def add_item(store=None):
requester = get_requesting_user()
data = request.json
if not Item.has_add_rights(data, requester):
if requester is None:
raise Unauthorized()
else:
raise Forbidden()
else:
try:
item = Item.admin_deserialize_add(data)
store.session.add(item)
store.session.commit()
refreshed_item = store.session.query(Item).filter_by(id=item.id).first()
refreshed_item.on_add(requester)
# commit again in case on_add changed it.
store.session.commit()
# and refresh again to update relationships
refreshed_item = store.session.query(Item).filter_by(id=item.id).first()
if refreshed_item is None:
raise BadRequest()
response = make_single_response(requester, refreshed_item)
response['user'] = serialize(requester, requester)
except ValidationException as e:
raise BadRequest(str(e))
except (IntegrityError, InvalidRequestError) as e:
if len(e.args) > 0:
message = e.args[0]
else:
message = ''
raise BadRequest(message)
return response
def get_search_results(id, page):
page = int(page)
requester = get_requesting_user()
if requester is None:
response = base_routes.make_not_authorized_response()
elif not is_integer(id):
response = base_routes.make_bad_request_response()
else:
search = store.session.query(Search).filter_by(id=id).first()
if search is None:
response = base_routes.make_not_found_response()
else:
if search.has_admin_rights(requester):
matching_searches = search_utils.find_matching_searches(search, page)
serialized = [
search.serialize(
requester,
exclude=[],
) for search in matching_searches
]
response_data = {'data': serialized}
response = jsonify(response_data)
else:
response = base_routes.make_forbidden_response()
return response
def get_search_results(id, page):
page = int(page)
requester = get_requesting_user()
if requester is None:
raise Unauthorized()
elif not is_integer(id):
raise BadRequest()
else:
search = store.session.query(Search).filter_by(id=id).first()
if search is None:
raise NotFound()
else:
if search.has_admin_rights(requester):
matching_searches = search_utils.find_matching_searches(search, page)
serialized = [
search.serialize(
requester,
exclude=[],
) for search in matching_searches
]
response = {'data': serialized}
else:
raise Forbidden()
return response
def search():
requester = get_requesting_user()
search_text = request.args.get('search_text', None)
date_created_greaterthan = request.args.get('date_created.greaterthan', None)
date_created_lessthan = request.args.get('date_created.lessthan', None)
users = User.search(search_text, date_created_greaterthan, date_created_lessthan)
return {'data': serialize_many(requester, users)}
def edit_item(id, store=None):
requester = get_requesting_user()
if requester is None:
raise Unauthorized()
elif not is_integer(id):
raise BadRequest()
else:
id = int(id)
data = request.json
data_id = data.get('id', None)
if data_id is not None and int(data_id) != id:
raise BadRequest()
else:
if id is None:
item = None
else:
item = store.session.query(Item).filter_by(id=id).first()
if item is None:
raise NotFound()
else:
if item.has_admin_rights(requester):
try:
item.admin_deserialize_update(data)
store.session.add(item)
item.on_edit(requester, unchanged=not store.session.dirty)
store.session.commit()
response = make_single_response(requester, item)
except ValidationException as e:
raise BadRequest(str(e))
else:
raise Forbidden()
return response
def get_items():
logger.debug('get_items - {0}'.format(resourceName))
requester = get_requesting_user()
if requester is None and not Item.PERMISSIONS.get(
'all_can_read_many', False):
response = make_not_authorized_response()
else:
if requester is None or not requester.is_administrator:
if (Item.PERMISSIONS.get('standard_can_read_many', False)
or Item.PERMISSIONS.get('all_can_read_many', False)):
try:
query = Item.args_to_query(request.args, requester)
if query is None:
response = make_forbidden_response()
else:
items = query.all()
response = make_many_response(requester, items)
except ValueError as e:
error_message = ', '.join(e.args)
response = make_bad_request_response(e.args[0])
else:
response = make_forbidden_response()
else:
try:
query = Item.args_to_query(request.args, requester)
