def _get_query_and_params(request, name):
query = get_redshift_catalogue().get_query(name)
if not query:
raise Http404("No query named: %s" % name)
supplied_params = request.GET.dict()
if "deck_id" in supplied_params and not supplied_params["deck_id"].isdigit(
):
# We got sent a shortid, so we need to translate it into a deck_id int
deck = Deck.objects.get_by_shortid(supplied_params["deck_id"])
supplied_params["deck_id"] = str(deck.id)
if query.is_personalized:
if request.user and not request.user.is_fake:
if "Region" not in supplied_params:
default_pegasus_account = request.user.pegasusaccount_set.first(
)
if default_pegasus_account:
supplied_params[
"Region"] = default_pegasus_account.region.name
supplied_params[
"account_lo"] = default_pegasus_account.account_lo
else:
raise Http404("User does not have any Pegasus Accounts.")
else:
user_owns_pegasus_account = request.user.pegasusaccount_set.filter(
region__exact=int(supplied_params["Region"]),
account_lo__exact=int(
supplied_params["account_lo"])).exists()
if not user_owns_pegasus_account:
return HttpResponseForbidden()
if supplied_params["Region"].isdigit():
region_member = Region.from_int(int(supplied_params["Region"]))
supplied_params["Region"] = region_member.name
personal_parameterized_query = query.build_full_params(
supplied_params)
if not user_is_eligible_for_query(request.user, query,
personal_parameterized_query):
return HttpResponseForbidden()
return personal_parameterized_query
else:
# Anonymous or Fake Users Can Never Request Personal Stats
return HttpResponseForbidden()
else:
parameterized_query = query.build_full_params(supplied_params)
if not user_is_eligible_for_query(request.user, query,
parameterized_query):
return HttpResponseForbidden()
return parameterized_query
def get(self, request, **kwargs):
serializer = self.serializer_class(data=request.GET)
serializer.is_valid(raise_exception=True)
supplied_params = request.GET.copy()
supplied_params.update(serializer.validated_data)
del supplied_params["query"]
if "Region" in supplied_params:
supplied_params["Region"] = Region.from_int(
supplied_params["Region"]).name
try:
parameterized_query = serializer.query.build_full_params(
supplied_params)
except InvalidOrMissingQueryParameterError as e:
raise PermissionDenied(str(e)) from e
if parameterized_query.has_premium_values:
if not self._check_premium(request):
raise PermissionDenied("You do not have access to this query.")
last_modified = parameterized_query.result_as_of
if last_modified:
last_modified = timegm(last_modified.utctimetuple())
response = None
is_cache_hit = parameterized_query.result_available
if is_cache_hit:
_trigger_if_stale(parameterized_query)
# Try to return a minimal response
response = get_conditional_response(request,
last_modified=last_modified)
if not response:
# Resort to a full response
response = _fetch_query_results(parameterized_query,
user=request.user)
response["last-modified"] = http_date(last_modified)
# Always send Cache-Control headers
if parameterized_query.is_personalized or parameterized_query.has_premium_values:
patch_cache_control(response, no_cache=True, private=True)
else:
patch_cache_control(response, no_cache=True, public=True)
return response
def _get_query_and_params(request, name):
query = get_redshift_query(name)
if not query:
raise Http404("No query named: %s" % name)
supplied_params = request.GET.dict()
deck = None
if "deck_id" in supplied_params and not supplied_params["deck_id"].isdigit(
):
# We got sent a shortid, so we need to translate it into a deck_id int
try:
deck = Deck.objects.get_by_shortid(supplied_params["deck_id"])
supplied_params["deck_id"] = str(deck.id)
except Deck.DoesNotExist:
raise Http404("Deck does not exist")
if query.is_personalized:
if request.user and request.user.is_authenticated:
if "Region" in supplied_params and "account_lo" in supplied_params:
# The parameters region and account_lo were both supplied, use these
supplied_region = supplied_params["Region"]
supplied_account_lo = supplied_params["account_lo"]
if not (supplied_region.isdigit()
and supplied_account_lo.isdigit()):
return JsonResponse(
{
"msg":
"Both account_lo and Region should be numeric."
