def application_update(self, application_id, request_object):
allowed_applications = self.allowed_applications('write')
if not application_id in allowed_applications:
logger.warning('User %d with Applications %s tried to update Application %d', \
self.current_user.id, allowed_applications, application_id)
return status_.status_401('You need to be logged in to access applications'), 401
application_ = Application.query.get(application_id)
application_content = json.loads(request_object.data)
"""
Part 2: Update the fields that we have data for
"""
if hasattr(application_, 'name'):
application_.name = sanitize.sanitize_string(application_content.get('name', application_.name))
if hasattr(application_, 'description'):
application_.description = sanitize.sanitize_string(application_content.get('description', application_.description))
if hasattr(application_, 'url'):
application_.url = sanitize.sanitize_string(application_content.get('url', application_.url))
db.session.commit()
return application_
def permission_update(self, application_id, user_id, request_object):
"""
Before we update the User permissions for this application, we need to make sure that
the user requesting them is authenticated and has the `is_admin` permission for the
application_id being requested.
"""
allowed_applications = self.allowed_applications('is_admin')
if not application_id in allowed_applications:
logger.warning('User %d with Applications %s tried to access Users for Application %d', \
self.current_user.id, allowed_applications, application_id)
return status_.status_401('You are not allowed to view this User\'s permissions because you are not an administrator of this Application'), 401
permissions = UserApplications.query.filter_by(application_id=application_id,user_id=user_id).first()
altered_permissions = json.loads(request_object.data)
if hasattr(permissions, 'read'):
permissions.read = sanitize.sanitize_boolean(altered_permissions.get('read', permissions.read)),
if hasattr(permissions, 'write'):
permissions.write = sanitize.sanitize_boolean(altered_permissions.get('write', permissions.write)),
if hasattr(permissions, 'is_admin'):
permissions.is_admin = sanitize.sanitize_boolean(altered_permissions.get('is_admin', permissions.is_admin))
db.session.commit()
return {
'read': permissions.read,
'write': permissions.write,
'is_admin': permissions.is_admin
}
def field_get(self, field_id, is_public=False):
if not is_public:
"""
Make sure that we have everything we need to created the
template successfully, including things like a Name, an associated
Application, and a Storage mechanism
"""
if not field_id:
logger.error('User %d update Field request failed because they didn\'t submit a Field ID with their request', \
self.current_user.id)
return status_.status_400('You didn\'t include a Field ID to update this field with'), 400
"""
Fields are directly tied to Templates and really have no life of their
own outside of Templates. Because of that we need to instantiate a
Template object that we can work with
"""
allowed_fields = self.allowed_fields(permission_type='read')
public_fields_ = self.public_templates()
if not field_id in allowed_fields + public_fields_:
logger.warning('User %d with Fields %s tried to access Field %d', \
self.current_user.id, allowed_fields, field_id)
return status_.status_401('You can\'t edit this Field because it\'s not yours'), 401
field_ = {}
if field_id:
field_ = Field.query.get(field_id)
return field_
def permission_get(self, template_id, user_id):
"""
Before we get the User permissions for this template, we need to make sure that
the user requesting them is authenticated and has the `is_admin` permission for the
template_id being requested.
"""
allowed_templates = self.allowed_templates('is_admin')
if not user_id is self.current_user.id and not template_id in allowed_templates:
logger.warning('User %d tried to access Users for Template %d', \
self.current_user.id, template_id)
return status_.status_401('You are not allowed to view this User\'s permissions because you are not an administrator of this Template'), 401
permissions = UserTemplates.query.filter_by(template_id=template_id,user_id=user_id).first()
if not permissions:
return status_.status_404('We couldn\'t find the user permissions you were looking for. This user may have been removed from the Template or the Template may have been deleted.'), 404
return {
'read': permissions.read,
'write': permissions.write,
'is_moderator': permissions.is_moderator,
'is_admin': permissions.is_admin
}
def allowed_templates(self, application_id='', permission_type='read'):
if application_id:
"""
Before doing anything make sure the user is allowed to access the
application in the first place.
