def set_permissions(user_id, service_id): # TODO fix security hole, how do we verify that the user # who is making this request has permission to make the request. service_user = dao_get_service_user(user_id, service_id) user = service_user.user service = dao_fetch_service_by_id(service_id=service_id) data = request.get_json() validate(data, post_set_permissions_schema) permission_list = [ Permission(service_id=service_id, user_id=user_id, permission=p['permission']) for p in data['permissions'] ] service_key = "service_id_{}".format(service_id) change_dict = {service_key: service_id, "permissions": permission_list} try: _update_alert(user, change_dict) except Exception as e: current_app.logger.error(e) permission_dao.set_user_service_permission(user, service, permission_list, _commit=True, replace=True) if 'folder_permissions' in data: folders = [ dao_get_template_folder_by_id_and_service_id(folder_id, service_id) for folder_id in data['folder_permissions'] ] service_user.folders = folders dao_update_service_user(service_user) return jsonify({}), 204
def set_permissions(user_id, service_id): # TODO fix security hole, how do we verify that the user # who is making this request has permission to make the request. service_user = dao_get_service_user(user_id, service_id) user = service_user.user service = dao_fetch_service_by_id(service_id=service_id) data = request.get_json() validate(data, post_set_permissions_schema) permission_list = [ Permission(service_id=service_id, user_id=user_id, permission=p['permission']) for p in data['permissions'] ] permission_dao.set_user_service_permission(user, service, permission_list, _commit=True, replace=True) if 'folder_permissions' in data: folders = [ dao_get_template_folder_by_id_and_service_id( folder_id, service_id) for folder_id in data['folder_permissions'] ] service_user.folders = folders dao_update_service_user(service_user) return jsonify({}), 204
def move_to_template_folder(service_id, target_template_folder_id=None): data = request.get_json() validate(data, post_move_template_folder_schema) if target_template_folder_id: target_template_folder = dao_get_template_folder_by_id_and_service_id( target_template_folder_id, service_id) else: target_template_folder = None for template_folder_id in data["folders"]: try: template_folder = dao_get_template_folder_by_id_and_service_id( template_folder_id, service_id) except NoResultFound: msg = "No folder found with id {} for service {}".format( template_folder_id, service_id) raise InvalidRequest(msg, status_code=400) _validate_folder_move( target_template_folder, target_template_folder_id, template_folder, template_folder_id, ) template_folder.parent = target_template_folder for template_id in data["templates"]: try: template = dao_get_template_by_id_and_service_id( template_id, service_id) except NoResultFound: msg = "Could not move to folder: No template found with id {} for service {}".format( template_id, service_id) raise InvalidRequest(msg, status_code=400) if template.archived: current_app.logger.info( "Could not move to folder: Template {} is archived. (Skipping)" .format(template_id)) else: template.folder = target_template_folder return "", 204
def validate_parent_folder(template_json): if template_json.get("parent_folder_id"): try: return dao_get_template_folder_by_id_and_service_id( template_folder_id=template_json.pop("parent_folder_id"), service_id=template_json['service']) except NoResultFound: raise InvalidRequest("parent_folder_id not found", status_code=400) else: return None
def delete_template_folder(service_id, template_folder_id): template_folder = dao_get_template_folder_by_id_and_service_id( template_folder_id, service_id) # don't allow deleting if there's anything in the folder (even if it's just more empty subfolders) if template_folder.subfolders or template_folder.templates: return jsonify(result='error', message='Folder is not empty'), 400 dao_delete_template_folder(template_folder) return '', 204
def update_template_folder(service_id, template_folder_id): data = request.get_json() validate(data, post_update_template_folder_schema) template_folder = dao_get_template_folder_by_id_and_service_id( template_folder_id, service_id) template_folder.name = data['name'] if 'users_with_permission' in data: template_folder.users = [ dao_get_service_user(user_id, service_id) for user_id in data['users_with_permission'] ] dao_update_template_folder(template_folder) return jsonify(data=template_folder.serialize()), 200
def create_template_folder(service_id): data = request.get_json() validate(data, post_create_template_folder_schema) if data.get('parent_id') is not None: try: parent_folder = dao_get_template_folder_by_id_and_service_id( data['parent_id'], service_id) users_with_permission = parent_folder.users except NoResultFound: raise InvalidRequest("parent_id not found", status_code=400) else: users_with_permission = dao_get_active_service_users(service_id) template_folder = TemplateFolder( service_id=service_id, name=data['name'].strip(), parent_id=data['parent_id'], users=users_with_permission, ) dao_create_template_folder(template_folder) return jsonify(data=template_folder.serialize()), 201