def delete_items(portal_type=None, uid=None, endpoint=None, **kw):
""" delete items
1. If the uid is given, we can ignore the request body and delete the
object with the given uid (if the uid was valid).
2. If no uid is given, the user wants to delete more than one item.
=> go through each item and extract the uid. Delete it afterwards.
// we should do this kind of transaction base. So if we can not get an
// object for an uid, no item will be deleted.
3. we could check if the portal_type matches, just to be sure the user
wants to delete the right content.
"""
# disable CSRF
req.disable_csrf_protection()
# try to find the requested objects
objects = find_objects(uid=uid)
# We don't want to delete the portal object
if filter(lambda o: is_root(o), objects):
fail(400, "Can not delete the portal object")
results = []
for obj in objects:
# We deactivate only!
deactivate_object(obj)
info = IInfo(obj)()
results.append(info)
if not results:
fail(404, "No Objects could be found")
return results
def consume(context, request): # noqa
"""Endpoint to handle the consumption of a queued task, if any
"""
# disable CSRF
req.disable_csrf_protection()
# start the consumer
msg = consumer.consume_task()
return get_message_summary(msg, "consumer.consume")
def process(context, request, task_uid=None): # noqa
"""Processes the task passed-in
"""
# disable CSRF
req.disable_csrf_protection()
# Maybe the task uid has been sent via POST
task_uid = task_uid or req.get_json().get("task_uid")
# Get the task
task = get_task(task_uid)
if task.username != capi.get_current_user().id:
# 403 Authenticated, but user does not have access to the resource
_fail(403)
# Process
t0 = time.time()
task_context = task.get_context()
if not task_context:
_fail(500, "Task's context is not available")
# Get the adapter able to process this specific type of task
adapter = queryAdapter(task_context, IQueuedTaskAdapter, name=task.name)
if not adapter:
_fail(501, "No adapter found for {}".format(task.name))
logger.info("Processing task {}: '{}' for '{}' ({}) ...".format(
task.task_short_uid, task.name, capi.get_id(task_context),
task.context_uid))
# Inject the queue_consumer marker to the request so guards skip checks
# against the queue
request = capi.get_request()
request.set("queue_tuid", task_uid)
# If the task refers to a worksheet, inject (ws_id) in params to make
# sure guards (assign, un-assign) return True
if IWorksheet.providedBy(task_context):
request.set("ws_uid", capi.get_uid(task_context))
# Process the task
adapter.process(task)
# Sleep a bit for minimum effect against userland threads
# Better to have a transaction conflict here than in userland
min_seconds = task.get("min_seconds", 3)
while time.time() - t0 < min_seconds:
time.sleep(0.5)
msg = "Processed: {}".format(task.task_short_uid)
return get_message_summary(msg, "consumer.process")
def create_items(portal_type=None, uid=None, endpoint=None, **kw):
""" create items
1. If the uid is given, get the object and create the content in there
(assumed that it is folderish)
2. If the uid is 0, the target folder is assumed the portal.
3. If there is no uid given, the payload is checked for either a key
- `parent_uid` specifies the *uid* of the target folder
- `parent_path` specifies the *physical path* of the target folder
"""
# disable CSRF
req.disable_csrf_protection()
# destination where to create the content
container = uid and get_object_by_uid(uid) or None
# extract the data from the request
records = req.get_request_data()
results = []
for record in records:
# get the portal_type
if portal_type is None:
# try to fetch the portal type out of the request data
portal_type = record.pop("portal_type", None)
if container is None:
# find the container for content creation
container = find_target_container(record)
# Check if we have a container and a portal_type
if not all([container, portal_type]):
fail(400, "Please provide a container path/uid and portal_type")
# check if it is allowed to create the portal_type
if not is_creation_allowed(portal_type, container):
fail(
401, "Creation of '{}' in '{}' is not allowed".format(
portal_type, api.get_path(container)))
# create the object and pass in the record data
obj = create_object(container, portal_type, **record)
results.append(obj)
if not results:
fail(400, "No Objects could be created")
return make_items_for(results, endpoint=endpoint)
def update_items(portal_type=None, uid=None, endpoint=None, **kw):
""" update items
1. If the uid is given, the user wants to update the object with the data
given in request body
2. If no uid is given, the user wants to update a bunch of objects.
-> each record contains either an UID, path or parent_path + id
"""
# disable CSRF
req.disable_csrf_protection()
# the data to update
records = req.get_request_data()
# we have an uid -> try to get an object for it
obj = get_object_by_uid(uid)
if obj:
record = records[0] # ignore other records if we got an uid
# Can this object be updated?
if not is_update_allowed(obj):
fail(401, "Update of {} is not allowed".format(api.get_path(obj)))
obj = update_object_with_data(obj, record)
return make_items_for([obj], endpoint=endpoint)
# no uid -> go through the record items
results = []
for record in records:
obj = get_object_by_record(record)
# no object found for this record
if obj is None:
continue
# Can this object be updated?
if not is_update_allowed(obj):
fail(401, "Update of {} is not allowed".format(api.get_path(obj)))
# update the object with the given record data
obj = update_object_with_data(obj, record)
results.append(obj)
if not results:
fail(400, "No Objects could be updated")
return make_items_for(results, endpoint=endpoint)