def get_object_or_error(model_cls, query_or_pk, display_name=None):
display_name = display_name or None
if isinstance(query_or_pk, basestring):
query = Q('_id', 'eq', query_or_pk)
else:
query = query_or_pk
try:
obj = model_cls.find_one(query)
if getattr(obj, 'is_deleted', False) is True:
if display_name is None:
raise Gone
else:
raise Gone(detail='The requested {name} is no longer available.'.format(name=display_name))
# For objects that have been disabled (is_active is False), return a 410.
# The User model is an exception because we still want to allow
# users who are unconfirmed or unregistered, but not users who have been
# disabled.
if model_cls is User:
if obj.is_disabled:
raise Gone(detail='The requested user is no longer available.')
else:
if not getattr(obj, 'is_active', True) or getattr(obj, 'is_deleted', False):
if display_name is None:
raise Gone
else:
raise Gone(detail='The requested {name} is no longer available.'.format(name=display_name))
return obj
except NoResultsFound:
raise NotFound
def get_file(self, check_permissions=True):
try:
obj = utils.get_object_or_error(
BaseFileNode,
self.kwargs[self.file_lookup_url_kwarg],
self.request,
display_name='file')
except NotFound:
obj = utils.get_object_or_error(
Guid, self.kwargs[self.file_lookup_url_kwarg],
self.request).referent
if obj.is_deleted:
raise Gone(detail='The requested file is no longer available.')
if not isinstance(obj, BaseFileNode):
raise NotFound
if obj.node.is_quickfiles and obj.node.creator.is_disabled:
raise Gone(
detail=
'This user has been deactivated and their quickfiles are no longer available.'
)
if check_permissions:
# May raise a permission denied
self.check_object_permissions(self.request, obj)
return obj
def get_object_or_error(model_cls, query_or_pk, display_name=None):
display_name = display_name or None
if isinstance(query_or_pk, basestring):
query = Q('_id', 'eq', query_or_pk)
else:
query = query_or_pk
try:
obj = model_cls.find_one(query)
if getattr(obj, 'is_deleted', False) is True:
if display_name is None:
raise Gone
else:
raise Gone(
detail='The requested {name} is no longer available.'.
format(name=display_name))
if hasattr(obj, 'is_active'):
if not getattr(obj, 'is_active', False):
if display_name is None:
raise Gone
else:
raise Gone(
detail='The requested {name} is no longer available.'.
format(name=display_name))
return obj
except NoResultsFound:
raise NotFound
def get_object_or_error(model_cls, query_or_pk, display_name=None, **kwargs):
if isinstance(query_or_pk, basestring):
obj = model_cls.load(query_or_pk)
if obj is None:
raise NotFound
else:
try:
obj = model_cls.find_one(query_or_pk, **kwargs)
except NoResultsFound:
raise NotFound
# For objects that have been disabled (is_active is False), return a 410.
# The User model is an exception because we still want to allow
# users who are unconfirmed or unregistered, but not users who have been
# disabled.
if model_cls is User and obj.is_disabled:
raise Gone(detail='The requested user is no longer available.',
meta={
'full_name': obj.fullname,
'family_name': obj.family_name,
'given_name': obj.given_name,
'middle_names': obj.middle_names,
'profile_image': obj.profile_image_url()
})
elif model_cls is not User and not getattr(
obj, 'is_active', True) or getattr(obj, 'is_deleted', False):
if display_name is None:
raise Gone
else:
raise Gone(
detail='The requested {name} is no longer available.'.format(
name=display_name))
return obj
def get_object_or_error(model_cls, query_or_pk, display_name=None):
obj = query = None
if isinstance(query_or_pk, basestring):
# they passed a 5-char guid as a string
if issubclass(model_cls, GuidMixin):
# if it's a subclass of GuidMixin we know it's primary_identifier_name
query = {'guids___id': query_or_pk}
else:
if hasattr(model_cls, 'primary_identifier_name'):
# primary_identifier_name gives us the natural key for the model
query = {model_cls.primary_identifier_name: query_or_pk}
else:
# fall back to modmcompatiblity's load method since we don't know their PIN
obj = model_cls.load(query_or_pk)
else:
# they passed a query
if hasattr(model_cls, 'primary_identifier_name'):
query = to_django_query(query_or_pk, model_cls=model_cls)
else:
# fall back to modmcompatibility's find_one
obj = model_cls.find_one(query_or_pk)
if not obj:
if not query:
# if we don't have a query or an object throw 404
raise NotFound
try:
# TODO This could be added onto with eager on the queryset and the embedded fields of the api
if isinstance(query, dict):
obj = model_cls.objects.get(**query)
else:
obj = model_cls.objects.get(query)
except ObjectDoesNotExist:
raise NotFound
# For objects that have been disabled (is_active is False), return a 410.
# The User model is an exception because we still want to allow
# users who are unconfirmed or unregistered, but not users who have been
# disabled.
if model_cls is User and obj.is_disabled:
raise Gone(detail='The requested user is no longer available.',
meta={
'full_name': obj.fullname,
'family_name': obj.family_name,
'given_name': obj.given_name,
'middle_names': obj.middle_names,
'profile_image': obj.profile_image_url()
})
elif model_cls is not User and not getattr(
obj, 'is_active', True) or getattr(obj, 'is_deleted', False):
if display_name is None:
raise Gone
else:
raise Gone(
detail='The requested {name} is no longer available.'.format(
name=display_name))
return obj
def get_object_or_error(model_cls, query_or_pk, request, display_name=None):
obj = query = None
select_for_update = check_select_for_update(request)
if isinstance(query_or_pk, basestring):
# they passed a 5-char guid as a string
if issubclass(model_cls, GuidMixin):
# if it's a subclass of GuidMixin we know it's primary_identifier_name
query = {'guids___id': query_or_pk}
else:
if hasattr(model_cls, 'primary_identifier_name'):
# primary_identifier_name gives us the natural key for the model
query = {model_cls.primary_identifier_name: query_or_pk}
else:
# fall back to modmcompatiblity's load method since we don't know their PIN
obj = model_cls.load(query_or_pk,
select_for_update=select_for_update)
else:
# they passed a query
try:
obj = model_cls.objects.filter(query_or_pk).select_for_update(
).get() if select_for_update else model_cls.objects.get(
query_or_pk)
except model_cls.DoesNotExist:
raise NotFound
if not obj:
if not query:
# if we don't have a query or an object throw 404
raise NotFound
try:
# TODO This could be added onto with eager on the queryset and the embedded fields of the api
if isinstance(query, dict):
obj = model_cls.objects.get(
**query
) if not select_for_update else model_cls.objects.filter(
**query).select_for_update().get()
else:
obj = model_cls.objects.get(
query
) if not select_for_update else model_cls.objects.filter(
query).select_for_update().get()
except ObjectDoesNotExist:
raise NotFound
# For objects that have been disabled (is_active is False), return a 410.
# The User model is an exception because we still want to allow
# users who are unconfirmed or unregistered, but not users who have been
# disabled.
if model_cls is OSFUser and obj.is_disabled:
raise UserGone(user=obj)
elif model_cls is not OSFUser and not getattr(
obj, 'is_active', True) or getattr(
obj, 'is_deleted', False) or getattr(obj, 'deleted', False):
if display_name is None:
raise Gone
else:
raise Gone(
detail='The requested {name} is no longer available.'.format(
name=display_name))
return obj
def get_object(self):
comment = self.get_comment()
reports = comment.reports
user_id = self.request.user._id
reporter_id = self.kwargs['user_id']
if reporter_id != user_id:
raise PermissionDenied('Not authorized to comment on this project.')
if reporter_id in reports:
return CommentReport(user_id, reports[user_id]['category'], reports[user_id]['text'])
else:
raise Gone(detail='The requested comment report is no longer available.')
def get_file(self, check_permissions=True):
try:
obj = utils.get_object_or_error(
BaseFileNode, self.kwargs[self.file_lookup_url_kwarg],
self.request)
except (NotFound, Gone):
obj = utils.get_object_or_error(
Guid, self.kwargs[self.file_lookup_url_kwarg],
self.request).referent
if obj.is_deleted:
raise Gone(detail='The requested file is no longer available.')
if not isinstance(obj, BaseFileNode):
raise NotFound
if check_permissions:
# May raise a permission denied
self.check_object_permissions(self.request, obj)
return obj
def get_node(self, check_object_permissions=True, **annotations):
guid = self.kwargs[self.node_lookup_url_kwarg]
node = Registration.objects.filter(guids___id=guid).annotate(
**annotations)
try:
node = node.get()
except Registration.DoesNotExist:
raise NotFound
if node.deleted:
raise Gone(
detail='The requested registration is no longer available.')
if check_object_permissions:
self.check_object_permissions(self.request, node)
return node
def get_wiki(self, check_permissions=True):
pk = self.kwargs[self.wiki_lookup_url_kwarg]
wiki = WikiPage.load(pk)
if not wiki:
raise NotFound
if wiki.node.addons_wiki_node_settings.deleted:
raise NotFound(detail='The wiki for this node has been disabled.')
if wiki.deleted:
raise Gone(detail='The wiki for this node has been deleted.')
if wiki.node.is_registration and self.request.method not in drf_permissions.SAFE_METHODS:
raise MethodNotAllowed(method=self.request.method)
if check_permissions:
# May raise a permission denied
self.check_object_permissions(self.request, wiki)
return wiki