def _get_validated_object_parameters(self, data_dict): params = { 'name': data_dict['name'].strip(), 'description': data_dict['description'], 'group_type': parse_int(data_dict['group_type']), 'access_folios': parse_boolean(data_dict.get('access_folios', '')), 'access_reports': parse_boolean(data_dict.get('access_reports', '')), 'access_admin_users': parse_boolean(data_dict.get('access_admin_users', '')), 'access_admin_files': parse_boolean(data_dict.get('access_admin_files', '')), 'access_admin_folios': parse_boolean(data_dict.get('access_admin_folios', '')), 'access_admin_permissions': parse_boolean(data_dict.get('access_admin_permissions', '')), 'access_admin_all': parse_boolean(data_dict.get('access_admin_all', '')) } validate_string(params['description'], 0, 5 * 1024) validate_number(params['group_type'], Group.GROUP_TYPE_SYSTEM, Group.GROUP_TYPE_LDAP) if params['group_type'] == Group.GROUP_TYPE_LOCAL: validate_string(params['name'], 1, 120) return params
def _get_validated_object_parameters(self, data_dict, adding): params = { 'filename': data_dict.get('filename'), 'index': data_dict.get('index'), 'image_parameters': data_dict.get('image_parameters') } if adding: # Require either image_id or image_src if data_dict.get('image_id') and data_dict.get('image_src'): raise ValueError( 'specify only one of either image_id or image_src') elif data_dict.get('image_id'): params['image_id'] = parse_int(data_dict['image_id']) validate_number(params['image_id'], 1, sys.maxsize) elif data_dict.get('image_src'): params['image_src'] = data_dict['image_src'].strip() validate_string(params['image_src'], 5, 1024) else: raise KeyError('image_id or image_src') # Get or default all the others params['filename'] = params['filename'] or '' params['index'] = parse_int( params['index']) if params['index'] else 0 params['image_parameters'] = params['image_parameters'] or '{}' else: # All parameters optional, if not supplied we leave the values unchanged if params['index']: params['index'] = parse_int(params['index']) if params['filename'] is not None: validate_string(params['filename'], 0, 255) if params['filename']: # Zips only support ASCII filenames, block directory traversal attempts sec_filename = secure_filename(params['filename']) if sec_filename != params['filename']: # We could continue with the secured filename, but the caller won't # expect the filename to change, so be consistent and just fail it raise ValueError('filename not allowed, try: ' + sec_filename) if params['index'] is not None: validate_number(params['index'], -999999, 999999) if params['image_parameters'] is not None: validate_string(params['image_parameters'], 2, 100 * 1024) params['image_parameters'] = _image_params_to_template_dict( params['image_parameters']) return params
def _get_validated_object_parameters(self, data_dict): params = { 'name': data_dict['name'].strip(), 'description': data_dict['description'], 'group_type': parse_int(data_dict['group_type']), 'access_folios': parse_boolean(data_dict.get('access_folios', '')), 'access_reports': parse_boolean(data_dict.get('access_reports', '')), 'access_admin_users': parse_boolean(data_dict.get('access_admin_users', '')), 'access_admin_files': parse_boolean(data_dict.get('access_admin_files', '')), 'access_admin_folios': parse_boolean(data_dict.get('access_admin_folios', '')), 'access_admin_permissions': parse_boolean(data_dict.get('access_admin_permissions', '')), 'access_admin_all': parse_boolean(data_dict.get('access_admin_all', '')) } validate_string(params['description'], 0, 5 * 1024) validate_number(params['group_type'], Group.GROUP_TYPE_SYSTEM, Group.GROUP_TYPE_LDAP) if params['group_type'] == Group.GROUP_TYPE_LOCAL: validate_string(params['name'], 1, 120) return params
def _get_validated_object_parameters(self, data_dict, require_password): params = { 'first_name': data_dict['first_name'], 'last_name': data_dict['last_name'], 'email': data_dict['email'], 'username': data_dict['username'].strip(), 'password': data_dict.get('password', ''), 'auth_type': parse_int(data_dict['auth_type']), 'allow_api': parse_boolean(data_dict.get('allow_api', '')) } validate_string(params['first_name'], 0, 120) validate_string(params['last_name'], 0, 120) validate_string(params['email'], 0, 120) validate_number(params['auth_type'], User.AUTH_TYPE_PASSWORD, User.AUTH_TYPE_LDAP) if params['auth_type'] != User.AUTH_TYPE_LDAP: validate_string(params['username'], 1, 120) if params['password'] or require_password: validate_string(params['password'], 6, 120) return params
def _get_validated_object_parameters(self, data_dict, require_password): params = { 'first_name': data_dict['first_name'], 'last_name': data_dict['last_name'], 'email': data_dict['email'], 'username': data_dict['username'].strip(), 'password': data_dict.get('password', ''), 'auth_type': parse_int(data_dict['auth_type']), 'allow_api': parse_boolean(data_dict.get('allow_api', '')) } validate_string(params['first_name'], 0, 120) validate_string(params['last_name'], 0, 120) validate_string(params['email'], 0, 120) validate_number(params['auth_type'], User.AUTH_TYPE_PASSWORD, User.AUTH_TYPE_LDAP) if params['auth_type'] != User.AUTH_TYPE_LDAP: validate_string(params['username'], 1, 120) if params['password'] or require_password: validate_string(params['password'], 8, 120) return params
