def handle(): """handle request""" cmd = frappe.local.form_dict.cmd if cmd!='login': execute_cmd(cmd) return build_response("json")
def test_flush(self): set_request(method="GET", path="/api/method/frappe.ping") response = build_response("json") frappe.monitor.start() frappe.monitor.stop(response) open(frappe.monitor.log_file(), "w").close() frappe.monitor.flush() with open(frappe.monitor.log_file()) as f: logs = f.readlines() self.assertEqual(len(logs), 1) log = frappe.parse_json(logs[0]) self.assertEqual(log.transaction_type, "request")
def handle(): """handle request""" cmd = frappe.local.form_dict.cmd data = None if cmd!='login': data = execute_cmd(cmd) if data: if isinstance(data, Response): # method returns a response object, pass it on return data # add the response to `message` label frappe.response['message'] = data return build_response("json")
def handle(): """handle request""" cmd = frappe.local.form_dict.cmd data = None if cmd != 'login': data = execute_cmd(cmd) # data can be an empty string or list which are valid responses if data is not None: if isinstance(data, Response): # method returns a response object, pass it on return data # add the response to `message` label frappe.response['message'] = data return build_response("json")
def webResponse(status_code=200, data=[], error=None, endpoint=None): """ Custom API Json Responses: next-app usage. """ response = build_response("json") response.status_code = status_code res = {'status_message': STATUS_CODES[status_code]} res.update({'data': data}) if error: res.update({'error': error}) response.data = jsonify(res) if status_code != 200: response.headers['Access-Control-Allow-Origin'] = frappe.db.get_value( "OnOurWay Settings", "OnOurWay Settings", 'url') return response
def test_enable_monitor(self): set_request(method="GET", path="/api/method/frappe.ping") response = build_response("json") frappe.monitor.start() frappe.monitor.stop(response) logs = frappe.cache().lrange(MONITOR_REDIS_KEY, 0, -1) self.assertEqual(len(logs), 1) log = frappe.parse_json(logs[0].decode()) self.assertTrue(log.duration) self.assertTrue(log.site) self.assertTrue(log.timestamp) self.assertTrue(log.uuid) self.assertTrue(log.request) self.assertEqual(log.transaction_type, "request") self.assertEqual(log.request["method"], "GET")
def handle(): """handle request""" cmd = frappe.local.form_dict.cmd data = None if cmd!='login': data = execute_cmd(cmd) # data can be an empty string or list which are valid responses if data is not None: if isinstance(data, Response): # method returns a response object, pass it on return data # add the response to `message` label frappe.response['message'] = data return build_response("json")
def handle(): """ /api/method/{methodname} will call a whitelisted method /api/resource/{doctype} will query a table examples: ?fields=["name", "owner"] ?filters=[["Task", "name", "like", "%005"]] ?limit_start=0 ?limit_page_length=20 /api/resource/{doctype}/{name} will point to a resource GET will return doclist POST will insert PUT will update DELETE will delete /api/resource/{doctype}/{name}?run_method={method} will run a whitelisted controller method """ parts = frappe.request.path[1:].split("/", 3) call = doctype = name = None if len(parts) > 1: call = parts[1] if len(parts) > 2: doctype = parts[2] if len(parts) > 3: name = parts[3] if call == "method": frappe.local.form_dict.cmd = doctype return frappe.handler.handle() elif call == "resource": if "run_method" in frappe.local.form_dict: method = frappe.local.form_dict.pop("run_method") doc = frappe.get_doc(doctype, name) doc.is_whitelisted(method) if frappe.local.request.method == "GET": if not doc.has_permission("read"): frappe.throw(_("Not permitted"), frappe.PermissionError) doc.run_method(method, **frappe.local.form_dict) if frappe.local.request.method == "POST": if not doc.has_permission("write"): frappe.throw(_("Not permitted"), frappe.PermissionError) doc.run_method(method, **frappe.local.form_dict) frappe.db.commit() else: