def _get_model_to_insert(self, resource, participant_id=None):
# Children of participants accept a participant_id parameter to from_client_json; others don't.
if participant_id is not None:
return self.dao.from_client_json(
resource, participant_id=participant_id, client_id=app_util.get_oauth_id())
else:
return self.dao.from_client_json(resource, client_id=app_util.get_oauth_id())
def _get_model_to_update(self, resource, id_, expected_version, participant_id=None):
# Children of participants accept a participant_id parameter to from_client_json; others don't.
if participant_id is not None:
return self.dao.from_client_json(
resource, participant_id=participant_id, id_=id_, expected_version=expected_version,
client_id=app_util.get_oauth_id())
else:
return self.dao.from_client_json(
resource, id_=id_, expected_version=expected_version, client_id=app_util.get_oauth_id())
def check_config_admin():
"""Raises Unauthorized unless the caller is a config admin."""
user_email = app_util.get_oauth_id()
if is_config_admin(user_email):
logging.info('User %r ALLOWED for config endpoint' % user_email)
return
logging.info('User %r NOT ALLOWED for config endpoint' % user_email)
raise Forbidden()
def log_api_request(model_obj=None):
""" Create deferred task to save the request payload and possibly link it to a table record """
log = RequestsLog()
log.endpoint = request.endpoint
log.method = request.method
log.url = request.url
log.user = app_util.get_oauth_id()
if request.method in ['POST', 'PUT', 'PATCH']:
try:
# We don't want to use request.json or request.get_json here.
log.resource = json.loads(request.data)
except ValueError:
log.resource = request.data
log.version = int(request.url.split('/')[4][1:])
request.logged = True
# See if we can get the participant id and a foreign key id out of the url.
if request.view_args and isinstance(request.view_args, dict):
for k, v in request.view_args.items():
if k == 'p_id':
log.participantId = int(v)
else:
if isinstance(v, int) or str(v).strip().isdigit():
log.fpk_id = int(v)
else:
log.fpk_alt_id = str(v).strip()
if model_obj:
try:
if hasattr(model_obj, '__table__'):
log.fpk_table = model_obj.__table__.name
if hasattr(model_obj, 'participantId'):
log.participantId = int(model_obj.participantId)
insp = inspect(model_obj)
if hasattr(insp, 'mapper'):
if insp.mapper._primary_key_propkeys and len(
insp.mapper._primary_key_propkeys) == 1:
log.fpk_column = str(max(
insp.mapper._primary_key_propkeys))
if insp.identity is None:
if log.fpk_column and log.fpk_column == 'participant_id' and log.participantId:
log.fpk_id = int(log.participantId)
else:
if isinstance(insp.identity[0], int) or str(
insp.identity[0]).strip().isdigit():
log.fpk_id = int(insp.identity[0])
else:
log.fpk_alt_id = str(insp.identity[0])
except NoInspectionAvailable:
pass
except Exception: # pylint: disable=broad-except
pass
deferred.defer(deferred_save_raw_request, log)
def wrapped(*args, **kwargs):
if not is_config_admin(app_util.get_oauth_id()):
_, user_info = get_validated_user_info()
if not HEALTHPRO in user_info.get('roles', []):
logging.info(
'User has roles {}, but HEALTHPRO or admin is required'.
format(user_info.get('roles')))
raise Forbidden()
return func(*args, **kwargs)
def put(self, key=config.CONFIG_SINGLETON_KEY):
model_key = ndb.Key(config.Configuration, key)
old_model = model_key.get()
if not old_model:
raise NotFound('{} with key {} does not exist'.format('Configuration', key))
# the history mechanism doesn't work unless we make a copy. So a put is always a clone, never
# an actual update.
model = config.Configuration(**old_model.to_dict())
model.key = model_key
model.configuration = request.get_json(force=True)
self.validate(model)
date = None
if config.getSettingJson(config.ALLOW_NONPROD_REQUESTS, False):
date = request.headers.get('x-pretend-date', None)
if date is not None:
date = parse_date(date)
client_id = app_util.get_oauth_id()
config.store(model, date=date, client_id=client_id)
return model.configuration