def delete_instance(request=False, model=False, lookup_field=False, lookup_value=False): if not (request and model and lookup_field and lookup_value): return error("Invalid request") log_request("delete by", model, lookup_field, lookup_value) required_method_type = "POST" if not check_method_type(request, required_method_type): return invalid_method(required_method_type) parsed_body = json.loads(request.body.decode('utf-8')) if not parsed_body: return False if 'api_key' in parsed_body: admin = check_api_key(parsed_body['api_key']) else: admin = False if not admin: return error('Admin only action') instance = find_single_instance(model, lookup_field, lookup_value, admin) if not instance: return error("Can't find in db.") instance.delete() return JsonResponse({'success': True})
def get_instance(request=False, model=False, lookup_field=False, lookup_value=False): if not (request and model and lookup_field and lookup_value): return error("Invalid request") # Log the request log_request('get', model, lookup_field, lookup_value) # Limit response to these fields: allowed_fields = getattr(model, 'allowed_fields', ['id']) # get API Key: api_key_qs = request.GET.get('api_key', False) if api_key_qs: api_key = bleach.clean(api_key_qs) else: api_key = False # Admin True or False based on api_key admin = check_api_key(api_key) # Check that request uses "GET" method else return error required_method_type = "GET" if not check_method_type(request, required_method_type): return invalid_method(required_method_type) # Get single queryset from db else return error instance = find_single_instance(model, lookup_field, lookup_value, admin) instance_dict = single_instance_to_dict(instance, request=request, allowed_fields=allowed_fields) if instance_dict: response = { get_model_name(model, singular=True): instance_dict, 'admin': admin } return JsonResponse(response, safe=False) else: return error("Can't find in db.")
def new_instance(request=False, model=False): if not (request and model): return error("Invalid Request") log_request("new", model, 'new', '') # Limit to/Require these fields: allowed_fields = getattr(model, 'allowed_fields', ['id']) required_fields = getattr(model, 'required_fields', []) required_method_type = "POST" if not check_method_type(request, required_method_type): return invalid_method(required_method_type) parsed_body = json.loads(request.body.decode('utf-8')) if not parsed_body: return False if 'api_key' in parsed_body: admin = check_api_key(parsed_body['api_key']) else: admin = False if not admin: return error('Admin only action') request_dict = check_for_required_and_allowed_fields( model, parsed_body, required_fields, allowed_fields) if not request_dict: return error("Invalid request") object_instance = save_object_instance(model, request_dict) if not object_instance: return error("Error saving object") instance_dict = dict_from_single_object(object_instance, allowed_fields) instance_dict["success"] = True return JsonResponse(instance_dict, safe=False)
def index_response(request=False, model=False, order_by='?'): if not (request and model): return error('Invalid request') # Log the request log_request('get', model, 'index', 'all') # Show these fields on index: index_fields = getattr(model, 'index_fields', ['id']) # get API Key: api_key_qs = request.GET.get('api_key', False) if api_key_qs: api_key = bleach.clean(api_key_qs) else: api_key = False # Admin True or False based on api_key admin = check_api_key(api_key) # Get queryset of instances for specified or default page # Try/except will deal with any non integer values other than 'all' try: page = int(bleach.clean(request.GET.get('page', str(default['page'])))) quantity_qs = bleach.clean( request.GET.get('quantity', str(default['quantity']))) if quantity_qs == 'all': end_of_page = None start_of_page = None else: quantity = int(bleach.clean(quantity_qs)) end_of_page = page * quantity start_of_page = end_of_page - quantity except ValueError: page = default['page'] quantity = default['quantity'] end_of_page = page * quantity start_of_page = end_of_page - quantity # Get all instances from DB filter = {} if hasattr(model, 'hide_if') and not admin: filter[model.hide_if] = False # Get other filters from model: if hasattr(model, 'allowed_filters'): for new_filter in model.allowed_filters: filter_qs = '' try: filter_qs = request.GET.get(new_filter, str('')) filter_qs = bleach.clean(filter_qs) except: pass if filter_qs != '': if filter_qs.lower() == "false": filter_qs = False elif filter_qs.lower() == "true": filter_qs = True filter[new_filter] = filter_qs ordered_instance_objects_qs = model.objects.filter( **filter).order_by(order_by) # If not all are requested, scope to quantity and page: if (end_of_page != None) and (start_of_page != None): ordered_instance_objects_qs = ordered_instance_objects_qs[ start_of_page:end_of_page] # get single instance flow on each object modify_each_with = getattr(model, 'index_modify_with', unmodified) on_each_instance = partial(single_instance_to_dict, request=request, allowed_fields=index_fields, modify_with=modify_each_with) index_list = list(map(on_each_instance, ordered_instance_objects_qs)) # Get count of items on all pages: number_of = model.objects.filter(**filter).count() # Create response dict model_name = get_model_name(model) response = { 'total_' + model_name: number_of, 'page': page, 'admin': admin, model_name + '_list': index_list } # on safe=False: https://stackoverflow.com/questions/28740338/creating-json-array-in-django return JsonResponse(response, safe=False)
def edit_instance(request=False, model=False, lookup_field=False, lookup_value=False): if not (request and model and lookup_field and lookup_value): return error("Invalid request") log_request("edit", model, lookup_field, lookup_value) # Limit to/require these fields: allowed_fields = getattr(model, 'allowed_fields', ['id']) required_fields = getattr(model, 'required_fields', []) required_method_type = "POST" if not check_method_type(request, required_method_type): return invalid_method(required_method_type) parsed_body = json.loads(request.body.decode('utf-8')) if not parsed_body: return False if 'api_key' in parsed_body: admin = check_api_key(parsed_body['api_key']) else: admin = False if not admin: return error('Admin only action') ## No required fields because they might not be changing request_dict = check_for_required_and_allowed_fields( model, parsed_body, [], allowed_fields) if not request_dict: return error("No body in request or incorrect fields") instance = find_single_instance(model, lookup_field, lookup_value, admin) if not instance: return error("Can't find in db.") primary_key_field = model._meta.pk.name request_dict[primary_key_field] = instance.pk # Update each property in the instance that is different in the request_dict for i in request_dict: if getattr(instance, i) != request_dict[i]: try: setattr(instance, i, request_dict[i]) except: return error('Error updating instance') # Now check for required_fields for i in required_fields: if not getattr(instance, i): return error('Error updating instance') instance.save() if not instance: return error("Error saving object") updated_instance_dict = dict_from_single_object(instance, allowed_fields) if not updated_instance_dict: return error("Error generating response") updated_instance_dict["success"] = True print(updated_instance_dict) return JsonResponse(updated_instance_dict, safe=False)