if name: if frappe.local.request.method == "GET": doc = frappe.get_doc(doctype, name) if not doc.has_permission("read"): raise frappe.PermissionError frappe.local.response.update({"data": doc}) if frappe.local.request.method == "PUT": data = json.loads(frappe.local.form_dict.data) doc = frappe.get_doc(doctype, name) # Not checking permissions here because it's checked in doc.save doc.update(data) frappe.local.response.update( {"data": doc.save().as_dict()}) frappe.db.commit() if frappe.local.request.method == "DELETE": # Not checking permissions here because it's checked in delete_doc frappe.delete_doc(doctype, name) frappe.local.response.http_status_code = 202 frappe.local.response.message = "ok" frappe.db.commit() elif doctype: if frappe.local.request.method == "GET": if frappe.local.form_dict.get('fields'): frappe.local.form_dict['fields'] = json.loads( frappe.local.form_dict['fields']) frappe.local.response.update({ "data": frappe.call(frappe.widgets.reportview.execute, doctype, **frappe.local.form_dict) }) if frappe.local.request.method == "POST": data = json.loads(frappe.local.form_dict.data) data.update({"doctype": doctype}) frappe.local.response.update( {"data": frappe.get_doc(data).insert().as_dict()}) frappe.db.commit() else: raise frappe.DoesNotExistError else: raise frappe.DoesNotExistError return build_response("json")
def handle(): """ Handler for `/api` methods ### Examples: `/api/method/{methodname}` will call a whitelisted method `/api/resource/{doctype}` will query a table examples: - `?fields=["name", "owner"]` - `?filters=[["Task", "name", "like", "%005"]]` - `?limit_start=0` - `?limit_page_length=20` `/api/resource/{doctype}/{name}` will point to a resource `GET` will return doclist `POST` will insert `PUT` will update `DELETE` will delete `/api/resource/{doctype}/{name}?run_method={method}` will run a whitelisted controller method """ # validate_oauth() # status = vaidate_key() status = True print(status) parts = frappe.request.path[1:].split("/", 3) call = doctype = name = None if len(parts) > 1: call = parts[1] if len(parts) > 2: doctype = parts[2] if len(parts) > 3: name = parts[3] if call == "method": frappe.local.form_dict.cmd = doctype return frappe.handler.handle() elif call == "resource": if "run_method" in frappe.local.form_dict: method = frappe.local.form_dict.pop("run_method") doc = frappe.get_doc(doctype, name) doc.is_whitelisted(method) if frappe.local.request.method == "GET": if not doc.has_permission("read"): frappe.throw(_("Not permitted"), frappe.PermissionError) frappe.local.response.update( {"data": doc.run_method(method, **frappe.local.form_dict)}) if frappe.local.request.method == "POST": if not doc.has_permission("write"): frappe.throw(_("Not permitted"), frappe.PermissionError) frappe.local.response.update( {"data": doc.run_method(method, **frappe.local.form_dict)}) frappe.db.commit() else: if name: if frappe.local.request.method == "GET": doc = frappe.get_doc(doctype, name) if not doc.has_permission("read"): raise frappe.PermissionError frappe.local.response.update({"data": doc}) if frappe.local.request.method == "PUT": data = json.loads(frappe.local.form_dict.data) doc = frappe.get_doc(doctype, name) if "flags" in data: del data["flags"] # Not checking permissions here because it's checked in doc.save doc.update(data) frappe.local.response.update( {"data": doc.save().as_dict()}) frappe.db.commit() if frappe.local.request.method == "DELETE": # Not checking permissions here because it's checked in delete_doc frappe.delete_doc(doctype, name, ignore_missing=False) frappe.local.response.http_status_code = 202 frappe.local.response.message = "ok" frappe.db.commit() elif doctype: if frappe.local.request.method == "GET": if frappe.local.form_dict.get('fields'): frappe.local.form_dict['fields'] = json.loads( frappe.local.form_dict['fields']) frappe.local.form_dict.setdefault('limit_page_length', 20) frappe.local.response.update({ "data": frappe.call(frappe.client.get_list, doctype, **frappe.local.form_dict) }) if