def add_item(store=None): requester = get_requesting_user() data = request.json if not Item.has_add_rights(data, requester): if requester is None: raise Unauthorized() else: raise Forbidden() else: try: item = Item.admin_deserialize_add(data) store.session.add(item) store.session.commit() refreshed_item = store.session.query(Item).filter_by(id=item.id).first() refreshed_item.on_add(requester) # commit again in case on_add changed it. store.session.commit() # and refresh again to update relationships refreshed_item = store.session.query(Item).filter_by(id=item.id).first() if refreshed_item is None: raise BadRequest() response = make_single_response(requester, refreshed_item) response['user'] = serialize(requester, requester) except ValidationException as e: raise BadRequest(str(e)) except (IntegrityError, InvalidRequestError) as e: if len(e.args) > 0: message = e.args[0] else: message = '' raise BadRequest(message) return response
def get_search_results(id, page): page = int(page) requester = get_requesting_user() if requester is None: response = base_routes.make_not_authorized_response() elif not is_integer(id): response = base_routes.make_bad_request_response() else: search = store.session.query(Search).filter_by(id=id).first() if search is None: response = base_routes.make_not_found_response() else: if search.has_admin_rights(requester): matching_searches = search_utils.find_matching_searches(search, page) serialized = [ search.serialize( requester, exclude=[], ) for search in matching_searches ] response_data = {'data': serialized} response = jsonify(response_data) else: response = base_routes.make_forbidden_response() return response
def get_search_results(id, page): page = int(page) requester = get_requesting_user() if requester is None: raise Unauthorized() elif not is_integer(id): raise BadRequest() else: search = store.session.query(Search).filter_by(id=id).first() if search is None: raise NotFound() else: if search.has_admin_rights(requester): matching_searches = search_utils.find_matching_searches(search, page) serialized = [ search.serialize( requester, exclude=[], ) for search in matching_searches ] response = {'data': serialized} else: raise Forbidden() return response
def search(): requester = get_requesting_user() search_text = request.args.get('search_text', None) date_created_greaterthan = request.args.get('date_created.greaterthan', None) date_created_lessthan = request.args.get('date_created.lessthan', None) users = User.search(search_text, date_created_greaterthan, date_created_lessthan) return {'data': serialize_many(requester, users)}
def edit_item(id, store=None): requester = get_requesting_user() if requester is None: raise Unauthorized() elif not is_integer(id): raise BadRequest() else: id = int(id) data = request.json data_id = data.get('id', None) if data_id is not None and int(data_id) != id: raise BadRequest() else: if id is None: item = None else: item = store.session.query(Item).filter_by(id=id).first() if item is None: raise NotFound() else: if item.has_admin_rights(requester): try: item.admin_deserialize_update(data) store.session.add(item) item.on_edit(requester, unchanged=not store.session.dirty) store.session.commit() response = make_single_response(requester, item) except ValidationException as e: raise BadRequest(str(e)) else: raise Forbidden() return response
def get_items(): logger.debug('get_items - {0}'.format(resourceName)) requester = get_requesting_user() if requester is None and not Item.PERMISSIONS.get( 'all_can_read_many', False): response = make_not_authorized_response() else: if requester is None or not requester.is_administrator: if (Item.PERMISSIONS.get('standard_can_read_many', False) or Item.PERMISSIONS.get('all_can_read_many', False)): try: query = Item.args_to_query(request.args, requester) if query is None: response = make_forbidden_response() else: items = query.all() response = make_many_response(requester, items) except ValueError as e: error_message = ', '.join(e.args) response = make_bad_request_response(e.args[0]) else: response = make_forbidden_response() else: try: query = Item.args_to_query(request.args, requester) items = query.all() response = make_many_response(requester, items) except ValueError as e: error_message = ', '.join(e.args) response = make_bad_request_response(e.args[0]) return response
def get_search_results(id, page): page = int(page) requester = get_requesting_user() if requester is None: response = base_routes.make_not_authorized_response() elif not is_integer(id): response = base_routes.make_bad_request_response() else: search = store.session.query(Search).filter_by(id=id).first() if search is None: response = base_routes.make_not_found_response() else: if search.has_admin_rights(requester): matching_searches = search_utils.find_matching_searches( search, page) serialized = [ search.serialize( requester, exclude=[], ) for search in matching_searches ] response_data = {'data': serialized} response = jsonify(response_data) else: response = base_routes.make_forbidden_response() return response
