Exemplo n.º 1
0
    def to_representation(self, instance, **kwargs):
        to_representation_dict = super(AdGroupSerializer,
                                       self).to_representation(
                                           instance, **kwargs)

        user = REGISTRY.get('user', None)

        try:
            data = json.loads(to_representation_dict.get('targeting'),
                              object_pairs_hook=OrderedDict)
        except:
            data = None
        else:
            fields = ["targeting.%s" % f for f in data.keys()]
            permitted_fields = user.get_permitted_instance_fields(
                instance=instance, action='read', fields=fields)

            for k in data.keys():
                if "targeting.%s" % k not in permitted_fields:
                    del data[k]

        to_representation_dict[
            'targeting'] = '' if data is None else json.dumps(data)

        return to_representation_dict
Exemplo n.º 2
0
    def post(self, request):
        data = request.DATA
        result = None

        # check permissions
        user = REGISTRY.get('user', None)
        if not bool(user.get_permitted_model_fields(model='tools', action='read', fields=['resubmission'])):
            raise PermissionDeniedException()

        try:
            src_ad_ids = [long(x) for x in data['src_ad_ids']]
        # pylint: disable=broad-except
        except Exception:
            status = HTTP_400_BAD_REQUEST
        else:
            src_ads = self.model.objects.filter(pk__in=src_ad_ids)
            if src_ads.exists():
                ad_adx_new = []
                for ad_entry in src_ads:
                    if ad_entry.adx_status == AD_STATUS_DISAPPROVED:
                        ad_entry.adx_status = AD_STATUS_NEW
                        ad_entry.save()

                        ad_adx_new.append(ad_entry.pk)

                status = HTTP_200_OK
                result = {'items': ad_adx_new}
            else:
                status = HTTP_400_BAD_REQUEST
                result = self.no_ads_found_msg

        return Response(data=result, status=status)
Exemplo n.º 3
0
    def dispatch(self, request, path):
        self.items_cache = {}
        self.path = path

        user = REGISTRY.get('user', None)
        self.user = user

        select = request.GET.get('$select', None)
        if select is not None:
            self.select = select.split(',')

        trading_desk = user.profile.trading_desk.first()
        if trading_desk is None:
            return HttpResponse('{"HTTP-STATUS": 403}', status=200)
        self.trading_desk_key = trading_desk.trading_desk_key

        trading_desk_ids = [str(t.pk) for t in TradingDesk.objects.all()]
        filter_by_trading_desk_id = request.GET.get(
            'filter_by_trading_desk_id', '')
        if filter_by_trading_desk_id != '':
            trading_desk_ids = [
                i for i in trading_desk_ids
                if i in filter_by_trading_desk_id.split(",")
            ]
        if not trading_desk_ids:
            return HttpResponse('{"HTTP-STATUS": 403}', status=200)
        self.trading_desk_ids = trading_desk_ids

        return super(TWReports, self).dispatch(request)
Exemplo n.º 4
0
    def is_own(self):
        """Returns True if agency entity belongs to the current user."""
        user_advertiser_ids = REGISTRY.get('user_advertiser_ids')
        if user_advertiser_ids and Agency.objects.filter(agency_advertisers__advertiser_id__in=user_advertiser_ids,
                                                         agency_id=self.agency_id).exists():
            return True

        user_agency_ids = REGISTRY.get('user_agency_ids')
        if user_agency_ids and self.agency_id in user_agency_ids:
            return True

        user_trading_desk_ids = REGISTRY.get('user_trading_desk_ids')
        if user_trading_desk_ids and self.trading_desk_id in user_trading_desk_ids:
            return True

        return False
Exemplo n.º 5
0
    def is_own(self):
        """Returns True if campaign entity belongs to the current user."""
        advertiser_ids = REGISTRY.get('user_advertiser_ids')
        if advertiser_ids and self.advertiser_id_id in advertiser_ids:
            return True

        agency_ids = REGISTRY.get('user_agency_ids')
        if agency_ids and Campaign.objects.filter(advertiser_id__agency_id__in=agency_ids,
                                                  campaign_id=self.campaign_id).exists():
            return True

        trading_desk_ids = REGISTRY.get('user_trading_desk_ids')
        if trading_desk_ids and Campaign.objects.filter(advertiser_id__agency_id__trading_desk_id__in=trading_desk_ids,
                                                        campaign_id=self.campaign_id).exists():
            return True

