def delete(self, username):
if not username == User.get_username_by_id(session["user_id"]):
return {
'message': "You may not access another user's notifications."
}, 400
data = self.parser.parse_args()
if not data['data']:
NotifModel.delete(user_id=session["user_id"])
else:
NotifModel.delete(user_id=session["user_id"], data=data['data'])
return {
'message': "Deleted notifications for user {}".format(username)
}
def get(self, username):
if not username == User.get_username_by_id(session["user_id"]):
return {
'message': "You may not access another user's notifications."
}, 400
notif = NotifModel.get_all_by_user(session["user_id"])
if not notif or len(notif) < 1:
return {'message': "No notifications for this user."}, 404
result = {'username': username}
i = 0
for n in notif:
result.update(n.json(i))
i += 1
return result
def post(self, username):
if not username == User.get_username_by_id(session["user_id"]):
return {
'message': "You may not update another user's certificate."
}, 400
data = self.parser.parse_args()
if not data['csr']:
return {'message': "No certificate Signing Request in Body."}, 400
cert = CertModel.create(data['csr'], User.find_by_name(username).id)
if not cert:
return {
'message':
"Signature in CSR could not be verified or invalid CSR data!"
}, 400
cert.save_to_db()
return cert.json()
def get(self, username):
if not username == User.get_username_by_id(session["user_id"]):
return {'message': "You may not access another user's data."}, 400
owner = {}
d = Data.get_all_by_user(user_id=session["user_id"])
if d:
for item in d:
owner.update(
{str(item.id): "/data/{}/{}".format(username, item.name)})
shared = {}
d = Data_Access.get(user_id=session["user_id"])
if d:
for item in d:
shared.update({
str(item.data.id):
"/data/{}/{}".format(item.data.user.username,
item.data.name)
})
return {'owner': owner, 'shared': shared}
def delete(self, username):
if not username == User.get_username_by_id(session["user_id"]):
return {
'message': "You may not delete another user's certificate."
}, 400
data = self.parser.parse_args()
certs = list(
CertModel.get_all_valid_by_user(user=User.find_by_name(username)))
if len(certs) < 1:
return {'message': "No valid certificate for user found."}, 404
if data['cert_serial']:
certs = list(
filter(lambda x: x.serial_number() == data['cert_serial'],
certs))
if len(certs) < 1:
return {
'message': "No valid certificate with the given id found."
}, 404
#revoke all of the user's certificates
certs = list(map(lambda x: x.revoke(), certs))
#returns the revocation list, which only includes the certificates revoked by this request
#previously revoked certificates are not includede in the returned list!
return RevocationList(username, certs).json()
def validate_request(self, initiator, replier, step, method):
if initiator == replier:
return {'message': "You may not use SMP to verify your own certificate."}, 400
if not step in self.steps:
return {'message': "Resource '{}' does not exist.".format(step)}, 404
init = User.find_by_name(initiator)
rep = User.find_by_name(replier)
if not init:
return {'message': "Username '{}' does not exist.".format(initiator)}, 404
if not rep:
return {'message': "Username '{}' does not exist.".format(replier)}, 404
username = User.get_username_by_id(session["user_id"])
if not username in [initiator, replier]:
return {'message': "You may not access other users' SMP data."}, 400
if username == initiator and step not in ['question', 'step2', 'step4'] and not method == 'get':
return {'message': "You may not access someone else's SMP data."}, 400
if username == replier and step not in ['step1', 'step3'] and not method == 'get':
return {'message': "You may not access someone else's SMP data."}, 400
if not init.active:
return {'message': "User '{}' is not logged in.".format(initiator)}, 404
if not rep.active:
return {'message': "User '{}' is not logged in.".format(replier)}, 404
return True, init, rep