frappe.local.request.method == "POST": data = json.loads(frappe.local.form_dict.data) data.update({"doctype": doctype}) frappe.local.response.update( {"data": frappe.get_doc(data).insert().as_dict()}) frappe.db.commit() else: raise frappe.DoesNotExistError elif call == "app": if "run_method" in frappe.local.form_dict: method = frappe.local.form_dict.pop("run_method") doc = frappe.get_doc(doctype, name) doc.is_whitelisted(method) if frappe.local.request.method == "GET": # if not doc.has_permission("read"): # frappe.throw(_("Not permitted"), frappe.PermissionError) frappe.local.response.update( {"data": doc.run_method(method, **frappe.local.form_dict)}) if frappe.local.request.method == "POST": # if not doc.has_permission("write"): # frappe.throw(_("Not permitted"), frappe.PermissionError) frappe.local.response.update( {"data": doc.run_method(method, **frappe.local.form_dict)}) frappe.db.commit() else: if name: if frappe.local.request.method == "GET": doc = frappe.get_doc(doctype, name) # if not doc.has_permission("read"): # raise frappe.PermissionError frappe.local.response.update({"data": doc}) if frappe.local.request.method == "PUT": data = json.loads(frappe.local.form_dict.data) doc = frappe.get_doc(doctype, name) if "flags" in data: del data["flags"] # Not checking permissions here because it's checked in doc.save doc.update(data) frappe.local.response.update( {"data": doc.save().as_dict()}) frappe.db.commit() if frappe.local.request.method == "DELETE": # Not checking permissions here because it's checked in delete_doc frappe.delete_doc(doctype, name, ignore_missing=False) frappe.local.response.http_status_code = 202 frappe.local.response.message = "ok" frappe.db.commit() elif doctype: if frappe.local.request.method == "GET": if frappe.local.form_dict.get('fields'): frappe.local.form_dict['fields'] = json.loads( frappe.local.form_dict['fields']) frappe.local.form_dict.setdefault('limit_page_length', 20) frappe.local.response.update({ "data": frappe.call(frappe.client.get_listapi, doctype, status, **frappe.local.form_dict) }) if frappe.local.request.method == "POST": data = json.loads(frappe.local.form_dict.data) data.update({"doctype": doctype}) print(frappe.get_doc(data)) frappe.local.response.update({ "data": frappe.get_doc(data).insertapi(status).as_dict() }) frappe.db.commit() else: raise frappe.DoesNotExistError else: raise frappe.DoesNotExistError return build_response("json")
def handle(): """ Handler for `/api` methods ### Examples: `/api/method/{methodname}` will call a whitelisted method `/api/resource/{doctype}` will query a table examples: - `?fields=["name", "owner"]` - `?filters=[["Task", "name", "like", "%005"]]` - `?limit_start=0` - `?limit_page_length=20` `/api/resource/{doctype}/{name}` will point to a resource `GET` will return doclist `POST` will insert `PUT` will update `DELETE` will delete `/api/resource/{doctype}/{name}?run_method={method}` will run a whitelisted controller method """ parts = frappe.request.path[1:].split("/", 3) call = doctype = name = None if len(parts) > 1: call = parts[1] if len(parts) > 2: doctype = parts[2] if len(parts) > 3: name = parts[3] if call == "method": frappe.local.form_dict.cmd = doctype return frappe.handler.handle() elif call == "resource": if "run_method" in frappe.local.form_dict: method = frappe.local.form_dict.pop("run_method") doc = frappe.get_doc(doctype, name) doc.is_whitelisted(method) if frappe.local.request.method == "GET": if not doc.has_permission("read"): frappe.throw(_("Not permitted"), frappe.PermissionError) frappe.local.response.update( {"data": doc.run_method(method, **frappe.local.form_dict)}) if frappe.local.request.method == "POST": if not doc.has_permission("write"): frappe.throw(_("Not permitted"), frappe.PermissionError) frappe.local.response.update( {"data": doc.run_method(method, **frappe.local.form_dict)}) frappe.db.commit() else: if name: if frappe.local.request.method == "GET": doc = frappe.get_doc(doctype, name) if