        return False
Exemplo n.º 6
0
    def get(self, request, **unused_kwargs):
        user = REGISTRY.get('user', None)
        if not user.is_authenticated():
            return HttpResponse(json.dumps({'HTTP-STATUS': 401}), status=401)

        cache_key = 'restapi:%s:/perm' % user.pk
        response = cache.get(cache_key)
        if CACHE and response:
            return Response(response)

        permissions = OrderedDict()

        for name, cls in SERIALIZERS:
            if DEBUG_SERIALIZER and DEBUG_SERIALIZER != name:
                continue

            serializer = cls(context={'request': request})

            fields = serializer.fields.keys()
            fields += cls.permissions_extra_fields

            if hasattr(cls, 'Meta') and getattr(cls.Meta.model,
                                                'permission_check', False):
                model = cls.Meta.model
                permissions[name] = self.resource_permissions(
                    user, model, True, fields, getattr(model, 'actions', []))

        for resource, data in six.iteritems(EXTRA_PERMISSIONS):
            permissions[resource] = self.resource_permissions(
                user, resource, True, data['properties'], data['actions'])

        profile = OrderedDict()

        trading_desks = list(
            TradingDesk.objects_raw.filter(
                trading_desk_userprofiles__user=user).values(
                    'trading_desk_id', 'trading_desk')[:1])
        if trading_desks:
            profile.update(trading_desks[0])

        advertisers = list(
            Advertiser.objects_raw.filter(
                advertiser_userprofiles__user=user).values(
                    'advertiser_id', 'advertiser')[:1])
        if advertisers:
            profile.update(advertisers[0])

        response = OrderedDict(username=user.username,
                               is_manage_user=user.is_manage_user,
                               profile=profile,
                               roles=user.profile.get_roles(),
                               permissions=permissions)

        cache.set(cache_key, response, CACHE_TIME)

        return Response(response)
Exemplo n.º 7
0
 def all(self, *args, **kwargs):
     queryset = super(BaseManager, self).all(*args, **kwargs)
     user = REGISTRY.get('user', None)
     if not user or user.is_anonymous():
         from restapi.models.User import User
         if self.model == User:
             return queryset
     if self.model.permission_check:
         queryset = self.filter_by_authorized_user(queryset)
     return queryset
Exemplo n.º 8
0
 def is_own(self):
     if self.pk is None:
         return True
     user = REGISTRY.get('user')
     if not user:
         return False
     trading_desk = self.profile.trading_desk.first()
     advertiser = self.profile.advertisers.first()
     if not advertiser and trading_desk:
         user_trading_desk = user.trading_desk.first()
         return user_trading_desk and trading_desk.pk == user_trading_desk.pk
     return user.pk == self.pk
Exemplo n.º 9
0
    def get(self, request):
        params = request.data if request.method == 'POST' else request.query_params
        bidder_name = params.get('bidder', None) or ''
        bidder_name = bidder_name.lower()
        server_name = params.get('bidder_machine', None) or 'insights-bidder'
        is_trident = params.get('is_trident', None)

        # check permissions
        user = REGISTRY.get('user', None)
        perm_field = 'publisher_bidder_insight' if bidder_name == 'appsponsor' else 'advertiser_bidder_insight'
        if not bool(
                user.get_permitted_model_fields(
                    model='tools', action='read', fields=[perm_field])):
            raise PermissionDeniedException()

        raw_input_str = params.get('raw_request', None)
        is_raw = False
        if raw_input_str:
            payload = json.loads(raw_input_str)
            payload['manage_debug'] = 1
            is_raw = True
        elif bidder_name == 'appsponsor':  #L48
            payload = self.get_payload_for_appsponsor(params)
            is_raw = True
        else:  #L112
            payload = self.get_payload(params)

        bidder_data = bidder_api_call(payload, server_name, is_trident, is_raw,
                                      bidder_name)  #L153-158
        if bidder_data is None:
            bidder_data = dict()

        result = OrderedDict()
        # pylint: disable=unidiomatic-typecheck
        if type(bidder_data) == dict and 'Fail' in bidder_data:
            result['Fail'] = bidder_data['Fail']
            del bidder_data['Fail']
        # pylint: disable=unidiomatic-typecheck
        elif type(bidder_data) == dict and len(bidder_data.keys()) < 2:
            result['Fail'] = 'unknown reason'

        for key in ['chosen_ad', 'raw_request']:  #L435,439,445,459
            if key in bidder_data:
                del bidder_data[key]

