def _get_validated_object_parameters(self, data_dict):
params = {
'name':
data_dict['name'].strip(),
'description':
data_dict['description'],
'group_type':
parse_int(data_dict['group_type']),
'access_folios':
parse_boolean(data_dict.get('access_folios', '')),
'access_reports':
parse_boolean(data_dict.get('access_reports', '')),
'access_admin_users':
parse_boolean(data_dict.get('access_admin_users', '')),
'access_admin_files':
parse_boolean(data_dict.get('access_admin_files', '')),
'access_admin_folios':
parse_boolean(data_dict.get('access_admin_folios', '')),
'access_admin_permissions':
parse_boolean(data_dict.get('access_admin_permissions', '')),
'access_admin_all':
parse_boolean(data_dict.get('access_admin_all', ''))
}
validate_string(params['description'], 0, 5 * 1024)
validate_number(params['group_type'], Group.GROUP_TYPE_SYSTEM,
Group.GROUP_TYPE_LDAP)
if params['group_type'] == Group.GROUP_TYPE_LOCAL:
validate_string(params['name'], 1, 120)
return params
def _get_validated_object_parameters(self, data_dict, adding):
params = {
'filename': data_dict.get('filename'),
'index': data_dict.get('index'),
'image_parameters': data_dict.get('image_parameters')
}
if adding:
# Require either image_id or image_src
if data_dict.get('image_id') and data_dict.get('image_src'):
raise ValueError(
'specify only one of either image_id or image_src')
elif data_dict.get('image_id'):
params['image_id'] = parse_int(data_dict['image_id'])
validate_number(params['image_id'], 1, sys.maxsize)
elif data_dict.get('image_src'):
params['image_src'] = data_dict['image_src'].strip()
validate_string(params['image_src'], 5, 1024)
else:
raise KeyError('image_id or image_src')
# Get or default all the others
params['filename'] = params['filename'] or ''
params['index'] = parse_int(
params['index']) if params['index'] else 0
params['image_parameters'] = params['image_parameters'] or '{}'
else:
# All parameters optional, if not supplied we leave the values unchanged
if params['index']:
params['index'] = parse_int(params['index'])
if params['filename'] is not None:
validate_string(params['filename'], 0, 255)
if params['filename']:
# Zips only support ASCII filenames, block directory traversal attempts
sec_filename = secure_filename(params['filename'])
if sec_filename != params['filename']:
# We could continue with the secured filename, but the caller won't
# expect the filename to change, so be consistent and just fail it
raise ValueError('filename not allowed, try: ' +
sec_filename)
if params['index'] is not None:
validate_number(params['index'], -999999, 999999)
if params['image_parameters'] is not None:
validate_string(params['image_parameters'], 2, 100 * 1024)
params['image_parameters'] = _image_params_to_template_dict(
params['image_parameters'])
return params
def _get_validated_object_parameters(self, data_dict):
params = {
'name': data_dict['name'].strip(),
'description': data_dict['description'],
'group_type': parse_int(data_dict['group_type']),
'access_folios': parse_boolean(data_dict.get('access_folios', '')),
'access_reports': parse_boolean(data_dict.get('access_reports', '')),
'access_admin_users': parse_boolean(data_dict.get('access_admin_users', '')),
'access_admin_files': parse_boolean(data_dict.get('access_admin_files', '')),
'access_admin_folios': parse_boolean(data_dict.get('access_admin_folios', '')),
'access_admin_permissions': parse_boolean(data_dict.get('access_admin_permissions', '')),
'access_admin_all': parse_boolean(data_dict.get('access_admin_all', ''))
}
validate_string(params['description'], 0, 5 * 1024)
validate_number(params['group_type'], Group.GROUP_TYPE_SYSTEM, Group.GROUP_TYPE_LDAP)
if params['group_type'] == Group.GROUP_TYPE_LOCAL:
validate_string(params['name'], 1, 120)
return params
def _get_validated_object_parameters(self, data_dict, require_password):
params = {
'first_name': data_dict['first_name'],
'last_name': data_dict['last_name'],
'email': data_dict['email'],
'username': data_dict['username'].strip(),
'password': data_dict.get('password', ''),
'auth_type': parse_int(data_dict['auth_type']),
'allow_api': parse_boolean(data_dict.get('allow_api', ''))
}
validate_string(params['first_name'], 0, 120)
validate_string(params['last_name'], 0, 120)
validate_string(params['email'], 0, 120)
validate_number(params['auth_type'], User.AUTH_TYPE_PASSWORD, User.AUTH_TYPE_LDAP)
if params['auth_type'] != User.AUTH_TYPE_LDAP:
validate_string(params['username'], 1, 120)
if params['password'] or require_password:
validate_string(params['password'], 6, 120)
return params
def _get_validated_object_parameters(self, data_dict, require_password):
params = {
'first_name': data_dict['first_name'],
'last_name': data_dict['last_name'],
'email': data_dict['email'],
'username': data_dict['username'].strip(),
'password': data_dict.get('password', ''),
'auth_type': parse_int(data_dict['auth_type']),
'allow_api': parse_boolean(data_dict.get('allow_api', ''))
}
validate_string(params['first_name'], 0, 120)
validate_string(params['last_name'], 0, 120)
validate_string(params['email'], 0, 120)
validate_number(params['auth_type'], User.AUTH_TYPE_PASSWORD,
User.AUTH_TYPE_LDAP)
