def check_offer_is_editable(offer: Offer):
if not offer.isEditable:
error = ApiErrors()
error.status_code = 400
error.add_error('global',
"Les offres importées ne sont pas modifiables")
raise error
def check_and_save(*objects):
if not objects:
raise ValueError('Objects to save need to be passed as arguments' +
' to check_and_save')
# CUMULATE ERRORS IN ONE SINGLE API ERRORS DURING ADD TIME
api_errors = ApiErrors()
for obj in objects:
obj_api_errors = obj.errors()
if obj_api_errors.errors.keys():
api_errors.errors.update(obj_api_errors.errors)
else:
db.session.add(obj)
# CHECK BEFORE COMMIT
if api_errors.errors.keys():
raise api_errors
# COMMIT
try:
db.session.commit()
except DataError as de:
api_errors.addError(*BaseObject.restize_data_error(de))
raise api_errors
except IntegrityError as ie:
api_errors.addError(*BaseObject.restize_integrity_error(ie))
raise api_errors
except TypeError as te:
api_errors.addError(*BaseObject.restize_type_error(te))
raise api_errors
except ValueError as ve:
api_errors.addError(*BaseObject.restize_value_error(ve))
raise api_errors
if api_errors.errors.keys():
raise api_errors
def ensure_can_be_updated(self):
if self.lastProvider:
errors = ApiErrors()
errors.add_error(
'global',
'not allowed because data come from provider ' + element.lastProvider.name
)
raise errors
def get_offerer(id):
dehumanize_id = dehumanize(id)
for offerer in current_user.offerers:
if offerer.id == dehumanize_id:
return jsonify(offerer._asdict(include=OFFERERS_INCLUDES)), 200
e = ApiErrors()
e.addError('global', "Cette structure n'est pas enregistrée chez cet utilisateur.")
return jsonify(e.errors), 400
def ensure_current_user_has_rights(rights, offerer_id, user=current_user):
if not user.hasRights(rights, offerer_id):
errors = ApiErrors()
errors.add_error(
'global',
"Vous n'avez pas les droits d'accès suffisant pour accéder à cette information."
)
errors.status_code = 403
raise errors
def internal_error(error):
tb = traceback.format_exc()
oneline_stack = ''.join(tb).replace('\n', ' ### ')
app.logger.error('500 on %s %s — %s', request.method, request.url,
oneline_stack)
e = ApiErrors()
e.add_error(
'global', "Il semble que nous ayons des problèmes techniques :(" +
" On répare ça au plus vite.")
return jsonify(e.errors), 500
def list_offerers_venues(id):
dehumanize_id = dehumanize(id)
for offerer in current_user.offerers:
if offerer.id == dehumanize_id:
venues = [
o._asdict(include=VENUES_INCLUDES)
for o in offerer.managedVenues
]
return jsonify(venues), 200
e = ApiErrors()
e.addError('global', "Cette structure n'est pas enregistrée chez cet utilisateur.")
return jsonify(e.errors), 400
def check_single_order_by_string(order_by_string):
order_by_string = order_by_string.strip(' ')
optional_table_prefix = '("?\\w+"?\\.|)'
column_identifier = '"?\\w+"?'
optional_sorting_order = '(|\\s+desc|\\s+asc)'
if not re.match(
f'^{optional_table_prefix}{column_identifier}{optional_sorting_order}$',
order_by_string, re.IGNORECASE):
api_errors = ApiErrors()
api_errors.add_error('order_by',
'Invalid order_by field : "%s"' % order_by_string)
raise api_errors
def load_or_raise_error(obj_class, human_id):
data = obj_class.query.filter_by(id=dehumanize(human_id)).first()
if data is None:
errors = ApiErrors()
errors.add_error(
'global',
'Aucun objet ne correspond à cet identifiant dans notre base de données'
)
errors.status_code = 400
raise errors
else:
return data
def list_venue_providers():
venueId = request.args.get('venueId')
if venueId is None:
e = ApiErrors()
e.addError('venueId', 'Vous devez obligatoirement fournir le paramètre venueId')
return jsonify(e.errors), 400
vp_query = VenueProvider.query\
.filter_by(venueId=dehumanize(venueId))
return jsonify([
vp._asdict(include=VENUE_PROVIDER_INCLUDES)
for vp in vp_query.all()
])
def handle_rest_get_list(modelClass, query=None, filter_fn=None,
refine=None, order_by=None, flask_request=None,
include=None, resolve=None, print_elements=None,
paginate=None, page=None):
if flask_request is None:
flask_request = request
if query is None:
query = modelClass.query
# DELETED
if hasattr(modelClass, 'deleted'):
query = query.filter_by(deleted=False)
# FILTER
filters = flask_request.args.copy()
if filter_fn:
query = filter_fn(query, filters)
# REFINE
if refine:
query = refine(query)
# ORDER BY
if order_by:
try:
order_by = [order_by] if not isinstance(order_by, list)\
else order_by
query = query.order_by(*order_by)
except ProgrammingError as e:
field = re.search('column "?(.*?)"? does not exist', e._message, re.IGNORECASE)
if field:
errors = ApiErrors()
errors.addError('order_by', 'order_by value references an unknown field : '+field.group(1))
raise errors
else:
raise e
# PAGINATE
if paginate:
page = 'page' in filters and filters['page']
query = query.paginate(page, per_page=paginate, error_out=False)\
.items
# DICTIFY
elements = list(map(
lambda o: o._asdict(
include=include,
resolve=resolve,
filters=filters
),
query))
# PRINT
if print_elements:
print(elements)
# RETURN
return jsonify(elements), 200
def check_valid_edition(payload: dict):
forbidden_keys = {
'idAtProviders', 'dateModifiedAtLastProvider', 'thumbCount',
'firstThumbDominantColor', 'owningOffererId', 'id', 'lastProviderId',
'dateCreated'
}
all_keys = payload.keys()
keys_in_error = forbidden_keys.intersection(all_keys)
if keys_in_error:
errors = ApiErrors()
for key in keys_in_error:
errors.add_error(key,
'Vous ne pouvez pas modifier cette information')
raise errors
def check_offer_id_is_present_in_request(offer_id: str):
if offer_id is None:
errors = ApiErrors()
errors.status_code = 400
errors.add_error('global', 'Le paramètre offerId est obligatoire')
errors.maybe_raise()
raise errors
def edit_offer(offer_id):
updated_offer_dict = request.json
query = Offer.query.filter_by(id=dehumanize(offer_id))
offer = query.first_or_404()
ensure_provider_can_update(offer)
update(offer, updated_offer_dict)
try:
app.model.PcObject.check_and_save(offer)
except InternalError as ie:
if 'check_offer' in str(ie.orig):
ae = ApiErrors()
ae.addError(
'available', 'la quantité pour cette offre' +
' ne peut pas être inférieure' +
' au nombre de réservations existantes.')
return jsonify(ae.errors), 400
else:
raise ie
return jsonify(offer._asdict(include=OFFERS_INCLUDES)), 200
def query_with_order_by(query, order_by):
if order_by:
if type(order_by) == str:
order_by = text(order_by)
try:
order_by = [order_by] if not isinstance(order_by, list) \
else order_by
query = query.order_by(*order_by)
except ProgrammingError as e:
field = re.search('column "?(.*?)"? does not exist', e._message,
re.IGNORECASE)
if field:
errors = ApiErrors()
errors.add_error(
'order_by',
'order_by value references an unknown field : ' +
field.group(1))
raise errors
else:
raise e
return query
def export_table(model_name):
check_token()
ae = ApiErrors()
try:
model = app.model[model_name]
except KeyError:
ae.addError('global', 'Nom de classe incorrect : '+model_name)
return jsonify(ae.errors), 400
if not is_exportable(model_name):
ae.addError('global', 'Classe non exportable : '+model_name)
return jsonify(ae.errors), 400
objects = model.query.all()
csvfile = StringIO()
header = objects[0]._asdict().keys()
if model_name == 'User':
header = list(filter(lambda h: h!='id' and h!='password', header))
writer = csv.DictWriter(csvfile, header)
writer.writeheader()
for obj in objects:
dct = obj._asdict()
if model_name == 'User':
del(dct['password'])
del(dct['id'])
writer.writerow(dct)
csvfile.seek(0)
mem = BytesIO()
mem.write(csvfile.getvalue().encode('utf-8'))
mem.seek(0)
csvfile.close()
return send_file(mem,
attachment_filename='export.csv',
as_attachment=True)
def get_user_with_credentials(identifier: str, password: str) -> User:
with auto_close_db_transaction():
user = find_user_by_email(identifier)
errors = ApiErrors()
errors.status_code = 401
if not user:
errors.add_error('identifier', 'Identifiant incorrect')
raise errors
if not user.isValidated:
errors.add_error('identifier', "Ce compte n'est pas validé.")