def _get_validated_object_parameters(self, data_dict): params = { 'human_id': data_dict.get('human_id', '').strip(), 'name': data_dict['name'], 'description': data_dict['description'], 'internal_access': parse_int(data_dict['internal_access']), 'public_access': parse_int(data_dict['public_access']) } if params['human_id']: validate_string(params['human_id'], 1, 64) if params['human_id'] != secure_url_fragment( params['human_id'], True): raise ValueError( 'human_id is not allowed to contain characters: %<>&.?:/') validate_string(params['name'], 0, 255) validate_string(params['description'], 0, 5 * 1024) # For the first release of portfolios we're limiting access to <= DOWNLOAD validate_number(params['internal_access'], FolioPermission.ACCESS_NONE, FolioPermission.ACCESS_DOWNLOAD) validate_number(params['public_access'], FolioPermission.ACCESS_NONE, FolioPermission.ACCESS_DOWNLOAD) return params
def _get_validated_object_parameters(self, data_dict): params = { 'group_id': parse_int(data_dict['group_id']), 'folder_id': parse_int(data_dict['folder_id']), 'access': parse_int(data_dict['access']) } validate_number(params['group_id'], 1, sys.maxint) validate_number(params['folder_id'], 1, sys.maxint) validate_number(params['access'], FolderPermission.ACCESS_NONE, FolderPermission.ACCESS_ALL) return params
def _get_validated_object_parameters(self, data_dict): params = { 'group_id': parse_int(data_dict['group_id']), 'folder_id': parse_int(data_dict['folder_id']), 'access': parse_int(data_dict['access']) } validate_number(params['group_id'], 1, sys.maxsize) validate_number(params['folder_id'], 1, sys.maxsize) validate_number(params['access'], FolderPermission.ACCESS_NONE, FolderPermission.ACCESS_ALL) return params
def _get_validated_object_parameters(self, data_dict): params = {'index': parse_int(data_dict['index'])} validate_number(params['index'], -999999, 999999) return params
def imagelist(): # Check parameters try: from_path = request.args.get('path', '') want_info = parse_boolean(request.args.get('attributes', '')) start = parse_int(request.args.get('start', '0')) limit = parse_int(request.args.get('limit', '1000')) validate_string(from_path, 1, 1024) validate_number(start, 0, 999999999) validate_number(limit, 1, 1000) except ValueError as e: raise ParameterError(e) # Get extra parameters for image URL construction, remove API parameters image_params = request.args.to_dict() image_params.pop('path', None) image_params.pop('attributes', None) image_params.pop('start', None) image_params.pop('limit', None) # Get directory listing directory_info = get_directory_listing(from_path, False, 2, start, limit) if not directory_info.exists(): raise DoesNotExistError('Invalid path') ret_list = [] db_session = data_engine.db_get_session() db_commit = False try: # Auto-populate the folders database db_folder = auto_sync_folder( from_path, data_engine, task_engine, _db_session=db_session ) db_session.commit() # Require view permission or file admin permissions_engine.ensure_folder_permitted( db_folder, FolderPermission.ACCESS_VIEW, get_session_user() ) # Get download permission in case we need to return it later can_download = permissions_engine.is_folder_permitted( db_folder, FolderPermission.ACCESS_DOWNLOAD, get_session_user() ) # Create the response file_list = directory_info.contents() supported_img_types = image_engine.get_image_formats(supported_only=True) base_folder = add_sep(directory_info.name()) for f in file_list: # v2.6.4 Return unsupported files too. If you want to reverse this change, # the filtering needs to be elsewhere for 'start' and 'limit' to work properly supported_file = get_file_extension(f['filename']) in supported_img_types file_path = base_folder + f['filename'] if want_info: # Need to return the database fields too if supported_file: db_entry = auto_sync_existing_file( file_path, data_engine, task_engine, burst_pdf=False, # Don't burst a PDF just by finding it here _db_session=db_session ) db_entry = _prep_image_object(db_entry, can_download, **image_params) else: db_entry = _prep_blank_image_object() db_entry.filename = f['filename'] db_entry.supported = False # Return images in full (standard) image dict format entry = object_to_dict(db_entry, _omit_fields) else: # Return images in short dict format entry = { 'filename': f['filename'], 'supported': supported_file, 'url': (external_url_for('image', src=file_path, **image_params) if supported_file else '') } ret_list.append(entry) db_commit = True finally: try: if db_commit: db_session.commit() else: db_session.rollback() finally: db_session.close() return make_api_success_response(ret_list)
def _get_validated_object_parameters(self, data_dict): params = {'user_id': parse_int(data_dict['user_id'])} validate_number(params['user_id'], 1, sys.maxsize) return params
def _get_validated_object_parameters(self, data_dict): params = {'user_id': parse_int(data_dict['user_id'])} validate_number(params['user_id'], 1, sys.maxint) return params