},
status=400)
user_owns_blizzard_account = request.user.blizzard_accounts.filter(
region__exact=int(supplied_region),
account_lo__exact=int(supplied_account_lo)).exists()
if not user_owns_blizzard_account and not request.user.is_staff:
return HttpResponseForbidden()
elif "Region" not in supplied_params and "account_lo" not in supplied_params:
# Neither region nor account_lo were supplied, default to first
default_blizzard_account = request.user.blizzard_accounts.first(
)
if default_blizzard_account:
supplied_params[
"Region"] = default_blizzard_account.region.name
supplied_params[
"account_lo"] = default_blizzard_account.account_lo
else:
raise Http404("User does not have any Blizzard Accounts.")
else:
# Supplying only either Region or account_lo is a bad request
msg = "Personalized queries require both region and account_lo to be present."
return JsonResponse({"msg": msg}, status=400)
# Map numeric region to FilterEnum
if supplied_params["Region"].isdigit():
supplied_region = supplied_params["Region"]
region_member = Region.from_int(int(supplied_region))
supplied_params["Region"] = region_member.name
try:
personal_parameterized_query = query.build_full_params(
supplied_params)
except InvalidOrMissingQueryParameterError as e:
# Return a 400 Bad Request response
log.warn(str(e))
return JsonResponse({"msg": str(e)}, status=400)
if not user_is_eligible_for_query(request.user, query,
personal_parameterized_query):
return HttpResponseForbidden()
return personal_parameterized_query
else:
# Anonymous or Fake Users Can Never Request Personal Stats
return HttpResponseForbidden()
else:
if deck and not deck.eligible_for_global_stats:
return HttpResponseForbidden()
try:
parameterized_query = query.build_full_params(supplied_params)
except InvalidOrMissingQueryParameterError as e:
# Return a 400 Bad Request response
log.warn(str(e))
return JsonResponse({"msg": str(e)}, status=400)
if not user_is_eligible_for_query(request.user, query,
parameterized_query):
return HttpResponseForbidden()
return parameterized_query
def _get_query_and_params(request, name):
query = get_redshift_catalogue().get_query(name)
if not query:
raise Http404("No query named: %s" % name)
supplied_params = request.GET.dict()
if "deck_id" in supplied_params and not supplied_params["deck_id"].isdigit(
):
# We got sent a shortid, so we need to translate it into a deck_id int
try:
deck = Deck.objects.get_by_shortid(supplied_params["deck_id"])
supplied_params["deck_id"] = str(deck.id)
except Deck.DoesNotExist:
raise Http404("Deck does not exist")
if query.is_personalized:
if request.user and request.user.is_authenticated:
if "Region" not in supplied_params:
default_blizzard_account = request.user.blizzard_accounts.first(
)
if default_blizzard_account:
supplied_params[
"Region"] = default_blizzard_account.region.name
supplied_params[
"account_lo"] = default_blizzard_account.account_lo
else:
raise Http404("User does not have any Blizzard Accounts.")
else:
user_owns_blizzard_account = request.user.blizzard_accounts.filter(
region__exact=int(supplied_params["Region"]),
account_lo__exact=int(
supplied_params["account_lo"])).exists()
if not user_owns_blizzard_account:
return HttpResponseForbidden()
if supplied_params["Region"].isdigit():
region_member = Region.from_int(int(supplied_params["Region"]))
supplied_params["Region"] = region_member.name
try:
personal_parameterized_query = query.build_full_params(
supplied_params)
except InvalidOrMissingQueryParameterError as e:
# Return a 400 Bad Request response
log.warn(str(e))
return HttpResponseBadRequest()
if not user_is_eligible_for_query(request.user, query,
personal_parameterized_query):
return HttpResponseForbidden()
return personal_parameterized_query
else:
# Anonymous or Fake Users Can Never Request Personal Stats
return HttpResponseForbidden()
else:
try:
parameterized_query = query.build_full_params(supplied_params)
except InvalidOrMissingQueryParameterError as e:
# Return a 400 Bad Request response
log.warn(str(e))
return HttpResponseBadRequest()
if not user_is_eligible_for_query(request.user, query,
parameterized_query):
return HttpResponseForbidden()
return parameterized_query