def _post(self, username, permission, changed_by, transaction):
if not dbo.permissions.getUserPermissions(
username, transaction=transaction).get(permission):
return Response(status=404)
try:
form = ExistingPermissionForm()
if not form.validate():
self.log.warning("Bad input: %s", form.errors)
return Response(status=400, response=json.dumps(form.errors))
dbo.permissions.update(where={
"username": username,
"permission": permission
},
what={"options": form.options.data},
changed_by=changed_by,
old_data_version=form.data_version.data,
transaction=transaction)
new_data_version = dbo.permissions.getPermission(
username=username,
permission=permission,
transaction=transaction)['data_version']
return jsonify(new_data_version=new_data_version)
except ValueError as e:
self.log.warning("Bad input: %s", e.args)
return Response(status=400, response=e.args)
def _post(self, username, permission, changed_by, transaction):
if not dbo.permissions.getUserPermissions(username, transaction=transaction).get(permission):
return Response(status=404)
try:
form = ExistingPermissionForm()
if not form.validate():
cef_event("Bad input", CEF_WARN, errors=form.errors)
return Response(status=400, response=json.dumps(form.errors))
dbo.permissions.updatePermission(changed_by, username, permission, form.data_version.data, form.options.data, transaction=transaction)
new_data_version = dbo.permissions.getPermission(username=username, permission=permission, transaction=transaction)['data_version']
return make_response(json.dumps(dict(new_data_version=new_data_version)), 200)
except ValueError as e:
cef_event("Bad input", CEF_WARN, errors=e.args)
return Response(status=400, response=e.args)
def _post(self, username, permission, changed_by, transaction):
if not dbo.permissions.getUserPermissions(username, transaction=transaction).get(permission):
return Response(status=404)
try:
form = ExistingPermissionForm()
if not form.validate():
self.log.warning("Bad input: %s", form.errors)
return Response(status=400, response=json.dumps(form.errors))
dbo.permissions.update(where={"username": username, "permission": permission}, what={"options": form.options.data},
changed_by=changed_by, old_data_version=form.data_version.data, transaction=transaction)
new_data_version = dbo.permissions.getPermission(username=username, permission=permission, transaction=transaction)['data_version']
return jsonify(new_data_version=new_data_version)
except ValueError as e:
self.log.warning("Bad input: %s", e.args)
return Response(status=400, response=e.args)
def _delete(self, username, permission, changed_by, transaction):
if not dbo.permissions.getUserPermissions(username, transaction=transaction).get(permission):
return Response(status=404)
try:
# For practical purposes, DELETE can't have a request body, which means the Form
# won't find data where it's expecting it. Instead, we have to tell it to look at
# the query string, which Flask puts in request.args.
form = ExistingPermissionForm(request.args)
if not form.validate():
cef_event("Bad input", CEF_WARN, errors=form.errors)
return Response(status=400, response=json.dumps(form.errors))
dbo.permissions.revokePermission(changed_by, username, permission, form.data_version.data, transaction=transaction)
return Response(status=200)
except ValueError as e:
cef_event("Bad input", CEF_WARN, errors=e.args)
return Response(status=400, response=e.args)
def _delete(self, username, permission, changed_by, transaction):
if not dbo.permissions.getUserPermissions(username, transaction=transaction).get(permission):
return Response(status=404)
try:
# For practical purposes, DELETE can't have a request body, which means the Form
# won't find data where it's expecting it. Instead, we have to tell it to look at
# the query string, which Flask puts in request.args.
form = ExistingPermissionForm(request.args)
if not form.validate():
self.log.warning("Bad input: %s", form.errors)
return Response(status=400, response=json.dumps(form.errors))
dbo.permissions.delete(where={"username": username, "permission": permission}, changed_by=changed_by,
old_data_version=form.data_version.data, transaction=transaction)
return Response(status=200)
except ValueError as e:
self.log.warning("Bad input: %s", e.args)
return Response(status=400, response=e.args)
def _put(self, username, permission, changed_by, transaction):
try:
if dbo.permissions.getUserPermissions(username, transaction).get(permission):
form = ExistingPermissionForm()
if not form.validate():
self.log.warning("Bad input: %s", form.errors)
return Response(status=400, response=json.dumps(form.errors))
dbo.permissions.updatePermission(changed_by, username, permission, form.data_version.data, form.options.data, transaction=transaction)
new_data_version = dbo.permissions.getPermission(username=username, permission=permission, transaction=transaction)['data_version']
return make_response(json.dumps(dict(new_data_version=new_data_version)), 200)
else:
form = NewPermissionForm()
if not form.validate():
self.log.warning("Bad input: %s", form.errors)
return Response(status=400, response=json.dumps(form.errors))
dbo.permissions.grantPermission(changed_by, username, permission, form.options.data, transaction=transaction)
return make_response(json.dumps(dict(new_data_version=1)), 201)
except ValueError as e:
self.log.warning("Bad input: %s", e.args)
return Response(status=400, response=e.args)
def _post(self, username, permission, changed_by, transaction):
if not dbo.permissions.getUserPermissions(username, transaction=transaction).get(permission):
return Response(status=404)
try:
form = ExistingPermissionForm()
dbo.permissions.updatePermission(changed_by, username, permission, form.data_version.data, form.options.data, transaction=transaction)
new_data_version = dbo.permissions.getPermission(username=username, permission=permission, transaction=transaction)['data_version']
return make_response(json.dumps(dict(new_data_version=new_data_version)), 200)
except ValueError, e:
cef_event("Bad input", CEF_WARN, errors=e.args)
return Response(status=400, response=e.args)
def _delete(self, username, permission, changed_by, transaction):
if not dbo.permissions.getUserPermissions(
username, transaction=transaction).get(permission):
return Response(status=404)
try:
# For practical purposes, DELETE can't have a request body, which means the Form
# won't find data where it's expecting it. Instead, we have to tell it to look at
# the query string, which Flask puts in request.args.
form = ExistingPermissionForm(request.args)
if not form.validate():
self.log.warning("Bad input: %s", form.errors)
return Response(status=400, response=json.dumps(form.errors))
dbo.permissions.revokePermission(changed_by,
username,
permission,
form.data_version.data,
transaction=transaction)
return Response(status=200)
except ValueError as e:
self.log.warning("Bad input: %s", e.args)
return Response(status=400, response=e.args)
def _post(self, username, permission, changed_by, transaction):
if not dbo.permissions.getUserPermissions(
username, transaction=transaction).get(permission):
return Response(status=404)
try:
form = ExistingPermissionForm()
if not form.validate():
self.log.warning("Bad input: %s", form.errors)
return Response(status=400, response=json.dumps(form.errors))
dbo.permissions.updatePermission(changed_by,
username,
permission,
form.data_version.data,
form.options.data,
transaction=transaction)
new_data_version = dbo.permissions.getPermission(
username=username,
permission=permission,
transaction=transaction)['data_version']
return make_response(
json.dumps(dict(new_data_version=new_data_version)), 200)
except ValueError as e:
self.log.warning("Bad input: %s", e.args)
return Response(status=400, response=e.args)
def _put(self, username, permission, changed_by, transaction):
try:
if dbo.permissions.getUserPermissions(username,
transaction).get(permission):
form = ExistingPermissionForm()
if not form.validate():
cef_event("Bad input", CEF_WARN, errors=form.errors)
return Response(status=400,
response=json.dumps(form.errors))
dbo.permissions.updatePermission(changed_by,
username,
permission,
form.data_version.data,
form.options.data,
transaction=transaction)
new_data_version = dbo.permissions.getPermission(
username=username,
permission=permission,
transaction=transaction)['data_version']
return make_response(
json.dumps(dict(new_data_version=new_data_version)), 200)
else:
form = NewPermissionForm()
if not form.validate():
cef_event("Bad input", CEF_WARN, errors=form.errors)
return Response(status=400,
response=json.dumps(form.errors))
dbo.permissions.grantPermission(changed_by,
username,
permission,
form.options.data,
transaction=transaction)
return make_response(json.dumps(dict(new_data_version=1)), 201)
except ValueError as e:
cef_event("Bad input", CEF_WARN, errors=e.args)
return Response(status=400, response=e.args)