"""
allowed_applications = self.allowed_applications('read')
if not application_id in allowed_applications:
logger.warning('User %d with Applications %s tried to access Application %d', \
self.current_user.id, allowed_applications, application_id)
return status_.status_401('You need to be logged in to access applications'), 401
"""
Collect all of the templates the current user has access to, including both
explicitly allowed templates and public templates
"""
explicitly_allowed_templates_ = self.explicitly_allowed_templates(permission_type)
logger.debug('All Templates user has permission to %s', explicitly_allowed_templates_)
public_templates_ = self.public_templates()
logger.debug('All Public Templates %s', public_templates_)
combined_access = explicitly_allowed_templates_ + public_templates_
"""
All Templates belonging to the requested Application
"""
application_templates_ = self.applications_templates(application_id)
logger.debug('All Templates for this Application %s', application_templates_)
"""
Using the `combined_template_access` filter the Application Templates (the
Templates only for this Application that the user has access to)
"""
template_id_list_ = set(combined_access) & set(application_templates_)
logger.debug('Templates to display %s', template_id_list_)
else:
"""
Collect all of the templates the current user has access to, including both
explicitly allowed templates and public templates
"""
explicitly_allowed_templates_ = self.explicitly_allowed_templates(permission_type)
logger.debug('All Templates user has permission to %s', explicitly_allowed_templates_)
public_templates_ = self.public_templates()
logger.debug('All Public Templates %s', public_templates_)
template_id_list_ = explicitly_allowed_templates_ + public_templates_
return template_id_list_
def application_users(self, application_id):
allowed_applications = self.allowed_applications('is_admin')
if not application_id in allowed_applications:
logger.warning('User %d with Applications %s tried to access Users for Application %d', \
self.current_user.id, allowed_applications, application_id)
return status_.status_401('You are not allowed to view the Users of this Application because you do not have the permission to do so'), 401
return self.application_user_list(application_id)
def template_users(self, template_id):
allowed_templates = self.allowed_templates('is_admin')
if not template_id in allowed_templates:
logger.warning('User %d tried to access Users for Template %d', \
self.current_user.id, template_id)
return status_.status_401('You are not allowed to view the Users of this Template because you do not have the permission to do so'), 401
return self.template_user_list(template_id)
def feature_get_excel_template(oauth_request, storage, is_public):
Feature_ = Feature()
Feature_.current_user = oauth_request.user
excel_template = Feature_.feature_get_excel_template(storage)
logger.warning("excel_template %s", excel_template)
# return status_.status_200(), 200
return send_from_directory(excel_template.get("directory"), excel_template.get("filename"), as_attachment=True)
def application_templates_get(self, application_id, is_public):
logger.warning('is_public %s', is_public)
if not hasattr(self.current_user, 'id'):
template_id_list_ = self.applications_templates(application_id)
templates_ = Template.query.filter(Template.id.in_(template_id_list_)).filter(Template.is_public).all()
else:
template_id_list_ = self.allowed_templates(application_id)
templates_ = Template.query.filter(Template.id.in_(template_id_list_)).all()
return templates_
def allowed_templates(self, permission_type="read"):
templates_ = []
if not hasattr(self.current_user, "id"):
logger.warning("User did't submit their information %s", self.current_user)
return status_.status_401("You need to be logged in to access applications"), 401
for template in self.current_user.templates:
if permission_type and getattr(template, permission_type):
templates_.append(template.template_id)
return templates_
def application_delete(self, application_id):
allowed_applications = self.allowed_applications('is_admin')
if not application_id in allowed_applications:
logger.warning('User %d with Applications %s tried to delete Application %d', \
self.current_user.id, allowed_applications, application_id)
return status_.status_401('You need to be logged in to access applications'), 401
application_ = Application.query.get(application_id)
db.session.delete(application_)
db.session.commit()
def explicitly_allowed_templates(self, permission_type='read'):
templates_ = []
if not hasattr(self.current_user, 'id'):
logger.warning('User did\'t submit their information %s', \
self.current_user)
return status_.status_401('You need to be logged in to access applications'), 401
for template in self.current_user.templates:
if permission_type and getattr(template, permission_type):
templates_.append(template.template_id)
return templates_
def explicitly_allowed_fields(self, permission_type='read'):
fields_ = []
if not hasattr(self.current_user, 'id'):
logger.warning('User did\'t submit their information %s', \
self.current_user)
return status_.status_401('You need to be logged in to access applications'), 401
for field in self.current_user.fields:
if permission_type and getattr(field, permission_type):
fields_.append(field.field_id)
return fields_
def permission_delete(self, template_id, user_id):
"""
Before we get the User permissions for this template, we need to make sure that
the user requesting them is authenticated and has the `is_admin` permission for the
template_id being requested.
