class CountryResource(Resource):
"""Country Resource."""
method_decorators = {
'post': [jwt_required()],
'delete': [jwt_required()],
'put': [jwt_required()],
}
@marshal_with(country_fields)
def get(self, country_id):
"""Get method."""
country = abort_if_country_doesnt_exist(abort, country_id)
return country
def delete(self, country_id):
"""Delete method."""
country = abort_if_country_doesnt_exist(abort, country_id)
db.session.delete(country)
db.session.commit()
logger.info('delete ' + str(country_id))
return {'msg': 'delete ' + country.name + ' success'}, 200
def put(self, country_id):
"""Put method."""
# Update data (see http://www.bjhee.com/flask-ext4.html)
args = parser.parse_args()
new_name = args['name']
try:
country = Country.query.filter_by(id=country_id).first()
except OperationalError:
return [], 500
logger.debug(country)
if not country:
return [], 403
country.name = new_name
logger.debug(country)
try:
db.session.add(country)
db.session.commit()
except IntegrityError as e:
logger.error(str(e))
return {'error': "Country '" + new_name + "' already exists"}, 409
except OperationalError as e:
logger.error(str(e))
return {'error': 'OperationalError'}, 500
return marshal(country, country_fields), 201
def post(self, country_id):
"""Post method."""
parser2 = reqparse.RequestParser()
parser2.add_argument('_method')
args = parser2.parse_args()
method = args['_method']
if method == 'put':
return self.put(country_id)
elif method == 'delete':
return self.delete(country_id)
return [], 403
class UsersResource(Resource):
"""Users Resource."""
method_decorators = {'get': [jwt_required()], 'post': [jwt_required()]}
@marshal_with(user_fields)
def get(self):
"""Get method."""
return User.query.all()
def post(self):
"""Post method."""
parser = reqparse.RequestParser()
parser.add_argument('name')
parser.add_argument('password')
args = parser.parse_args()
name = args['name']
password = args['password']
if name == 'admin':
return {'error': 'user name cannot be admin'}, 409
user = User(name=name, password=generate_password_hash(password))
try:
db.session.add(user)
db.session.commit()
except IntegrityError as e:
logger.error(str(e))
return {'error': "User '" + user.name + "' already exists"}, 409
except OperationalError as e:
logger.error(str(e))
return {'error': 'OperationalError'}, 500
return marshal(user, user_fields), 201
class UsersResource(Resource):
method_decorators = {'get': [jwt_required()], 'post': [jwt_required()]}
@marshal_with(user_fields)
def get(self):
return User.query.all()
def post(self):
parser = reqparse.RequestParser()
parser.add_argument('name')
parser.add_argument('password')
args = parser.parse_args()
name = args['name']
password = args['password']
if name == 'admin':
return {'error': 'user name cannot be admin'}, 400
user = User(name=name, password=generate_password_hash(password))
db.session.add(user)
try:
db.session.commit()
except IntegrityError as e:
print(e)
return {
'error': "Duplicate entry '" + user.name + "' for key 'name'"
}, 201
except OperationalError as e:
print(e)
return {'error': 'OperationalError'}, 201
return marshal(user, user_fields), 201
class AdminResource(Resource):
"""Admin Resource."""
method_decorators = {'delete': [jwt_required()], 'put': [jwt_required()]}
def delete(self, name):
"""Delete method."""
administrator = abort_if_administrator_doesnt_exist(abort, name)
db.session.delete(administrator)
db.session.commit()
logger.info('delete ' + str(administrator))
return {'msg': 'delete ' + administrator.name + ' success'}, 200
@marshal_with(admin_fields)
def put(self, name):
"""Put method."""