items = query.all()
response = make_many_response(requester, items)
except ValueError as e:
error_message = ', '.join(e.args)
response = make_bad_request_response(e.args[0])
return response
def get_search_results(id, page):
page = int(page)
requester = get_requesting_user()
if requester is None:
response = base_routes.make_not_authorized_response()
elif not is_integer(id):
response = base_routes.make_bad_request_response()
else:
search = store.session.query(Search).filter_by(id=id).first()
if search is None:
response = base_routes.make_not_found_response()
else:
if search.has_admin_rights(requester):
matching_searches = search_utils.find_matching_searches(
search, page)
serialized = [
search.serialize(
requester,
exclude=[],
) for search in matching_searches
]
response_data = {'data': serialized}
response = jsonify(response_data)
else:
response = base_routes.make_forbidden_response()
return response
def add_item():
requester = get_requesting_user()
logger.debug('add_item: requester = {0}'.format(requester))
data = request.json
if not Item.has_add_rights(data, requester):
if requester is None:
logger.debug('not authorized')
response = make_not_authorized_response()
else:
logger.debug('forbidden')
response = make_forbidden_response()
else:
logger.debug('data send is {0}'.format(data))
try:
item = Item.admin_deserialize_add(data)
store.session.add(item)
store.session.commit()
refreshed_item = store.session.query(Item).filter_by(id=item.id).first()
refreshed_item.on_add(requester)
# commit again in case on_add changed it.
store.session.commit()
# and refresh again to update relationships
refreshed_item = store.session.query(Item).filter_by(id=item.id).first()
response = make_single_response(requester, refreshed_item, include_user=requester)
except ValidationException as e:
response = make_bad_request_response(str(e))
except (IntegrityError, InvalidRequestError) as e:
if len(e.args) > 0:
message = e.args[0]
else:
message = ''
response = make_bad_request_response(message)
return response
def post_picture(user_id):
user = get_requesting_user()
if user_id != user.id:
return base_routes.make_not_authorized_response()
image_file = request.files['file']
if not image_file:
return base_routes.make_bad_request_response('missing image data')
image_data = image_file.read()
if not is_allowable_image(image_data):
return base_routes.make_bad_request_response('unallowed image type')
filename = image_to_user_filename(image_data, user_id)
store_image(image_file, filename)
user.picture_filename = filename
store.session.add(user)
store.session.commit()
logger.info('Saving image {!r}'.format(filename))
return base_routes.make_OK_response()
def edit_item(id):
requester = get_requesting_user()
if requester is None:
response = make_not_authorized_response()
elif not is_integer(id):
response = make_bad_request_response()
else:
id = int(id)
data = request.json
data_id = data.get('id', None)
if data_id is not None and int(data_id) != id:
response = make_bad_request_response()
else:
if id is None:
item = None
else:
item = store.session.query(Item).filter_by(id=id).first()
if item is None:
response = make_not_found_response()
else:
if item.has_admin_rights(requester):
try:
item.admin_deserialize_update(data)
store.session.add(item)
logger.debug('calling on_edit on {0}'.format(item))
item.on_edit(requester, unchanged=not store.session.dirty)
store.session.commit()
response = make_single_response(requester, item)
except ValidationException as e:
response = make_bad_request_response(str(e))
else:
response = make_forbidden_response()
return response
def post_picture(user_id):
user = get_requesting_user()
if user_id != user.id:
return base_routes.make_not_authorized_response()
image_file = request.files['file']
if not image_file:
return base_routes.make_bad_request_response('missing image data')
image_data = image_file.read()
if not is_allowable_image(image_data):
return base_routes.make_bad_request_response(
'unallowed image type')
filename = image_to_user_filename(image_data, user_id)
store_image(image_file, filename)
user.picture_filename = filename
store.session.add(user)
store.session.commit()
