def post(self, dashboard_id):
"""
Allow anonymous access to a dashboard.
:param dashboard_id: The numeric ID of the dashboard to share.
:>json string public_url: The URL for anonymous access to the dashboard.
:>json api_key: The API key to use when accessing it.
"""
dashboard = models.Dashboard.get_by_id_and_org(dashboard_id,
self.current_org)
require_admin_or_owner(dashboard.user_id)
api_key = models.ApiKey.create_for_object(dashboard, self.current_user)
models.db.session.flush()
models.db.session.commit()
public_url = url_for(
"redash.public_dashboard",
token=api_key.api_key,
org_slug=self.current_org.slug,
_external=True,
)
self.record_event({
"action": "activate_api_key",
"object_id": dashboard.id,
"object_type": "dashboard",
})
return {"public_url": public_url, "api_key": api_key.api_key}
def post(self, object_type, object_id):
model = get_model_from_type(object_type)
obj = get_object_or_404(model.get_by_id_and_org, object_id,
self.current_org)
require_admin_or_owner(obj.user_id)
req = request.get_json(True)
access_type = req['access_type']
if access_type not in ACCESS_TYPES:
abort(400, message='Unknown access type.')
try:
grantee = User.get_by_id_and_org(req['user_id'], self.current_org)
except NoResultFound:
abort(400, message='User not found.')
permission = AccessPermission.grant(obj, access_type, grantee,
self.current_user)
db.session.commit()
self.record_event({
'action': 'grant_permission',
'object_id': object_id,
'object_type': object_type,
'grantee': grantee.id,
'access_type': access_type,
})
return permission.to_dict()
def delete(self, object_type, object_id):
model = get_model_from_type(object_type)
obj = get_object_or_404(model.get_by_id_and_org, object_id,
self.current_org)
require_admin_or_owner(obj.user_id)
req = request.get_json(True)
grantee_id = req['user_id']
access_type = req['access_type']
grantee = User.query.get(req['user_id'])
if grantee is None:
abort(400, message='User not found.')
AccessPermission.revoke(obj, grantee, access_type)
db.session.commit()
self.record_event({
'action': 'revoke_permission',
'object_id': object_id,
'object_type': object_type,
'access_type': access_type,
'grantee_id': grantee_id
})
def post(self):
widget_properties = request.get_json(force=True)
dashboard = models.Dashboard.get_by_id_and_org(widget_properties.pop('dashboard_id'), self.current_org)
require_admin_or_owner(dashboard.user_id)
widget_properties['options'] = json.dumps(widget_properties['options'])
widget_properties.pop('id', None)
widget_properties['dashboard'] = dashboard
widget_properties['visualization'] = widget_properties.pop('visualization_id')
widget = models.Widget.create(**widget_properties)
layout = json.loads(widget.dashboard.layout)
new_row = True
if len(layout) == 0 or widget.width == 2:
layout.append([widget.id])
elif len(layout[-1]) == 1:
neighbour_widget = models.Widget.get(models.Widget.id == layout[-1][0])
if neighbour_widget.width == 1:
layout[-1].append(widget.id)
new_row = False
else:
layout.append([widget.id])
else:
layout.append([widget.id])
widget.dashboard.layout = json.dumps(layout)
widget.dashboard.save()
return {'widget': widget.to_dict(), 'layout': layout, 'new_row': new_row}
def post(self, dashboard_id):
"""
Allow anonymous access to a dashboard.
:param dashboard_id: The numeric ID of the dashboard to share.
:>json string public_url: The URL for anonymous access to the dashboard.
:>json api_key: The API key to use when accessing it.
"""
dashboard = models.Dashboard.get_by_id_and_org(dashboard_id,
self.current_org)
require_admin_or_owner(dashboard.user_id)
api_key = models.ApiKey.get_exsistkey_by_object(dashboard)
if not api_key:
api_key = models.ApiKey.create_for_object(dashboard,
self.current_user)
api_key.active = True
models.db.session.flush()
models.db.session.commit()
public_url = url_for('redash.public_dashboard',
token=api_key.api_key,
org_slug=self.current_org.slug,
_external=True)
self.record_event({
'action': 'activate_api_key',
'object_id': dashboard.id,
'object_type': 'dashboard',
})
return {'public_url': public_url, 'api_key': api_key.api_key}
def post(self, dashboard_id):
dashboard = models.Dashboard.get_by_id_and_org(dashboard_id, self.current_org)
require_admin_or_owner(dashboard.user_id)
api_key = models.ApiKey.create_for_object(dashboard, self.current_user)
public_url = url_for('redash.public_dashboard', token=api_key.api_key, org_slug=self.current_org.slug, _external=True)
return {'public_url': public_url, 'api_key': api_key.api_key}
def post(self, object_type, object_id):
model = get_model_from_type(object_type)
obj = get_object_or_404(model.get_by_id_and_org, object_id, self.current_org)
require_admin_or_owner(obj.user_id)
req = request.get_json(True)
access_type = req['access_type']
if access_type not in ACCESS_TYPES:
abort(400, message='Unknown access type.')