"""
allowed_templates = self.allowed_templates('is_admin')
if not template_id in allowed_templates:
logger.warning('User %d tried to access Users for Template %d', \
self.current_user.id, template_id)
return status_.status_401('You are not allowed to view this User\'s permissions because you are not an administrator of this Template'), 401
permissions = UserTemplates.query.filter_by(template_id=template_id, user_id=user_id).first()
db.session.delete(permissions)
db.session.commit()
def permission_delete(self, application_id, user_id):
"""
Before we delete the User permissions for this application, we need to make sure that
the user requesting them is authenticated and has the `is_admin` permission for the
application_id being requested.
"""
allowed_applications = self.allowed_applications('is_admin')
if not application_id in allowed_applications:
logger.warning('User %d with Applications %s tried to access Users for Application %d', \
self.current_user.id, allowed_applications, application_id)
return status_.status_401('You are not allowed to view this User\'s permissions because you are not an administrator of this Application'), 401
permissions = UserApplications.query.filter_by(application_id=application_id, user_id=user_id).first()
db.session.delete(permissions)
db.session.commit()
def template_fields_get(self, template_id, is_public=False):
"""
Make sure that we have everything we need to created the
template successfully, including things like a Name, an associated
Application, and a Storage mechanism
"""
if not template_id:
logger.error('User %d update Field request failed because they didn\'t submit a Template ID with their request', \
self.current_user.id)
return status_.status_400('You didn\'t include a Template ID to get a list of fields with'), 400
template_ = Template.query.get(template_id)
fields_ = []
if not is_public:
"""
Fields are directly tied to Templates and really have no life of their
own outside of Templates. Because of that we need to instantiate a
Template object that we can work with
"""
allowed_templates = self.allowed_fields(template_id=template_id)
if not template_id in allowed_templates:
logger.warning('User %d with Templates %s tried to access Template Fields %d', \
self.current_user.id, allowed_templates, template_id)
return status_.status_401('You can\'t edit this Template because it\'s not yours'), 401
# allowed_fields = self.allowed_fields()
# public_fields_ = self.public_templates()
# allowed_fields_list = allowed_fields + public_fields_
for field in template_.fields:
# if field.id in allowed_fields_list:
fields_.append(field)
else:
for field in template_.fields:
fields_.append(field)
return fields_
def create(self):
today = datetime.utcnow()
expires_ = self.extras.get('expires', today + timedelta(+364))
max_age_ = self.extras.get('max_age', 'max-age=2592000')
last_modified_ = self.extras.get('last_modified', today)
# logger.warning('self.the_content %s', self.the_content.keys())
if 'features' in self.the_content.keys():
features = []
for feature in self.the_content['features']:
properties = {}
for property_ in feature:
if property_ != 'geometry':
properties[property_] = feature[property_]
arguments = {
'geometry': feature.get('geometry', None),
'id': feature.get('id', None),
'properties': properties
}
try:
this_feature = Feature(**arguments)
except Exception, e:
logger.warning("Couldn't create object for GeoJSON %s > %s", feature.get('id', None), arguments)
this_feature = None
features.append(this_feature)
arguments = {
'properties': self.extras
}
response = jsonify(FeatureCollection(features, **arguments))
def permission_create(self, template_id, user_id, request_object):
"""
Before we get the User permissions for this template, we need to make sure that
the user requesting them is authenticated and has the `is_admin` permission for the
template_id being requested.
