def get(version, orderid=None, itemnum='ALL'):
user = flask.g.user
filters = request.get_json(force=True, silent=True)
if filters and not isinstance(filters, dict):
message = MessagesResponse(errors=['Invalid filters supplied'],
code=400)
return message()
item_status = espa.item_status(orderid, itemnum, user.username,
filters=filters)
message = ItemsResponse(item_status, code=200)
if not user.is_staff():
message.limit = ('name', 'status', 'note', 'completion_date',
'product_dload_url', 'cksum_download_url')
return message()
def unauthorized():
reasons = ['unknown', 'auth', 'conn', 'db']
reason = flask.g.get('error_reason', '')
if reason not in reasons or reason == 'unknown':
logger.critical('ERR uncaught exception in user authentication')
msg = SystemErrorResponse
elif reason == 'auth':
msg = AuthFailedResponse
elif reason == 'db':
msg = MessagesResponse(warnings=['Database connection failed'],
code=503)
elif reason == 'conn':
msg = MessagesResponse(warnings=['ERS connection failed'], code=503)
return msg()
def post(version):
data = request.get_json(force=True)
try:
response = espa.update_system_status(data)
if response is not True:
resp = MessagesResponse(errors=['internal server error'],
code=500)
elif isinstance(response, dict) and response.keys() == ['msg']:
resp = MessagesResponse(errors=response['msg'], code=400)
else:
return 'success'
except Exception as e:
logger.critical("ERROR updating system status: {0}".format(
traceback.format_exc()))
resp = MessagesResponse(errors=['internal server error'], code=500)
return resp()
def decorated(*args, **kwargs):
versions = admin_api_operations.keys()
url_version = request.url.split('/')[4].replace('v', '')
if url_version in versions:
return func(*args, **kwargs)
else:
msg = MessagesResponse(
errors=['Invalid API version {}'.format(url_version)],
code=404)
return msg()
def get(version, email=None):
filters = request.get_json(force=True, silent=True)
search = dict(username=auth.username(), filters=filters)
if email: # Allow user collaboration
for usearch in ('email', 'username'):
user = User.where({usearch: email})
if len(user):
break
if not len(user):
response = MessagesResponse(warnings=["Username/email {} not found"
.format(email)],
code=200)
return response()
else:
search = {'filters': filters, usearch: email}
response = OrdersResponse(espa.fetch_user_orders(**search))
response.limit = ('orderid',)
response.code = 200
return response()
def get(version, prod_id=None):
if prod_id is None:
body = request.get_json(force=True, silent=True)
if body is None or (isinstance(body, dict) and body.get('inputs') is None):
message = MessagesResponse(errors=['No input products supplied'],
code=400)
return message()
prod_list = body.get('inputs')
if prod_id:
prod_list = [prod_id]
return espa.available_products(prod_list, auth.username())
def decorated(*args, **kwargs):
white_ls = espa.get_stat_whitelist()
denied_response = MessagesResponse(errors=['Access Denied'], code=403)
remote_addr = user_ip_address()
if ((remote_addr in white_ls or request.remote_addr in white_ls)
and remote_addr != 'untrackable'):
return func(*args, **kwargs)
else:
logger.warn('*** Not in whitelist ({1}): {0}'.format(
remote_addr, white_ls))
return denied_response()
def get(self, version=None):
info_dict = user_api_operations
if version:
if version in info_dict:
response = info_dict[version]
return_code = 200
else:
ver_str = ", ".join(info_dict.keys())
msg = "Invalid api version {0}. Options: {1}".format(version, ver_str)
response = MessagesResponse(errors=[msg], code=404)
return response()
else:
response = espa.api_versions()
return_code = 200
return response
def get(version, ordernum=None):
user = flask.g.user
if ordernum is None:
body = request.get_json(force=True, silent=True)
if body is None or (isinstance(body, dict) and body.get('orderid') is None):
message = MessagesResponse(errors=['No orderid supplied'],
code=400)
return message()
else:
ordernum = body.get('orderid')
orders = espa.fetch_order(ordernum)
response = OrderResponse(**orders[0].as_dict())
response.code = 200
if 'order-status' in request.url:
response.limit = ('orderid', 'status')
else:
if not user.is_staff:
response.limit = ('orderid','order_date','completion_date',
'status', 'note', 'order_source',
'product_opts')
return response()
def unauthorized():
msg = MessagesResponse(errors=['Invalid username/password'], code=401)
return msg()
def put(version, ordernum=None):
user = flask.g.user
remote_addr = user_ip_address()
body = request.get_json(force=True)
if body is None or (isinstance(body, dict) and body.get('orderid') is None):
message = MessagesResponse(errors=['No orderid supplied'],
code=400)
return message()
elif isinstance(body, dict) and body.get('status') != 'cancelled':
message = MessagesResponse(errors=['Invalid status supplied'],
code=400)
return message()
else:
orderid, status = body.get('orderid'), body.get('status')
orders = espa.fetch_order(orderid)
if orders[0].user_id != user.id and not user.is_staff():
msg = ('User {} is not allowed to cancel order {}'
.format(user.username, orderid))
logger.critical(msg + '\nOrigin: {}'.format(remote_addr))
message = MessagesResponse(errors=[msg], code=403)
return message()
if orders[0].status != 'ordered':
msg = ('Order {} is already in a "{}" state'
.format(orderid, orders[0].status))
message = MessagesResponse(errors=[msg], code=400)
return message()
order = espa.cancel_order(orders[0].id, remote_addr)
message = OrderResponse(**order.as_dict())
message.limit = ('orderid', 'status')
message.code = 202
return message()
def post(version, ordernum=None):
user = flask.g.user
message = None
order = request.get_json(force=True, silent=True)
if order is None:
return BadRequestResponse()
if order:
order = lowercase_all(order)
try:
order = espa.place_order(order, user)
except ValidationException as e:
message = MessagesResponse(errors=[e.response],
code=400)
except InventoryException as e:
message = MessagesResponse(errors=[e.response],
code=400)
except InventoryConnectionException as e:
message = MessagesResponse(warnings=['Could not connect to data source'],
code=400)
except OpenSceneLimitException as e:
message = MessagesResponse(errors=[e.response],
code=400)
else:
message = OrderResponse(**order.as_dict())
message.limit = ('orderid', 'status')
message.code = 201
return message()
else:
message = MessagesResponse(errors=['Must supply order JSON'],
code=400)
return message()