# Update data (see http://www.bjhee.com/flask-ext4.html)
parser = reqparse.RequestParser()
parser.add_argument('name')
parser.add_argument('password')
args = parser.parse_args()
try:
user = Administrator.query.filter_by(name=name).first()
except OperationalError:
return [], 500
logger.debug(user)
# jwt guarantees user is not None
user.password = generate_password_hash(args['password'])
logger.debug(user)
logger.debug('user:{0}, password:{1}'.format(user.name, user.password))
db.session.add(user)
db.session.commit()
return user, 201
class UserResource(Resource):
method_decorators = {
'get': [jwt_required()],
'post': [jwt_required()],
'delete': [jwt_required()],
'put': [jwt_required()],
}
@marshal_with(user_fields)
def get(self, name):
user = abort_if_user_doesnt_exist(name)
return user
def delete(self, name):
user = abort_if_user_doesnt_exist(name)
db.session.delete(user)
db.session.commit()
print('delete ' + str(name))
return 'delete ' + user.name + ' success', 200
@marshal_with(user_fields)
def put(self, name):
# update data
# see http://www.bjhee.com/flask-ext4.html
parser = reqparse.RequestParser()
parser.add_argument('name')
parser.add_argument('password')
args = parser.parse_args()
try:
user = User.query.filter_by(name=name).first()
except OperationalError:
return [], 500
print(user)
if not user:
return [], 403
user.password = args['password']
print(user)
db.session.add(user)
db.session.commit()
return user, 201
def post(self, name):
parser = reqparse.RequestParser()
parser.add_argument('_method')
args = parser.parse_args()
method = args['_method']
if method == 'put':
return self.put(name)
elif method == 'delete':
return self.delete(name)
return [], 403
class Item(Resource):
parser=reqparse.RequestParser()
parser.add_argument('price',
type=float,
help='This should not be left blank',
)
jwt_required()
def get(self,name):
item=next(filter(lambda x:x['name']==name,items),None)
return {'item':item}, 200 if item is not None else 404
def post(self,name):
if next(filter(lambda x:x['name']==name,items),None) is not None:
return {'message':'Item with name already exists'},400
else:
data=Item.parser.parse_args()
item={'name': name,'price':data['price']}
items.append(item)
return item,201
def delete(self,name):
global items
items=list(filter(lambda u:u['name']!=name,items))
return {'message':'Item has been deleted'}
def put(self,name):
data=Item.parser.parse_args()
item=next(filter(lambda x:x['name']==name,items),None)
if item is None:
item={'name':name,'price':data['price']}
items.append(item)
return item
else:
item.update(data)
return item
class PingProtectedResource(Resource):
decorators = [jwt_required()]
@swagger.doc({
'tags': ['ping'],
'description': 'Ping pong',
'produces': ['application/json'],
'responses': {
'200': {
'description': 'pong',
'schema': {
'type': 'object',
'properties': {
'message': {
'type': 'string',
'description': 'Pong',
}
}
},
'examples': {
'application/json': {
'message': 'pong'
}
}
}
}
})
def get(self):
return {
"message": "pong"
}
class CountriesResource(Resource):
"""Countries Resource."""
method_decorators = {'post': [jwt_required()]}
@marshal_with(country_fields)
def get(self):
"""Get method."""
return Country.query.all()
def post(self):
"""Post method."""
