def has_permission(self, request, view): try: get_repo(view.kwargs['repo_slug'], request.user.id) except NotFound: raise Http404() except PermissionDenied: return False return True
def test_get_repo(self): """repo does not exist""" # this should not fail api.get_repo(self.repo.slug, self.user.id) self.assertRaises(api.NotFound, api.get_repo, "nonexistent_repo", self.user.id) self.assertRaises(api.PermissionDenied, api.get_repo, self.repo.slug, self.user_norepo.id)
def create_task(session, user_id, task_type, task_info): """ Start a new Celery task from REST API. Args: session (SessionStore): The request session. user_id (int): The id for user creating task. task_type (unicode): The type of task being started. task_info (dict): Extra information about the task. Returns: dict: The initial task data (will also be stored in session). """ if task_type == EXPORT_TASK_TYPE: try: repo_slug = task_info['repo_slug'] except KeyError: raise ValidationError("Missing repo_slug") # Verify repository ownership. get_repo(repo_slug, user_id) try: exports = set(session[EXPORTS_KEY][repo_slug]) except KeyError: exports = set() try: ids = task_info['ids'] except KeyError: raise ValidationError("Missing ids") for resource_id in ids: if resource_id not in exports: raise ValidationError("id {id} is not in export list".format( id=resource_id )) learning_resources = LearningResource.objects.filter(id__in=ids).all() user = User.objects.get(id=user_id) result = export_resources.delay(learning_resources, user.username) # Put new task in session. initial_data = track_task(session, result, task_type, task_info) return initial_data else: raise ValidationError("Unknown task_type {task_type}".format( task_type=task_type ))
def create_task(session, user_id, task_type, task_info): """ Start a new Celery task from REST API. Args: session (SessionStore): The request session. user_id (int): The id for user creating task. task_type (unicode): The type of task being started. task_info (dict): Extra information about the task. Returns: dict: The initial task data (will also be stored in session). """ if task_type == EXPORT_TASK_TYPE: try: repo_slug = task_info['repo_slug'] except KeyError: raise ValidationError("Missing repo_slug") # Verify repository ownership. get_repo(repo_slug, user_id) try: exports = set(session[EXPORTS_KEY][repo_slug]) except KeyError: exports = set() try: ids = task_info['ids'] except KeyError: raise ValidationError("Missing ids") for resource_id in ids: if resource_id not in exports: raise ValidationError( "id {id} is not in export list".format(id=resource_id)) learning_resources = LearningResource.objects.filter(id__in=ids).all() user = User.objects.get(id=user_id) result = export_resources.delay(learning_resources, user.username) # Put new task in session. initial_data = track_task(session, result, task_type, task_info) return initial_data else: raise ValidationError( "Unknown task_type {task_type}".format(task_type=task_type))
def test_get_repo(self): """repo does not exist""" # this should not fail api.get_repo(self.repo.slug, self.user.id) self.assertRaises( api.NotFound, api.get_repo, "nonexistent_repo", self.user.id ) self.assertRaises( api.PermissionDenied, api.get_repo, self.repo.slug, self.user_norepo.id )
def upload(request, repo_slug): """ Upload a OLX archive. """ repo = get_repo(repo_slug, request.user.id) form = UploadForm() if request.method == "POST": form = UploadForm( data=request.POST, files=request.FILES) if form.is_valid(): try: form.save(request.user.id, repo.id) return redirect("/repositories/{0}/".format(repo_slug)) except ValueError as ex: # Coverage exception reasoning: After successful upload, # extraction, and validation, any error *should* be # "Duplicate course," and if it's not, it will be re-raised # and we'll code for it then. if "Duplicate course" not in ex.args: # pragma: no cover raise ex form.add_error("course_file", "Duplicate course") return render( request, "upload.html", {'form': form, "repo": repo}, )
def upload(request, repo_slug): """ Upload a OLX archive. """ repo = get_repo(repo_slug, request.user.id) form = UploadForm() if request.method == "POST": form = UploadForm(data=request.POST, files=request.FILES) if form.is_valid(): try: form.save(request.user.id, repo.id) return redirect("/repositories/{0}/".format(repo_slug)) except ValueError as ex: # Coverage exception reasoning: After successful upload, # extraction, and validation, any error *should* be # "Duplicate course," and if it's not, it will be re-raised # and we'll code for it then. if "Duplicate course" not in ex.args: # pragma: no cover raise ex form.add_error("course_file", "Duplicate course") return render( request, "upload.html", { 'form': form, "repo": repo }, )
def has_permission(self, request, view): try: repo = get_repo(view.kwargs['repo_slug'], request.user.id) except NotFound: raise Http404() except PermissionDenied: return False if request.method in SAFE_METHODS: return True return RepoPermission.import_course[0] in get_perms(request.user, repo)
