def get(self, id): try: id = int(id) except: raise HTTPForbidden() if id != context.identity.payload['memberId']: raise HTTPForbidden() member = DBSession.query(Member).filter(Member.id == id).one_or_none() if not member: raise HTTPForbidden() return member
def get_access_token(self, authorization_code): if authorization_code is None: raise HTTPForbidden() response = requests.request( 'CREATE', f'{settings.oauth.url}/apiv1/accesstokens', data=dict(code=authorization_code, secret=settings.oauth['secret'], applicationId=settings.oauth['application_id'])) if response.status_code == 404: raise CASServerNotFound() # 502: Bad Gateway # 503: Service Unavailbale if response.status_code in (502, 503): raise CASServerNotAvailable() if response.status_code == 500: raise CASInternallError() if response.status_code != 200: raise HTTPUnauthorized() result = json.loads(response.text) return result['accessToken'], result['memberId']
def assert_roles(self, *roles): """ .. versionadded:: 0.29 :param roles: :return: """ if roles and not self.is_in_roles(*roles): raise HTTPForbidden()
def get(self): access_token = context.environ['HTTP_AUTHORIZATION'] if _cas_server_status != 'idle': raise HTTPStatus(_cas_server_status) if 'access token' in access_token: return dict( id=1, title='manager1', email='*****@*****.**', avatar='avatar1', ) raise HTTPForbidden()
def edit(self, id): id = int_or_notfound(id) new_message_body = context.form.get('body') message = DBSession.query(Message).get(id) if message is None: raise HTTPNotFound() if message.is_deleted: raise HTTPStatus('616 Message Already Deleted') if message.sender_id != Member.current().id: raise HTTPForbidden() message.body = new_message_body DBSession.add(message) DBSession.flush() queues.push(settings.messaging.workers_queue, message.to_dict()) return message
def get_access_token(self, authorization_code): if authorization_code is None: raise HTTPForbidden() url = f'{settings.oauth.url}/apiv1/accesstokens' response = requests.request( 'CREATE', url, data=dict(code=authorization_code, secret=settings.oauth['secret'], applicationId=settings.oauth['application_id'])) logger.debug( f'CREATE {url} - ' \ f'authorizationCode="{authorization_code}" - ' \ f'secret={settings.oauth["secret"]} - ' \ f'applicationId={settings.oauth["application_id"]} - ' \ f'response-HTTP-code={response.status_code} - ' \ f'target-application={self._server_name}' ) if response.status_code == 404: raise StatusCASServerNotFound() if response.status_code == 503: raise StatusCASServerNotAvailable() if response.status_code == 605: raise StatusInvalidApplicationID() if response.status_code == 608: raise StatusInvalidSecret() if response.status_code in (609, 610): raise HTTPUnauthorized if response.status_code != 200: logger.error(response.content.decode()) raise StatusCASServerInternalError() result = json.loads(response.text) return result['accessToken'], result['memberId']
def delete(self, id): try: id = int(id) except: raise HTTPStatus('707 Invalid MessageId') message = DBSession.query(Message) \ .filter(Message.id == id) \ .one_or_none() if message is None: raise HTTPStatus('614 Message Not Found') if message.is_deleted: raise HTTPStatus('616 Message Already Deleted') if not message.sender_id == Member.current().id: raise HTTPForbidden() message.body = 'This message is deleted' message.mimetype = 'text/plain' message.soft_delete() DBSession.flush() queues.push(settings.messaging.workers_queue, message.to_dict()) return message