logger.info('Saving image {!r}'.format(filename))
return base_routes.make_OK_response()
def edit_item(id):
requester = get_requesting_user()
if requester is None:
response = make_not_authorized_response()
elif not is_integer(id):
response = make_bad_request_response()
else:
id = int(id)
data = request.json
data_id = data.get('id', None)
if data_id is not None and int(data_id) != id:
response = make_bad_request_response()
else:
if id is None:
item = None
else:
item = store.session.query(Item).filter_by(id=id).first()
if item is None:
response = make_not_found_response()
else:
if item.has_admin_rights(requester):
try:
item.admin_deserialize_update(data)
store.session.add(item)
logger.debug('calling on_edit on {0}'.format(item))
item.on_edit(requester,
unchanged=not store.session.dirty)
store.session.commit()
response = make_single_response(requester, item)
except ValidationException as e:
response = make_bad_request_response(str(e))
else:
response = make_forbidden_response()
return response
def get_items():
requester = get_requesting_user()
if requester is None and not Item.PERMISSIONS.get('all_can_read_many', False):
raise Unauthorized()
else:
if requester is None or not requester.is_administrator:
if (Item.PERMISSIONS.get('standard_can_read_many', False) or
Item.PERMISSIONS.get('all_can_read_many', False)):
try:
query = Item.args_to_query(request.args, requester)
if query is None:
raise Forbidden()
else:
items = query.all()
response = {'data': serialize_many(requester, items)}
except ValueError as e:
raise BadRequest(', '.join(e.args))
else:
raise Forbidden()
else:
try:
query = Item.args_to_query(request.args, requester)
items = query.all()
response = {'data': serialize_many(requester, items)}
except ValueError as e:
raise BadRequest(', '.join(e.args))
return response
def get_items():
logger.debug('get_items - {0}'.format(resourceName))
requester = get_requesting_user()
if requester is None and not Item.PERMISSIONS.get('all_can_read_many', False):
response = make_not_authorized_response()
else:
if requester is None or not requester.is_administrator:
if (Item.PERMISSIONS.get('standard_can_read_many', False) or
Item.PERMISSIONS.get('all_can_read_many', False)):
try:
query = Item.args_to_query(request.args, requester)
if query is None:
response = make_forbidden_response()
else:
items = query.all()
response = make_many_response(requester, items)
except ValueError as e:
error_message = ', '.join(e.args)
response = make_bad_request_response(e.args[0])
else:
response = make_forbidden_response()
else:
try:
query = Item.args_to_query(request.args, requester)
items = query.all()
response = make_many_response(requester, items)
except ValueError as e:
error_message = ', '.join(e.args)
response = make_bad_request_response(e.args[0])
return response
def search():
requester = get_requesting_user()
search_text = request.args.get('search_text', None)
date_created_greaterthan = request.args.get('date_created.greaterthan', None)
date_created_lessthan = request.args.get('date_created.lessthan', None)
users = User.search(search_text, date_created_greaterthan, date_created_lessthan)
response = base_routes.make_many_response(requester, users)
return response
def request_api_key():
requester = get_requesting_user()
if requester is None:
response = base_routes.make_not_authorized_response()
else:
secret = requester.make_api_key()
response_data = {'apiKey': secret.key}
response = jsonify(response_data)
return response
def request_api_key():
requester = get_requesting_user()
if requester is None:
response = base_routes.make_not_authorized_response()
else:
secret = requester.make_api_key()
response_data = {'apiKey': secret.key}
response = jsonify(response_data)
return response
def search():
requester = get_requesting_user()
search_text = request.args.get('search_text', None)
date_created_greaterthan = request.args.get('date_created.greaterthan',
None)
date_created_lessthan = request.args.get('date_created.lessthan', None)
users = User.search(search_text, date_created_greaterthan,
date_created_lessthan)
response = base_routes.make_many_response(requester, users)
return response
def auth_check(*args, **kwargs):
