async def update_view(cls, request):
if not has_required_scope(request, cls.permission_scopes):
raise HTTPException(403)
if not cls.update_form:
raise MissingFormError()
instance = await cls.get_object(request)
context = cls.get_context(request)
form_kwargs = {
"form_cls": cls.update_form,
"data": instance,
"obj": instance if not isinstance(instance, dict) else None,
}
if request.method == "GET":
form = cls.get_form(**form_kwargs)
context.update({"form": form, "object": instance})
return config.templates.TemplateResponse(cls.update_template,
context)
data = await request.form()
form = cls.get_form(**form_kwargs, formdata=data)
if not form.validate():
context.update({"form": form, "object": instance})
return config.templates.TemplateResponse(cls.update_template,
context)
await cls.do_update(instance, form, request)
message(request, "Updated successfully", "success")
return RedirectResponse(url=request.url_for(cls.url_names()["list"]),
status_code=302)
async def action(request):
target_object = request.path_params.get('target_object', '').strip('/')
# check if action exists
action = action_tree.get_action_by_target_obj(target_object)
if not action:
raise ApiError(ApiErrors.not_found)
# check provider permission
provider = get_provider_by_action_auth(request, action)
if not provider:
raise ApiError(ApiErrors.forbidden)
if request.method == 'GET':
return action.to_dict(provider)
if request.method == 'POST':
form = await request.form()
is_admin = any(
has_required_scope(request, (admin_role, ))
for admin_role in config.ADMIN_ROLES)
ticket, msg = await action.run(provider, form, is_admin=is_admin)
msg_level = 'success' if bool(ticket) else 'error'
return dict(ticket=ticket,
msg=msg,
msg_level=msg_level,
debug=config.DEBUG)
async def create_view(cls, request):
if not has_required_scope(request, cls.permission_scopes):
raise HTTPException(403)
if not cls.create_form:
raise MissingFormError()
context = cls.get_context(request)
if request.method == "GET":
form = cls.get_form(cls.create_form)
context.update({"form": form})
return config.templates.TemplateResponse(cls.create_template,
context)
data = await request.form()
form = cls.get_form(cls.create_form, formdata=data)
if not form.validate():
context.update({"form": form})
return config.templates.TemplateResponse(cls.create_template,
context)
await cls.do_create(form, request)
message(request, "Created successfully", "success")
return RedirectResponse(url=request.url_for(cls.url_names()["list"]),
status_code=302)
def wrapper(*args: typing.Any, **kwargs: typing.Any) -> typing.Any:
info = kwargs.get("info", args[1])
request = info.context.get("request")
if not has_required_scope(request, scopes):
raise GraphQLError(message)
return func(*args, **kwargs)
async def audit_log_item_view(cls, request):
if not has_required_scope(request, cls.permission_scopes):
raise HTTPException(403)
instance = cls.get_object(request)
item_id = request.path_params["item_id"]
item = cls.audit_log_class().query.get_or_404(item_id)
items = item.data_keys
extra_items = item.extra_data_keys
diff = None
diff_id = request.path_params.get("diff_id")
if diff_id:
diff = cls.audit_log_class().query.get_or_404(diff_id)
items = sorted(list(set(items + diff.data_keys)))
extra_items = sorted(list(set(extra_items + diff.extra_data_keys)))
context = cls.get_context(request)
context.update({
"object": instance,
"item": item,
"diff": diff,
"items": items,
"extra_items": extra_items,
})
return config.templates.TemplateResponse(cls.audit_log_item_template,
context)
async def websocket_wrapper(
*args: typing.Any, **kwargs: typing.Any
) -> None:
websocket = kwargs.get("websocket", args[idx] if args else None)
assert isinstance(websocket, WebSocket)
if not has_required_scope(websocket, scopes_list):
await websocket.close()
else:
await func(*args, **kwargs)
def sync_wrapper(*args: typing.Any, **kwargs: typing.Any) -> Response:
request = kwargs.get("request", args[idx] if args else None)
assert isinstance(request, Request)
if not has_required_scope(request, scopes_list):
if redirect is not None:
return RedirectResponse(
url=request.url_for(redirect), status_code=303
)
raise HTTPException(status_code=status_code)
return func(*args, **kwargs)
async def audit_log_view(cls, request):
if not has_required_scope(request, cls.permission_scopes):
raise HTTPException(403)
instance = cls.get_object(request)
instance.auditlog
context = cls.get_context(request)
context.update({"object": instance})
return config.templates.TemplateResponse(
cls.audit_log_item_list_template, context)
async def audit_log_deleted_view(cls, request):
if not has_required_scope(request, cls.permission_scopes):
raise HTTPException(403)
list_objects = (cls.audit_log_class().query.filter_by(
entity_type=cls.model_class.__table__.name,
operation="DELETE").all())
context = cls.get_context(request)
context.update({"list_objects": list_objects})
return config.templates.TemplateResponse(
cls.audit_log_deleted_template, context)
def __call__(self, request: Request):
if not has_required_scope(request, self.scopes):
if self.redirect is not None:
# Ask the top-level router for the app what the url is for the
# redirect. That's because FastAPI doesn't maintain a router
# hierarchy like Starlette does
redirect = request.app.router.url_path_for(self.redirect)
raise UnauthorizedError(
RedirectResponse(url=redirect, status_code=HTTP_303_SEE_OTHER)
)
raise HTTPException(self.status_code)
async def list_view(cls, request):
if not has_required_scope(request, cls.permission_scopes):
raise HTTPException(403)
context = cls.get_context(request)
context.update({
"list_field_names":
cls.list_field_names,
"search_enabled":
cls.search_enabled,
"search":
request.query_params.get("search"),
"order_enabled":
cls.order_enabled,
"order_by":
request.query_params.get("order_by"),
"order_direction":
request.query_params.get("order_direction"),
})
list_objects = await cls.get_list_objects(request)
if cls.paginate_by:
paginator, page, list_objects, is_paginated = cls.paginate(
request, list_objects)
context.update({
"paginator": paginator,
"page_obj": page,
"is_paginated": is_paginated,
"list_objects": list_objects,
})
else:
context.update({
"paginator": None,
"page_obj": None,
"is_paginated": False,
"list_objects": list_objects,
})
return config.templates.TemplateResponse(cls.list_template, context)
async def has_required_scope(self, request):
return has_required_scope(request, self.permission_scopes)
async def has_required_scope(cls, request):
return has_required_scope(request, cls.permission_scopes)
def get_provider_by_action_auth(request, action):
if not has_required_scope(request, ['authenticated']):
return None
return request.user.providers[action.provider_type]