not doc.has_permission("read"): raise frappe.PermissionError frappe.local.response.update({"data": doc}) if frappe.local.request.method == "PUT": data = get_request_form_data() doc = frappe.get_doc(doctype, name, for_update=True) if "flags" in data: del data["flags"] # Not checking permissions here because it's checked in doc.save doc.update(data) frappe.local.response.update( {"data": doc.save().as_dict()}) if doc.parenttype and doc.parent: frappe.get_doc(doc.parenttype, doc.parent).save() frappe.db.commit() if frappe.local.request.method == "DELETE": # Not checking permissions here because it's checked in delete_doc frappe.delete_doc(doctype, name, ignore_missing=False) frappe.local.response.http_status_code = 202 frappe.local.response.message = "ok" frappe.db.commit() elif doctype: if frappe.local.request.method == "GET": # set fields for frappe.get_list if frappe.local.form_dict.get("fields"): frappe.local.form_dict["fields"] = json.loads( frappe.local.form_dict["fields"]) # set limit of records for frappe.get_list frappe.local.form_dict.setdefault( "limit_page_length", frappe.local.form_dict.limit or frappe.local.form_dict.limit_page_length or 20, ) # convert strings to native types - only as_dict and debug accept bool for param in ["as_dict", "debug"]: param_val = frappe.local.form_dict.get(param) if param_val is not None: frappe.local.form_dict[param] = sbool(param_val) # evaluate frappe.get_list data = frappe.call(frappe.client.get_list, doctype, **frappe.local.form_dict) # set frappe.get_list result to response frappe.local.response.update({"data": data}) if frappe.local.request.method == "POST": # fetch data from from dict data = get_request_form_data() data.update({"doctype": doctype}) # insert document from request data doc = frappe.get_doc(data).insert() # set response data frappe.local.response.update({"data": doc.as_dict()}) # commit for POST requests frappe.db.commit() else: raise frappe.DoesNotExistError else: raise frappe.DoesNotExistError return build_response("json")
def get_response(datalist): frappe.local.response.update({"data": datalist}) return build_response("json")
def handle(): """ /api/method/{methodname} will call a whitelisted method /api/resource/{doctype} will query a table examples: ?fields=["name", "owner"] ?filters=[["Task", "name", "like", "%005"]] ?limit_start=0 ?limit_page_length=20 /api/resource/{doctype}/{name} will point to a resource GET will return doclist POST will insert PUT will update DELETE will delete /api/resource/{doctype}/{name}?run_method={method} will run a whitelisted controller method """ parts = frappe.request.path[1:].split("/",3) call = doctype = name = None if len(parts) > 1: call = parts[1] if len(parts) > 2: doctype = parts[2] if len(parts) > 3: name = parts[3] if call=="method": frappe.local.form_dict.cmd = doctype return frappe.handler.handle() elif call=="resource": if "run_method" in frappe.local.form_dict: method = frappe.local.form_dict.pop("run_method") doc = frappe.get_doc(doctype, name) doc.is_whitelisted(method) if frappe.local.request.method=="GET": if not doc.has_permission("read"): frappe.throw(_("Not permitted"), frappe.PermissionError) doc.run_method(method, **frappe.local.form_dict) if frappe.local.request.method=="POST": if not doc.has_permission("write"): frappe.throw(_("Not permitted"), frappe.PermissionError) doc.run_method(method, **frappe.local.form_dict) frappe.db.commit() else: if name: if frappe.local.request.method=="GET": doc = frappe.get_doc(doctype, name) if not doc.has_permission("read"): raise frappe.PermissionError frappe.local.response.update({"data": doc}) if frappe.local.request.method=="PUT": data = json.loads(frappe.local.form_dict.data) doc = frappe.get_doc(doctype, name) # Not checking permissions here because it's checked in doc.save doc.update(data) frappe.local.response.update({ "data": doc.save().as_dict() }) frappe.db.commit() if frappe.local.request.method=="DELETE": # Not checking permissions here because