user = get_requesting_user()
if user is None:
return base_routes.make_not_authorized_response()
if 'admin' == auth_level and not user.is_administrator:
return base_routes.make_not_authorized_response()
return f(*args, requester=user, **kwargs)
def request_confirm_email():
requester = get_requesting_user()
if requester is None:
raise Unauthorized()
else:
error_message = mail_actions.request_signup_email_confirmation(requester)
if error_message:
raise InternalServerError(error_message)
return make_OK_response()
def auth_check(*args, **kwargs):
user = get_requesting_user()
if user is None:
return base_routes.make_not_authorized_response()
if 'admin' == auth_level and not user.is_administrator:
return base_routes.make_not_authorized_response()
return f(*args, requester=user, **kwargs)
def request_confirm_email():
requester = get_requesting_user()
if requester is None:
response = base_routes.make_not_authorized_response()
else:
error_message = mail_actions.request_signup_email_confirmation(requester)
if error_message:
response = base_routes.make_server_error_response(error_message)
else:
response = base_routes.make_OK_response()
return response
def get_item(id):
requester = get_requesting_user()
if requester is None:
response = make_not_authorized_response()
elif not is_integer(id):
response = make_bad_request_user()
else:
item = store.session.query(Item).filter_by(id=id, active=True).first()
if item is None:
response = make_not_found_response()
else:
response = make_single_response(requester, item)
return response
def request_confirm_email():
requester = get_requesting_user()
if requester is None:
response = base_routes.make_not_authorized_response()
else:
error_message = mail_actions.request_signup_email_confirmation(
requester)
if error_message:
response = base_routes.make_server_error_response(
error_message)
else:
response = base_routes.make_OK_response()
return response
def statistics():
requester = get_requesting_user()
if requester is None:
raise Unauthorized()
elif not requester.is_administrator:
raise Forbidden()
else:
yesterday = Statistic.date_yesterday()
response_data = {'data': {}}
for days_ago in range(30):
date = yesterday - datetime.timedelta(days=days_ago)
stats = Statistic.get_statistics(date)
response_data['data'][time_format.to_iso8601(date)] = stats
return response_data
def get_item(id):
requester = get_requesting_user()
if requester is None:
response = make_not_authorized_response()
elif not is_integer(id):
response = make_bad_request_user()
else:
item = store.session.query(Item).filter_by(id=id,
active=True).first()
if item is None:
response = make_not_found_response()
else:
response = make_single_response(requester, item)
return response
def statistics():
requester = get_requesting_user()
if requester is None:
response = base_routes.make_not_authorized_response()
elif not requester.is_administrator:
response = base_routes.make_forbidden_response()
else:
yesterday = Statistic.date_yesterday()
response_data = {'data': {}}
for days_ago in range(30):
date = yesterday - datetime.timedelta(days=days_ago)
stats = Statistic.get_statistics(date)
response_data['data'][time_format.to_iso8601(date)] = stats
response = jsonify(response_data)
return response
def delete_item(id):
requester = get_requesting_user()
if requester is None:
response = make_not_authorized_response()
elif not is_integer(id):
response = make_bad_request_response()
else:
id = int(id)
item = store.session.query(Item).filter_by(id=id).first()
if item is None:
response = make_not_found_response()
else:
if item.has_delete_rights(requester):
item.delete(requester)
store.session.commit()
response = make_single_response(requester, item)
else:
response = make_forbidden_response()
return response
def delete_item(id, store=None):
requester = get_requesting_user()
if requester is None:
raise Unauthorized()
elif not is_integer(id):
raise BadRequest()
else:
id = int(id)
item = store.session.query(Item).filter_by(id=id).first()
if item is None:
raise NotFound()
else:
if item.has_delete_rights(requester):
item.delete(requester)
store.session.commit()
response = make_single_response(requester, item)
else:
raise Forbidden()
return response
def delete_item(id):
requester = get_requesting_user()
if requester is None:
response = make_not_authorized_response()
elif not is_integer(id):
response = make_bad_request_response()
else:
id = int(id)
item = store.session.query(Item).filter_by(id=id).first()
if item is None:
response = make_not_found_response()
else:
if item.has_delete_rights(requester):
item.delete(requester)
store.session.commit()
response = make_single_response(requester, item)
else:
response = make_forbidden_response()
return response
def userbyemail(email):
requester = get_requesting_user()
if requester is None:
response = base_routes.make_not_authorized_response()
elif requester.email != email:
response = base_routes.make_forbidden_response()
else:
users = store.session.query(User).filter(User.email == email, User.active == True).all()
if len(users) > 1:
logger.error('More than one active user with the same email - {}'.format(email))
user = users[0]
elif len(users) == 0:
user = None
else:
user = users[0]
if user is None:
response = base_routes.make_not_found_response()
else:
response = base_routes.make_single_response(requester, user)
return response
def auth_check(*args, **kwargs):
# Don't use
#
# user = kwargs.pop('requester', get_requesting_user())
#
# here because the eager execution of get_requesting_user
# will force us to be in flask app context during any test
# that uses a @needs_auth() method, and that makes unit
# tests harder.
if 'requester' in kwargs:
user = kwargs.pop('requester')
else:
user = get_requesting_user()
if user is None:
raise Unauthorized()
if 'admin' == auth_level and not user.is_administrator:
raise Unauthorized()
return f(*args, requester=user, **kwargs)
def userbyemail(email):
requester = get_requesting_user()
if requester is None:
response = base_routes.make_not_authorized_response()
elif requester.email != email:
response = base_routes.make_forbidden_response()
else:
users = store.session.query(User).filter(
User.email == email, User.active == True).all()
if len(users) > 1:
logger.error(
'More than one active user with the same email - {}'.
format(email))
user = users[0]
elif len(users) == 0:
user = None
else:
user = users[0]
if user is None:
response = base_routes.make_not_found_response()
else:
response = base_routes.make_single_response(requester, user)
return response
def add_item():
requester = get_requesting_user()
logger.debug('add_item: requester = {0}'.format(requester))
data = request.json
if not Item.has_add_rights(data, requester):
if requester is None:
logger.debug('not authorized')
response = make_not_authorized_response()
else:
logger.debug('forbidden')
response = make_forbidden_response()
else:
logger.debug('data send is {0}'.format(data))
try:
item = Item.admin_deserialize_add(data)
store.session.add(item)
store.session.commit()
refreshed_item = store.session.query(Item).filter_by(
id=item.id).first()
refreshed_item.on_add(requester)
# commit again in case on_add changed it.
store.session.commit()
# and refresh again to update relationships
refreshed_item = store.session.query(Item).filter_by(
id=item.id).first()
response = make_single_response(requester,
refreshed_item,
include_user=requester)
except ValidationException as e:
response = make_bad_request_response(str(e))
except (IntegrityError, InvalidRequestError) as e:
if len(e.args) > 0:
message = e.args[0]
else:
message = ''
response = make_bad_request_response(message)
return response
def post_picture(user_id):
requester = get_requesting_user()
if (user_id == requester.id):
user = requester
f = request.files['file']
if f:
filename = process_filename(f.filename, user_id)
if filename is None:
response = base_routes.make_bad_request_response()
else:
conn = tinys3.Connection(
config.S3_USERNAME, config.S3_KEY, tls=True)
# Upload it. Set cache expiry time to 1 hr.
conn.upload(filename, f, config.S3_BUCKETNAME,
expires=3600)
user.picture_filename = filename
store.session.add(user)
store.session.commit()
response = base_routes.make_OK_response()
else:
response = base_routes.make_bad_request_response()
else:
response = base.routes.make_forbidden_response()
return response
