def ensure_roles_found(wanted_names, found_roles, roles_field="roles"): """ Ensure that all wanted roles are in the roles array, aborting with HTTP 400 and an appropriate field error if some weren't found Examples: >>> from werkzeug.exceptions import BadRequest >>> class MockRole(object): ... def __init__(self, name): ... self.name = name >>> ensure_roles_found(['a', 'b'], [MockRole('a'), MockRole('b')]) >>> try: ... ensure_roles_found(['a', 'b'], [MockRole('a')]) ... except BadRequest as ex: ... print('Code:', ex.code) ... print('Data:', ex.data) Code: 400 Data: {'message': {'roles': 'Roles not found: b'}} """ wanted_names = set(wanted_names) if len(found_roles) != len(wanted_names): found_names = set(role.name for role in found_roles) rest_abort(400, message={ roles_field: "Roles not found: %s" % ", ".join( wanted_names.difference(found_names) ) })
def wrapper(*args, **kwargs): try: return func(*args, **kwargs) except LookupError as exc: rest_abort(404, message=str(exc)) except Exception as exc: rest_abort(500, message=str(exc))
def rest_set_roles_perms(user, role_names): """ Check user permissions before setting roles """ if not role_names: return if not ADMIN_PERMISSION.can(): rest_abort(401, message={ "roles": ONLY_ADMIN_MSG_FS % "assign roles", }) rest_set_roles(user, role_names)
def show_error(status, message): """ If API request, do a REST abort with JSON message. Otherwise, flash the error """ if is_api_request(): rest_abort(status, message=message) flash(message)
def wrapper(*args, **kwargs): for index in range(db.retry_commit_number): try: result = func(*args, **kwargs) except Exception as exc: return rest_abort(500, message=str(exc)) try: db.session.commit() return result except Exception as exc: db.session.rollback() app.log("error", f"Rest Call n°{index} failed ({exc}).") stacktrace = format_exc() sleep(db.retry_commit_time * (index + 1)) else: rest_abort(500, message=stacktrace)
def delete(self, role_name, user_id=None, user=None): """ Remove a role from a user """ if not ADMIN_PERMISSION.can(): rest_abort(401, message=ONLY_ADMIN_MSG_FS % "remove roles") if user is None: user = user_or_404(user_id) role = Role.query.filter( Role.name.ilike(role_name), ).first_or_404() user.roles.remove(role) DB.session.add(user) DB.session.commit() return {'message': '%s removed from %s' % ( role.name, user.email, )}
def post(self): """ Create a new user """ if not CONFIG.security_registerable_form: rest_abort(403, message="API user registration disabled") args = USER_NEW_PARSER.parse_args(strict=True) args = clean_attrs(args) # TODO throttle before error user = SECURITY_STATE.datastore.get_user(args['email']) if user is not None: rest_abort(400, message={ "email": "Duplicate value '%s'" % args['email'], }) user = SECURITY_STATE.datastore.create_user(**args) rest_set_roles_perms(user, args['roles']) DB.session.add(user) DB.session.commit() return user
def wrapper(*args, **kwargs): try: return func(*args, **kwargs) except LookupError as exc: rest_abort(404, message=str(exc)) except Exception as exc: rest_abort(500, message=str(exc)) finally: try: db.session.commit() except Exception as exc: db.session.rollback() app.log("error", format_exc()) rest_abort(500, message=str(exc))
def get(self, **_): rest_abort( 404, message= f"The requested {request.method} endpoint does not exist.", )
def wrapper(*args, **kwargs): if current_user and current_user.is_admin: return func(*args, **kwargs) return rest_abort(403)
def decorated_function(*args, **kwargs): if current_user and current_user.can(permission): return f(*args, **kwargs) return rest_abort(403)