raise errors
if not user.checkPassword(password):
errors.add_error('password', 'Mot de passe incorrect')
raise errors
return user
def find_or_make_recommendation(user,
occasion_type,
occasion_id,
mediation_id,
from_user_id=None):
query = Recommendation.query
print('(special) offer_id', occasion_id, 'mediation_id', mediation_id)
if not mediation_id and not (occasion_id and occasion_type):
return None
if mediation_id:
filter = (Recommendation.mediationId == mediation_id)
elif occasion_id and occasion_type:
if occasion_type == 'thing':
filter = (Recommendation.thingId == mediation_id)
elif occasion_type == 'event':
filter = (Recommendation.eventId == mediation_id)
else:
ae = ApiErrors()
ae.addError('occasion_type',
"Invalid occasion type : " + occasion_type)
raise ae
requested_recommendation = query.filter(filter & (Recommendation.userId==user.id))\
.first()
if requested_recommendation is None:
if mediation_id:
return None
elif occasion_type == 'thing':
occasion = Thing.query.get(occasion_id)
elif occasion_type == 'event':
occasion = Event.query.get(occasion_id)
mediation = Mediation.query.get(mediation_id)
requested_recommendation = create_recommendation(user,
occasion,
mediation=mediation)
return requested_recommendation
def check_token():
if EXPORT_TOKEN is None or EXPORT_TOKEN == '':
raise ValueError("Missing environment variable EXPORT_TOKEN")
token = request.args.get('token')
ae = ApiErrors()
if token is None:
ae.addError('token', 'Vous devez préciser un jeton dans l''adresse (token=XXX)')
if not token == EXPORT_TOKEN:
ae.addError('token', 'Le jeton est invalide')
if ae.errors:
raise ae
def create_mediation():
# TODO: Allow to receive a URL from request.form['thumb']
# save_thumb already does it so it should be easy, but I can't make it ...
if 'thumb' not in request.files\
or request.files['thumb'].filename == '':
e = ApiErrors()
e.addError('thumb', "Vous devez fournir une image d'accroche")
return jsonify(e.errors), 400
thumb = request.files['thumb']
filename_parts = thumb.filename.rsplit('.', 1)
if len(filename_parts)<2\
or filename_parts[1].lower() not in ALLOWED_EXTENSIONS:
e = ApiErrors()
e.addError('thumb', "Ce format d'image n'est pas autorisé")
return jsonify(e.errors), 400
offererId = dehumanize(request.form['offererId'])
ensure_current_user_has_rights(RightsType.editor, offererId)
new_mediation = Mediation()
new_mediation.author = current_user
new_mediation.eventId = dehumanize(request.form['eventId'])
new_mediation.offererId = offererId
app.model.PcObject.check_and_save(new_mediation)
if 'croppingRect[x]' in request.form:
crop = [
float(request.form['croppingRect[x]']),
float(request.form['croppingRect[y]']),
float(request.form['croppingRect[height]'])
]
else:
crop = None
new_mediation.save_thumb(thumb.read(), 0, crop=crop)
return jsonify(new_mediation), 201
def export_table(model_name):
_check_token()
ae = ApiErrors()
if model_name not in models.__all__:
ae.add_error('global', 'Classe inconnue : ' + model_name)
return jsonify(ae.errors), 400
try:
model = getattr(models, model_name)
except KeyError:
ae.add_error('global', 'Nom de classe incorrect : ' + model_name)
return jsonify(ae.errors), 400
if not _is_exportable(model_name):
ae.add_error('global', 'Classe non exportable : ' + model_name)
return jsonify(ae.errors), 400
objects = model.query.all()
if len(objects) == 0:
return "", 200
csvfile = StringIO()
header = _clean_dict_for_export(model_name, as_dict(objects[0])).keys()
if model_name == 'User':
header = list(filter(lambda h: h != 'id' and h != 'password', header))
writer = csv.DictWriter(csvfile, header, extrasaction='ignore')
writer.writeheader()
for obj in objects:
dct = _clean_dict_for_export(model_name, as_dict(obj))
writer.writerow(dct)
csvfile.seek(0)
mem = BytesIO()
mem.write(csvfile.getvalue().encode('utf-8'))
mem.seek(0)
csvfile.close()
return send_file(mem, attachment_filename='export.csv', as_attachment=True)
def send_401():
e = ApiErrors()
e.addError('global', 'Authentification nécessaire')
return jsonify(e.errors), 401
def get_user_with_credentials(identifier, password):
errors = ApiErrors()
errors.status_code = 401
if identifier is None:
errors.addError('identifier', 'Identifiant manquant')
if password is None:
errors.addError('password', 'Mot de passe manquant')
errors.maybeRaise()