try:
grantee = User.get_by_id_and_org(req['user_id'], self.current_org)
except User.DoesNotExist:
abort(400, message='User not found.')
permission = AccessPermission.grant(obj, access_type, grantee, self.current_user)
self.record_event({
'action': 'grant_permission',
'object_id': object_id,
'object_type': object_type,
'access_type': access_type,
'grantee': grantee.id
})
return permission.to_dict()
def post(self, dashboard_id):
"""
Allow anonymous access to a dashboard.
:param dashboard_id: The numeric ID of the dashboard to share.
:>json string public_url: The URL for anonymous access to the dashboard.
:>json api_key: The API key to use when accessing it.
"""
if settings.FEATURE_DISABLE_PUBLIC_DASHBOARDS:
logging.info("Disabled public dashboards.")
abort(403, message="The feature is disabled due to security reasons.")
dashboard = models.Dashboard.get_by_id_and_org(dashboard_id, self.current_org)
require_admin_or_owner(dashboard.user_id)
api_key = models.ApiKey.create_for_object(dashboard, self.current_user)
models.db.session.flush()
models.db.session.commit()
public_url = url_for('redash.public_dashboard', token=api_key.api_key, org_slug=self.current_org.slug, _external=True)
self.record_event({
'action': 'activate_api_key',
'object_id': dashboard.id,
'object_type': 'dashboard',
})
return {'public_url': public_url, 'api_key': api_key.api_key}
def post(self, alert_id):
## 获得参数
req = request.get_json(True)
## 提取参数
params = project(req, ('options', 'name', 'query_id', 'rearm'))
## 根据参数查询
alert = get_object_or_404(Alert.get_by_id_and_org, alert_id,
self.current_org)
##判断权限
require_admin_or_owner(alert.user.id)
######
# for k, v in updates.items():
# setattr(model, k, v)
# 进行更新
self.update_model(alert, params)
#######
# 提交更新
session.commit()
self.record_event({
'action': 'edit',
'timestamp': int(time.time()),
'object_id': alert.id,
'object_type': 'alert'
})
# serialize_alert 对返回的查询列,进行特定处理,转换为前端需要的json
return serialize_alert(alert)
def delete(self, object_type, object_id):
model = get_model_from_type(object_type)
obj = get_object_or_404(model.get_by_id_and_org, object_id,
self.current_org)
require_admin_or_owner(obj.user_id)
req = request.get_json(True)
grantee_id = req["user_id"]
access_type = req["access_type"]
grantee = User.query.get(req["user_id"])
if grantee is None:
abort(400, message="User not found.")
AccessPermission.revoke(obj, grantee, access_type)
db.session.commit()
self.record_event({
"action": "revoke_permission",
"object_id": object_id,
"object_type": object_type,
"access_type": access_type,
"grantee_id": grantee_id,
})
def delete(self, dashboard_id):
dashboard = models.Dashboard.get_by_id_and_org(dashboard_id, self.current_org)
require_admin_or_owner(dashboard.user_id)
api_key = models.ApiKey.get_by_object(dashboard)
if api_key:
api_key.active = False
api_key.save()
def post(self, widget_id):
# This method currently handles Text Box widgets only.
widget = models.Widget.get_by_id_and_org(widget_id, self.current_org)
require_admin_or_owner(widget.dashboard.user_id)
widget_properties = request.get_json(force=True)
widget.text = widget_properties['text']
widget.save()
return widget.to_dict()
def post(self, user_id):
require_admin_or_owner(user_id)
user = models.User.get_by_id_and_org(user_id, self.current_org)
req = request.get_json(True)
params = project(
req, ('email', 'name', 'password', 'old_password', 'groups'))
if 'password' in params and 'old_password' not in params:
abort(403,
message="Must provide current password to update password.")