"""
allowed_templates = self.allowed_templates('is_admin')
if not template_id in allowed_templates:
logger.warning('User %d tried to access Users for Template %d', \
self.current_user.id, template_id)
return status_.status_401('You are not allowed to view this User\'s permissions because you are not an administrator of this Template'), 401
permissions_ = json.loads(request_object.data)
"""
Add the new application to the database
"""
new_permissions = {
'user_id': user_id,
'template_id': template_id,
'read': sanitize.sanitize_boolean(permissions_.get('read', '')),
'write': sanitize.sanitize_boolean(permissions_.get('write', '')),
'is_moderator': sanitize.sanitize_boolean(permissions_.get('is_moderator', '')),
'is_admin': sanitize.sanitize_boolean(permissions_.get('is_admin', ''))
}
permission_object = UserTemplates(**new_permissions)
db.session.add(permission_object)
db.session.commit()
return {
'read': permission_object.read,
'write': permission_object.write,
'is_moderator': permission_object.is_moderator,
'is_admin': permission_object.is_admin
}
def field_delete(self, template_id, field_id):
"""
Fields are directly tied to Templates and really have no life of their
own outside of Templates. Because of that we need to instantiate a
Template object that we can work with
"""
allowed_templates = self.allowed_fields(template_id=template_id,permission_type='is_admin')
if not template_id in allowed_templates:
logger.warning('User %d with Templates %s tried to access Template Fields %d', \
self.current_user.id, allowed_templates, template_id)
return status_.status_401('You can\'t delete this Field because it\'s Template is not yours'), 401
allowed_fields = self.allowed_fields(permission_type='is_admin')
if not field_id in allowed_fields:
logger.warning('User %d with Fields %s tried to delete Field %d', \
self.current_user.id, allowed_fields, field_id)
return status_.status_401('You can\'t delete this Field because it\'s not yours'), 401
template_ = Template.query.get(template_id)
field_ = Field.query.get(field_id)
db.session.delete(field_)
db.session.commit()
"""
We only want to call the next method, if and when the field actually
exists in the Storage database table. In the case of some special
fields, such as the `fieldset` tag, the column doesn't exist in the
database table for the Storage, only in the Field table.
"""
if not 'fieldset' in field_.data_type:
self.delete_storage_field(template_, field_)
return True
def create(self):
today = datetime.utcnow()
expires_ = self.extras.get('expires', today + timedelta(+364))
max_age_ = self.extras.get('max_age', 'max-age=2592000')
last_modified_ = self.extras.get('last_modified', today)
logger.warning('Extras %s %s', self.extras, self.extras.get('expires', expires_))
content = {}
for property_ in self.the_content:
content[property_] = self.the_content[property_]
response = jsonify({
"response": content,
"properties": self.extras
})
"""
Make sure we're caching the responses for 30 days to speed things up,
then setting modification and expiration dates appropriately
"""
response.headers.add('Access-Control-Allow-Origin', '*')
response.headers.add('Access-Control-Allow-Headers', 'Authorization, Accept, Content-Type, X-Requested-With, Origin, Access-Control-Request-Method, Access-Control-Request-Headers, Cache-Control, Expires, Set-Cookie')
response.headers.add('Access-Control-Allow-Credentials', True)
response.headers.add('Access-Control-Allow-Methods', 'GET, POST, PUT, PATCH, OPTIONS, DELETE')
response.headers.add('Last-Modified', last_modified_)
response.headers.add('Expires', expires_)
response.headers.add('Pragma', max_age_)
response.headers.add('Cache-Control', max_age_)
return response
def permission_get(self, application_id, user_id):
"""
Before we get the User permissions for this application, we need to make sure that
the user requesting them is authenticated and has the `is_admin` permission for the
application_id being requested.