def add_item(): requester = get_requesting_user() logger.debug('add_item: requester = {0}'.format(requester)) data = request.json if not Item.has_add_rights(data, requester): if requester is None: logger.debug('not authorized') response = make_not_authorized_response() else: logger.debug('forbidden') response = make_forbidden_response() else: logger.debug('data send is {0}'.format(data)) try: item = Item.admin_deserialize_add(data) store.session.add(item) store.session.commit() refreshed_item = store.session.query(Item).filter_by(id=item.id).first() refreshed_item.on_add(requester) # commit again in case on_add changed it. store.session.commit() # and refresh again to update relationships refreshed_item = store.session.query(Item).filter_by(id=item.id).first() response = make_single_response(requester, refreshed_item, include_user=requester) except ValidationException as e: response = make_bad_request_response(str(e)) except (IntegrityError, InvalidRequestError) as e: if len(e.args) > 0: message = e.args[0] else: message = '' response = make_bad_request_response(message) return response
def post_picture(user_id): user = get_requesting_user() if user_id != user.id: return base_routes.make_not_authorized_response() image_file = request.files['file'] if not image_file: return base_routes.make_bad_request_response('missing image data') image_data = image_file.read() if not is_allowable_image(image_data): return base_routes.make_bad_request_response('unallowed image type') filename = image_to_user_filename(image_data, user_id) store_image(image_file, filename) user.picture_filename = filename store.session.add(user) store.session.commit() logger.info('Saving image {!r}'.format(filename)) return base_routes.make_OK_response()
def edit_item(id): requester = get_requesting_user() if requester is None: response = make_not_authorized_response() elif not is_integer(id): response = make_bad_request_response() else: id = int(id) data = request.json data_id = data.get('id', None) if data_id is not None and int(data_id) != id: response = make_bad_request_response() else: if id is None: item = None else: item = store.session.query(Item).filter_by(id=id).first() if item is None: response = make_not_found_response() else: if item.has_admin_rights(requester): try: item.admin_deserialize_update(data) store.session.add(item) logger.debug('calling on_edit on {0}'.format(item)) item.on_edit(requester, unchanged=not store.session.dirty) store.session.commit() response = make_single_response(requester, item) except ValidationException as e: response = make_bad_request_response(str(e)) else: response = make_forbidden_response() return response
def post_picture(user_id): user = get_requesting_user() if user_id != user.id: return base_routes.make_not_authorized_response() image_file = request.files['file'] if not image_file: return base_routes.make_bad_request_response('missing image data') image_data = image_file.read() if not is_allowable_image(image_data): return base_routes.make_bad_request_response( 'unallowed image type') filename = image_to_user_filename(image_data, user_id) store_image(image_file, filename) user.picture_filename = filename store.session.add(user) store.session.commit() logger.info('Saving image {!r}'.format(filename)) return base_routes.make_OK_response()
def edit_item(id): requester = get_requesting_user() if requester is None: response = make_not_authorized_response() elif not is_integer(id): response = make_bad_request_response() else: id = int(id) data = request.json data_id = data.get('id', None) if data_id is not None and int(data_id) != id: response = make_bad_request_response() else: if id is None: item = None else: item = store.session.query(Item).filter_by(id=id).first() if item is None: response = make_not_found_response() else: if item.has_admin_rights(requester): try: item.admin_deserialize_update(data) store.session.add(item) logger.debug('calling on_edit on {0}'.format(item)) item.on_edit(requester, unchanged=not store.session.dirty) store.session.commit() response = make_single_response(requester, item) except ValidationException as e: response = make_bad_request_response(str(e)) else: response = make_forbidden_response() return response
def get_items(): requester = get_requesting_user() if requester is None and not Item.PERMISSIONS.get('all_can_read_many', False): raise Unauthorized() else: if requester is None or not requester.is_administrator: if (Item.PERMISSIONS.get('standard_can_read_many', False) or Item.PERMISSIONS.get('all_can_read_many', False)): try: query = Item.args_to_query(request.args, requester) if query is None: raise Forbidden() else: items = query.all() response = {'data': serialize_many(requester, items)} except ValueError as e: raise BadRequest(', '.join(e.args)) else: raise Forbidden() else: try: query = Item.args_to_query(request.args, requester) items = query.all() response = {'data': serialize_many(requester, items)} except ValueError as e: raise BadRequest(', '.join(e.args)) return response
