def get_volumes(): current_app.authz.perform_authorization(('/volumes/*', Action.READ)) q = request.args.get('q', "*:*") try: from_ = int(request.args.get('from', 0)) except ValueError: raise ApiError("Bad Request", 400, details="could not covert 'from' parameter to number") try: size = int(request.args.get('size', 10)) except ValueError: raise ApiError("Bad Request", 400, details="could not covert 'size' parameter to number") if size > current_app.config['MAX_RESULTS_PER_PAGE']: raise ApiError("Request Entity Too Large", 413, details="'size' parameter is too high") q_res = current_app.archivant._db.get_books_querystring(query=q, from_=from_, size=size) volumes = map(Archivant.normalize_volume, q_res['hits']['hits']) next_args = "?q={}&from={}&size={}".format(q, from_ + size, size) prev_args = "?q={}&from={}&size={}".format( q, from_ - size if ((from_ - size) > -1) else 0, size) base_url = url_for('.get_volumes', _external=True) res = { 'link_prev': base_url + prev_args, 'link_next': base_url + next_args, 'total': q_res['hits']['total'], 'data': volumes } return jsonify(res)
def receive_metadata(optional=False): if optional and 'metdata' not in request.values: return {} try: metadata = json.loads(request.values['metadata']) except KeyError: raise ApiError("malformed request", 400, details="missing 'metadata' in request") except Exception, e: raise ApiError("malformed metadata", 400, details=str(e))
def update_volume(volumeID): current_app.authz.perform_authorization( ('/volumes/{}'.format(volumeID), Action.UPDATE)) request.on_json_loading_failed = on_json_load_error metadata = request.get_json() # the next two lines should be removed when Flask version is >= 1.0 if not metadata: raise ApiError("Unsupported media type", 415) try: current_app.archivant.update_volume(volumeID, metadata) except NotFoundException, e: raise ApiError("volume not found", 404, details=str(e))
def update_user(userID): current_app.authz.perform_authorization( ('/users/{}'.format(userID), Action.UPDATE)) request.on_json_loading_failed = on_json_load_error userData = request.get_json() # the next two lines should be removed when Flask version is >= 1.0 if not userData: raise ApiError("Unsupported media type", 415) try: users.api.update_user(userID, userData) except users.api.NotFoundException, e: raise ApiError("Not found", 404, details=str(e))
def update_capability(capID): current_app.authz.perform_authorization( ('/capabilities/{}'.format(capID), Action.UPDATE)) request.on_json_loading_failed = on_json_load_error capData = request.get_json() # the next two lines should be removed when Flask version is >= 1.0 if not capData: raise ApiError("Unsupported media type", 415) if 'actions' in capData: capData['action'] = Action.from_list(capData.pop('actions')) try: users.api.update_capability(capID, capData) except users.api.NotFoundException, e: raise ApiError("Not found", 404, details=str(e))
def add_group(): current_app.authz.perform_authorization(('/groups/*', Action.CREATE)) request.on_json_loading_failed = on_json_load_error groupData = request.get_json() # the next two lines should be removed when Flask version is >= 1.0 if not groupData: raise ApiError("Unsupported media type", 415) name = groupData.get('name', None) if not name: raise ApiError("Bad Request", 400, details="missing 'name' parameter") try: group = users.api.add_group(name=name) except users.api.ConflictException, e: raise ApiError("Conflict", 409, details=str(e))
def delete_volume(volumeID): current_app.authz.perform_authorization( ('/volumes/{}'.format(volumeID), Action.DELETE)) try: current_app.archivant.delete_volume(volumeID) except NotFoundException, e: raise ApiError("volume not found", 404, details=str(e))
def add_user_to_group(groupID, userID): current_app.authz.perform_authorization( ('/groups/{}/users/{}'.format(groupID, userID), Action.CREATE)) try: users.api.add_user_to_group(userID, groupID) except users.api.NotFoundException, e: raise ApiError("Not found", 404, details=str(e))
def get_attachments(volumeID): current_app.authz.perform_authorization( ('/volumes/{}/attachments/*'.format(volumeID), Action.READ)) try: atts = current_app.archivant.get_volume(volumeID)['attachments'] except NotFoundException, e: raise ApiError("volume not found", 404, details=str(e))
def delete_capability_from_group(groupID, capID): current_app.authz.perform_authorization( ('/groups/{}/capabilities/{}'.format(groupID, capID), Action.DELETE)) try: users.api.remove_capability_from_group(capID, groupID) except users.api.NotFoundException, e: raise ApiError("Not found", 404, details=str(e))
def get_groups_of_user(userID): current_app.authz.perform_authorization( ('/users/{}/groups/*'.format(userID), Action.READ)) try: groups = [{'id': g.id} for g in users.api.get_groups_of_user(userID)] except users.api.NotFoundException, e: raise ApiError("Not found", 404, details=str(e))
def get_capability(capID): current_app.authz.perform_authorization( ('/capabilities/{}'.format(capID), Action.READ)) try: cap = users.api.get_capability(capID) except users.api.NotFoundException, e: raise ApiError("Not found", 404, details=str(e))
def delete_group(groupID): current_app.authz.perform_authorization( ('/groups/{}'.format(groupID), Action.DELETE)) try: users.api.delete_group(id=groupID) except users.api.NotFoundException, e: raise ApiError("Not found", 404, details=str(e))