"""
allowed_applications = self.allowed_applications('is_admin')
if not application_id in allowed_applications:
logger.warning('User %d with Applications %s tried to access Users for Application %d', \
self.current_user.id, allowed_applications, application_id)
return status_.status_401('You are not allowed to view this User\'s permissions because you are not an administrator of this Application'), 401
permissions = UserApplications.query.filter_by(application_id=application_id,user_id=user_id).first()
if not permissions:
return status_.status_404('We couldn\'t find the user permissions you were looking for. This user may have been removed from the Application or the Application may have been deleted.'), 404
return {
'read': permissions.read,
'write': permissions.write,
'is_admin': permissions.is_admin
}
def template_create(self, request_object, application_id):
"""
Make sure that we have everything we need to created the
template successfully, including things like a Name, an associated
Application, and a Storage mechanism
"""
if not application_id:
logger.error('User %d new Template request failed because they didn\'t submit an Application ID with their request', \
self.current_user.id)
return status_.status_400('You didn\'t include an Application to associated with the Template'), 400
"""
Make sure that some data was submitted before proceeding
"""
if not request_object.data:
logger.error('User %d new Template request failed because they didn\'t submit any `data` with their request', \
self.current_user.id)
return status_.status_400('You didn\'t include any `data` with your request.'), 400
"""
Part 1: Make sure we can use the request data as json
"""
content_ = json.loads(request_object.data)
allowed_applications = self.allowed_applications('read')
if not application_id in allowed_applications:
logger.warning('User %d with Applications %s tried to access Application %d', \
self.current_user.id, allowed_applications, application_id)
return status_.status_401(), 401
"""
Part 3: Make sure we have a table that has been created in the database
to associate our Template features with
"""
storage_name = self.create_storage()
"""
Part X: Add the new application to the database
"""
new_template = {
'name': sanitize.sanitize_string(content_.get('name', 'Untitled Template from %s' % (datetime.today()) )),
'help': sanitize.sanitize_string(content_.get('help', '')),
'storage': storage_name,
'is_public': sanitize.sanitize_boolean(content_.get('is_public', True)),
'is_crowdsourced': sanitize.sanitize_boolean(content_.get('is_crowdsourced', False)),
'is_moderated': sanitize.sanitize_boolean(content_.get('is_moderated', False)),
'is_listed': sanitize.sanitize_boolean(content_.get('is_listed', True)),
'is_geospatial': sanitize.sanitize_boolean(content_.get('is_geospatial', True)),
'is_community': sanitize.sanitize_boolean(content_.get('is_community', False)),
'created': datetime.now(),
'status': sanitize.sanitize_boolean(content_.get('status', True))
}
template_ = Template(**new_template)
db.session.add(template_)
db.session.commit()
"""
Tell the system what user should have permission to
access the newly created application
"""
permission = {
'user_id': self.current_user.id,
'template_id': template_.id,
'read': True,
'write': True,
'is_moderator': True,
'is_admin': True
}
self.set_user_template_permissions(template_, permission, self.current_user)
"""
Tell the system what Application this template belongs to
"""
application_ = Application().query.get(application_id)
self.set_application_template_relationship(template_, application_)
"""
Add an 'owner' field to the Storage engine here, because we can't
do it in the 'create_storage' because of the User model stepping on
itself and causing problems with permissions
"""
self.create_owner_field(template_)
"""
Once the new table is created, we can create a permissions table for this feature table
"""
self.create_storage_permissions(storage_name)
return template_
def _trigger_feature_created(app, **data):
logger.warning('SIGNAL: _trigger_feature_created')
execute_notification('feature-created', app, **data)
def _trigger_feature_deleted(app, **data):
logger.warning('SIGNAL: _trigger_feature_deleted')
