def create(real_user, user, organization, **params): """ Creates a project. """ class ProjectForm(formencode.Schema): name = formencode.All(fv.UnicodeString(not_empty=True), UniqueName(organization)) description = fv.UnicodeString(not_empty=False) scrubbed = validate(ProjectForm, **params) project = projects.Project(name=scrubbed.name, creator=user, description=scrubbed.description, organization=organization) Session.add(project) Session.flush() #email users = organization.interested_users if user in users: users.remove(user) email.send(users, 'create_project.txt', { 'project': project, 'creator': user }) return project
def edit(real_user, user, file, **kwargs): """ Editing of the campaigns. Supports editing one param at a time. Uses the FieldEditor paradigm. """ editor = Editor(file) editor.edit(real_user, user, file, **kwargs) Session.flush() Session.refresh(file) return file
def edit(real_user, user, change, **kwargs): """ Editing of the campaigns. Supports editing one param at a time. Uses the FieldEditor paradigm. """ editor = Editor() editor.edit(real_user, user, change, **kwargs) Session.flush() Session.refresh(change) return change
def create_project(user=None, organization=None, role=users.APP_ROLE_ADMIN, **kw): kw.setdefault("name", create_unique_str(u'project')) kw.setdefault("description", create_unique_str(u"description")) kw.setdefault("status", STATUS_APPROVED) org = organization or create_organization(user, role) project = projects.Project(organization=org, creator=user or org.creator, **kw) Session.add(project) Session.flush() return project
def create_user(is_admin=False, **kw): kw.setdefault("email", create_email_address()) kw.setdefault("username", create_unique_str(u'user', extra=u'')) kw.setdefault("password", u'testpassword') if is_admin: kw.setdefault("role", users.ROLE_ADMIN) else: kw.setdefault("role", users.ROLE_USER) user = users.User(**kw) Session.add(user) Session.flush() return user
def create_organization(user=None, role=users.APP_ROLE_ADMIN, status=STATUS_APPROVED, **kw): """ create an org and will attach a user to it. If no user specified, will make one. """ kw.setdefault("name", create_unique_str(u'org')) kw.setdefault("url", u'http://%s.com' % create_unique_str(u'url')) kw.setdefault("subdomain", create_str(length=10)) user = user or create_user() org = users.Organization(creator=user, **kw) Session.add(org) #connect user to org as admin of org org_user = org.attach_user(user, role=role, status=status) Session.flush() return org
def create(real_user, user, **params): """ Creates an organization. Attaches it to User. """ scrubbed = validate(CreateForm, **params) scrubbed.setdefault('is_active', True) scrubbed['name'] = scrubbed['company_name'] del scrubbed['company_name'] #attach the user as a creator. org = users.Organization(creator=user, **scrubbed) Session.add(org) #connect user to org as admin of org org.attach_user(user, role=users.APP_ROLE_ADMIN, status=STATUS_APPROVED) Session.add(activity.NewOrganization(user, org)) Session.flush() return org
class FieldEditor(object): """ The edit functions for a given object are big and tend to be error prone. This class allows you to just specify a validator class, the params you want to edit, and some functions to edit those params. This class will handle editing of one variable at a time, it will catch and package up multiple errors, and it will do general authorization. You just extend it and add your edit functions with name edit_<param_name> Then you instantiate and call edit(). Example function: def edit_budget(real_user, user, campaign, key, value): raise exceptions.ClientException('OMG bad shit is happening!', field=key) 'key' would be 'budget' Notes: * If the user is not an admin and he tries ot edit an admin field, the editor will just ignore the field as if he had not specified it. * Your editing can work one param at a time. so /api/v1/campaign/edit?name=my+name /api/v1/campaign/edit?key=name&value=my+name are equivalent * Your field editing functions can be passed None so /api/v1/campaign/edit?cpc= would unset the CPC. If you dont want to accept None, check for it in your edit_ function, not in the validator. * You must do object ownership authorization outside of this editor. The only auth this thing does is an admin check for the editing of admin fields. Use the @auth(must_own='asd') on your edit api function. * Your edit_ functions can raise ClientExceptions. They will be packaged up in a CompoundException and be returned to the client side as a collection. If you raise an AdrollException, it will get through to the error middleware. """ def __init__(self, fields, admin_fields, validator): self.validator = validator self.fields = fields self.admin_fields = admin_fields def _edit_generic(self, name, obj, key, param, can_be_none=False): if not can_be_none and param == None: raise exceptions.ClientException('Please enter a %s' % name, field=key) old = getattr(obj, key) setattr(obj, key, param) self.log(name, key, old, getattr(obj, key)) def log(self, field, key, old_val, new_val): logger.info( '%s edited by %s: %s (%s) = %s from %s' % (self.object, self.real_user, field, key, new_val, old_val)) def edit(self, real_user, user, obj, key=None, value=None, **kwargs): self.real_user = real_user self.user = user self.object = obj self.params = kwargs # for the single field edit if key and value != None and key not in kwargs: kwargs[key] = value # There is no authorization check in here. This is effectively it. # If the user is not an admin, the admin fields are stripped out. editable_keys = set(real_user.is_admin() and (self.fields + self.admin_fields) or self.fields) # is there anything we can edit? to_edit = [k for k in kwargs.keys() if k in editable_keys] if not to_edit: raise ClientException('Specify some parameters to edit, please.', code=INCOMPLETE) # we fill out the kwargs so we dont piss off the validator. hack. poo. Must have all # fields as the validator will too. for k in self.fields + self.admin_fields: if k not in kwargs or k not in editable_keys: kwargs[k] = None params = validate(self.validator, **kwargs) #this is for collecting errors. error = CompoundException('Editing issues!', code=FAIL) # only go through the keys that we got in the original call/request (to_edit) for k in to_edit: if k not in editable_keys: continue param = params[k] fn_name = 'edit_%s' % k if hasattr(self, fn_name): try: results = getattr(self, fn_name)(real_user, user, obj, k, param) except ClientException, e: # if error from editing, we will package it up so as to # return all errors at once error.add(e) else: #this is an adroll exception cause it should bubble up to a WebApp email raise AppException('Cannot find %s edit function! :(' % fn_name, code=INCOMPLETE) if error.has_exceptions: raise error Session.flush() return True