def get_items(): logger.debug('get_items - {0}'.format(resourceName)) requester = get_requesting_user() if requester is None and not Item.PERMISSIONS.get('all_can_read_many', False): response = make_not_authorized_response() else: if requester is None or not requester.is_administrator: if (Item.PERMISSIONS.get('standard_can_read_many', False) or Item.PERMISSIONS.get('all_can_read_many', False)): try: query = Item.args_to_query(request.args, requester) if query is None: response = make_forbidden_response() else: items = query.all() response = make_many_response(requester, items) except ValueError as e: error_message = ', '.join(e.args) response = make_bad_request_response(e.args[0]) else: response = make_forbidden_response() else: try: query = Item.args_to_query(request.args, requester) items = query.all() response = make_many_response(requester, items) except ValueError as e: error_message = ', '.join(e.args) response = make_bad_request_response(e.args[0]) return response
def search(): requester = get_requesting_user() search_text = request.args.get('search_text', None) date_created_greaterthan = request.args.get('date_created.greaterthan', None) date_created_lessthan = request.args.get('date_created.lessthan', None) users = User.search(search_text, date_created_greaterthan, date_created_lessthan) response = base_routes.make_many_response(requester, users) return response
def request_api_key(): requester = get_requesting_user() if requester is None: response = base_routes.make_not_authorized_response() else: secret = requester.make_api_key() response_data = {'apiKey': secret.key} response = jsonify(response_data) return response
def request_api_key(): requester = get_requesting_user() if requester is None: response = base_routes.make_not_authorized_response() else: secret = requester.make_api_key() response_data = {'apiKey': secret.key} response = jsonify(response_data) return response
def search(): requester = get_requesting_user() search_text = request.args.get('search_text', None) date_created_greaterthan = request.args.get('date_created.greaterthan', None) date_created_lessthan = request.args.get('date_created.lessthan', None) users = User.search(search_text, date_created_greaterthan, date_created_lessthan) response = base_routes.make_many_response(requester, users) return response
def auth_check(*args, **kwargs): user = get_requesting_user() if user is None: return base_routes.make_not_authorized_response() if 'admin' == auth_level and not user.is_administrator: return base_routes.make_not_authorized_response() return f(*args, requester=user, **kwargs)
def request_confirm_email(): requester = get_requesting_user() if requester is None: raise Unauthorized() else: error_message = mail_actions.request_signup_email_confirmation(requester) if error_message: raise InternalServerError(error_message) return make_OK_response()
def auth_check(*args, **kwargs): user = get_requesting_user() if user is None: return base_routes.make_not_authorized_response() if 'admin' == auth_level and not user.is_administrator: return base_routes.make_not_authorized_response() return f(*args, requester=user, **kwargs)
def request_confirm_email(): requester = get_requesting_user() if requester is None: response = base_routes.make_not_authorized_response() else: error_message = mail_actions.request_signup_email_confirmation(requester) if error_message: response = base_routes.make_server_error_response(error_message) else: response = base_routes.make_OK_response() return response
def get_item(id): requester = get_requesting_user() if requester is None: response = make_not_authorized_response() elif not is_integer(id): response = make_bad_request_user() else: item = store.session.query(Item).filter_by(id=id, active=True).first() if item is None: response = make_not_found_response() else: response = make_single_response(requester, item) return response
def request_confirm_email(): requester = get_requesting_user() if requester is None: response = base_routes.make_not_authorized_response() else: error_message = mail_actions.request_signup_email_confirmation( requester) if error_message: response = base_routes.make_server_error_response( error_message) else: response = base_routes.make_OK_response() return response
def statistics(): requester = get_requesting_user() if requester is None: raise Unauthorized() elif not requester.is_administrator: raise Forbidden() else: yesterday = Statistic.date_yesterday() response_data = {'data': {}} for days_ago in range(30): date = yesterday - datetime.timedelta(days=days_ago) stats = Statistic.get_statistics(date) response_data['data'][time_format.to_iso8601(date)] = stats return response_data
def get_item(id): requester = get_requesting_user() if requester is None: response = make_not_authorized_response() elif not is_integer(id): response = make_bad_request_user() else: item = store.session.query(Item).filter_by(id=id, active=True).first() if item is None: response = make_not_found_response() else: response = make_single_response(requester, item) return response
def statistics(): requester = get_requesting_user() if requester is None: response = base_routes.make_not_authorized_response() elif not requester.is_administrator: response = base_routes.make_forbidden_response() else: yesterday = Statistic.date_yesterday() response_data = {'data': {}} for days_ago in range(30): date = yesterday - datetime.timedelta(days=days_ago) stats = Statistic.get_statistics(date) response_data['data'][time_format.to_iso8601(date)] = stats response = jsonify(response_data) return response