        # pylint: disable=invalid-name
        fn = self.prepare_result_appsponsor if bidder_name == 'appsponsor' else self.prepare_result  #L299
        result.update(fn(request, bidder_data))

        return Response({'result': result})
Exemplo n.º 10
0
    def get(self, *args, **kwargs):
        instance = super(BaseManager, self).get(*args, **kwargs)
        user = REGISTRY.get('user', None)
        # pylint: disable=attribute-defined-outside-init
        if self.model.permission_check and settings.SYSTEM_USER is False:
            if not user or user.is_anonymous():
                from restapi.models.User import User
                if self.model == User:
                    return instance
                raise ValueError('Unable resolve current user.')

            if not user.check_instance_permission(instance=instance,
                                                  action='read'):
                raise PermissionDeniedException(
                    "user=%s; action=%s; model=%s; all_permissions=%s;" %
                    (user.username, 'read', self.model.__name__,
                     repr(user.get_all_permissions())))
        return instance
Exemplo n.º 11
0
 def get(self, request, **unused_kwargs):
     user = REGISTRY.get('user', None)
     if not user.is_authenticated():
         return HttpResponse('{"HTTP-STATUS": 401}', status=200)
     data = {
         'username': user.username,
         'roles': user.profile.get_roles(),
         'tabs_urls': settings.TABS_URLS,
         'advertisers':
         {a.pk: a.advertiser
          for a in Advertiser.objects.own()},
         'placement_sources':
         {s.pk: s.source
          for s in Source.objects.all()},
         'osv': {
             'ios': settings.OSV_LATEST_IOS,
             'android': settings.OSV_LATEST_ANDROID
         }
     }
     for name, choices in CHOICES:
         data[name] = {d[0]: d[1] for d in choices}
     return Response(data)
Exemplo n.º 12
0
def device_id(request):
    # check permissions
    user = REGISTRY.get('user', None)
    if not bool(
            user.get_permitted_model_fields(
                model='tools', action='read', fields=['device_id'])):
        raise PermissionDeniedException()

    advertiser_id = request.GET.get('advertiser_id', '')
    advertiser = None
    if advertiser_id:
        qs = Advertiser.objects.filter(pk=advertiser_id)
        if qs.exists():
            advertiser = qs.first()
        else:
            advertiser_id = ''

    campaign_id = request.GET.get('campaign_id', '') if advertiser else ''
    if campaign_id:
        qs = advertiser.campaign_set.filter(campaign_id=campaign_id)
        if not qs.exists():
            campaign_id = ''

    params = {
        'type': request.GET.get('type', ''),
        'start': request.GET.get('start', ''),
        'end': request.GET.get('end', ''),
        'advertiser_id': advertiser_id,
        'campaign_id': campaign_id
    }

    if not params['start']:
        params['start'] = '2011-09-01'

    if not params['end']:
        end = datetime.now() + timedelta(days=1)
        params['end'] = end.strftime("%Y-%m-%d")

    for key in ['start', 'end']:
        params[key] = re.sub(r'-(\d)-', r'-0\1-', params[key])
        params[key] = re.sub(r'-(\d)$', r'-0\1', params[key])

    api_file = '2/download-device-ids.php'
    api_root = settings.STATS_API_DOMAIN + api_file + '?key=' + settings.STATS_API_KEY
    query_string = urllib.urlencode(params)
    api_for_sql_query = api_root + '&' + query_string
    request = Request(api_for_sql_query)
    response = HttpResponse(content_type='text/csv')
    try:
        api_response = urlopen(request)

        def stream_response_generator():
            while True:
                data = api_response.read(1024)
                if not data:
                    return
                yield data

        response = StreamingHttpResponse(stream_response_generator(),
                                         content_type='text/csv')
        response[
            'Content-Disposition'] = 'attachment; filename="device_id.csv"'
    # pylint: disable=bare-except
    except:
        response.write('Data invalid')
    return response
Exemplo n.º 13
0
 def __permitted_instance_fields(self, instance, action):
     user = REGISTRY.get('user', None)
     return user.get_permitted_instance_fields(instance=instance,
                                               action=action,
                                               fields=self.fields.keys())
Exemplo n.º 14
0
    def get(self, request, **kwargs):
        user = REGISTRY.get('user', None)
        if not user.is_authenticated():
            return HttpResponse('{"HTTP-STATUS": 401}', status=200)