def repository_view(request, repo_slug): """ View for repository page. """ try: repo = get_repo(repo_slug, request.user.id) except NotFound: raise Http404 except LorePermissionDenied: raise PermissionDenied exports = request.session.get( 'learning_resource_exports', {}).get(repo.slug, []) sortby = dict(request.GET.copy()).get('sortby', []) if (len(sortby) > 0 and sortby[0] in LoreSortingFields.all_sorting_fields()): sortby_field = sortby[0] else: # default value sortby_field = LoreSortingFields.DEFAULT_SORTING_FIELD sorting_options = { "current": LoreSortingFields.get_sorting_option( sortby_field), "all": LoreSortingFields.all_sorting_options_but( sortby_field) } try: page_size = int(request.GET.get(LorePagination.page_size_query_param)) except (ValueError, KeyError, TypeError): page_size = LorePagination.page_size if page_size <= 0: page_size = LorePagination.page_size elif page_size > LorePagination.max_page_size: page_size = LorePagination.max_page_size context = { "repo": repo, "perms_on_cur_repo": get_perms(request.user, repo), "sorting_options_json": json.dumps(sorting_options), "exports_json": json.dumps(exports), "page_size_json": json.dumps(page_size) } return render( request, "repository.html", context )
def has_permission(self, request, view): # verify repo just in case we haven't done this earlier try: get_repo(view.kwargs['repo_slug'], request.user.id) except NotFound: raise Http404() except PermissionDenied: return False if request.method in SAFE_METHODS: return True else: repo_slug = view.kwargs['repo_slug'] try: repo = Repository.objects.get(slug=repo_slug) except Repository.DoesNotExist: raise NotFound() return ( RepoPermission.manage_taxonomy[0] in get_perms(request.user, repo) )
def repository_data_view(request, repo_slug): """ View for repository page. """ try: repo = get_repo(repo_slug, request.user.id) except NotFound: raise Http404 except LorePermissionDenied: raise PermissionDenied context = {"repo": repo} return render(request, "data.html", context)
def repository_view(request, repo_slug): """ View for repository page. """ try: repo = get_repo(repo_slug, request.user.id) except NotFound: raise Http404 except LorePermissionDenied: raise PermissionDenied exports = request.session.get('learning_resource_exports', {}).get(repo.slug, []) sortby = dict(request.GET.copy()).get('sortby', []) if (len(sortby) > 0 and sortby[0] in LoreSortingFields.all_sorting_fields()): sortby_field = sortby[0] else: # default value sortby_field = LoreSortingFields.DEFAULT_SORTING_FIELD sorting_options = { "current": LoreSortingFields.get_sorting_option(sortby_field), "all": LoreSortingFields.all_sorting_options_but(sortby_field) } try: page_size = int(request.GET.get(LorePagination.page_size_query_param)) except (ValueError, KeyError, TypeError): page_size = LorePagination.page_size if page_size <= 0: page_size = LorePagination.page_size elif page_size > LorePagination.max_page_size: page_size = LorePagination.max_page_size context = { "repo": repo, "perms_on_cur_repo": get_perms(request.user, repo), "sorting_options_json": json.dumps(sorting_options), "exports_json": json.dumps(exports), "page_size_json": json.dumps(page_size) } return render(request, "repository.html", context)
def get_vocabulary(repo_slug, user_id, vocab_slug): """ Lookup vocabulary given its slug, using repo_slug to validate ownership. Args: repo_id (int): Repository id user_id (int): User id vocab_slug (unicode): Vocabulary slug Returns: Vocabulary (Vocabulary): The vocabulary from the database """ repo = get_repo(repo_slug, user_id) try: return repo.vocabulary_set.get(slug=vocab_slug) except Vocabulary.DoesNotExist: raise NotFound()
def __call__(self, request, repo_slug): # Get arguments from the URL # It's a subclass of an external class, so we don't have # repo_slug in __init__. # pylint: disable=attribute-defined-outside-init try: self.repo = get_repo(repo_slug, request.user.id) except NotFound: raise Http404() except LorePermissionDenied: raise PermissionDenied('unauthorized') # get sorting from params if it's there sortby = dict(request.GET.copy()).get('sortby', []) if (len(sortby) > 0 and sortby[0] in LoreSortingFields.all_sorting_fields()): self.sortby = sortby[0] else: # default value self.sortby = LoreSortingFields.DEFAULT_SORTING_FIELD return super(RepositoryView, self).__call__(request)
def get_term(repo_slug, user_id, vocab_slug, term_slug): """ Get Term with existing slug, validating ownership for repo_slug and vocab_slug. Args: term_id (int): Term slug Returns: Term (Term): The Term with the id """ repo = get_repo(repo_slug, user_id) try: return repo.vocabulary_set.get( slug=vocab_slug ).term_set.get( slug=term_slug ) except Vocabulary.DoesNotExist: raise NotFound() except Term.DoesNotExist: raise NotFound()