def initiate():
authz.require(authz.system_edit())
root = request_data().get("root")
if root is None:
return jsonify({"status": "error", "message": "No root entity provided."}, status=400)
enrich_entity.delay(root, root, request_data().get("spider"))
return jsonify({"status": "ok", "root": root})
def store(root):
authz.require(authz.system_edit())
ctx_data = request_data()
q = Context.by_root(root)
q = q.filter(Context.id == ctx_data.get("id"))
context = q.first()
if context is None:
return jsonify({"status": "failed"}, status=400)
context.update(request_data())
context.active = context.enrich_status == ACCEPTED
context.user = current_user
db.session.commit()
# TODO: task newly activated entities.
return jsonify({"status": "ok"})
def update(id):
authz.require(authz.list_write(id))
lst = obj_or_404(List.by_id(id))
lst.update(request_data(), current_user)
db.session.add(lst)
db.session.commit()
return view(id)
def update(account):
""" Change settings for the logged in user """
require.account.update(current_user)
data = AccountSettings().deserialize(request_data())
# If the passwords don't match we notify the user
if not data['password1'] == data['password2']:
raise colander.Invalid(AccountSettings.password1,
_("Passwords don't match!"))
current_user.fullname = data['fullname']
current_user.email = data['email']
current_user.public_email = data['public_email']
if data['twitter'] is not None:
current_user.twitter_handle = data['twitter'].lstrip('@')
current_user.public_twitter = data['public_twitter']
# If a new password was provided we update it as well
if data['password1'] is not None and len(data['password1']):
current_user.password = generate_password_hash(
data['password1'])
# Do the actual update in the database
db.session.add(current_user)
db.session.commit()
return jsonify(current_user)
def create():
data = EntityForm().deserialize(request_data())
authz.require(data['collection'])
authz.require(authz.collection_write(data['collection'].id))
entity = Entity.create(data, current_user)
db.session.commit()
return view(entity.id)
def trigger_reset():
"""
Allow user to trigger a reset of the password in case they forget it
"""
email = request_data().get('email')
# Simple check to see if the email was provided. Flash error if not
if email is None or not len(email):
return jsonify({
'status': 'error',
'message': _("Please enter an email address!")
}, status=400)
account = Account.by_email(email)
# If no account is found we let the user know that it's not registered
if account is None:
return jsonify({
'status': 'error',
'message': _("No user is registered under this address!")
}, status=400)
# Send the reset link to the email of this account
send_reset_link(account)
return jsonify({
'status': 'ok',
'message': _("You've received an email with a link to reset your "
"password. Please check your inbox.")
})
def register():
""" Perform registration of a new user """
require.account.create()
data = AccountRegister().deserialize(request_data())
# Check if the username already exists, return an error if so
if Account.by_name(data['name']):
raise colander.Invalid(
AccountRegister.name,
_("Login name already exists, please choose a "
"different one"))
# Check if passwords match, return error if not
if not data['password1'] == data['password2']:
raise colander.Invalid(AccountRegister.password1,
_("Passwords don't match!"))
# Create the account
account = Account()
account.name = data['name']
account.fullname = data['fullname']
account.email = data['email']
account.public_email = data['public_email']
account.password = generate_password_hash(data['password1'])
db.session.add(account)
db.session.commit()
# Perform a login for the user
login_user(account, remember=True)
# Registration successful - Redirect to the front page
return jsonify(account)
def create():
data = request_data()
dataset = Dataset.from_form(data)
authz.require(authz.dataset_edit(dataset))
entity = Entity.create(dataset, data, request.account)
db.session.commit()
return redirect(url_for('.view', id=entity.id))
def create():
authz.require(authz.logged_in())
collection = Collection.create(request_data(), request.auth_role)
db.session.commit()
update_collection(collection)
log_event(request)
return view(collection.id)
def reset_password():
user = User.by_email(request_data().get('email'))
if user is None:
message = {'email': 'This email address is not linked to a user.'}
return jsonify({'status': 400, 'errors': message}, status=400)
send_reset_link(user)
return jsonify({'status': 200})
def update(id):
authz.require(authz.source_write(id))
source = obj_or_404(Source.by_id(id))
source.update(request_data())
db.session.add(source)
db.session.commit()
return view(id)
def create():
