Exemplo n.º 1
0
 def check_perm(*args, **kwargs):
     if 'report' in kwargs:
         code, resp = GeneralController.check_perms(method=request.method, user=g.user, report=kwargs['report'])
         if code != 200:
             return code, resp
     if 'ticket' in kwargs:
         code, resp = GeneralController.check_perms(method=request.method, user=g.user, ticket=kwargs['ticket'])
         if code != 200:
             return code, resp
     if 'defendant' in kwargs and request.method != 'GET':
         code, resp = GeneralController.check_perms(method=request.method, user=g.user, defendant=kwargs['defendant'])
         if code != 200:
             return code, resp
     return func(*args, **kwargs)
Exemplo n.º 2
0
def bulk_delete(body, user, method):
    """ Delete infos from multiple tickets
    """
    if not body.get('reports') or not body.get('properties'):
        transaction.rollback()
        return 400, {'status': 'Bad Request', 'code': 400, 'message': 'Missing reports or properties in body'}

    try:
        reports = Report.objects.filter(id__in=list(body['reports']))
    except (TypeError, ValueError):
        transaction.rollback()
        return 400, {'status': 'Bad Request', 'code': 400, 'message': 'Invalid report(s) id'}

    for report in reports:
        code, resp = GeneralController.check_perms(method=method, user=user, ticket=report.id)
        if code != 200:
            transaction.rollback()
            return code, resp

    # Update tags
    try:
        if 'tags' in body['properties'] and isinstance(body['properties']['tags'], list):
            for report in reports:
                for tag in body['properties']['tags']:
                    code, resp = remove_tag(report.id, tag['id'])
                    if code != 200:
                        transaction.rollback()
                        return code, resp
    except (KeyError, TypeError, ValueError):
        transaction.rollback()
        return 400, {'status': 'Bad Request', 'code': 400, 'message': 'Invalid or missing tag(s) id'}

    transaction.commit()
    return 200, {'status': 'OK', 'code': 200, 'message': 'Report(s) successfully updated'}
Exemplo n.º 3
0
def post_mass_contact():
    """
    Massively contact defendants based on ip addresses list

    **Example request**:

    .. sourcecode:: http

       POST /api/mass-contact HTTP/1.1
       Content-Type: application/json

       {
           "ips": ["1.2.3.4", "5.6.7.8.9],
           "campaignName": "ntp_amp_mars_2016",
           "category": "Network Attack"
           "email": {
               "subject": "blah",
               "body": "blah blah",
            }
       }

    :reqjson list ips: The list of involved ip addresses
    :reqjson str category: The category of the campaign
    :reqjson str campaignName: The name of the campaign
    :reqjson dict email: The email to send (containing 'subject' and 'body')

    :status 200: when campaign is successfully created
    :status 400: when parameters are missing or invalid
    """
    body = request.get_json()
    code, resp = GeneralController.post_mass_contact(body, g.user)
    return code, resp
Exemplo n.º 4
0
def get_logged_user():
    """ Get infos for logged user
    """
    valid, ret = GeneralController.get_users_infos(user=g.user.id)
    if not valid:
        return 400, {'status': 'Bad Request', 'code': 400, 'message': ret}
    else:
        return 200, ret
Exemplo n.º 5
0
def search():
    """ Search on tickets and reports

        Filtering is possible through "filters" query string : filters=%7B"type":"reports"%7D&page=1
        JSON double encoded format
    """
    if 'filters' in request.args:
        code, resp = GeneralController.search(filters=request.args['filters'], user=g.user)
        return code, resp
Exemplo n.º 6
0
def auth():
    """
        Check user/password and returns token if valid
    """
    if settings.API.get('forwarded_host'):
        try:
            if not request.environ['HTTP_X_FORWARDED_HOST'] == settings.API['forwarded_host']:
                return 400, {'status': 'Bad Request', 'code': 400, 'message': 'Invalid HTTP_X_FORWARDED_HOST'}
        except KeyError:
            return 400, {'status': 'Bad Request', 'code': 400, 'message': 'Missing HTTP_X_FORWARDED_HOST'}

    body = request.get_json()
    authenticated, ret = GeneralController.auth(body)
    if authenticated:
        return 200, ret
    else:
        return 401, {'status': 'Unauthorized', 'code': 401, 'message': ret}
Exemplo n.º 7
0
def bulk_add(body, user, method):
    """ Update multiple reports
    """
    if not body.get('reports') or not body.get('properties'):
        transaction.rollback()
        return 400, {'status': 'Bad Request', 'code': 400, 'message': 'Missing reports or properties in body'}

    try:
        reports = Report.objects.filter(id__in=list(body['reports']))
    except (TypeError, ValueError):
        transaction.rollback()
        return 400, {'status': 'Bad Request', 'code': 400, 'message': 'Invalid report(s) id'}

    for report in reports:
        code, resp = GeneralController.check_perms(method=method, user=user, report=report.id)
        if code != 200:
            transaction.rollback()
            return code, resp

    if 'status' in body['properties'] and body['properties']['status'].lower() not in STATUS:
        transaction.rollback()
        return 400, {'status': 'Bad Request', 'code': 400, 'message': 'Status not supported'}