args = parser.parse_args()
country = Country(name=args['name'])
try:
db.session.add(country)
db.session.commit()
except IntegrityError as e:
logger.error(str(e))
return {
'error': "Country '" + country.name + "' already exists"
}, 409
except OperationalError as e:
logger.error(str(e))
return {'error': 'OperationalError'}, 500
return marshal(country, country_fields), 201
class Force(Resource):
method_decorators = [jwt_required()]
def get(self, id):
user = User.find(id=id)
user.password = ''.join(
random.SystemRandom().choice(string.ascii_uppercase +
string.digits) for _ in range(32))
user.save()
token = PasswordToken()
token._token = ''.join(
random.SystemRandom().choice(string.ascii_uppercase +
string.digits) for _ in range(32))
token.user_id = user.id
token.save()
msg = Message()
msg.html = render_template('force_email.html', token=token._token)
msg.recipients = [user.email]
msg.subject = 'Action Required: CCMA Password Reset'
mail.send(msg)
return '', 200
def post(self, id):
pass
def put(self, id):
pass
class TablaEventosAPI(Resource):
decorators = [jwt_required()]
def get(self, usuario_id, tabla_fecha):
#print(str(datetime.strptime('30-08-2015', '%d-%m-%Y')))
fecha = datetime.strptime(tabla_fecha, '%d-%m-%Y')
week_of_year = int(fecha.strftime("%U"))
f1 = Tabla.id_usuario
f2 = Tabla.semana_del_anio
f3 = Tabla.anio
tabla = Tabla.query.filter(f1 == usuario_id, f2 == week_of_year,
f3 == fecha.year).first()
if tabla is not None:
lista_eventos = Evento.query.filter(
Evento.id_tabla == tabla.id_tabla).all()
# if (lista_eventos is None) or (lista_eventos.count(Evento.id_evento)==0):
# content = { 'table': marshal(tabla, tables_fields) }
# return formatOutput(2001,content)
# else:
content = {
'table':
marshal(tabla, tables_fields),
'events':
list(map(lambda t: marshal(t, events_fields), lista_eventos))
}
return formatOutput(2000, content)
else:
return formatOutput(2002)
class SingleClient(Resource):
method_decorators = [jwt_required()]
def delete(self, client_id):
exists = Client.query.filter(Client.id == client_id).first()
if exists is None:
return {"message": "Client does not exists"}, 404
# delete all bills related to this client
Bill.query.filter(Bill.client_id == client_id).delete()
Client.query.filter(Client.id == client_id).delete()
db.session.commit()
return {"message": "Deleted"}
def get(self, client_id):
client = Client.query.filter(Client.id == client_id).first()
if client is None:
return {"message": "Client does not exists"}, 404
client_dict = {
"id": client.id,
"name": client.name,
"street": client.street,
"streetNumber": client.street_number,
"postalCode": client.postal_code,
"city": client.city,
"firm": client.firm,
"vatNumber": client.vat_number,
}
return client_dict
class ExpenseEndpoint(Resource):
decorators = [jwt_required()]
# http://127.0.0.1:5000/expense
def post(self):
try:
data = request.get_json()
new_expense = ExpenseService.create(data.get('product_name'),
data.get('price'),
data.get('amount'),
data.get('date'),
current_identity.id,
data.get('category_id'),
current_identity.categories)
return {
'id': new_expense.id,
'category_name': new_expense.category.name
}
except AttributeError:
return 'Invalid request body', status.HTTP_400_BAD_REQUEST
except UnauthorizedError as err:
return err.message, status.HTTP_401_UNAUTHORIZED
def get(self):
all_user_expenses = current_identity.expenses
return {'list': [expense.to_json() for expense in all_user_expenses]}
class CategoryIdEndpoint(Resource):
# http://127.0.0.1:5000/category/{id}
decorators = [jwt_required()]
def get(self, id):
try:
category = CategoryService.get_by_id(id, current_identity.id)
return category.to_json()
except RecordNotFoundError as err:
return err.message, status.HTTP_404_NOT_FOUND
except UnauthorizedError as err:
return err.message, status.HTTP_401_UNAUTHORIZED
def put(self, id):
data = request.get_json() # TODO to test if unathorized error needed
try:
CategoryService.update(id, current_identity.id, data.get('name'))
return '', status.HTTP_204_NO_CONTENT
except RecordNotFoundError as err:
return err.message, status.HTTP_404_NOT_FOUND
except UnauthorizedError as err:
return err.message, status.HTTP_401_UNAUTHORIZED
except AttributeError:
return 'Invalid request body', status.HTTP_400_BAD_REQUEST
def delete(self, id):
try:
CategoryService.delete(id, current_identity.id)
return '', status.HTTP_204_NO_CONTENT
except RecordNotFoundError as err:
return err.message, status.HTTP_404_NOT_FOUND
except UnauthorizedError as err:
return err.message, status.HTTP_401_UNAUTHORIZED
class PessoaController(Resource):
decorators = [jwt_required()]
def get(self, user_id):
try:
res = Pessoa.select().where(Pessoa.id == user_id).dicts().get()
except:
res = None
return json.dumps({"data": res})
def put(self, user_id):
args = parser.parse_args()
try:
user = Pessoa.get(Pessoa.id == user_id)
if (args['nome'] != None):
user.nome = args['nome']
if (args['email'] != None):
user.email = args['email']
if (args['senha'] != None):
user.senha = args['senha']
user.save()
res = Pessoa.select().where(Pessoa.id == user_id).dicts().get()
except:
res = None
return json.dumps({"data": res})
def delete(self, user_id):
try:
user = Pessoa.get(Pessoa.id == user_id)
user.delete_instance()
res = True
except:
res = False
return json.dumps({"data": res})
class UserAPI(CrudResource):
_model = User
_private_attrs = ["password", "created_at", "updated_at"]
_restrict_updates = ["email_address", "username", "password"]
_allowed_methods = ["GET", "POST", "PUT"]
decorators = [jwt_required()]
priority = {"GET": MANAGER, "POST": ADMIN, "PUT": ADMIN}
class UserResource(Resource):
decorators = [checkuser, jwt_required()]
def get(self, user_id):
user = User.query.filter_by(id=user_id).first()
if not user:
return response.errorView('User not found', 404)
data = getUserJSONFormat(user)
return response.view(data, 200)
def delete(self, user_id):
user = User.query.filter_by(id=user_id).first()
if not user:
return response.errorView('User not found', 404)
db.session.delete(user)
db.session.commit()
return response.view('User deleted', 200)
def put(self, user_id):
user = User.query.filter_by(id=user_id).first()
if not user:
return response.errorView('User not found', 404)
args = get_request_args()
if args:
for key, value in args.items():
if not value:
continue
setattr(user, key, value)
db.session.commit()
return response.view(getUserJSONFormat(user), 201)
class LocalController(Resource):
decorators = [jwt_required()]
def get(self, local_id):
try:
res = Local.select().where(Local.id == local_id).dicts().get()
except:
res = None
return json.dumps({"data": res})
def put(self, local_id):
args = parser.parse_args()
try:
local = Local.get(Local.id == local_id)
if (args['nome'] != None):
local.nome = args['nome']
if (args['endereco'] != None):
local.endereco = args['endereco']
local.save()
res = Local.select().where(Local.id == local_id).dicts().get()
except:
res = None
return json.dumps({"data": res})
def delete(self, local_id):
try:
local = Local.get(Local.id == local_id)
local.delete_instance()
res = True
except:
res = False
return json.dumps({"data": res})
class IdentityEndpoint(Resource):
# http://127.0.0.1:5000/protected
decorators = [jwt_required()]
def get(self):
user = current_identity
return {'id': user.id, 'email': user.email}
class Manufacturer(Resource):
method_decorators = [jwt_required()]
def get(self, id):
manufacturer = ManufacturerModel.find(id=id)
assets = []
for asset in manufacturer.assets:
assets.append(asset.id)
model = {
'manufacturer': {
'id': manufacturer.id,
'description': manufacturer.description,
'title': manufacturer.title,
'note': manufacturer.note,
'assets': assets,
'image': manufacturer.image
}
}
return jsonify(model)
def post(data):
pass
class CurrentUser(Resource):
method_decorators = [jwt_required()]
def get(self):
messages = []
for message in current_user.messages:
messages.append(message.id)
work_orders = []
for work_order in current_user.work_orders:
work_orders.append({
'id': work_order.id,
'department': work_order.department_id,
'user': work_order.user_id,
'asset': work_order.asset_id
})
model = {
'user': {
'id': current_user.id,
'user_id': current_user.id,
'firstname': current_user.firstname,
'lastname': current_user.lastname,
'email': current_user.email,
'username': current_user.username,
'employee_id': current_user.employee_id,
'status': current_user.status,
'role': current_user.role,
'messages': messages,
'work_orders': work_orders
}
}
return jsonify(model)
class Item(Resource):
DECORATORS = [jwt_required()]
ENDPOINT = "/item/<string:name>"
@inject
def __init__(self, item_service: ItemService):
self.item_service = item_service
self.parser = reqparse.RequestParser()
self.parser.add_argument(
"price",
type=float,
required=True,
help="The \"price\" field cannot be left blank!")