if params['auth_type'] != User.AUTH_TYPE_LDAP:
validate_string(params['username'], 1, 120)
if params['password'] or require_password:
validate_string(params['password'], 8, 120)
return params
def _get_validated_object_parameters(self, data_dict):
params = {
'human_id': data_dict.get('human_id', '').strip(),
'name': data_dict['name'],
'description': data_dict['description'],
'internal_access': parse_int(data_dict['internal_access']),
'public_access': parse_int(data_dict['public_access'])
}
if params['human_id']:
validate_string(params['human_id'], 1, 64)
if params['human_id'] != secure_url_fragment(
params['human_id'], True):
raise ValueError(
'human_id is not allowed to contain characters: %<>&.?:/')
validate_string(params['name'], 0, 255)
validate_string(params['description'], 0, 5 * 1024)
# For the first release of portfolios we're limiting access to <= DOWNLOAD
validate_number(params['internal_access'], FolioPermission.ACCESS_NONE,
FolioPermission.ACCESS_DOWNLOAD)
validate_number(params['public_access'], FolioPermission.ACCESS_NONE,
FolioPermission.ACCESS_DOWNLOAD)
return params
def _get_validated_object_parameters(self, data_dict):
params = {
'group_id': parse_int(data_dict['group_id']),
'folder_id': parse_int(data_dict['folder_id']),
'access': parse_int(data_dict['access'])
}
validate_number(params['group_id'], 1, sys.maxint)
validate_number(params['folder_id'], 1, sys.maxint)
validate_number(params['access'], FolderPermission.ACCESS_NONE, FolderPermission.ACCESS_ALL)
return params
def _get_validated_object_parameters(self, data_dict):
params = {
'group_id': parse_int(data_dict['group_id']),
'folder_id': parse_int(data_dict['folder_id']),
'access': parse_int(data_dict['access'])
}
validate_number(params['group_id'], 1, sys.maxsize)
validate_number(params['folder_id'], 1, sys.maxsize)
validate_number(params['access'], FolderPermission.ACCESS_NONE,
FolderPermission.ACCESS_ALL)
return params
def _get_validated_object_parameters(self, data_dict):
params = {'index': parse_int(data_dict['index'])}
validate_number(params['index'], -999999, 999999)
return params
def imagelist():
# Check parameters
try:
from_path = request.args.get('path', '')
want_info = parse_boolean(request.args.get('attributes', ''))
start = parse_int(request.args.get('start', '0'))
limit = parse_int(request.args.get('limit', '1000'))
validate_string(from_path, 1, 1024)
validate_number(start, 0, 999999999)
validate_number(limit, 1, 1000)
except ValueError as e:
raise ParameterError(e)
# Get extra parameters for image URL construction, remove API parameters
image_params = request.args.to_dict()
image_params.pop('path', None)
image_params.pop('attributes', None)
image_params.pop('start', None)
image_params.pop('limit', None)
# Get directory listing
directory_info = get_directory_listing(from_path, False, 2, start, limit)
if not directory_info.exists():
raise DoesNotExistError('Invalid path')
ret_list = []
db_session = data_engine.db_get_session()
db_commit = False
try:
# Auto-populate the folders database
db_folder = auto_sync_folder(
from_path, data_engine, task_engine, _db_session=db_session
)
db_session.commit()
# Require view permission or file admin
permissions_engine.ensure_folder_permitted(
db_folder,
FolderPermission.ACCESS_VIEW,
get_session_user()
)
# Get download permission in case we need to return it later
can_download = permissions_engine.is_folder_permitted(
db_folder,
FolderPermission.ACCESS_DOWNLOAD,
get_session_user()
)
# Create the response
file_list = directory_info.contents()
supported_img_types = image_engine.get_image_formats(supported_only=True)
base_folder = add_sep(directory_info.name())
for f in file_list:
# v2.6.4 Return unsupported files too. If you want to reverse this change,
# the filtering needs to be elsewhere for 'start' and 'limit' to work properly
supported_file = get_file_extension(f['filename']) in supported_img_types
file_path = base_folder + f['filename']
if want_info:
# Need to return the database fields too
if supported_file:
db_entry = auto_sync_existing_file(
file_path,
data_engine,
task_engine,
burst_pdf=False, # Don't burst a PDF just by finding it here
_db_session=db_session
)
db_entry = _prep_image_object(db_entry, can_download, **image_params)
else:
db_entry = _prep_blank_image_object()
db_entry.filename = f['filename']
db_entry.supported = False
# Return images in full (standard) image dict format
entry = object_to_dict(db_entry, _omit_fields)
else:
# Return images in short dict format
entry = {
'filename': f['filename'],
'supported': supported_file,
'url': (external_url_for('image', src=file_path, **image_params)
if supported_file else '')
}
ret_list.append(entry)
db_commit = True
finally:
try:
if db_commit:
db_session.commit()
else:
db_session.rollback()
finally:
db_session.close()
return make_api_success_response(ret_list)
def _get_validated_object_parameters(self, data_dict):
params = {'user_id': parse_int(data_dict['user_id'])}
validate_number(params['user_id'], 1, sys.maxsize)
return params
def _get_validated_object_parameters(self, data_dict):
params = {'user_id': parse_int(data_dict['user_id'])}
validate_number(params['user_id'], 1, sys.maxint)
return params