if 'old_password' in params and not user.verify_password(
params['old_password']):
abort(403, message="Incorrect current password.")
if 'password' in params:
user.hash_password(params.pop('password'))
params.pop('old_password')
if 'groups' in params and not self.current_user.has_permission(
'admin'):
abort(403, message="Must be admin to change groups membership.")
if 'email' in params:
_, domain = params['email'].split('@', 1)
if domain.lower() in blacklist or domain.lower() == 'qq.com':
abort(400, message='Bad email address.')
try:
self.update_model(user, params)
models.db.session.commit()
# The user has updated their email or password. This should invalidate all _other_ sessions,
# forcing them to log in again. Since we don't want to force _this_ session to have to go
# through login again, we call `login_user` in order to update the session with the new identity details.
if current_user.id == user.id:
login_user(user, remember=True)
except IntegrityError as e:
if "email" in e.message:
message = "Email already taken."
else:
message = "Error updating record"
abort(400, message=message)
self.record_event({
'action': 'edit',
'object_id': user.id,
'object_type': 'user',
'updated_fields': params.keys()
})
return user.to_dict(with_api_key=is_admin_or_owner(user_id))
def delete(self, query_id):
"""
Archives a query.
:param query_id: ID of query to archive
"""
query = get_object_or_404(models.Query.get_by_id_and_org, query_id, self.current_org)
require_admin_or_owner(query.user_id)
query.archive(self.current_user)
models.db.session.commit()
def delete(self, query_id):
"""
Archives a query.
:param query_id: ID of query to archive
"""
query = get_object_or_404(models.Query.get_by_id_and_org, query_id, self.current_org)
require_admin_or_owner(query.user_id)
query.archive(self.current_user)
models.db.session.commit()
def delete(self, snippet_id):
snippet = get_object_or_404(models.QuerySnippet.get_by_id_and_org, snippet_id, self.current_org)
require_admin_or_owner(snippet.user.id)
snippet.delete_instance()
self.record_event({
'action': 'delete',
'object_id': snippet.id,
'object_type': 'query_snippet'
})
def delete(self, alert_id, subscriber_id):
models.AlertSubscription.unsubscribe(alert_id, subscriber_id)
require_admin_or_owner(subscriber_id)
self.record_event({
'action': 'unsubscribe',
'timestamp': int(time.time()),
'object_id': alert_id,
'object_type': 'alert'
})
def delete(self, alert_id, subscriber_id):
models.AlertSubscription.unsubscribe(alert_id, subscriber_id)
require_admin_or_owner(subscriber_id)
self.record_event({
'action': 'unsubscribe',
'timestamp': int(time.time()),
'object_id': alert_id,
'object_type': 'alert'
})
def delete(self, alert_id, subscriber_id):
subscription = models.AlertSubscription.query.get_or_404(subscriber_id)
require_admin_or_owner(subscription.user.id)
models.db.session.delete(subscription)
models.db.session.commit()
self.record_event({
'action': 'unsubscribe',
'object_id': alert_id,
'object_type': 'alert'
})
def delete(self, snippet_id):
snippet = get_object_or_404(models.QuerySnippet.get_by_id_and_org,
snippet_id, self.current_org)
require_admin_or_owner(snippet.user.id)
models.db.session.delete(snippet)
self.record_event({
'action': 'delete',
'object_id': snippet.id,
'object_type': 'query_snippet'
})
def delete(self, alert_id, subscriber_id):
subscription = models.AlertSubscription.query.get_or_404(subscriber_id)
require_admin_or_owner(subscription.user.id)
models.db.session.delete(subscription)
models.db.session.commit()
self.record_event({
"action": "unsubscribe",
"object_id": alert_id,
"object_type": "alert"
})
def post(self, alert_id):
req = request.get_json(True)
params = project(req, ('options', 'name', 'query_id', 'rearm'))
alert = get_object_or_404(models.Alert.get_by_id_and_org, alert_id,
self.current_org)
require_admin_or_owner(alert.user.id)
self.update_model(alert, params)
models.db.session.commit()
return serialize_alert(alert)
def delete(self, alert_id, subscriber_id):
subscription = get_object_or_404(models.AlertSubscription.get_by_id, subscriber_id)
require_admin_or_owner(subscription.user.id)
subscription.delete_instance()