        CACHE_KEY = "restapi:%s:/schema" % user.pk
        metadata = cache.get(CACHE_KEY)
        if CACHE and metadata:
            return Response(metadata)

        simple_meta = SimpleMetadata()
        metadata = OrderedDict()

        for name, cls in SERIALIZERS:
            if DEBUG_SERIALIZER and DEBUG_SERIALIZER != name:
                continue

            serializer = cls(context={'request': request})

            info = OrderedDict()
            for field_name, field in serializer.fields.items():
                field_info = OrderedDict()
                field_info['type'] = simple_meta.label_lookup[field]
                if getattr(
                        field, 'required',
                        False) or field_name in serializer.required_in_schema:
                    field_info['required'] = True
                attrs = [
                    'read_only', 'label', 'help_text', 'min_length',
                    'max_length', 'min_value', 'max_value'
                ]

                for attr in attrs:
                    value = getattr(field, attr, None)
                    if value is not None and value is not False and value != '':
                        field_info[attr] = force_text(value, strings_only=True)

                if isinstance(field, PrimaryKeyRelatedField):
                    field_info['relation'] = self.relation_name_lookup(
                        field.queryset.model)

                elif hasattr(field, 'choices'):
                    choices = []
                    field_info['choices'] = choices
                    data = ALL_GROUPS if name == 'user' else field.choices.items(
                    )
                    for choice_value, choice_name in data:
                        choices.append({
                            'value':
                            choice_value,
                            'display_name':
                            force_text(choice_name, strings_only=True)
                        })
                    if name == 'user':
                        field_info['manage_choices'] = []
                        for choice_value, choice_name in MANAGE_GROUPS:
                            field_info['manage_choices'].append({
                                'value':
                                choice_value,
                                'display_name':
                                force_text(choice_name, strings_only=True)
                            })

                        field_info['td_choices'] = []
                        for choice_value, choice_name in TD_GROUPS:
                            field_info['td_choices'].append({
                                'value':
                                choice_value,
                                'display_name':
                                force_text(choice_name, strings_only=True)
                            })
                info[field_name] = field_info

            primary_key = None
            unique_keys = []
            if hasattr(serializer, 'Meta') and hasattr(serializer.Meta,
                                                       'model'):
                model_meta = serializer.Meta.model._meta
                primary_key = model_meta.pk.name
                unique_keys = model_meta.unique_together

            metadata[name] = OrderedDict()
            metadata[name]['type'] = 'object'
            metadata[name]['primary_key'] = primary_key
            metadata[name]['unique_keys'] = unique_keys
            metadata[name]['properties'] = info

            cache.set(CACHE_KEY, metadata, CACHE_TIME)

        return Response(metadata)
Exemplo n.º 15
0
def advertiser_stats_proxy(request, token, path):
    """
    Proxy to use cross domain Ajax GET requests
    request: Django request object
    """
    user = REGISTRY.get('user', None)
    trading_desk = user.profile.trading_desk.first()
    if trading_desk:
        token = trading_desk.trading_desk_key
    else:
        advertiser = user.profile.advertisers.first()
        if advertiser is None:
            raise PermissionDeniedException()
        token = advertiser.advertiser_key

    if request.GET.get('source_type') == '2':
        url = ''.join([
            settings.TWITTER_STATS_API_DOMAIN,
            settings.ADVERTISER_STATS_API_PATH, path
        ])
    else:
        url = ''.join([
            settings.STATS_API_DOMAIN, settings.ADVERTISER_STATS_API_PATH, path
        ])

    trading_desk_ids = map(
        str,
        TradingDesk.TradingDesk.objects.values_list('trading_desk_id',
                                                    flat=True))
    get_params = copy(request.GET)

    should_cache = get_params.get('should_cache')
    if should_cache:
        del get_params['should_cache']
        # get end date (frontend user timezone) user timezone yesterday could be today in stats API timezone
        end_date = get_params['date_to']