def get_users_in_group(groupID): current_app.authz.perform_authorization( ('/groups/{}/users/*'.format(groupID), Action.READ)) try: us = [{'id': u.id} for u in users.api.get_users_in_group(groupID)] except users.api.NotFoundException, e: raise ApiError("Not found", 404, details=str(e))
def get_user(userID): current_app.authz.perform_authorization( ('/users/{}'.format(userID), Action.READ)) try: u = users.api.get_user(id=userID) except users.api.NotFoundException, e: raise ApiError("Not found", 404, details=str(e))
def add_volume(): current_app.authz.perform_authorization(('/volumes/*', Action.CREATE)) metadata = receive_volume_metadata() try: volumeID = current_app.archivant.insert_volume(metadata) except ValueError, e: raise ApiError("malformed metadata", 400, details=str(e))
def get_file(volumeID, attachmentID): current_app.authz.perform_authorization( ('/volumes/{}/attachments/{}'.format(volumeID, attachmentID), Action.READ)) try: return send_attachment_file(current_app.archivant, volumeID, attachmentID) except NotFoundException, e: raise ApiError("file not found", 404, details=str(e))
def update_attachment(volumeID, attachmentID): current_app.authz.perform_authorization( ('/volumes/{}/attachments/{}'.format(volumeID, attachmentID), Action.UPDATE)) metadata = receive_metadata() try: current_app.archivant.update_attachment(volumeID, attachmentID, metadata) except ValueError, e: raise ApiError("malformed request", 400, details=str(e))
def get_capabilities_of_group(groupID): current_app.authz.perform_authorization( ('/groups/{}/capabilities/*'.format(groupID), Action.READ)) try: caps = [ cap.to_dict() for cap in users.api.get_capabilities_of_group(groupID) ] except users.api.NotFoundException, e: raise ApiError("Not found", 404, details=str(e))
def receive_volume_metadata(): metadata = receive_metadata() # TODO check also for preset consistency? requiredFields = ['_language'] for requiredField in requiredFields: if requiredField not in metadata: raise ApiError( "malformed metadata", 400, details="Required field '{}' is missing in metadata".format( requiredField)) return metadata
def add_attachments(volumeID): current_app.authz.perform_authorization( ('/volumes/{}/attachments/*'.format(volumeID), Action.CREATE)) metadata = receive_metadata(optional=True) if 'file' not in request.files: raise ApiError("malformed request", 400, details="file not found under 'file' key") upFile = request.files['file'] tmpFileFd, tmpFilePath = tempfile.mkstemp() upFile.save(tmpFilePath) fileInfo = {} fileInfo['file'] = tmpFilePath fileInfo['name'] = secure_filename(upFile.filename) fileInfo['mime'] = upFile.mimetype fileInfo['notes'] = metadata.get('notes', '') # close fileDescriptor os.close(tmpFileFd) try: attachmentID = current_app.archivant.insert_attachments( volumeID, attachments=[fileInfo])[0] except NotFoundException, e: raise ApiError("volume not found", 404, details=str(e))
def add_capability(): current_app.authz.perform_authorization(('/capabilities/*', Action.CREATE)) request.on_json_loading_failed = on_json_load_error capData = request.get_json() # the next two lines should be removed when Flask version is >= 1.0 if not capData: raise ApiError("Unsupported media type", 415) domain = capData.get('domain', None) if not domain: raise ApiError("Bad Request", 400, details="missing 'domain' parameter") actions = capData.get('actions', None) if not actions: raise ApiError("Bad Request", 400, details="missing 'actions' parameter") cap = users.api.add_capability(domain=domain, action=Action.from_list(actions)) link_self = url_for('.get_capability', capID=cap.id, _external=True) response = jsonify({'data': {'id': cap.id, 'link_self': link_self}}) response.status_code = 201 response.headers['Location'] = link_self return response
@route('/volumes/<volumeID>', methods=['PUT']) def update_volume(volumeID): current_app.authz.perform_authorization( ('/volumes/{}'.format(volumeID), Action.UPDATE)) request.on_json_loading_failed = on_json_load_error metadata = request.get_json() # the next two lines should be removed when Flask version is >= 1.0 if not metadata: raise ApiError("Unsupported media type", 415) try: current_app.archivant.update_volume(volumeID, metadata) except NotFoundException, e: raise ApiError("volume not found", 404, details=str(e)) except ValueError, e: raise ApiError("malformed metadata", 400, details=str(e)) return make_success_response("volume successfully updated", 201) @route('/volumes/<volumeID>', methods=['GET']) def get_volume(volumeID): current_app.authz.perform_authorization( ('/volumes/{}'.format(volumeID), Action.READ)) try: volume = current_app.archivant.get_volume(volumeID) except NotFoundException, e: raise ApiError("volume not found", 404, details=str(e)) return jsonify({'data': volume}) @route('/volumes/<volumeID>', methods=['DELETE'])
def not_authorized_handler(error): return apiErrorHandler(ApiError('Unauthorized Request', 403))
def exceptionHandler(e): current_app.logger.exception(e) return apiErrorHandler(ApiError("internal server error", 500))
def getJson(url): response = requests.get(url) if response.status_code != 200: raise ApiError(response.status_code, url) return response.json()
def apiNotFound(invalid_path): raise ApiError("invalid URI", 404)