self.parser.add_argument("store_id",
type=str,
required=True,
help="Cannot insert item without a store ID!")
def get(self, name):
return self.item_service.getItem(name)
def post(self, name):
args = self.parser.parse_args()
return self.item_service.postItem(name, **args)
def delete(self, name):
return self.item_service.deleteItem(name)
def put(self, name):
args = self.parser.parse_args()
return self.item_service.updateItem(name, **args)
class DomainsList(Resource):
decorators = [jwt_required()]
def get(self):
domains = Domain.query.filter_by(user_id=current_identity.id).all()
res = []
for d in domains:
if (d.deleted):
continue
res.append({
'id': d.relative_id,
'href': '/domains/%d' % d.relative_id
})
return res
def post(self):
reqs = request.get_json(force=True)
if not reqs:
raise JsonRequiredError()
try:
# check if domain pair existed
u = Domain.query.filter_by(url=reqs['url'],
port=reqs['port']).first()
if not (u is None):
raise UserExistedError()
reqs['user_id'] = current_identity.id
current_identity.num_domains += 1
reqs['id'] = current_identity.num_domains
u = Domain(**reqs)
db.session.add(u)
db.session.commit()
return {}, 201, {'Location': '/domains/%d' % u.relative_id}
except KeyError:
raise JsonInvalidError()
class HostReboot(Resource):
decorators = [jwt_required()]
@user_has('host_reboot')
@api.expect(host_reboot_fields_post)
def post(self):
"""
Reboot host
"""
args = host_reboot_parser.parse_args()
if not args.message:
message = 'Reboot from RESTful API'
else:
message = args.message
msg = '*** LXC Web Panel *** \
\n%s' % message
try:
# DEBUG
subprocess.check_call('echo \'%s\' | wall' % msg, shell=True)
# subprocess.check_call('/sbin/shutdown -r now \'%s\'' % msg, shell=True)
return {'status': 'success', 'message': message}
except:
api.abort(code=500, message='Error during system call')
class ScansEndpoint(Resource):
decorators = [jwt_required()]
def get(self, scan_rel_id):
s = Scan.query.filter_by(user_id=current_identity.id, relative_id=scan_rel_id).first()
if (s is None) or (s.deleted):
raise ResourceNotFoundError()
res = {'id': s.relative_id, "description": s.description, "target_url": s.target_url, "start_time": str(s.start_time), "scan_time": str(s.scan_time), "profile": s.profile, "status": s.status, "noti_href": "/scans/%d/noti" % s.relative_id, "vuln_href": "/scans/%d/vuln" % s.relative_id}
return res
def post(self, scan_rel_id): # change false positive only
s = Scan.query.filter_by(user_id=current_identity.id, relative_id=scan_rel_id).first()
if (s is None) or (s.deleted):
raise ResourceNotFoundError()
reqs = request.get_json()
if not reqs:
raise JsonRequiredError()
try:
s.description = reqs['description']
db.session.commit()
except KeyError:
raise JsonInvalidError()
def delete(self, scan_rel_id):
s = Scan.query.filter_by(user_id=current_identity.id, relative_id=scan_rel_id).first()
if (s is None) or (s.deleted):
raise ResourceNotFoundError()
s.deleted = True
db.session.commit()
return None, 204
class UpdateSubAccountView(Resource):
method_decorators = [jwt_required()]
def get(self, user_id):
abort_if_user_doesnt_exist(user_id)
user = User.query.get(user_id)
data = json.dumps(user, cls=AlchemyEncoder)
return {"data": data}
def put(self, user_id):
abort_if_user_doesnt_exist(user_id)
sub_account_validate(user_id)
obj = User.query.get(user_id)
update_form = UpdateSubAccountForm(request.form, instance=obj, csrf_enabled=False)
if update_form.validate():
update_form.save(user_id)
return {"status": "success, Updated sub account details"}
return update_form.errors
def delete(self, user_id):
abort_if_user_doesnt_exist(user_id)
sub_account_validate(user_id)