def delete_item(id): requester = get_requesting_user() if requester is None: response = make_not_authorized_response() elif not is_integer(id): response = make_bad_request_response() else: id = int(id) item = store.session.query(Item).filter_by(id=id).first() if item is None: response = make_not_found_response() else: if item.has_delete_rights(requester): item.delete(requester) store.session.commit() response = make_single_response(requester, item) else: response = make_forbidden_response() return response
def delete_item(id, store=None): requester = get_requesting_user() if requester is None: raise Unauthorized() elif not is_integer(id): raise BadRequest() else: id = int(id) item = store.session.query(Item).filter_by(id=id).first() if item is None: raise NotFound() else: if item.has_delete_rights(requester): item.delete(requester) store.session.commit() response = make_single_response(requester, item) else: raise Forbidden() return response
def delete_item(id): requester = get_requesting_user() if requester is None: response = make_not_authorized_response() elif not is_integer(id): response = make_bad_request_response() else: id = int(id) item = store.session.query(Item).filter_by(id=id).first() if item is None: response = make_not_found_response() else: if item.has_delete_rights(requester): item.delete(requester) store.session.commit() response = make_single_response(requester, item) else: response = make_forbidden_response() return response
def userbyemail(email): requester = get_requesting_user() if requester is None: response = base_routes.make_not_authorized_response() elif requester.email != email: response = base_routes.make_forbidden_response() else: users = store.session.query(User).filter(User.email == email, User.active == True).all() if len(users) > 1: logger.error('More than one active user with the same email - {}'.format(email)) user = users[0] elif len(users) == 0: user = None else: user = users[0] if user is None: response = base_routes.make_not_found_response() else: response = base_routes.make_single_response(requester, user) return response
def auth_check(*args, **kwargs): # Don't use # # user = kwargs.pop('requester', get_requesting_user()) # # here because the eager execution of get_requesting_user # will force us to be in flask app context during any test # that uses a @needs_auth() method, and that makes unit # tests harder. if 'requester' in kwargs: user = kwargs.pop('requester') else: user = get_requesting_user() if user is None: raise Unauthorized() if 'admin' == auth_level and not user.is_administrator: raise Unauthorized() return f(*args, requester=user, **kwargs)
def userbyemail(email): requester = get_requesting_user() if requester is None: response = base_routes.make_not_authorized_response() elif requester.email != email: response = base_routes.make_forbidden_response() else: users = store.session.query(User).filter( User.email == email, User.active == True).all() if len(users) > 1: logger.error( 'More than one active user with the same email - {}'. format(email)) user = users[0] elif len(users) == 0: user = None else: user = users[0] if user is None: response = base_routes.make_not_found_response() else: response = base_routes.make_single_response(requester, user) return response
def add_item(): requester = get_requesting_user() logger.debug('add_item: requester = {0}'.format(requester)) data = request.json if not Item.has_add_rights(data, requester): if requester is None: logger.debug('not authorized') response = make_not_authorized_response() else: logger.debug('forbidden') response = make_forbidden_response() else: logger.debug('data send is {0}'.format(data)) try: item = Item.admin_deserialize_add(data) store.session.add(item) store.session.commit() refreshed_item = store.session.query(Item).filter_by( id=item.id).first() refreshed_item.on_add(requester) # commit again in case on_add changed it. store.session.commit() # and refresh again to update relationships refreshed_item = store.session.query(Item).filter_by( id=item.id).first() response = make_single_response(requester, refreshed_item, include_user=requester) except ValidationException as e: response = make_bad_request_response(str(e)) except (IntegrityError, InvalidRequestError) as e: if len(e.args) > 0: message = e.args[0] else: message = '' response = make_bad_request_response(message) return response
def post_picture(user_id): requester = get_requesting_user() if (user_id == requester.id): user = requester f = request.files['file'] if f: filename = process_filename(f.filename, user_id) if filename is None: response = base_routes.make_bad_request_response() else: conn = tinys3.Connection( config.S3_USERNAME, config.S3_KEY, tls=True) # Upload it. Set cache expiry time to 1 hr. conn.upload(filename, f, config.S3_BUCKETNAME, expires=3600) user.picture_filename = filename store.session.add(user) store.session.commit() response = base_routes.make_OK_response() else: response = base_routes.make_bad_request_response() else: response = base.routes.make_forbidden_response() return response