        # get today str (Monarch, Stats API timezone)
        _today = datetime.date.today().strftime('%Y-%m-%d')
        should_cache = _today > end_date and datetime.datetime.now().hour > 7

    filter_by_trading_desk_id = get_params.get('filter_by_trading_desk_id', '')
    if filter_by_trading_desk_id != '':
        filter_ids = get_params['filter_by_trading_desk_id'].split(',')
        trading_desk_ids = map(
            str, [i for i in trading_desk_ids if i in filter_ids])

    ad_id = get_params.get('filter_by_ad_id')
    ad_group_id = get_params.get('filter_by_ad_group_id')
    if ad_id and not ad_group_id:
        try:
            ad_group_id = Ad.Ad.objects.get(pk=ad_id).ad_group_id.pk
            get_params['filter_by_ad_group_id'] = ad_group_id
        except:
            pass

    campaign_id = get_params.get('filter_by_campaign_id')
    if ad_group_id and not campaign_id:
        try:
            campaign_id = AdGroup.AdGroup.objects.get(
                pk=ad_group_id).campaign_id.pk
            get_params['filter_by_campaign_id'] = campaign_id
        except:
            pass

    advertiser_id = get_params.get('filter_by_advertiser_id')
    if campaign_id and not advertiser_id:
        try:
            advertiser_id = Campaign.Campaign.objects.get(
                pk=campaign_id).advertiser_id.pk
            get_params['filter_by_advertiser_id'] = advertiser_id
        except:
            pass

    if not trading_desk_ids:
        return http.JsonResponse({
            'HTTP-STATUS': 403,
            'success': False
        },
                                 safe=True,
                                 status=403)

    get_params['filter_by_trading_desk_id'] = ','.join(trading_desk_ids)

    break_by = get_params.get('break_by', '')
    break_by = break_by.split(',') if break_by else []
    for param in get_params.keys():
        if param[:7] == 'filter_' and param[-5:] == '_like':
            filter_name = param[7:-5]
            if filter_name not in break_by:
                break_by.append(filter_name)
    get_params['break_by'] = ','.join(break_by)

    params = ['%s=%s' % (k, get_params[k]) for k in get_params.keys()]
    query = '&'.join(params)
    data = redis_cache.get(query, False)
    if data:
        content_type = 'application/json'
        status_code = 200
    else:
        url = url + '?' + query
        headers = {'Authorization': 'token token="%s"' % token}
        response = requests.get(url, headers=headers, verify=False)

        status_code = int(response.status_code)
        data = response.text

        content_type = response.headers.get('content-type', 'application/json')

        if content_type == 'text/json':
            content_type = 'application/json'

        if content_type == 'text/csv':
            csv_reader = csv.DictReader(six.StringIO(response.text))
            permitted_fields = set(
                request.user.get_permitted_model_fields(
                    'metrics', 'read', csv_reader.fieldnames))
            remap_fields = {}
            if request.user.profile.advertisers.exists():
                # IMPORTANT: If user has advertiser than it's advertiser user and we should display cost as a spend.
                remap_fields['cost'] = 'spend'
            out = six.StringIO()
            field_names = [
                f for f in csv_reader.fieldnames if f in permitted_fields
            ]
            csv_writer = csv.DictWriter(
                out, [remap_fields.get(f, f) for f in field_names])
            csv_writer.writeheader()
            for row in csv_reader:
                csv_writer.writerow({
                    remap_fields.get(k, k): v
                    for k, v in six.iteritems(row) if k in field_names
                })
            data = out.getvalue()
        elif content_type == 'application/json':
            json_data = json.loads(data)
            entity_by_id_by_model_name = collections.defaultdict(dict)
            for name in {'advertiser', 'campaign', 'ad_group', 'ad'}:
                key = '{}_id'.format(name)
                ids = list(
                    set(
                        core.safe_to_int(item_id)
                        for item_id in (i.get(key) for i in json_data)
                        if item_id))
                if ids:
                    model = _MODEL_BY_NAME[name]
                    fields = _FIELDS_BY_MODEL_NAME[name]
                    if key not in fields:
                        fields += (key, )
                    for item in model.objects.filter(**{
                            '{}__in'.format(key): ids
                    }).values(*fields):
                        entity_by_id_by_model_name[name][item[key]] = {
                            k.split('__')[-1]: v
                            for k, v in six.iteritems(item) if k != key
                        }
                    for i in json_data:
                        item_id = core.safe_to_int(i[key])
                        if item_id in entity_by_id_by_model_name[name]:
                            i.update(entity_by_id_by_model_name[name][item_id])
            data = json.dumps(json_data)

        if status_code != 200:
            data = json.dumps({'info': data})
        elif should_cache and content_type != 'text/csv':
            # cache only if status_code is 200
            # expire after 2 days
            redis_cache.set(query, data, 60 * 60 * 24 * 2)

    response = HttpResponse(data,
                            status=status_code,
                            content_type=content_type)
    if content_type == 'text/csv':
        response['Content-Disposition'] = 'inline; filename="report.csv"'

    return response