def setUp(self): db = DAL("sqlite:memory") db.define_table("color", Field("name", requires=IS_NOT_IN_DB(db, "color.name"))) db.color.insert(name="red") db.color.insert(name="green") db.color.insert(name="blue") db.define_table("thing", Field("name"), Field("color", "reference color")) db.thing.insert(name="Chair", color=1) db.thing.insert(name="Chair", color=2) db.thing.insert(name="Table", color=1) db.thing.insert(name="Table", color=3) db.thing.insert(name="Lamp", color=2) db.define_table( "rel", Field("a", "reference thing"), Field("desc"), Field("b", "reference thing"), ) db.rel.insert(a=1, b=2, desc="is like") db.rel.insert(a=3, b=4, desc="is like") db.rel.insert(a=1, b=3, desc="is under") db.rel.insert(a=2, b=4, desc="is under") db.rel.insert(a=5, b=4, desc="is above") api = RestAPI(db, ALLOW_ALL_POLICY) self.db = db self.api = api
def setUp(self): db = DAL('sqlite:memory') db.define_table('color', Field('name', requires=IS_NOT_IN_DB(db, 'color.name'))) db.color.insert(name='red') db.color.insert(name='green') db.color.insert(name='blue') db.define_table('thing', Field('name'), Field('color', 'reference color')) db.thing.insert(name='Chair', color=1) db.thing.insert(name='Chair', color=2) db.thing.insert(name='Table', color=1) db.thing.insert(name='Table', color=3) db.thing.insert(name='Lamp', color=2) db.define_table('rel', Field('a', 'reference thing'), Field('desc'), Field('b', 'reference thing')) db.rel.insert(a=1, b=2, desc='is like') db.rel.insert(a=3, b=4, desc='is like') db.rel.insert(a=1, b=3, desc='is under') db.rel.insert(a=2, b=4, desc='is under') db.rel.insert(a=5, b=4, desc='is above') api = RestAPI(db, ALLOW_ALL_POLICY) self.db = db self.api = api
def api(tablename, rec_id=None): return RestAPI(db, policy)(request.method, tablename, rec_id, request.GET, request.POST )
def api(path): # this is not final, requires pydal 19.5 args = path.split('/') app_name = args[0] from py4web.core import Reloader, DAL from pydal.restapi import RestAPI, ALLOW_ALL_POLICY, DENY_ALL_POLICY if MODE == 'full': policy = ALLOW_ALL_POLICY else: policy = DENY_ALL_POLICY module = Reloader.MODULES[app_name] def url(*args): return request.url + '/' + '/'.join(args) databases = [name for name in dir(module) if isinstance(getattr(module, name), DAL)] if len(args) == 1: def tables(name): db = getattr(module, name) return [{'name': t._tablename, 'fields': t.fields, 'link': url(name, t._tablename)+'?model=true'} for t in getattr(module, name)] return {'databases': [{'name':name, 'tables': tables(name)} for name in databases]} elif len(args) > 2 and args[1] in databases: db = getattr(module, args[1]) id = args[3] if len(args) == 4 else None data = action.uses(db)(lambda: RestAPI(db, policy)( request.method, args[2], id, request.query, request.json))() else: data = {} if 'code' in data: response.status = data['code'] return data
def api(): return RestAPI(db, policy)( request.method, request.args(0), # tablename request.args(1), # id request.get_vars, request.post_vars)
def __init__(self, db, policy=None, auth=None, path="service/{uuid}/<tablename>"): self.db = db self.policy = policy self.restapi = RestAPI(self.db, policy) self.path = path.format(uuid=str(uuid.uuid4())) args = [db, auth] if auth else [db] f = action.uses(*args)(self.api) f = action(self.path, method=["GET", "POST"])(f) f = action(self.path + "/<id:int>", method=["PUT", "DELETE"])(f)
def api(path): # this is not final, requires pydal 19.5 args = path.split("/") app_name = args[0] from py4web.core import Reloader, DAL from pydal.restapi import RestAPI, Policy if MODE != "full": raise HTTP(403) module = Reloader.MODULES[app_name] def url(*args): return request.url + "/" + "/".join(args) databases = [ name for name in dir(module) if isinstance(getattr(module, name), DAL) ] if len(args) == 1: def tables(name): db = getattr(module, name) return [ { "name": t._tablename, "fields": t.fields, "link": url(name, t._tablename) + "?model=true", } for t in getattr(module, name) ] return { "databases": [ {"name": name, "tables": tables(name)} for name in databases ] } elif len(args) > 2 and args[1] in databases: db = getattr(module, args[1]) id = args[3] if len(args) == 4 else None policy = Policy() for table in db: policy.set(table._tablename, 'GET', authorize=True, allowed_patterns=["**"], allow_lookup=True, fields=table.fields) policy.set(table._tablename,'PUT', authorize=True, fields=table.fields) policy.set(table._tablename,'POST', authorize=True, fields=table.fields) policy.set(table._tablename,'DELETE', authorize=True) data = action.uses(db, T)( lambda: RestAPI(db, policy)( request.method, args[2], id, request.query, request.json ) )() else: data = {} if "code" in data: response.status = data["code"] return data
