def get(self, id):
try:
id = int(id)
except:
raise HTTPForbidden()
if id != context.identity.payload['memberId']:
raise HTTPForbidden()
member = DBSession.query(Member).filter(Member.id == id).one_or_none()
if not member:
raise HTTPForbidden()
return member
def get_access_token(self, authorization_code):
if authorization_code is None:
raise HTTPForbidden()
response = requests.request(
'CREATE',
f'{settings.oauth.url}/apiv1/accesstokens',
data=dict(code=authorization_code,
secret=settings.oauth['secret'],
applicationId=settings.oauth['application_id']))
if response.status_code == 404:
raise CASServerNotFound()
# 502: Bad Gateway
# 503: Service Unavailbale
if response.status_code in (502, 503):
raise CASServerNotAvailable()
if response.status_code == 500:
raise CASInternallError()
if response.status_code != 200:
raise HTTPUnauthorized()
result = json.loads(response.text)
return result['accessToken'], result['memberId']
def assert_roles(self, *roles):
"""
.. versionadded:: 0.29
:param roles:
:return:
"""
if roles and not self.is_in_roles(*roles):
raise HTTPForbidden()
def get(self):
access_token = context.environ['HTTP_AUTHORIZATION']
if _cas_server_status != 'idle':
raise HTTPStatus(_cas_server_status)
if 'access token' in access_token:
return dict(
id=1,
title='manager1',
email='*****@*****.**',
avatar='avatar1',
)
raise HTTPForbidden()
def edit(self, id):
id = int_or_notfound(id)
new_message_body = context.form.get('body')
message = DBSession.query(Message).get(id)
if message is None:
raise HTTPNotFound()
if message.is_deleted:
raise HTTPStatus('616 Message Already Deleted')
if message.sender_id != Member.current().id:
raise HTTPForbidden()
message.body = new_message_body
DBSession.add(message)
DBSession.flush()
queues.push(settings.messaging.workers_queue, message.to_dict())
return message
def get_access_token(self, authorization_code):
if authorization_code is None:
raise HTTPForbidden()
url = f'{settings.oauth.url}/apiv1/accesstokens'
response = requests.request(
'CREATE',
url,
data=dict(code=authorization_code,
secret=settings.oauth['secret'],
applicationId=settings.oauth['application_id']))
logger.debug(
f'CREATE {url} - ' \
f'authorizationCode="{authorization_code}" - ' \
f'secret={settings.oauth["secret"]} - ' \
f'applicationId={settings.oauth["application_id"]} - ' \
f'response-HTTP-code={response.status_code} - ' \
f'target-application={self._server_name}'
)
if response.status_code == 404:
raise StatusCASServerNotFound()
if response.status_code == 503:
raise StatusCASServerNotAvailable()
if response.status_code == 605:
raise StatusInvalidApplicationID()
if response.status_code == 608:
raise StatusInvalidSecret()
if response.status_code in (609, 610):
raise HTTPUnauthorized
if response.status_code != 200:
logger.error(response.content.decode())
raise StatusCASServerInternalError()
result = json.loads(response.text)
return result['accessToken'], result['memberId']
def delete(self, id):
try:
id = int(id)
except:
raise HTTPStatus('707 Invalid MessageId')
message = DBSession.query(Message) \
.filter(Message.id == id) \
.one_or_none()
if message is None:
raise HTTPStatus('614 Message Not Found')
if message.is_deleted:
raise HTTPStatus('616 Message Already Deleted')
if not message.sender_id == Member.current().id:
raise HTTPForbidden()
message.body = 'This message is deleted'
message.mimetype = 'text/plain'
message.soft_delete()
DBSession.flush()
queues.push(settings.messaging.workers_queue, message.to_dict())
return message