self.record_event({
'action': 'unsubscribe',
'timestamp': int(time.time()),
'object_id': alert_id,
'object_type': 'alert'
})
def delete(self, alert_id, subscriber_id):
subscription = models.AlertSubscription.query.get_or_404(subscriber_id)
require_admin_or_owner(subscription.user.id)
models.db.session.delete(subscription)
models.db.session.commit()
self.record_event({
'action': 'unsubscribe',
'timestamp': int(time.time()),
'object_id': alert_id,
'object_type': 'alert'
})
def delete(self, alert_id, subscriber_id):
subscription = AlertSubscription.query.get_or_404(subscriber_id)
require_admin_or_owner(subscription.user.id)
session.delete(subscription)
session.commit()
self.record_event({
'action': 'unsubscribe',
'timestamp': int(time.time()),
'object_id': alert_id,
'object_type': 'alert'
})
def delete(self, alert_id):
alert = get_object_or_404(models.Alert.get_by_id_and_org, alert_id, self.current_org)
require_admin_or_owner(alert.user.id)
alert.options['muted'] = False
models.db.session.commit()
self.record_event({
'action': 'unmute',
'object_id': alert.id,
'object_type': 'alert'
})
def post(self):
kwargs = request.get_json(force=True)
query = get_object_or_404(models.Query.get_by_id_and_org, kwargs.pop('query_id'), self.current_org)
require_admin_or_owner(query.user_id)
kwargs['options'] = json.dumps(kwargs['options'])
kwargs['query'] = query
vis = models.Visualization.create(**kwargs)
return vis.to_dict(with_query=False)
def delete(self, snippet_id):
snippet = get_object_or_404(models.QuerySnippet.get_by_id_and_org,
snippet_id, self.current_org)
require_admin_or_owner(snippet.user.id)
models.db.session.delete(snippet)
models.db.session.commit()
self.record_event({
"action": "delete",
"object_id": snippet.id,
"object_type": "query_snippet",
})
def post(self):
kwargs = request.get_json(force=True)
query = get_object_or_404(models.Query.get_by_id_and_org,
kwargs.pop('query_id'), self.current_org)
require_admin_or_owner(query.user_id)
kwargs['options'] = json.dumps(kwargs['options'])
kwargs['query'] = query
vis = models.Visualization.create(**kwargs)
return vis.to_dict(with_query=False)
def add_visual(self, kwargs):
query = get_object_or_404(models.Query.get_by_id_and_org,
kwargs.pop('query_id'), self.current_org)
require_admin_or_owner(query.user_id)
kwargs['options'] = json.dumps(kwargs['options'])
kwargs['query_rel'] = query
vis = models.Visualization(**kwargs)
models.db.session.add(vis)
models.db.session.commit()
d = vis.to_dict(with_query=False)
return d
def delete(self, alert_id):
alert = get_object_or_404(models.Alert.get_by_id_and_org, alert_id,
self.current_org)
require_admin_or_owner(alert.user.id)
alert.options["muted"] = False
models.db.session.commit()
self.record_event({
"action": "unmute",
"object_id": alert.id,
"object_type": "alert"
})
def delete(self, dashboard_id, application_id):
dashboard = get_object_or_404(models.Dashboard.get_by_id_and_org,
dashboard_id, self.current_org)
require_admin_or_owner(dashboard.user_id)
models.ApplicationDashboard.delete_dashboard_from_application(
dashboard_id, application_id)
self.record_event({
"action": "delete_dashboard_from_application",
"object_id": dashboard_id,
"object_type": "dashboard",
"member_id": application_id,
})
def post(self, user_id):
require_admin_or_owner(user_id)
user = models.User.get_by_id_and_org(user_id, self.current_org)
req = request.get_json(True)
params = project(req, ('email', 'name', 'password', 'old_password', 'groups'))
if 'password' in params and 'old_password' not in params:
abort(403, message="Must provide current password to update password.")
if 'old_password' in params and not user.verify_password(params['old_password']):
abort(403, message="Incorrect current password.")
if 'password' in params:
user.hash_password(params.pop('password'))
params.pop('old_password')
if 'groups' in params and not self.current_user.has_permission('admin'):
abort(403, message="Must be admin to change groups membership.")
if 'email' in params:
_, domain = params['email'].split('@', 1)
if domain.lower() in blacklist or domain.lower() == 'qq.com':
abort(400, message='Bad email address.')
