def _delete(self, release, changed_by, transaction):
releases = dbo.releases.getReleases(name=release)
if not releases:
return Response(status=404, response='bad release')
release = releases[0]
# Bodies are ignored for DELETE requests, so we need to force WTForms
# to look at the arguments instead.
# We only need the release name (which comes through the URL) and the
# data version to process this request. Because of that, we can just
# use this form to validate, because we're only validating CSRF
# and data version.
form = DbEditableForm(request.args)
if not form.validate():
self.log.warning("Bad input: %s", form.errors)
return Response(status=400, response=json.dumps(form.errors))
try:
dbo.releases.delete(where={"name": release["name"]},
changed_by=changed_by,
old_data_version=form.data_version.data,
transaction=transaction)
except ReadOnlyError as e:
msg = "Couldn't delete release: %s" % e
self.log.warning("Bad input: %s", msg)
return Response(status=403, response=json.dumps({"data": e.args}))
return Response(status=200)
def _delete(self, release, changed_by, transaction):
releases = dbo.releases.getReleases(name=release)
if not releases:
return Response(status=404, response='bad release')
release = releases[0]
if not dbo.permissions.hasUrlPermission(changed_by, '/releases/:name', 'DELETE', urlOptions={'product': release['product']}):
msg = "%s is not allowed to delete %s releases" % (changed_by, release['product'])
self.log.warning("Unauthorized access attempt: %s", msg)
return Response(status=401, response=msg)
# Bodies are ignored for DELETE requests, so we need to force WTForms
# to look at the arguments instead.
# We only need the release name (which comes through the URL) and the
# data version to process this request. Because of that, we can just
# use this form to validate, because we're only validating CSRF
# and data version.
form = DbEditableForm(request.args)
if not form.validate():
self.log.warning("Bad input: %s", form.errors)
return Response(status=400, response=json.dumps(form.errors))
try:
dbo.releases.deleteRelease(changed_by=changed_by, name=release['name'],
old_data_version=form.data_version.data, transaction=transaction)
except ReadOnlyError as e:
msg = "Couldn't delete release: %s" % e
self.log.warning("Bad input: %s", msg)
return Response(status=403, response=json.dumps({"data": e.args}))
return Response(status=200)
def _delete(self, release, changed_by, transaction):
releases = dbo.releases.getReleases(name=release)
if not releases:
return Response(status=404, response='bad release')
release = releases[0]
# Bodies are ignored for DELETE requests, so we need to force WTForms
# to look at the arguments instead.
# We only need the release name (which comes through the URL) and the
# data version to process this request. Because of that, we can just
# use this form to validate, because we're only validating CSRF
# and data version.
form = DbEditableForm(request.args)
if not form.validate():
self.log.warning("Bad input: %s", form.errors)
return Response(status=400, response=json.dumps(form.errors))
try:
dbo.releases.delete(where={"name": release["name"]}, changed_by=changed_by, old_data_version=form.data_version.data,
transaction=transaction)
except ReadOnlyError as e:
msg = "Couldn't delete release: %s" % e
self.log.warning("Bad input: %s", msg)
return Response(status=403, response=json.dumps({"data": e.args}))
return Response(status=200)
def _delete(self, release, changed_by, transaction):
releases = dbo.releases.getReleases(name=release)
if not releases:
return Response(status=404, response='bad release')
release = releases[0]
if not dbo.permissions.hasUrlPermission(changed_by, '/releases/:name', 'DELETE', urlOptions={'product': release['product']}):
msg = "%s is not allowed to delete %s releases" % (changed_by, release['product'])
cef_event('Unauthorized access attempt', CEF_ALERT, msg=msg)
return Response(status=401, response=msg)
# Bodies are ignored for DELETE requests, so we need to force WTForms
# to look at the arguments instead.
# We only need the release name (which comes through the URL) and the
# data version to process this request. Because of that, we can just
# use this form to validate, because we're only validating CSRF
# and data version.
form = DbEditableForm(request.args)
if not form.validate():
cef_event("Bad input", CEF_WARN, errors=form.errors)
return Response(status=400, response=form.errors)
dbo.releases.deleteRelease(changed_by=changed_by, name=release['name'],
old_data_version=form.data_version.data, transaction=transaction)
return Response(status=200)
def _delete(self, release, changed_by, transaction):
releases = dbo.releases.getReleases(name=release)
if not releases:
return Response(status=404, response='bad release')
release = releases[0]
if not dbo.permissions.hasUrlPermission(
changed_by,
'/releases/:name',
'DELETE',
urlOptions={'product': release['product']}):
msg = "%s is not allowed to delete %s releases" % (
changed_by, release['product'])
cef_event('Unauthorized access attempt', CEF_ALERT, msg=msg)
return Response(status=401, response=msg)
# Bodies are ignored for DELETE requests, so we need to force WTForms
# to look at the arguments instead.
# We only need the release name (which comes through the URL) and the
# data version to process this request. Because of that, we can just
# use this form to validate, because we're only validating CSRF
# and data version.
form = DbEditableForm(request.args)
if not form.validate():
cef_event("Bad input", CEF_WARN, errors=form.errors)
return Response(status=400, response=form.errors)
dbo.releases.deleteRelease(changed_by=changed_by,
name=release['name'],
old_data_version=form.data_version.data,
transaction=transaction)
return Response(status=200)
def _delete(self, username, role, changed_by, transaction):
if role not in dbo.permissions.getUserRoles(username):
return Response(status=404)
form = DbEditableForm(request.args)
if not form.validate():
self.log.warning("Bad input: %s", form.errors)
return Response(status=400, response=json.dumps(form.errors))
dbo.permissions.revokeRole(username, role, changed_by=changed_by, old_data_version=form.data_version.data, transaction=transaction)
return Response(status=200)
def _delete(self, username, role, changed_by, transaction):
if role not in dbo.permissions.getUserRoles(username):
return Response(status=404)
form = DbEditableForm(request.args)
if not form.validate():
self.log.warning("Bad input: %s", form.errors)
return Response(status=400, response=json.dumps(form.errors))
dbo.permissions.revokeRole(username,
role,
changed_by=changed_by,
old_data_version=form.data_version.data,
transaction=transaction)
return Response(status=200)
def _delete(self, release, changed_by, transaction):
releases = dbo.releases.getReleases(name=release)
if not releases:
return Response(status=404, response='bad release')
release = releases[0]
if not dbo.permissions.hasUrlPermission(
changed_by,
'/releases/:name',
'DELETE',
urlOptions={'product': release['product']}):
msg = "%s is not allowed to delete %s releases" % (
changed_by, release['product'])
self.log.warning("Unauthorized access attempt: %s", msg)
return Response(status=401, response=msg)
# Bodies are ignored for DELETE requests, so we need to force WTForms
# to look at the arguments instead.
# We only need the release name (which comes through the URL) and the
# data version to process this request. Because of that, we can just
# use this form to validate, because we're only validating CSRF
# and data version.
form = DbEditableForm(request.args)
if not form.validate():
self.log.warning("Bad input: %s", form.errors)
return Response(status=400, response=json.dumps(form.errors))
try:
dbo.releases.deleteRelease(changed_by=changed_by,
name=release['name'],
old_data_version=form.data_version.data,
transaction=transaction)
except ReadOnlyError as e:
msg = "Couldn't delete release: %s" % e
self.log.warning("Bad input: %s", msg)
return Response(status=403, response=json.dumps({"data": e.args}))
return Response(status=200)
