def dir(self, resource, **kw): 'Read the list of authorization records associated with the parent resource' #baseuri = request.url format = kw.pop('format', None) view = kw.pop('view', None) recurse = kw.pop('recurse', None) resource = check_access(resource, RESOURCE_READ) log.debug("AUTH %s %s", resource, request.environ) response = etree.Element('resource', uri=request.url) resource_acl_query(resource, recurse=recurse, response=response) #for auth, user in DBSession.query(TaggableAcl, Taggable)\ # .filter(TaggableAcl.taggable_id == resource.id)\ # .filter(TaggableAcl.user_id == Taggable.id).all(): # log.debug ("Found %s with user %s", auth, user) # response.append (_aclelem (resource, user, auth)) if is_admin(): #and resource.owner_id != current_user.id: current_user = get_user() admin_auth = _aclelem(resource, current_user) admin_auth.set('action', 'edit') response.append(admin_auth) formatter, content_type = find_formatter(format) tg.response.headers['Content-Type'] = content_type return formatter(response)
def new(self, factory, xml, **kw): """POST /ds/image : Create a reference to the image in the local database """ view = kw.pop('view', None) format = kw.pop('format', None) user = kw.pop('user', None) log.info("NEW: %s ... %s", request.url, xml.tag) # Create a DB object from the document. #if not identity.not_anonymous(): # pylons.response.status_int = 401 # return '<response status="FAIL">Permission denied</response>' parent = self.load_parent() log.debug("NEW: parent %s ", str(parent)) parent = self.check_access(parent, RESOURCE_EDIT) if user is not None and identity.is_admin(): self.set_new_identity(user) resource = bisquik2db(doc=xml, parent=parent) log.info("NEW: => %s ", str(resource)) if resource is None: resource = etree.Element('resource') resource.text = "FAIL" return self.resource_output(resource, view=view, format=format)
def insert(self, path=None, user=None, **kwargs): """ Move a resource identified by path """ if user is not None and identity.is_admin(): identity.current.set_current_user(user) resource = self._check_post_body() if resource is None: resource = etree.Element('resource', value=path) else: path = resource.get('value') log.info("insert_path() %s %s %s", tg.request.method, path, kwargs) store, driver = self.mounts.valid_store_ref(resource) if store is None: abort(400, "%s is not a valid store " % path) if resource.get('name') is None: resource.set('name', path.replace(driver.mount_url, '')) log.debug("insert %s %s %s", path, driver.mount_url, etree.tostring(resource)) resource = self.blobsrv.store_blob(resource) return etree.tostring(resource)
def remove(self, path, delete_blob=True, user=None, **kwargs): ' Delete a resource identified by path ' log.info("delete() called %s", path) if user is not None and identity.is_admin(): identity.current.set_current_user(user) resource = data_service.query("file|image", resource_value=path, wpublic='1', cache=False) for child in resource: data_service.del_resource(child) return etree.tostring(resource)
def delete(self, resource, **kw): """DELETE /ds/images/1/tags/2 : delete a specific resource """ log.info('DELETE %s', request.url) user = kw.pop('user', None) if user is not None and identity.is_admin(): self.set_new_identity(user) resource = self.check_access(resource, RESOURCE_EDIT) response = etree.Element('resource') if resource is not None: uri = resource.uri resource_delete(resource, user_id=identity.get_user_id()) response.set('uri', uri) return self.resource_output(resource=None, response=response, **kw)
def setbasicauth(self, username, passwd, **kw): log.debug("Set basic auth %s", kw) if not identity.is_admin() and username != identity.get_username(): return "<error msg='failed: not allowed to change password of others' />" user = tg.request.identity.get('user') log.debug("Got user %s", user) if user and user.user_name == username: # sanity check user = DBSession.merge(user) user.password = passwd log.info("Setting new basicauth password for %s", username) #transaction.commit() return "<success/>" log.error("Could not set basicauth password for %s", username) return "<error msg='Failed to set password'/>"
def append(self, resource, xml, **kw): '''POST /ds/images/1/ : append the document to the resource Append value of the resource based on the args ''' view = kw.pop('view', None) user = kw.pop('user', None) if user is not None and identity.is_admin(): self.set_new_identity(user) log.info('APPEND %s %s', request.url, xml.tag) resource = self.check_access(resource, RESOURCE_EDIT) #parent = self.load_parent() resource = bisquik2db(doc=xml, parent=resource) #, resource = resource) log.info('APPEND/update: ==> %s ', str(resource)) return self.resource_output(resource, view=view)
def modify(self, resource, xml, **kw): '''PUT /ds/image/1 --> Replace all contents with doc ''' view = kw.pop('view', None) user = kw.pop('user', None) if user is not None and identity.is_admin(): self.set_new_identity(user) log.info('MODIFY %s %s', request.url, xml.tag) resource = self.check_access(resource, RESOURCE_EDIT) parent = self.load_parent() DBSession.autoflush = False old = resource.clear() log.debug("MODIFY: parent=%s resource=%s", str(parent), str(resource)) resource = bisquik2db(doc=xml, resource=resource, parent=parent, replace=True) log.info('MODIFIED: ==> %s ', str(resource)) return self.resource_output(resource, view=view)
def replace_all(self, resource, xml, **kw): '''PUT /ds/image/1/gobjects --> Replace contents of gobjects with doc ''' log.info('REPLACE_ALL %s %s', request.url, xml.tag) user = kw.pop('user', None) if user is not None and identity.is_admin(): self.set_new_identity(user) parent = self.load_parent() resource = None if parent: resource = self.check_access(parent, RESOURCE_EDIT) DBSession.autoflush = False log.debug('REPLACE %s in %s %s=>%s', self.resource_name, str(parent), xml.tag, str(resource)) # Here we clear the specific type (tag,gobject) etc. and parent.clear([self.resource_name]) resource = bisquik2db(doc=xml, parent=parent) if resource is None: resource = etree.Element('resource') resource.text = "FAIL" return self.resource_output(resource, **kw)
def move(self, path, destination, user=None, **kw): ' Move a resource identified by path ' log.info("move(%s,%s) %s %s", path, destination, tg.request.method, kw) if user is not None and identity.is_admin(): identity.current.set_current_user(user) # sanity check resource = etree.Element('resource', value=destination) store, driver = self.mounts.valid_store_ref(resource) if store is None: abort(400, "%s is not a valid store " % destination) resource = data_service.query("file|image", resource_value=path, wpublic='1', cache=False) for child in resource: old_store, old_driver = self.mounts.valid_store_ref(child) if old_store is None: abort(400, "%s is not a valid store " % destination) # Remove links in directory hierarchy self.mounts.delete_links(child) # Change the location child.set('value', destination) child.set('name', os.path.basename(destination)) resource = data_service.update(child) # Update the tag q1 = data_service.query('tag', parent=resource, name='filename') if len(q1): q1[0].set('value', os.path.basename(destination)) data_service.update(q1[0]) # update the links partial_path = destination.replace(driver.mount_url, '') self.mounts.insert_mount_path(store, partial_path, resource) return etree.tostring(resource)