def field_update(self, request_object, template_id, field_id):
"""
Make sure that we have everything we need to created the
template successfully, including things like a Name, an associated
Application, and a Storage mechanism
"""
if not field_id:
logger.error('User %d update Field request failed because they didn\'t submit a Field ID with their request', \
self.current_user.id)
return status_.status_400('You didn\'t include a Field ID to update this field with'), 400
"""
Fields are directly tied to Templates and really have no life of their
own outside of Templates. Because of that we need to instantiate a
Template object that we can work with
"""
allowed_fields = self.allowed_fields(permission_type='write')
if not field_id in allowed_fields:
logger.warning('User %d with Fields %s tried to access Field %d', \
self.current_user.id, allowed_fields, field_id)
return status_.status_401('You can\'t edit this Field because it\'s not yours'), 401
"""
Make sure that some data was submitted before proceeding
"""
if not request_object.data:
logger.error('User %d update Field request failed because they didn\'t submit any `data` with their request', \
self.current_user.id)
return status_.status_400('You didn\'t include any `data` with your request.'), 400
"""
Convert our request object into usable data
"""
field_content = json.loads(request_object.data)
"""
Fields are directly tied to Templates and really have no life of their
own outside of Templates. Because of that we need to instantiate a
Template object that we can work with
"""
field_ = Field().query.get(field_id)
"""
Part 2: Update the fields that we have data for
"""
if hasattr(field_, 'label'):
field_.label = sanitize.sanitize_string(field_content.get('label', field_.label))
if hasattr(field_, 'help'):
field_.help = sanitize.sanitize_string(field_content.get('help', field_.help))
if hasattr(field_, 'is_listed'):
field_.is_listed = sanitize.sanitize_boolean(field_content.get('is_listed', field_.is_listed))
if hasattr(field_, 'is_searchable'):
field_.is_searchable = sanitize.sanitize_boolean(field_content.get('is_searchable', field_.is_searchable))
if hasattr(field_, 'is_required'):
field_.is_required = sanitize.sanitize_boolean(field_content.get('is_required', field_.is_required))
if hasattr(field_, 'weight'):
field_.weight = sanitize.sanitize_integer(field_content.get('weight', field_.weight))
if hasattr(field_, 'status'):
field_.status = sanitize.sanitize_boolean(field_content.get('status', field_.status))
if hasattr(field_, 'options'):
field_.options = sanitize.sanitize_string(field_content.get('options', field_.options))
#
# @todo
# We probably need to make the API capable of changing
# data_types, after all, PostgreSQL does it out of the box
#
# @see
# http://www.postgresql.org/docs/9.3/static/sql-altertable.html
#
db.session.commit()
return field_
def field_create(self, request_object, template_id):
"""
Make sure that we have everything we need to created the
template successfully, including things like a Name, an associated
Application, and a Storage mechanism
"""
if not template_id:
logger.error('User %d new Field request failed because they didn\'t submit an Template ID with their request', \
self.current_user.id)
return status_.status_400('You didn\'t include a Template to add this field to ... or else you\'re not the admin of this Template'), 400
"""
Make sure that some data was submitted before proceeding
"""
if not request_object.data:
logger.error('User %d new Field request failed because they didn\'t submit any `data` with their request', \
self.current_user.id)
return status_.status_400('You didn\'t include any `data` with your request.'), 400
"""
Convert our request object into usable data
"""
content_ = json.loads(request_object.data)
"""
Fields are directly tied to Templates and really have no life of their
own outside of Templates. Because of that we need to instantiate a
Template object that we can work with
"""
allowed_fields = self.allowed_fields(template_id)
if not template_id in allowed_fields:
logger.warning('User %d with Templates %s tried to access Template %d', \
self.current_user.id, allowed_fields, template_id)
return status_.status_401(), 401
Template_ = Template().query.get(template_id)
"""