def __init__(self, db, policy=None, auth=None, path='service/{uuid}/<tablename>'): self.db = db self.policy = policy self.restapi = RestAPI(self.db, policy) self.path = path.format(uuid=str(uuid.uuid4())) args = [db, auth] if auth else [db] f = action.uses(*args)(self.api) f = action(self.path, method=['GET', 'POST'])(f) f = action(self.path + '/<id:int>', method=['PUT', 'DELETE'])(f)
def api(path): # this is not final, requires pydal 19.5 args = path.split("/") app_name = args[0] from py4web.core import Reloader, DAL from pydal.restapi import RestAPI, ALLOW_ALL_POLICY, DENY_ALL_POLICY if MODE == "full": policy = ALLOW_ALL_POLICY else: policy = DENY_ALL_POLICY module = Reloader.MODULES[app_name] def url(*args): return request.url + "/" + "/".join(args) databases = [ name for name in dir(module) if isinstance(getattr(module, name), DAL) ] if len(args) == 1: def tables(name): db = getattr(module, name) return [ { "name": t._tablename, "fields": t.fields, "link": url(name, t._tablename) + "?model=true", } for t in getattr(module, name) ] return { "databases": [ {"name": name, "tables": tables(name)} for name in databases ] } elif len(args) > 2 and args[1] in databases: db = getattr(module, args[1]) id = args[3] if len(args) == 4 else None data = action.uses(db, T)( lambda: RestAPI(db, policy)( request.method, args[2], id, request.query, request.json ) )() else: data = {} if "code" in data: response.status = data["code"] return data
def apisec(tablename, rec_id=None): token = jwt_token_from_header() if token: try: jwt.decode(token, 'secret', algorithms=['HS256']) return RestAPI(db, policy)(request.method, tablename, rec_id, request.GET, request.POST ) except jwt.ExpiredSignatureError: return json.dumps({'error': 403, 'message': 'Token Expired'}) except jwt.InvalidSignatureError: return json.dumps({'error': 403, 'message': 'JWT Signature failed!'}) except: return json.dumps({'error': 403, 'message': 'User not found'}) else: return json.dumps({'error': 403, 'message': 'Token required!'})
def __init__( self, table, query=None, fields=None, limit=100, create=True, editable=True, deletable=True, ): self.db = table._db self.table = table self.query = query self.fields = fields or [f.name for f in table if f.readable] self.limit = limit self.create = create self.editable = editable self.deletable = deletable self.policy = Policy() self.policy.set( table._tablename, "GET", query=query, authorize=True, allowed_patterns=["*"], fields=fields, limit=limit, ) self.restapi = RestAPI(self.db, self.policy) self.labels = {} self.renderers = {"id": self.idlink} self.guessing_renderers = [ GuessingRenderers.hide_null, GuessingRenderers.boolean_renderer, GuessingRenderers.link_renderer, GuessingRenderers.list_renderer, GuessingRenderers.dict_renderer, GuessingRenderers.html_renderer, GuessingRenderers.large_text_renderer, ] self.form_attributes = {} self.T = lambda value: value self.denormalize = {}
def api(path): # this is not final, requires pydal 19.5 args = path.split("/") app_name = args[0] if MODE != "full": raise HTTP(403) module = Reloader.MODULES.get(app_name) if not module: raise HTTP(404) def url(*args): return request.url + "/" + "/".join(args) databases = [ name for name in dir(module) if isinstance(getattr(module, name), DAL) ] if len(args) == 1: def tables(name): db = getattr(module, name) make_safe(db) return [ { "name": t._tablename, "fields": t.fields, "link": url(name, t._tablename) + "?model=true", } for t in getattr(module, name) ] return { "databases": [ {"name": name, "tables": tables(name)} for name in databases ] } elif len(args) > 2 and args[1] in databases: db = getattr(module, args[1]) make_safe(db) id = args[3] if len(args) == 4 else None policy = Policy() for table in db: policy.set( table._tablename, "GET", authorize=True, allowed_patterns=["**"], allow_lookup=True, fields=table.fields, ) policy.set(table._tablename, "PUT", authorize=True, fields=table.fields) policy.set( table._tablename, "POST", authorize=True, fields=table.fields ) policy.set(table._tablename, "DELETE", authorize=True) # must wrap into action uses to make sure it closes transactions data = action.uses(db)(lambda: RestAPI(db, policy)( request.method, args[2], id, request.query, request.json ))() else: data = {} if "code" in data: response.status = data["code"] return data