, 'things': sum(schemata.values()), })
def view(id): role = obj_or_404(Role.by_id(id)) require(request.authz.can_read_role(role.id)) return RoleSerializer.jsonify(role)
def view(id): role = obj_or_404(Role.by_id(id)) require(check_editable(role, request.authz)) return RoleSerializer.jsonify(role)
def view(id): role = obj_or_404(Role.by_id(id)) require(check_editable(role, request.authz)) return RoleSerializer.jsonify(role)