예제 #1
0
    def anonymize(cls, r, table, record_ids):
        """
            Handle POST (anonymize-request), i.e. anonymize the target record

            @param r: the S3Request
            @param table: the target Table
            @param record_ids: the target record IDs

            @returns: JSON message
        """

        post_vars_get = r.post_vars.get

        # Verify submitted action key against session (CSRF protection)
        widget_id = "%s-anonymize" % table
        session_s3 = current.session.s3
        keys = session_s3.anonymize
        if keys is None or \
           widget_id not in keys or \
           post_vars_get("action-key") != keys[widget_id]:
            r.error(400, "Invalid action key (form reopened in another tab?)")

        # Get the available rules from settings
        rules = current.s3db.get_config(table, "anonymize")
        if isinstance(rules, (tuple, list)):
            names = set(rule.get("name") for rule in rules)
            names.discard(None)
        else:
            # Single rule
            rules["name"] = "default"
            names = (rules["name"], )
            rules = [rules]

        # Get selected rules from form
        selected = []
        for rule in rules:
            rule_name = rule.get("name")
            if not rule_name:
                continue
            if post_vars_get(rule_name) == "on":
                selected.append(rule)

        # Merge selected rules
        cleanup = {}
        cascade = []
        for rule in selected:
            field_rules = rule.get("fields")
            if field_rules:
                cleanup.update(field_rules)
            cascade_rules = rule.get("cascade")
            if cascade_rules:
                cascade.extend(cascade_rules)

        # Apply selected rules
        if cleanup or cascade:
            rules = {
                "fields": cleanup,
                "cascade": cascade,
            }

            for record_id in record_ids:
                # NB will raise (+roll back) if configuration is invalid
                cls.cascade(table, (record_id, ), rules)

                # Audit anonymize
                prefix, name = original_tablename(table).split("_", 1)
                current.audit(
                    "anonymize",
                    prefix,
                    name,
                    record=record_id,
                    representation="html",
                )

            output = current.xml.json_message(updated=record_ids)
        else:
            output = current.xml.json_message(msg="No applicable rules found")

        return output
예제 #2
0
    def anonymize(cls, r, table, record_id):
        """
            Handle POST (anonymize-request), i.e. anonymize the target record

            @param r: the S3Request
            @param table: the target Table
            @param record_id: the target record ID

            @returns: JSON message
        """

        # Read+parse body JSON
        s = r.body
        s.seek(0)
        try:
            options = json.load(s)
        except JSONERRORS:
            options = None
        if not isinstance(options, dict):
            r.error(400, "Invalid request options")

        # Verify submitted action key against session (CSRF protection)
        widget_id = "%s-%s-anonymize" % (table, record_id)
        session_s3 = current.session.s3
        keys = session_s3.anonymize
        if keys is None or \
           widget_id not in keys or \
           options.get("key") != keys[widget_id]:
            r.error(400, "Invalid action key (form reopened in another tab?)")

        # Get the available rules from settings
        rules = current.s3db.get_config(table, "anonymize")
        if isinstance(rules, (tuple, list)):
            names = set(rule.get("name") for rule in rules)
            names.discard(None)
        else:
            # Single rule
            rules["name"] = "default"
            names = (rules["name"], )
            rules = [rules]

        # Get selected rules from options
        selected = options.get("apply")
        if not isinstance(selected, list):
            r.error(400, "Invalid request options")

        # Validate selected rules
        for name in selected:
            if name not in names:
                r.error(400, "Invalid rule: %s" % name)

        # Merge selected rules
        cleanup = {}
        cascade = []
        for rule in rules:
            name = rule.get("name")
            if not name or name not in selected:
                continue
            field_rules = rule.get("fields")
            if field_rules:
                cleanup.update(field_rules)
            cascade_rules = rule.get("cascade")
            if cascade_rules:
                cascade.extend(cascade_rules)

        # Apply selected rules
        if cleanup or cascade:
            rules = {
                "fields": cleanup,
                "cascade": cascade,
            }

            # NB will raise (+roll back) if configuration is invalid
            cls.cascade(table, (record_id, ), rules)

            # Audit anonymize
            prefix, name = original_tablename(table).split("_", 1)
            current.audit(
                "anonymize",
                prefix,
                name,
                record=record_id,
                representation="html",
            )

            output = current.xml.json_message(updated=record_id)
        else:
            output = current.xml.json_message(msg="No applicable rules found")

        return output
예제 #3
0
파일: s3anonymize.py 프로젝트: nursix/eden
    def anonymize(cls, r, table, record_id):
        """
            Handle POST (anonymize-request), i.e. anonymize the target record

            @param r: the S3Request
            @param table: the target Table
            @param record_id: the target record ID

            @returns: JSON message
        """

        # Read+parse body JSON
        s = r.body
        s.seek(0)
        try:
            options = json.load(s)
        except JSONERRORS:
            options = None
        if not isinstance(options, dict):
            r.error(400, "Invalid request options")

        # Verify submitted action key against session (CSRF protection)
        widget_id = "%s-%s-anonymize" % (table, record_id)
        session_s3 = current.session.s3
        keys = session_s3.anonymize
        if keys is None or \
           widget_id not in keys or \
           options.get("key") != keys[widget_id]:
            r.error(400, "Invalid action key (form reopened in another tab?)")

        # Get the available rules from settings
        rules = current.s3db.get_config(table, "anonymize")
        if isinstance(rules, (tuple, list)):
            names = set(rule.get("name") for rule in rules)
            names.discard(None)
        else:
            # Single rule
            rules["name"] = "default"
            names = (rules["name"],)
            rules = [rules]

        # Get selected rules from options
        selected = options.get("apply")
        if not isinstance(selected, list):
            r.error(400, "Invalid request options")

        # Validate selected rules
        for name in selected:
            if name not in names:
                r.error(400, "Invalid rule: %s" % name)

        # Merge selected rules
        cleanup = {}
        cascade = []
        for rule in rules:
            name = rule.get("name")
            if not name or name not in selected:
                continue
            field_rules = rule.get("fields")
            if field_rules:
                cleanup.update(field_rules)
            cascade_rules = rule.get("cascade")
            if cascade_rules:
                cascade.extend(cascade_rules)

        # Apply selected rules
        if cleanup or cascade:
            rules = {"fields": cleanup, "cascade": cascade}

            # NB will raise (+roll back) if configuration is invalid
            cls.cascade(table, (record_id,), rules)

            # Audit anonymize
            prefix, name = original_tablename(table).split("_", 1)
            current.audit("anonymize", prefix, name,
                          record = record_id,
                          representation = "html",
                          )

            output = current.xml.json_message(updated=record_id)
        else:
            output = current.xml.json_message(msg="No applicable rules found")

        return output