def fail(status_code, message=None):
"""Raises an API error
:param status_code: HTTP Response status code
:param message: error message
"""
reason = [status_reasons.get(status_code), message]
reason = filter(None, reason)
reason = reason and " - ".join(reason) or "Unknown reason"
japi.fail(status_code, reason)
def login(context, request):
""" Login Route
Login route to authenticate a user against Plone.
"""
# extract the data
__ac_name = request.get("__ac_name", None)
__ac_password = request.get("__ac_password", None)
logger.info("*** LOGIN %s ***" % __ac_name)
if __ac_name is None:
api.fail(400, "__ac_name is missing")
if __ac_password is None:
api.fail(400, "__ac_password is missing")
acl_users = api.get_tool("acl_users")
# XXX hard coded
acl_users.credentials_cookie_auth.login()
# XXX amin user won't be logged in if I use this approach
# acl_users.login()
# response = request.response
# acl_users.updateCredentials(request, response, __ac_name, __ac_password)
if api.is_anonymous():
api.fail(401, "Invalid Credentials")
# return the JSON in the same format like the user route
return get(context, request, username=__ac_name)
def action(context, request, action=None, resource=None, uid=None):
"""Various HTTP POST actions
Case 1: /<uid>
-> Return the full object immediately in the root of the JSON API response
<Senaite-Site>/@@API/senaite/v1/<uid>
Case 2: /<action>/<uid>
-> The actions (update, delete) will performed on the object identified by <uid>
-> The actions (create) will use the <uid> as the parent folder
<Senaite-Site>/@@API/senaite/v1/<action>/<uid>
Case 3: <resource>/<action>
-> The "target" object will be located by a location given in the request body (uid, path, parent_path + id)
-> The actions (cut, copy, update, delete) will performed on the target object
-> The actions (create) will use the target object as the container
<Senaite-Site>/@@API/senaite/v1/<resource>/<action>
Case 4: <resource>/<action>/<uid>
-> The actions (cut, copy, update, delete) will performed on the object identified by <uid>
-> The actions (create) will use the <uid> as the parent folder
<Senaite-Site>/@@API/senaite/v1/<resource>/<action>
"""
# Fetch and call the action function of the API
func_name = "{}_items".format(action)
action_func = getattr(api, func_name, None)
if action_func is None:
api.fail(500, "API has no member named '{}'".format(func_name))
portal_type = api.resource_to_portal_type(resource)
items = action_func(portal_type=portal_type, uid=uid)
return {
"count": len(items),
"items": items,
"url": api.url_for("senaite.jsonapi.v1.action", action=action),
}
def action(context, request, action=None, resource=None, uid=None):
"""Various HTTP POST actions
"""
# allow to set the method via the header
if action is None:
action = request.get_header("HTTP_X_HTTP_METHOD_OVERRIDE",
"CREATE").lower()
# Fetch and call the action function of the API
func_name = "{}_items".format(action)
action_func = getattr(api, func_name, None)
if action_func is None:
api.fail(500, "API has no member named '{}'".format(func_name))
portal_type = api.resource_to_portal_type(resource)
items = action_func(portal_type=portal_type, uid=uid)
return {
"count": len(items),
"items": items,
"url": api.url_for("senaite.jsonapi.v1.action", action=action),
}