    # Update tags
    if 'tags' in body['properties'] and isinstance(body['properties']['tags'], list):
        for report in reports:
            for tag in body['properties']['tags']:
                code, resp = add_tag(report.id, tag)
                if code != 200:
                    transaction.rollback()
                    return code, resp

    valid_fields = ['category', 'status', 'ticket']
    properties = {k: v for k, v in body['properties'].iteritems() if k in valid_fields}

    # Update general fields
    for report in reports:
        code, resp = update(report.id, properties, user)
        if code != 200:
            transaction.rollback()
            return code, resp

    transaction.commit()
    return 200, {'status': 'OK', 'code': 200, 'message': 'Report(s) successfully updated'}
Exemplo n.º 8
0
def get_all_ticket_resolutions():
    """ Get all abuse status
    """
    return 200, GeneralController.get_ticket_resolutions()
Exemplo n.º 9
0
def monitor():
    """ Get api Infos
    """
    GeneralController.monitor()
    return 200, {'status': 'OK', 'code': 200}
Exemplo n.º 10
0
def get_cerberus_roles():
    """
        List all Cerberus `abuse.models.Role`
    """
    code, resp = GeneralController.get_roles()
    return code, resp
Exemplo n.º 11
0
def get_ip_report_count(ip_addr=None):
    """ Get hits for an ip
    """
    code, resp = GeneralController.get_ip_report_count(ip=ip_addr)
    return code, resp
Exemplo n.º 12
0
def get_mass_contact():
    """
        List all created mass-contact campaigns
    """
    code, resp = GeneralController.get_mass_contact(filters=request.args.get('filters'))
    return code, resp
Exemplo n.º 13
0
def get_toolbar():
    """ Get Abuse toolbar
    """
    code, resp = GeneralController.toolbar(user=g.user)
    return code, resp
Exemplo n.º 14
0
def get_dashboard():
    """ Get Abuse dashboard
    """
    code, resp = GeneralController.dashboard(user=g.user)
    return code, resp
Exemplo n.º 15
0
def delete_ticket_resolution(resolution=None):
    """ Get all abuse status
    """
    code, resp = GeneralController.delete_ticket_resolution(resolution)
    return code, resp
Exemplo n.º 16
0
def get_status(model=None):
    """ Get status list for ticket or report
    """
    return 200, GeneralController.status(model=model)
Exemplo n.º 17
0
def get_profiles():
    """ Get Abuse profiles
    """
    code, resp = GeneralController.get_profiles()
    return code, resp
Exemplo n.º 18
0
def update_ticket_resolution(resolution=None):
    """ Get all abuse status
    """
    body = request.get_json()
    code, resp = GeneralController.update_ticket_resolution(resolution, body)
    return code, resp
Exemplo n.º 19
0
def logout():
    """
        Logout user
    """
    code, resp = GeneralController.logout(request)
    return code, resp
Exemplo n.º 20
0
def get_all_status():
    """ Get all abuse status
    """
    return 200, GeneralController.status()
Exemplo n.º 21
0
def update_user(user=None):
    """ Update user infos
    """
    body = request.get_json()
    code, resp = GeneralController.update_user(user, body)
    return code, resp
Exemplo n.º 22
0
def get_user(user=None):
    """ Get infos for a user
    """
    code, resp = GeneralController.get_users_infos(user=user)
    return code, resp
Exemplo n.º 23
0
def get_users_infos():
    """ Get users infos
    """
    code, resp = GeneralController.get_users_infos()
    return code, resp
Exemplo n.º 24
0
def get_user_notifications():
    """
        Get user notifications
    """
    code, resp = GeneralController.get_notifications(g.user)
    return code, resp
Exemplo n.º 25
0
def add_ticket_resolution():
    """ Get all abuse status
    """
    body = request.get_json()
    code, resp = GeneralController.add_ticket_resolution(body)
    return code, resp