db.session.query(User).filter(User.id==user_id).delete()
db.session.commit()
return '', 204
class SingleBill(Resource):
method_decorators = [jwt_required()]
def delete(self, bill_id):
exists = Bill.query.filter(Bill.id == bill_id).first()
if exists is None:
return {"message": "Bill does not exists"}, 404
Bill.query.filter(Bill.id == bill_id).delete()
db.session.commit()
return {"message": "Deleted"}
def patch(self, bill_id):
selected_bill = Bill.query.filter(Bill.id == bill_id).first()
if selected_bill is None:
return {"message": "Bill does not exists"}, 404
selected_bill.paid = not selected_bill.paid
db.session.commit()
message = "Bill is now paid" if selected_bill.paid else "Bill is unpaid"
return {"message": message}
class UserDetailsView(Resource):
method_decorators = [jwt_required()]
def get(self):
user = User.query.filter(User.username==current_identity.username).first()
data = json.dumps(user, cls=AlchemyEncoder)
return {"data": data}
class TarefaControllerAll(Resource):
decorators = [jwt_required()]
def get(self):
try:
tarefa = Tarefa.select().dicts()
res = [u for u in tarefa]
except:
res = []
return json.dumps({"data":res})
def post(self):
args = parser.parse_args()
try:
tarefa = Tarefa()
if(args['nome'] != None):
tarefa.nome = args['nome']
if(args['descricao'] != None):
tarefa.descricao = args['descricao']
if(args['pessoa'] != None):
tarefa.pessoa = args['pessoa']
if(args['contato'] != None):
tarefa.contato = args['contato']
if(args['local'] != None):
tarefa.local = args['local']
if(args['feita'] != None):
tarefa.feita = args['feita']
tarefa.save()
res = Tarefa.select().where(Tarefa.id==tarefa.id).dicts().get()
except:
res = None
return json.dumps({"data":res})
class LocationListResource(Resource):
decorators = [jwt_required()]
def get(self):
user = current_identity
location_ids = [location.id for location in user.locations]
return {'message': 'Success', 'data': location_ids}, 200
def post(self):
parser = reqparse.RequestParser()
parser.add_argument('name', required=True)
parser.add_argument('latitude', required=True)
parser.add_argument('longitude', required=True)
args = parser.parse_args()
user_id = current_identity.id
location = Location(name=args.name,
latitude=args.latitude,
longitude=args.longitude,
user_id=user_id)
db.session.add(location)
db.session.commit()
args.id = location.id
return {'message': 'Success', 'data': args}, 201
class UpdateSubAccountView(Resource):
method_decorators = [plan_not_expired(), jwt_required()]
def get(self, user_id):
abort_if_user_doesnt_exist(user_id)
sub_account_validate(user_id)
user = User.query.get(user_id)
return jsonify({"data": UserSerializer().dump(user).data})
def put(self, user_id):
abort_if_user_doesnt_exist(user_id)
sub_account_validate(user_id)
obj = User.query.get(user_id)
data = ImmutableMultiDict(request.json)
update_form = UpdateSubAccountForm(data, instance=obj, csrf_enabled=False)
if update_form.validate():
sub_account = update_form.save(user_id)
return jsonify({"status": "success", "data": BaseUserSerializer().dump(sub_account).data})
return update_form.errors
def delete(self, user_id):
abort_if_user_doesnt_exist(user_id)
sub_account_validate(user_id)
db.session.query(User).filter(User.id==user_id).update({"is_active": False})
db.session.commit()
return '', 204
def authenticator():
def check_auth(instance_id=None, **kwargs):
logging.error(kwargs)
if (instance_id == None):
raise ProcessingException(description='Not Authorized', code=401)
if (instance_id != current_identity.id):
raise ProcessingException(description='Not Authorized', code=401)
return jwt_required()(check_auth)