authz.require(authz.logged_in())
collection = Collection.create(request_data(), request.auth_role)
db.session.commit()
update_collection(collection)
log_event(request)
return view(collection.id)
def update(id):
authz.require(authz.system_edit())
entity = obj_or_404(EntityQuery.by_id(id))
context = Context.create(current_user, {})
entity.update(request_data(), context)
db.session.commit()
return redirect(url_for(".view", id=entity.id))
def create():
data = request_data()
dataset = Dataset.from_form(data)
authz.require(authz.dataset_edit(dataset))
entity = Entity.create(dataset, data, request.account)
db.session.commit()
return redirect(url_for(".view", id=entity.id))
def update(login):
user = obj_or_404(User.by_login(login))
authz.require(user.id == current_user.id)
user.update(request_data())
db.session.add(user)
db.session.commit()
return view(login)
def create():
data = EntityForm().deserialize(request_data())
authz.require(data['collection'])
authz.require(authz.collection_write(data['collection'].id))
entity = Entity.create(data, current_user)
db.session.commit()
return view(entity.id)
def collection_entity_save(collection):
collection = get_collection(collection, authz.WRITE)
data = request_data()
update_operation = 'id' in data
entities = get_loom_config().entities
schema = data.get('$schema')
if update_operation and schema is None:
schema = entities.get_schema(data['id'], right=authz.entity_right())
if schema not in get_loom_config().schemas.values():
raise BadRequest()
# this will raise if it fails:
validate(data, schema)
subject = entities.save(schema,
data,
collection_id=collection.id,
author=request.auth_user,
right=authz.entity_right())
collection_add_entity(collection, subject)
get_loom_indexer().index_one(subject, schema=schema)
entity = entities.get(subject,
schema=schema,
depth=2,
right=authz.entity_right())
return jsonify({
'status': 'ok',
'data': entity
},
status=200 if update_operation else 201)
def update(name):
dataset = get_dataset(name)
require.dataset.update(dataset)
dataset.update(validate_dataset(request_data()))
dataset.touch()
db.session.commit()
return view(name)
def trigger_reset():
"""
Allow user to trigger a reset of the password in case they forget it
"""
email = request_data().get('email')
# Simple check to see if the email was provided. Flash error if not
if email is None or not len(email):
return jsonify(
{
'status': 'error',
'message': _("Please enter an email address!")
},
status=400)
account = Account.by_email(email)
# If no account is found we let the user know that it's not registered
if account is None:
return jsonify(
{
'status': 'error',
'message': _("No user is registered under this address!")
},
status=400)
# Send the reset link to the email of this account
send_reset_link(account)
return jsonify({
'status':
'ok',
'message':
_("You've received an email with a link to reset your "
"password. Please check your inbox.")
})
def store():
authz.require(authz.system_edit())
pairing = Pairing.update(request_data(), current_user)
pairing.apply()
db.session.commit()
generate_pairings.delay()
return jsonify(pairing)
def create():
authz.require(authz.logged_in())
alert = Alert.create(request_data(),
request.auth_role)
db.session.commit()
log_event(request)
return view(alert.id)
def update(login):
user = obj_or_404(User.by_login(login))
authz.require(user.id == current_user.id)
user.update(request_data())
db.session.add(user)
db.session.commit()
return view(login)
def update(account):
""" Change settings for the logged in user """
require.account.update(current_user)
data = AccountSettings().deserialize(request_data())
# If the passwords don't match we notify the user
if not data['password1'] == data['password2']:
raise colander.Invalid(AccountSettings.password1,
_("Passwords don't match!"))
current_user.fullname = data['fullname']
current_user.email = data['email']
current_user.public_email = data['public_email']
if data['twitter'] is not None:
current_user.twitter_handle = data['twitter'].lstrip('@')
current_user.public_twitter = data['public_twitter']
# If a new password was provided we update it as well
if data['password1'] is not None and len(data['password1']):
current_user.password = generate_password_hash(data['password1'])
# Do the actual update in the database
db.session.add(current_user)
db.session.commit()
return jsonify(current_user)
def create_or_update(collection=None, source=None):
if collection is not None:
authz.require(authz.collection(authz.WRITE, collection))
if source is not None:
authz.require(authz.source(authz.WRITE, source))
resource_type = Permission.COLLECTION if collection else Permission.SOURCE
resource_id = collection or source
data = request_data()
validate(data, permissions_schema)