try:
self.update_model(user, params)
models.db.session.commit()
# The user has updated their email or password. This should invalidate all _other_ sessions,
# forcing them to log in again. Since we don't want to force _this_ session to have to go
# through login again, we call `login_user` in order to update the session with the new identity details.
login_user(user, remember=True)
except IntegrityError as e:
if "email" in e.message:
message = "Email already taken."
else:
message = "Error updating record"
abort(400, message=message)
self.record_event({
'action': 'edit',
'object_id': user.id,
'object_type': 'user',
'updated_fields': params.keys()
})
return user.to_dict(with_api_key=is_admin_or_owner(user_id))
def post(self, query_id):
query = get_object_or_404(models.Query.get_by_id_and_org, query_id, self.current_org)
require_admin_or_owner(query.user_id)
query.regenerate_api_key()
models.db.session.commit()
self.record_event({
'action': 'regnerate_api_key',
'object_id': query_id,
'object_type': 'query',
})
result = QuerySerializer(query).serialize()
return result
def post(self, dashboard_id):
dashboard = models.Dashboard.get_by_id_and_org(dashboard_id, self.current_org)
require_admin_or_owner(dashboard.user_id)
api_key = models.ApiKey.create_for_object(dashboard, self.current_user)
models.db.session.flush()
public_url = url_for('redash.public_dashboard', token=api_key.api_key, org_slug=self.current_org.slug, _external=True)
self.record_event({
'action': 'activate_api_key',
'object_id': dashboard.id,
'object_type': 'dashboard',
})
return {'public_url': public_url, 'api_key': api_key.api_key}
def delete(self, dashboard_id):
dashboard = models.Dashboard.get_by_id_and_org(dashboard_id, self.current_org)
require_admin_or_owner(dashboard.user_id)
api_key = models.ApiKey.get_by_object(dashboard)
if api_key:
api_key.active = False
api_key.save()
self.record_event({
'action': 'deactivate_api_key',
'object_id': dashboard.id,
'object_type': 'dashboard',
})
def post(self, user_id):
require_admin_or_owner(user_id)
user = models.User.get_by_id_and_org(user_id, self.current_org)
req = request.get_json(True)
params = project(
req, ('email', 'name', 'password', 'old_password', 'groups'))
if 'password' in params and 'old_password' not in params:
abort(403,
message="Must provide current password to update password.")
if 'old_password' in params and not user.verify_password(
params['old_password']):
abort(403, message="Incorrect current password.")
if 'password' in params:
user.hash_password(params.pop('password'))
params.pop('old_password')
if 'groups' in params and not self.current_user.has_permission(
'admin'):
abort(403, message="Must be admin to change groups membership.")
if 'email' in params:
_, domain = params['email'].split('@', 1)
if domain.lower() in blacklist or domain.lower() == 'qq.com':
abort(400, message='Bad email address.')
try:
self.update_model(user, params)
models.db.session.commit()
except IntegrityError as e:
if "email" in e.message:
message = "Email already taken."
else:
message = "Error updating record"
abort(400, message=message)
self.record_event({
'action': 'edit',
'object_id': user.id,
'object_type': 'user',
'updated_fields': params.keys()
})
return user.to_dict(with_api_key=is_admin_or_owner(user_id))
def post(self, visualization_id):
vis = get_object_or_404(models.Visualization.get_by_id_and_org, visualization_id, self.current_org)
require_admin_or_owner(vis.query.user_id)
kwargs = request.get_json(force=True)
if 'options' in kwargs:
kwargs['options'] = json.dumps(kwargs['options'])
kwargs.pop('id', None)
kwargs.pop('query_id', None)
vis.update_instance(**kwargs)
return vis.to_dict(with_query=False)
def post(self, snippet_id):
req = request.get_json(True)
params = project(req, ('trigger', 'description', 'snippet'))
snippet = get_object_or_404(models.QuerySnippet.get_by_id_and_org, snippet_id, self.current_org)
require_admin_or_owner(snippet.user.id)
snippet.update_instance(**params)
self.record_event({
'action': 'edit',
'object_id': snippet.id,
'object_type': 'query_snippet'
})
return snippet.to_dict()
def post(self, visualization_id):
vis = get_object_or_404(models.Visualization.get_by_id_and_org, visualization_id, self.current_org)
require_admin_or_owner(vis.query_rel.user_id)
kwargs = request.get_json(force=True)
if 'options' in kwargs:
kwargs['options'] = json.dumps(kwargs['options'])
kwargs.pop('id', None)
kwargs.pop('query_id', None)
self.update_model(vis, kwargs)
d = vis.to_dict(with_query=False)
models.db.session.commit()
return d
def post(self, user_id):
require_admin_or_owner(user_id)
user = models.User.get_by_id_and_org(user_id, self.current_org)
req = request.get_json(True)
params = project(req, ('email', 'name', 'password', 'old_password', 'groups'))
if 'password' in params and 'old_password' not in params:
abort(403, message="Must provide current password to update password.")