it's checked in delete_doc frappe.delete_doc(doctype, name) frappe.local.response.http_status_code = 202 frappe.local.response.message = "ok" frappe.db.commit() elif doctype: if frappe.local.request.method=="GET": if frappe.local.form_dict.get('fields'): frappe.local.form_dict['fields'] = json.loads(frappe.local.form_dict['fields']) frappe.local.response.update({ "data": frappe.call(frappe.widgets.reportview.execute, doctype, **frappe.local.form_dict)}) if frappe.local.request.method=="POST": data = json.loads(frappe.local.form_dict.data) data.update({ "doctype": doctype }) frappe.local.response.update({ "data": frappe.get_doc(data).insert().as_dict() }) frappe.db.commit() else: raise frappe.DoesNotExistError else: raise frappe.DoesNotExistError return build_response("json")
def handle(): """ Handler for `/api` methods ### Examples: `/api/method/{methodname}` will call a whitelisted method `/api/resource/{doctype}` will query a table examples: - `?fields=["name", "owner"]` - `?filters=[["Task", "name", "like", "%005"]]` - `?limit_start=0` - `?limit_page_length=20` `/api/resource/{doctype}/{name}` will point to a resource `GET` will return doclist `POST` will insert `PUT` will update `DELETE` will delete `/api/resource/{doctype}/{name}?run_method={method}` will run a whitelisted controller method """ validate_oauth() parts = frappe.request.path[1:].split("/",3) call = doctype = name = None if len(parts) > 1: call = parts[1] if len(parts) > 2: doctype = parts[2] if len(parts) > 3: name = parts[3] if call=="method": frappe.local.form_dict.cmd = doctype return frappe.handler.handle() elif call=="resource": if "run_method" in frappe.local.form_dict: method = frappe.local.form_dict.pop("run_method") doc = frappe.get_doc(doctype, name) doc.is_whitelisted(method) if frappe.local.request.method=="GET": if not doc.has_permission("read"): frappe.throw(_("Not permitted"), frappe.PermissionError) frappe.local.response.update({"data": doc.run_method(method, **frappe.local.form_dict)}) if frappe.local.request.method=="POST": if not doc.has_permission("write"): frappe.throw(_("Not permitted"), frappe.PermissionError) frappe.local.response.update({"data": doc.run_method(method, **frappe.local.form_dict)}) frappe.db.commit() else: if name: if frappe.local.request.method=="GET": doc = frappe.get_doc(doctype, name) if not doc.has_permission("read"): raise frappe.PermissionError frappe.local.response.update({"data": doc}) if frappe.local.request.method=="PUT": data = json.loads(frappe.local.form_dict.data) doc = frappe.get_doc(doctype, name) if "flags" in data: del data["flags"] # Not checking permissions here because it's checked in doc.save doc.update(data) frappe.local.response.update({ "data": doc.save().as_dict() }) frappe.db.commit() if frappe.local.request.method=="DELETE": # Not checking permissions here because it's checked in delete_doc frappe.delete_doc(doctype, name) frappe.local.response.http_status_code = 202 frappe.local.response.message = "ok" frappe.db.commit() elif doctype: if frappe.local.request.method=="GET": if frappe.local.form_dict.get('fields'): frappe.local.form_dict['fields'] = json.loads(frappe.local.form_dict['fields']) frappe.local.form_dict.setdefault('limit_page_length', 20) frappe.local.response.update({ "data": frappe.call(frappe.client.get_list, doctype, **frappe.local.form_dict)}) if frappe.local.request.method=="POST": data = json.loads(frappe.local.form_dict.data) data.update({ "doctype": doctype }) frappe.local.response.update({ "data": frappe.get_doc(data).insert().as_dict() }) frappe.db.commit() else: raise frappe.DoesNotExistError else: raise frappe.DoesNotExistError return build_response("json")
frappe.local.response.update({ "doclist": frappe.client.save(frappe.local.form_dict.doclist) }) frappe.db.commit() if frappe.local.request.method == "DELETE": frappe.client.delete(doctype, name) frappe.local.response.message = "ok" elif doctype: if frappe.local.request.method == "GET": frappe.local.response.update({ "data": frappe.call(frappe.widgets.reportview.execute, doctype, **frappe.local.form_dict) }) else: raise frappe.DoesNotExistError else: raise frappe.DoesNotExistError except frappe.DoesNotExistError, e: report_error(404) except Exception, e: report_error(500) build_response()