# check that the role exists.
rq = session.query(Role).filter(Role.id == data['role'])
if rq.first() is None:
raise BadRequest()
q = session.query(Permission)
q = q.filter(Permission.role_id == data['role'])
q = q.filter(Permission.resource_type == resource_type)
q = q.filter(Permission.resource_id == resource_id)
permission = q.first()
if permission is None:
permission = Permission()
permission.role_id = data['role']
permission.resource_type = resource_type
permission.resource_id = resource_id
permission.read = data['read']
permission.write = data['write']
session.add(permission)
session.commit()
return jsonify({
'status': 'ok',
'updated': permission
})
def create(collection_id):
collection = obj_or_404(Collection.by_id(collection_id))
authz.require(authz.collection_write(collection.id))
network = Network.create(request_data(), collection, request.auth_role)
db.session.commit()
log_event(request)
return view(collection_id, network.id)
def create():
data = request_data()
email = data.get('email')
password = data.get('password')
signature = data.get('code')
if not email or not password or not signature:
abort(400)
try:
# Make sure registration is allowed
assert get_config('PASSWORD_REGISTRATION')
# Make sure password is set and not too short
assert len(password) >= Role.PASSWORD_MIN_LENGTH
# Make sure the signature is valid
assert email == Role.SIGNATURE_SERIALIZER.loads(
signature, salt=email, max_age=Role.SIGNATURE_MAX_AGE)
except:
abort(400)
role = Role.load_or_create(foreign_id='password:{}'.format(email),
type=Role.USER,
name=email,
email=email)
role.set_password(password)
db.session.add(role)
db.session.flush()
return jsonify(dict(role=role.to_dict())), 201
def update(slug):
authz.require(authz.source_write(slug))
source = obj_or_404(Source.by_slug(slug))
source.update(request_data(), current_user)
db.session.add(source)
db.session.commit()
return view(slug)
def update(id):
user = obj_or_404(User.by_id(id))
authz.require(user.id == current_user.id or authz.is_admin())
user.update(request_data())
db.session.add(user)
db.session.commit()
return jsonify(user)
def update(id):
authz.require(authz.collection_write(id))
coll = obj_or_404(Collection.by_id(id))
coll.update(request_data(), current_user)
db.session.add(coll)
db.session.commit()
return view(id)
def update(id):
authz.require(authz.source_write(id))
source = obj_or_404(Source.by_id(id))
source.update(request_data())
db.session.add(source)
db.session.commit()
return view(id)
def create():
authz.require(authz.dataset_create())
if app.config.get('DATASET_CREATION_DISABLED'):
raise Forbidden("Sorry, dataset creation is disabled")
dataset = Dataset.create(request_data(), request.account)
db.session.commit()
return redirect(url_for('.view', dataset=dataset.name))
def update(id):
authz.require(authz.collection_write(id))
collection = obj_or_404(Collection.by_id(id))
collection.update(request_data())
db.session.add(collection)
db.session.commit()
return view(id)
def update(id):
authz.require(authz.watchlist_write(id))
watchlist = obj_or_404(Watchlist.by_id(id))
watchlist.update(request_data())
db.session.add(watchlist)
db.session.commit()
return view(id)
def update(name):
dataset = get_dataset(name)
require.dataset.update(dataset)
dataset.update(validate_dataset(request_data()))
dataset.touch()
db.session.commit()
return view(name)
def update(slug):
authz.require(authz.source_write(slug))
source = obj_or_404(Source.by_slug(slug))
source.update(request_data(), current_user)
db.session.add(source)
db.session.commit()
return view(slug)
def create():
authz.require(authz.logged_in())
data = request_data()
data['creator'] = current_user
lst = Collection.create(data, current_user)
db.session.commit()
return view(lst.id)
def create():
authz.require(authz.logged_in())
data = request_data()
data['creator'] = current_user
lst = Collection.create(data, current_user)
db.session.commit()
return view(lst.id)
def register():
""" Perform registration of a new user """
disable_cache()
require.account.create()
data = AccountRegister().deserialize(request_data())
# Check if the username already exists, return an error if so
if Account.by_name(data['name']):
raise colander.Invalid(
AccountRegister.name,
_("Login name already exists, please choose a "
"different one"))
# Check if passwords match, return error if not
if not data['password1'] == data['password2']:
raise colander.Invalid(AccountRegister.password1,
_("Passwords don't match!"))
# Create the account
account = Account()
account.name = data['name']
account.fullname = data['fullname']
account.email = data['email']
account.public_email = data['public_email']
account.password = generate_password_hash(data['password1'])
db.session.add(account)
db.session.commit()
# Perform a login for the user
login_user(account, remember=True)
# Registration successful - Redirect to the front page
return jsonify(account)
def password_login():
"""Provides email and password authentication."""
data = request_data()
email = data.get('email')
password = data.get('password')
if not email or not password:
abort(404)
log_event(request)
q = Role.by_email(email)
q = q.filter(Role.password_digest != None) # noqa
role = q.first()
# Try a password authentication and an LDAP authentication if it is enabled
if role and role.check_password(password) is False:
return Unauthorized("Authentication has failed.")
elif not role:
role = Role.authenticate_using_ldap(email, password)
if not role:
return Unauthorized("Authentication has failed.")
