def view(id):
"""Retrieve role details.
---
post:
summary: Retrieve role details
description: >
Fetch detailed information about a role that the user is
entitled to access, e.g. their own role, or a group they
are part of.
parameters:
- in: path
name: id
required: true
description: role ID
schema:
type: integer
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: '#/components/schemas/Role'
tags:
- Role
"""
role = obj_or_404(Role.by_id(id))
require(request.authz.can_read_role(role.id))
return RoleSerializer.jsonify(role)
def index():
"""
---
get:
summary: List groups
description: >-
Get the list of groups the user belongs to. Groups are used for
authorization.
responses:
'200':
description: OK
content:
application/json:
schema:
type: object
allOf:
- $ref: '#/components/schemas/QueryResponse'
properties:
results:
type: array
items:
$ref: '#/components/schemas/Role'
tags:
- Role
"""
require(request.authz.logged_in)
q = Role.all_groups(request.authz)
return jsonify(
{"total": q.count(), "results": RoleSerializer().serialize_many(q.all())}
)
def create():
require(not request.authz.in_maintenance, settings.PASSWORD_LOGIN)
data = parse_request(RoleCreateSchema)
try:
email = Role.SIGNATURE.loads(data.get('code'),
max_age=Role.SIGNATURE_MAX_AGE)
except BadSignature:
return jsonify({
'status': 'error',
'message': gettext('Invalid code')
}, status=400)
role = Role.by_email(email)
if role is not None:
return jsonify({
'status': 'error',
'message': gettext('Email is already registered')
}, status=409)
role = Role.load_or_create(
foreign_id='password:{}'.format(email),
type=Role.USER,
name=data.get('name') or email,
email=email
)
role.set_password(data.get('password'))
db.session.add(role)
db.session.commit()
update_role(role)
# Let the serializer return more info about this user
request.authz.id = role.id
return RoleSerializer.jsonify(role, status=201)
def create():
require(not request.authz.in_maintenance, settings.PASSWORD_LOGIN)
data = parse_request(RoleCreateSchema)
try:
email = Role.SIGNATURE.loads(data.get('code'),
max_age=Role.SIGNATURE_MAX_AGE)
except BadSignature:
return jsonify({
'status': 'error',
'message': gettext('Invalid code')
}, status=400)
role = Role.by_email(email)
if role is not None:
return jsonify({
'status': 'error',
'message': gettext('Email is already registered')
}, status=409)
role = Role.load_or_create(
foreign_id='password:{}'.format(email),
type=Role.USER,
name=data.get('name') or email,
email=email
)
role.set_password(data.get('password'))
db.session.add(role)
db.session.commit()
update_role(role)
# Let the serializer return more info about this user
request.authz.id = role.id
tag_request(role_id=role.id)
return RoleSerializer.jsonify(role, status=201)
def index():
require(request.authz.logged_in)
q = Role.all_groups(request.authz)
return jsonify({
'total': q.count(),
'results': RoleSerializer().serialize_many(q.all())
})
def update(id):
role = obj_or_404(Role.by_id(id))
require(request.authz.can_write_role(role.id))
data = parse_request(RoleSchema)
role.update(data)
db.session.add(role)
db.session.commit()
update_role(role)
return RoleSerializer.jsonify(role)
def update(id):
role = obj_or_404(Role.by_id(id))
require(request.authz.session_write)
require(check_editable(role, request.authz))
data = parse_request(RoleSchema)
role.update(data)
db.session.add(role)
db.session.commit()
update_role(role)
return RoleSerializer.jsonify(role)
def create():
"""Create a user role.
---
post:
summary: Create a user account
description: >
Create a user role by supplying the required account details.
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/RoleCreate'
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: '#/components/schemas/Role'
tags:
- Role
"""
require(settings.PASSWORD_LOGIN)
require(not request.authz.in_maintenance)
data = parse_request("RoleCreate")
try:
email = Role.SIGNATURE.loads(data.get("code"),
max_age=Role.SIGNATURE_MAX_AGE)
except BadSignature:
return jsonify({
"status": "error",
"message": gettext("Invalid code")
},
status=400)
role = Role.by_email(email)
if role is not None:
return jsonify(
{
"status": "error",
"message": gettext("Email is already registered")
},
status=409,
)
role = create_user(email, data.get("name"), data.get("password"))
# Let the serializer return more info about this user
request.authz = Authz.from_role(role)
tag_request(role_id=role.id)
return RoleSerializer.jsonify(role, status=201)
def suggest():
require(request.authz.logged_in)
parser = QueryParser(request.args, request.authz, limit=10)
if parser.prefix is None or len(parser.prefix) < 3:
# Do not return 400 because it's a routine event.
return jsonify({
'status': 'error',
'message': gettext('prefix filter is too short'),
'results': [],
'total': 0
})
# this only returns users, not groups
q = Role.by_prefix(parser.prefix, exclude=parser.exclude)
result = DatabaseQueryResult(request, q, parser=parser)
return RoleSerializer.jsonify_result(result)
def suggest():
require(request.authz.logged_in)
parser = QueryParser(request.args, request.authz, limit=10)
if parser.prefix is None or len(parser.prefix) < 3:
# Do not return 400 because it's a routine event.
return jsonify({
'status': 'error',
'message': gettext('prefix filter is too short'),
'results': [],
'total': 0
})
# this only returns users, not groups
q = Role.by_prefix(parser.prefix, exclude=parser.exclude)
result = DatabaseQueryResult(request, q, parser=parser)
return RoleSerializer.jsonify_result(result)
def update(id):
"""Change user settings.
---
post:
summary: Change user settings
description: >
Update a role to change its display name, or to define a
new login password. Users can only update roles they have
write access to, i.e. their own.
parameters:
- in: path
name: id
required: true
description: role ID
schema:
type: integer
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/RoleUpdate'
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: '#/components/schemas/Role'
tags:
- Role
"""
role = obj_or_404(Role.by_id(id))
require(request.authz.can_write_role(role.id))
data = parse_request("RoleUpdate")
# When changing passwords, check the old password first.
# cf. https://github.com/alephdata/aleph/issues/718
if data.get("password"):
current_password = data.get("current_password")
if not role.check_password(current_password):
raise BadRequest(gettext("Incorrect password."))
role.update(data)
db.session.add(role)
db.session.commit()
update_role(role)
return RoleSerializer.jsonify(role)
def suggest():
"""
---
get:
summary: Suggest users matching a search prefix
description: >-
For a given `prefix`, suggest matching user accounts. For
security reasons, the prefix must be more than three
characters long.
parameters:
- in: query
name: prefix
required: true
schema:
type: string
responses:
'200':
description: OK
content:
application/json:
schema:
type: object
allOf:
- $ref: '#/components/schemas/QueryResponse'
properties:
results:
type: array
items:
$ref: '#/components/schemas/Role'
tags:
- Role
"""
require(request.authz.logged_in)
parser = QueryParser(request.args, request.authz, limit=10)
if parser.prefix is None or len(parser.prefix) < 3:
# Do not return 400 because it's a routine event.
return jsonify({
"status": "error",
"message": gettext("prefix filter is too short"),
"results": [],
"total": 0,
})
# this only returns users, not groups
exclude = ensure_list(parser.excludes.get("id"))
q = Role.by_prefix(parser.prefix, exclude=exclude)
result = DatabaseQueryResult(request, q, parser=parser)
return RoleSerializer.jsonify_result(result)
def update(id):
role = obj_or_404(Role.by_id(id))
require(request.authz.can_write_role(role.id))
data = parse_request(RoleSchema)
# When changing passwords, check the old password first.
# cf. https://github.com/alephdata/aleph/issues/718
if data.get('password'):
current_password = data.get('current_password')
if not role.check_password(current_password):
raise BadRequest(gettext('Incorrect password.'))
role.update(data)
db.session.add(role)
db.session.commit()
update_role(role)
return RoleSerializer.jsonify(role)
def statistics():
"""Get a summary of the data acessible to the current user."""
enable_cache()
collections = request.authz.collections(request.authz.READ)
for collection_id in collections:
resolver.queue(request, Collection, collection_id)
for role_id in request.authz.roles:
resolver.queue(request, Role, role_id)
resolver.resolve(request)
# Summarise stats. This is meant for display, so the counting is a bit
# inconsistent between counting all collections, and source collections
# only.
schemata = defaultdict(int)
countries = defaultdict(int)
categories = defaultdict(int)
for collection_id in collections:
data = resolver.get(request, Collection, collection_id)
if data is None or data.get('casefile'):
continue
categories[data.get('category')] += 1
for schema, count in data.get('schemata', {}).items():
schemata[schema] += count
for country in data.get('countries', []):
countries[country] += 1
# Add a users roles to the home page:
groups = []
for role_id in request.authz.roles:
data = resolver.get(request, Role, role_id)
if data is None or data.get('type') != Role.GROUP:
continue
groups.append(RoleSerializer().serialize(data))
return jsonify({
'collections': len(collections),
'schemata': dict(schemata),
'countries': dict(countries),
'categories': dict(categories),
'groups': groups,
'things': sum(schemata.values()),
})
def view(id):
role = obj_or_404(Role.by_id(id))
require(request.authz.can_read_role(role.id))
return RoleSerializer.jsonify(role)
def view(id):
role = obj_or_404(Role.by_id(id))
require(check_editable(role, request.authz))
return RoleSerializer.jsonify(role)
def view(id):
role = obj_or_404(Role.by_id(id))
require(check_editable(role, request.authz))
return RoleSerializer.jsonify(role)