user = User.query.filter_by(email=identifier).first()
if not user:
errors.addError('identifier', 'Identifiant incorrect')
raise errors
if not user.checkPassword(password):
errors.addError('password', 'Mot de passe incorrect')
raise errors
login_user(user, remember=True)
return user
def post_booking():
offer_id = request.json.get('offerId')
ae = ApiErrors()
if current_user.canBook == False:
ae.addError('canBook',
'L\'utilisateur n\'a pas le droit de réserver d\'offre')
return jsonify(ae.errors), 400
if offer_id is None:
ae.addError('offerId', 'Vous devez préciser un identifiant d\'offre')
return jsonify(ae.errors), 400
offer = Offer.query.filter_by(id=dehumanize(offer_id)).first()
if offer is None:
ae.addError('offerId', 'offerId ne correspond à aucune offer')
return jsonify(ae.errors), 400
if offer.bookingLimitDatetime is not None and\
offer.bookingLimitDatetime < datetime.utcnow():
ae.addError(
'global',
'la date limite de réservation de cette offre' + ' est dépassée')
return jsonify(ae.errors), 400
new_booking = Booking()
new_booking.offerId = dehumanize(offer_id)
token = random_token()
new_booking.token = token
new_booking.user = current_user
recommendation_id = request.json.get('recommendationId')
if recommendation_id is not None:
new_booking.recommendationId = dehumanize(recommendation_id)
try:
app.model.PcObject.check_and_save(new_booking)
except InternalError as ie:
if 'check_booking' in str(ie.orig):
ae.addError(
'global',
'la quantité disponible pour cette offre' + ' est atteinte')
return jsonify(ae.errors), 400
else:
raise ie
send_booking_recap_emails(app.model.Offer.query.get(new_booking.offerId),
new_booking)
return jsonify(new_booking._asdict(include=BOOKINGS_INCLUDES,
venueTz=True)), 201
def get_sandbox(module_name, getter_name):
if not hasattr(getters, module_name):
errors = ApiErrors()
errors.add_error(
'module',
'Il n\'existe pas de tel \"{}\" module de getters pour la sandbox'.
format(module_name))
raise errors
testcafes_module = getattr(getters, module_name)
if not hasattr(testcafes_module, getter_name):
errors = ApiErrors()
errors.add_error(
'getter',
'Il n\'existe pas de tel \"{} {}\" getter pour la sandbox'.format(
module_name, getter_name))
raise errors
getter = getattr(testcafes_module, getter_name)
try:
obj = getter()
return jsonify(obj)
except:
errors = ApiErrors()
errors.add_error(
'query',
'Une erreur s\'est produite lors du calcul de \"{} {}\" pour la sandbox'
.format(module_name, getter_name))
raise errors
def date_time_cast_error(error):
api_errors = ApiErrors()
app.logger.warning(json.dumps(error.errors))
for field in error.errors.keys():
api_errors.add_error(field, 'Format de date invalide')
return jsonify(api_errors.errors), 400
def invalid_id_for_dehumanize_error(error):
api_errors = ApiErrors()
api_errors.add_error('global', 'La page que vous recherchez n\'existe pas')
app.logger.error('404 %s' % str(error))
return jsonify(api_errors.errors), 404
def errors(self):
errors = ApiErrors()
data = self.__class__.__table__.columns._data
for key in data.keys():
col = data[key]
val = getattr(self, key)
if not isinstance(col, Column):
continue
if not col.nullable\
and not col.foreign_keys\
and not col.primary_key\
and col.default is None\
and val is None:
errors.addError(key, 'Cette information est obligatoire')
if val is None:
continue
if (isinstance(col.type, String) or isinstance(col.type, CHAR))\
and not isinstance(col.type, Enum)\
and not isinstance(val, str):
errors.addError(key, 'doit etre une chaine de caracteres')
if (isinstance(col.type, String) or isinstance(col.type, CHAR))\
and isinstance(val, str)\
and col.type.length\
and len(val)>col.type.length:
errors.addError(
key, 'Vous devez saisir moins de ' + str(col.type.length) +
' caracteres')
if isinstance(col.type, Integer)\
and not isinstance(val, int):
errors.addError(key, 'doit etre un entier')
if isinstance(col.type, Float)\
and not isinstance(val, float):
errors.addError(key, 'doit etre un nombre')
return errors
def decimal_cast_error(error):
api_errors = ApiErrors()
app.logger.warning(json.dumps(error.errors))
for field in error.errors.keys():
api_errors.add_error(field, 'Saisissez un nombre valide')
return jsonify(api_errors.errors), 400
def restize_invalid_header_exception(e):
e = ApiErrors()
e.add_error('global', 'Header non autorisé')
return jsonify(e.errors), 400
