def put(self, instance_id):
"""
Update a model with data given in the request body. JSON format is
expected. Model performs the validation automatically when fields are
modified.
"""
try:
data = self.get_arguments()
entity = self.get_model_or_404(instance_id)
self.check_update_permissions(entity.serialize(), data)
extra_data = copy.copy(entity.data) or {}
if "data" not in data or data["data"] is None:
data["data"] = {}
extra_data.update(data["data"])
data["data"] = extra_data
previous_version = entity.serialize()
data = self.update_data(data, instance_id)
if data.get("source_id", None) == "null":
data["source_id"] = None
is_ready_for_changed = \
str(entity.ready_for) != data.get("ready_for", "")
entity.update(data)
entity_dict = self.serialize_instance(entity)
if shots_service.is_shot(entity_dict):
shots_service.clear_shot_cache(entity_dict["id"])
self.save_version_if_needed(entity_dict, previous_version)
elif assets_service.is_asset(entity):
if is_ready_for_changed:
breakdown_service.refresh_casting_stats(entity_dict)
assets_service.clear_asset_cache(entity_dict["id"])
elif shots_service.is_sequence(entity_dict):
shots_service.clear_sequence_cache(entity_dict["id"])
elif shots_service.is_episode(entity_dict):
shots_service.clear_episode_cache(entity_dict["id"])
self.emit_update_event(entity_dict)
return entity_dict, 200
except StatementError as exception:
current_app.logger.error(str(exception), exc_info=1)
return {"error": True, "message": str(exception)}, 400
except TypeError as exception:
current_app.logger.error(str(exception), exc_info=1)
return {"error": True, "message": str(exception)}, 400
except IntegrityError as exception:
current_app.logger.error(str(exception), exc_info=1)
return {"error": True, "message": str(exception)}, 400
except StatementError as exception:
current_app.logger.error(str(exception), exc_info=1)
return {"error": True, "message": str(exception)}, 400
except NotFound as exception:
return {"error": True, "message": str(exception)}, 404
except Exception as exception:
current_app.logger.error(str(exception), exc_info=1)
return {"error": True, "message": str(exception)}, 400
def test_is_asset(self):
self.assertTrue(assets_service.is_asset(self.entity))
self.assertFalse(assets_service.is_asset(self.shot))
def check_metadata_department_access(entity, new_data={}):
"""
Return true if current user is a manager and has a task assigned for this
project or is a supervisor and is allowed to modify data accorded to
his departments
"""
is_allowed = False
if permissions.has_admin_permissions() or (
permissions.has_manager_permissions()
and check_belong_to_project(entity["project_id"])
):
is_allowed = True
elif permissions.has_supervisor_permissions() and check_belong_to_project(
entity["project_id"]
):
# checks that the supervisor only modifies columns
# for which he is authorized
allowed_columns = set(["data"])
if len(set(new_data.keys()) - allowed_columns) == 0:
user_departments = persons_service.get_current_user(
relations=True
)["departments"]
if user_departments == []:
is_allowed = True
else:
entity_type = None
if shots_service.is_shot(entity):
entity_type = "Shot"
elif assets_service.is_asset(
entities_service.get_entity_raw(entity["id"])
):
entity_type = "Asset"
elif edits_service.is_edit(entity):
entity_type = "Edit"
if entity_type:
descriptors = [
descriptor
for descriptor in projects_service.get_metadata_descriptors(
entity["project_id"]
)
if descriptor["entity_type"] == entity_type
]
found_and_in_departments = False
for descriptor_name in new_data["data"].keys():
found_and_in_departments = False
for descriptor in descriptors:
if descriptor["field_name"] == descriptor_name:
found_and_in_departments = (
len(
set(descriptor["departments"])
& set(user_departments)
)
> 0
)
break
if not found_and_in_departments:
break
if found_and_in_departments:
is_allowed = True
if not is_allowed:
raise permissions.PermissionDenied
return is_allowed