if 'old_password' in params and not user.verify_password(params['old_password']):
abort(403, message="Incorrect current password.")
if 'password' in params:
user.hash_password(params.pop('password'))
params.pop('old_password')
if 'groups' in params and not self.current_user.has_permission('admin'):
abort(403, message="Must be admin to change groups membership.")
if 'email' in params:
_, domain = params['email'].split('@', 1)
if domain.lower() in blacklist or domain.lower() == 'qq.com':
abort(400, message='Bad email address.')
try:
self.update_model(user, params)
models.db.session.commit()
except IntegrityError as e:
if "email" in e.message:
message = "Email already taken."
else:
message = "Error updating record"
abort(400, message=message)
self.record_event({
'action': 'edit',
'object_id': user.id,
'object_type': 'user',
'updated_fields': params.keys()
})
return user.to_dict(with_api_key=is_admin_or_owner(user_id))
def post(self, alert_id):
req = request.get_json(True)
params = project(req, ('options', 'name', 'query_id', 'rearm'))
alert = get_object_or_404(models.Alert.get_by_id_and_org, alert_id, self.current_org)
require_admin_or_owner(alert.user.id)
self.update_model(alert, params)
models.db.session.commit()
self.record_event({
'action': 'edit',
'timestamp': int(time.time()),
'object_id': alert.id,
'object_type': 'alert'
})
return serialize_alert(alert)
def post(self, user_id):
require_admin_or_owner(user_id)
user = models.User.get_by_id(user_id)
req = request.get_json(True)
params = project(req, ("email", "name", "password", "old_password", "groups"))
if "password" in params and "old_password" not in params:
abort(403, message="Must provide current password to update password.")
if "old_password" in params and not user.verify_password(params["old_password"]):
abort(403, message="Incorrect current password.")
if "password" in params:
user.hash_password(params.pop("password"))
params.pop("old_password")
if "groups" in params and not self.current_user.has_permission("admin"):
abort(403, message="Must be admin to change groups membership.")
try:
user.update_instance(**params)
except IntegrityError as e:
if "email" in e.message:
message = "Email already taken."
else:
message = "Error updating record"
abort(400, message=message)
record_event.delay(
{
"user_id": self.current_user.id,
"action": "edit",
"timestamp": int(time.time()),
"object_id": user.id,
"object_type": "user",
"updated_fields": params.keys(),
}
)
return user.to_dict(with_api_key=is_admin_or_owner(user_id))
def delete(self, object_type, object_id):
model = get_model_from_type(object_type)
obj = get_object_or_404(model.get_by_id_and_org, object_id, self.current_org)
require_admin_or_owner(obj.user_id)
req = request.get_json(True)
grantee = req['user_id']
access_type = req['access_type']
AccessPermission.revoke(obj, grantee, access_type)
self.record_event({
'action': 'revoke_permission',
'object_id': object_id,
'object_type': object_type,
'access_type': access_type,
'grantee': grantee
})
def post(self, query_id):
query = get_object_or_404(models.Query.get_by_id_and_org, query_id, self.current_org)
require_admin_or_owner(query.user_id)
query_def = request.get_json(force=True)
for field in ['id', 'created_at', 'api_key', 'visualizations', 'latest_query_data', 'user', 'last_modified_by', 'org']:
query_def.pop(field, None)
if 'latest_query_data_id' in query_def:
query_def['latest_query_data'] = query_def.pop('latest_query_data_id')
if 'data_source_id' in query_def:
query_def['data_source'] = query_def.pop('data_source_id')
query_def['last_modified_by'] = self.current_user
query.update_instance(**query_def)
return query.to_dict(with_visualizations=True)
def post(self, alert_id):
req = request.get_json(True)
params = project(req, ('options', 'name', 'query_id', 'rearm'))
alert = get_object_or_404(models.Alert.get_by_id_and_org, alert_id, self.current_org)
require_admin_or_owner(alert.user.id)
if 'query_id' in params:
params['query'] = params.pop('query_id')
alert.update_instance(**params)
self.record_event({
'action': 'edit',
'timestamp': int(time.time()),
'object_id': alert.id,
'object_type': 'alert'
})
return alert.to_dict()
def delete(self, dashboard_id):
"""
Disable anonymous access to a dashboard.