To create a Field you must at least provide a name for your field
"""
if not content_.get('name', ''):
logger.error('User %d new Field request failed because they didn\'t submit any `name` in the `data` of their request', \
self.current_user.id)
return status_.status_400('You didn\'t include a `name` in the `data` of your request.'), 400
"""
To create a Field you must at least provide a data_type for your field
"""
if not content_.get('data_type', ''):
logger.error('User %d new Field request failed because they didn\'t submit any `data_type` in the `data` of their request', \
self.current_user.id)
return status_.status_400('You didn\'t include a `data_type` in the `data` of your request.'), 400
elif 'relationship' in content_.get('data_type', '') and not content_.get('relationship', ''):
logger.error('User %d new Field request failed because they didn\'t submit any `data_type` in the `data` of their request', \
self.current_user.id)
return status_.status_400('You can\'t create a Relationship field without specifying the `relationship` ... this starts with type_'), 400
user_defined_label = sanitize.sanitize_string(content_.get('name', ''))
"""
If someone's creating a relationship the storage string they've specified
needs to belong to a template that they are allowed to access
"""
if content_.get('relationship', ''):
relationship_storage = content_.get('relationship', '')
storage_check = Template().query.filter_by(storage=relationship_storage).first()
if not storage_check.id in allowed_fields:
logger.error('User %d tried to add a Field to a Template %d which they do not own', \
self.current_user.id, template_id)
return status_.status_401('The Template `relationship` string you entered either doesn\'t exist or you don\'t have permission to use it'), 401
"""
Lastly, make sure that an identical relationship doesn't already exist.
If the type_ and the template type_ already have a relationship it will
cause bad things to happen when searching via the API
"""
duplicate_check = self.check_relationship_field_duplicate(Template_.fields, relationship_storage)
if duplicate_check:
logger.warning('User %d tried to add a duplicate relationship type', \
self.current_user.id)
return status_.status_400('You already defined a relationship with this Template, you cannot create two relationship fields with the same relationship table.'), 400
new_field = {
'label': user_defined_label,
'name': self.generate_machine_name(user_defined_label),
'help': sanitize.sanitize_string(content_.get('help', '')),
'data_type': sanitize.sanitize_string(content_.get('data_type', 'text')),
'relationship': sanitize.sanitize_string(content_.get('relationship', None)),
'is_public': sanitize.sanitize_boolean(content_.get('is_public', False)),
'is_visible': sanitize.sanitize_boolean(content_.get('is_visible', False)),
'is_listed': sanitize.sanitize_boolean(content_.get('is_listed', False)),
'is_searchable': sanitize.sanitize_boolean(content_.get('is_searchable', True)),
'is_required': sanitize.sanitize_boolean(content_.get('is_required', False)),
'weight': sanitize.sanitize_integer(content_.get('created', 1)),
'status': sanitize.sanitize_boolean(content_.get('status', True)),
'options': sanitize.sanitize_string(content_.get('options', '')),
'templates': [Template_]
}
logger.debug('Checking Field, %s', new_field)
field_ = Field(**new_field)
db.session.add(field_)
db.session.commit()
logger.warning('field %s', field_)
"""
Section 2: Relate the Template with the Field and the User with the Field
"""
permission = {
'read': True,
'write': True,
'is_admin': True
}
self.set_user_field_permissions(field_, permission, self.current_user)
self.set_template_field_relationship(field_, Template_)
"""
Section 3: Create the Field in the Template Storage, if the field will
hold data. Some fields, like fieldset, are only for visual
and aesthetic purposes and do not need added to the Storage
"""
if not 'fieldset' in field_.data_type:
field_storage = self.create_storage_field(Template_, field_)
if 'relationship' in content_.get('data_type', 'text') or 'file' in content_.get('data_type', 'text'):
field_.association = field_storage['association']
field_.relationship = field_storage['relationship']
db.session.commit()
return field_