def handle(): """ Handler for `/api` methods ### Examples: `/api/method/{methodname}` will call a whitelisted method `/api/resource/{doctype}` will query a table examples: - `?fields=["name", "owner"]` - `?filters=[["Task", "name", "like", "%005"]]` - `?limit_start=0` - `?limit_page_length=20` `/api/resource/{doctype}/{name}` will point to a resource `GET` will return doclist `POST` will insert `PUT` will update `DELETE` will delete `/api/resource/{doctype}/{name}?run_method={method}` will run a whitelisted controller method """ form_dict = frappe.local.form_dict authorization_header = frappe.get_request_header("Authorization").split(" ") if frappe.get_request_header("Authorization") else None if authorization_header and authorization_header[0].lower() == "bearer": token = authorization_header[1] r = frappe.request parsed_url = urlparse(r.url) access_token = { "access_token": token} uri = parsed_url.scheme + "://" + parsed_url.netloc + parsed_url.path + "?" + urlencode(access_token) http_method = r.method body = r.get_data() headers = r.headers required_scopes = frappe.db.get_value("OAuth Bearer Token", token, "scopes").split(";") valid, oauthlib_request = oauth_server.verify_request(uri, http_method, body, headers, required_scopes) if valid: frappe.set_user(frappe.db.get_value("OAuth Bearer Token", token, "user")) frappe.local.form_dict = form_dict parts = frappe.request.path[1:].split("/",3) call = doctype = name = None if len(parts) > 1: call = parts[1] if len(parts) > 2: doctype = parts[2] if len(parts) > 3: name = parts[3] if call=="method": frappe.local.form_dict.cmd = doctype return frappe.handler.handle() elif call=="resource": if "run_method" in frappe.local.form_dict: method = frappe.local.form_dict.pop("run_method") doc = frappe.get_doc(doctype, name) doc.is_whitelisted(method) if frappe.local.request.method=="GET": if not doc.has_permission("read"): frappe.throw(_("Not permitted"), frappe.PermissionError) frappe.local.response.update({"data": doc.run_method(method, **frappe.local.form_dict)}) if frappe.local.request.method=="POST": if not doc.has_permission("write"): frappe.throw(_("Not permitted"), frappe.PermissionError) frappe.local.response.update({"data": doc.run_method(method, **frappe.local.form_dict)}) frappe.db.commit() else: if name: if frappe.local.request.method=="GET": doc = frappe.get_doc(doctype, name) if not doc.has_permission("read"): raise frappe.PermissionError frappe.local.response.update({"data": doc}) if frappe.local.request.method=="PUT": data = json.loads(frappe.local.form_dict.data) doc = frappe.get_doc(doctype, name) if "flags" in data: del data["flags"] # Not checking permissions here because it's checked in doc.save doc.update(data) frappe.local.response.update({ "data": doc.save().as_dict() }) frappe.db.commit() if frappe.local.request.method=="DELETE": # Not checking permissions here because it's checked in delete_doc frappe.delete_doc(doctype, name) frappe.local.response.http_status_code = 202 frappe.local.response.message = "ok" frappe.db.commit() elif doctype: if frappe.local.request.method=="GET": if frappe.local.form_dict.get('fields'): frappe.local.form_dict['fields'] = json.loads(frappe.local.form_dict['fields']) frappe.local.form_dict.setdefault('limit_page_length', 20) frappe.local.response.update({ "data": frappe.call(frappe.client.get_list, doctype, **frappe.local.form_dict)}) if frappe.local.request.method=="POST": data = json.loads(frappe.local.form_dict.data) data.update({ "doctype": doctype }) frappe.local.response.update({ "data": frappe.get_doc(data).insert().as_dict() }) frappe.db.commit() else: raise frappe.DoesNotExistError else: raise frappe.DoesNotExistError return build_response("json")