:param dashboard_id: The numeric ID of the dashboard to unshare.
"""
dashboard = models.Dashboard.get_by_id_and_org(dashboard_id, self.current_org)
require_admin_or_owner(dashboard.user_id)
api_key = models.ApiKey.get_by_object(dashboard)
if api_key:
api_key.active = False
models.db.session.add(api_key)
models.db.session.commit()
self.record_event({
'action': 'deactivate_api_key',
'object_id': dashboard.id,
'object_type': 'dashboard',
})
def post(self, query_id):
query = get_object_or_404(models.Query.get_by_id_and_org, query_id, self.current_org)
require_admin_or_owner(query.user_id)
query_def = request.get_json(force=True)
for field in ['id', 'created_at', 'api_key', 'visualizations', 'latest_query_data', 'user', 'last_modified_by', 'org']:
query_def.pop(field, None)
# TODO(@arikfr): after running a query it updates all relevant queries with the new result. So is this really
# needed?
if 'latest_query_data_id' in query_def:
query_def['latest_query_data'] = query_def.pop('latest_query_data_id')
if 'data_source_id' in query_def:
query_def['data_source'] = query_def.pop('data_source_id')
query_def['last_modified_by'] = self.current_user
query.update_instance(**query_def)
return query.to_dict(with_visualizations=True)
def post(self, user_id):
require_admin_or_owner(user_id)
user = models.User.get_by_id_and_org(user_id, self.current_org)
req = request.get_json(True)
params = project(req, ('email', 'name', 'password', 'old_password', 'groups'))
if 'password' in params and 'old_password' not in params:
abort(403, message="Must provide current password to update password.")
if 'old_password' in params and not user.verify_password(params['old_password']):
abort(403, message="Incorrect current password.")
if 'password' in params:
user.hash_password(params.pop('password'))
params.pop('old_password')
if 'groups' in params and not self.current_user.has_permission('admin'):
abort(403, message="Must be admin to change groups membership.")
try:
user.update_instance(**params)
except IntegrityError as e:
if "email" in e.message:
message = "Email already taken."
else:
message = "Error updating record"
abort(400, message=message)
self.record_event({
'action': 'edit',
'timestamp': int(time.time()),
'object_id': user.id,
'object_type': 'user',
'updated_fields': params.keys()
})
return user.to_dict(with_api_key=is_admin_or_owner(user_id))
def post(self, dashboard_id):
"""
Allow anonymous access to a dashboard.
:param dashboard_id: The numeric ID of the dashboard to share.
:>json string public_url: The URL for anonymous access to the dashboard.
:>json api_key: The API key to use when accessing it.
"""
dashboard = models.Dashboard.get_by_id_and_org(dashboard_id, self.current_org)
require_admin_or_owner(dashboard.user_id)
api_key = models.ApiKey.create_for_object(dashboard, self.current_user)
models.db.session.flush()
models.db.session.commit()
public_url = url_for('redash.public_dashboard', token=api_key.api_key, org_slug=self.current_org.slug, _external=True)
self.record_event({
'action': 'activate_api_key',
'object_id': dashboard.id,
'object_type': 'dashboard',
})
return {'public_url': public_url, 'api_key': api_key.api_key}
def delete(self, widget_id):
widget = models.Widget.get_by_id_and_org(widget_id, self.current_org)
require_admin_or_owner(widget.dashboard.user_id)
widget.delete_instance()
return {'layout': widget.dashboard.layout}
def delete(self, visualization_id):
vis = get_object_or_404(models.Visualization.get_by_id_and_org, visualization_id, self.current_org)
require_admin_or_owner(vis.query_rel.user_id)
models.db.session.delete(vis)
models.db.session.commit()
def delete(self, query_id):
query = get_object_or_404(models.Query.get_by_id_and_org, query_id, self.current_org)
require_admin_or_owner(query.user_id)
query.archive()
def delete(self, visualization_id):
vis = get_object_or_404(models.Visualization.get_by_id_and_org, visualization_id, self.current_org)
require_admin_or_owner(vis.query.user_id)
vis.delete_instance()