session['user'] = role.id
session['next_url'] = extract_next_url(request)
return jsonify({
'logout': url_for('.logout'),
'api_key': role.api_key,
'role': role
})
def collection_entity_save(collection):
collection = get_collection(collection, authz.WRITE)
data = request_data()
update_operation = 'id' in data
entities = get_loom_config().entities
schema = data.get('$schema')
if update_operation and schema is None:
schema = entities.get_schema(data['id'], right=authz.entity_right())
if schema not in get_loom_config().schemas.values():
raise BadRequest()
# this will raise if it fails:
validate(data, schema)
subject = entities.save(schema, data, collection_id=collection.id,
author=request.auth_user,
right=authz.entity_right())
collection_add_entity(collection, subject)
get_loom_indexer().index_one(subject, schema=schema)
entity = entities.get(subject, schema=schema, depth=2,
right=authz.entity_right())
return jsonify({
'status': 'ok',
'data': entity
}, status=200 if update_operation else 201)
def login():
data = request_data()
user = User.by_email(data.get('email'))
if user is not None and user.verify(data.get('password')):
login_user(user, remember=True)
return jsonify({'status': 200, 'user': user})
message = {'password': '******'}
return jsonify({'status': 400, 'errors': message}, status=400)
def update(id):
role = obj_or_404(Role.by_id(id))
authz.require(authz.logged_in())
authz.require(role.id == request.auth_role.id)
role.update(request_data())
db.session.add(role)
db.session.commit()
return jsonify(role)
def update_model(name):
dataset = get_dataset(name)
require.dataset.update(dataset)
model_data = validate_model(request_data())
dataset.update_model(model_data)
dataset.touch()
db.session.commit()
return model(name)
def update(collection_id, id):
collection = obj_or_404(Collection.by_id(collection_id))
authz.require(authz.collection_write(collection_id))
network = obj_or_404(Network.by_id_collection(id, collection))
network.update(request_data())
log_event(request)
db.session.commit()
return view(collection_id, network.id)
def update(document_id):
document = get_document(document_id, action=request.authz.WRITE)
data = request_data()
document.update(data)
db.session.commit()
log_event(request, document_id=document.id)
update_document(document)
return view(document_id)
def update(id):
role = obj_or_404(Role.by_id(id))
authz.require(authz.logged_in())
authz.require(role.id == request.auth_role.id)
role.update(request_data())
db.session.add(role)
db.session.commit()
return jsonify(role)
def update(id):
authz.require(authz.collection_write(id))
collection = obj_or_404(Collection.by_id(id))
collection.update(request_data())
db.session.add(collection)
db.session.commit()
log_event(request)
return view(id)
def login():
data = request_data()
account = Account.by_name(data.get("login"))
if account is not None:
if check_password_hash(account.password, data.get("password")):
login_user(account, remember=True)
return jsonify({"status": "ok", "message": _("Welcome back, %(name)s!", name=account.name)})
return jsonify({"status": "error", "errors": {"password": _("Incorrect user name or password!")}}, status=400)
def submit(dataset):
dataset = get_dataset(dataset)
require.dataset.update(dataset)
data = request_data()
if not data.get('url'):
raise BadRequest("You need to submit a URL")
load_from_url.delay(dataset.name, data.get('url'))
return jsonify({'status': 'ok'})
def create():
data = EntityForm().deserialize(request_data())
authz.require(data['list'])
authz.require(authz.list_write(data['list'].id))
entity = Entity.create(data, current_user)
db.session.commit()
refresh_selectors.delay(list(entity.terms))
return view(entity.id)
def submit(dataset):
dataset = get_dataset(dataset)
require.dataset.update(dataset)
data = request_data()
if not data.get('url'):
raise BadRequest("You need to submit a URL")
load_from_url.delay(dataset.name, data.get('url'))
return jsonify({'status': 'ok'})
def create():
request.authz.require(request.authz.logged_in)
data = request_data()
data['managed'] = False
collection = Collection.create(data, request.authz.role)
db.session.commit()
update_collection(collection)
log_event(request)
return jsonify(collection)
def update(id):
collection = obj_or_404(Collection.by_id(id))
request.authz.require(request.authz.collection_write(collection))
collection.update(request_data())
db.session.add(collection)
db.session.commit()
update_collection(collection)
log_event(request)
return view(id)
def get_post_multidict():
data = MultiDict()
for k, v in request_data().items():
if isinstance(v, (list, set, tuple)):
for iv in v:
data.add(k, iv)
else:
data.add(k, v)
return data
def update_model(name):
dataset = get_dataset(name)
require.dataset.update(dataset)
data = request_data()
if isinstance(data, dict):
data['fact_table'] = dataset.fact_table.table_name
dataset.model = validate_model(data)
db.session.commit()
return model(name)
def update(id):
role = obj_or_404(Role.by_id(id))
request.authz.require(request.authz.session_write())
request.authz.require(role.id == request.authz.role.id)
role.update(request_data())
db.session.add(role)
db.session.commit()
log_event(request)
return jsonify(role)