def get_entity(id, action):
entity, obj = fetch_entity(id)
obj_or_404(entity)
if entity.get('$bulk') and action == request.authz.WRITE:
raise ImATeapot("Cannot write this entity.")
require(request.authz.can(entity.get('collection_id'), action))
return entity, obj
def update(collection_id, id):
collection = obj_or_404(Collection.by_id(collection_id))
authz.require(authz.collection_write(collection_id))
network = obj_or_404(Network.by_id_collection(id, collection))
network.update(request_data())
log_event(request)
db.session.commit()
return view(collection_id, network.id)
def delete(collection_id, id):
collection = obj_or_404(Collection.by_id(collection_id))
authz.require(authz.collection_write(collection.id))
network = obj_or_404(Network.by_id_collection(id, collection))
network.delete()
db.session.commit()
log_event(request)
return jsonify({'status': 'ok'})
def merge(id, other_id):
entity = obj_or_404(Entity.by_id(id))
check_authz(entity, authz.WRITE)
other = obj_or_404(Entity.by_id(other_id))
check_authz(other, authz.WRITE)
entity.merge(other)
db.session.commit()
update_entity(entity)
update_entity(other)
return view(entity.id)
def merge(id, other_id):
entity = obj_or_404(Entity.by_id(id))
check_authz(entity, authz.WRITE)
other = obj_or_404(Entity.by_id(other_id))
check_authz(other, authz.WRITE)
entity.merge(other)
db.session.commit()
update_entity(entity)
update_entity(other)
return view(entity.id)
def update(id):
authz.require(authz.list_write(id))
lst = obj_or_404(List.by_id(id))
lst.update(request_data(), current_user)
db.session.add(lst)
db.session.commit()
return view(id)
def ingest_upload(collection_id):
collection = obj_or_404(Collection.by_id(collection_id))
authz.require(authz.collection_write(collection.id))
log_event(request)
try:
meta = json.loads(request.form.get('meta', '{}'))
except Exception as ex:
raise BadRequest(unicode(ex))
metas = []
for storage in request.files.values():
file_meta = meta.copy()
file_meta['mime_type'] = storage.mimetype
file_meta['file_name'] = storage.filename
validate(file_meta, 'metadata.json#')
file_meta = Metadata.from_data(file_meta)
file_meta.crawler_id = 'user_upload:%s' % request.auth_role.id
file_meta.crawler_run = make_textid()
sec_fn = os.path.join(get_upload_folder(),
secure_filename(storage.filename))
storage.save(sec_fn)
ingest_file(collection.id, file_meta, sec_fn, move=True,
queue=USER_QUEUE, routing_key=USER_ROUTING_KEY)
metas.append(file_meta)
return jsonify({'status': 'ok', 'metadata': metas})
def delete(id):
entity = obj_or_404(Entity.by_id(id))
check_authz(entity, authz.WRITE)
delete_entity(entity)
db.session.commit()
log_event(request, entity_id=entity.id)
return jsonify({'status': 'ok'})
def process(id):
collection = obj_or_404(Collection.by_id(id))
request.authz.require(request.authz.collection_write(collection))
analyze_collection.apply_async([collection.id], queue=USER_QUEUE,
routing_key=USER_ROUTING_KEY)
log_event(request)
return jsonify({'status': 'ok'})
def delete(id):
authz.require(authz.logged_in())
alert = obj_or_404(Alert.by_id(id))
authz.require(alert.user_id == current_user.id)
db.session.delete(alert)
db.session.commit()
return jsonify({'status': 'ok'})
def delete(id):
collection = obj_or_404(Collection.by_id(id))
authz.require(authz.collection_write(id))
delete_collection.apply_async([collection.id], queue=USER_QUEUE,
routing_key=USER_ROUTING_KEY)
log_event(request)
return jsonify({'status': 'ok'})
def update(login):
user = obj_or_404(User.by_login(login))
authz.require(user.id == current_user.id)
user.update(request_data())
db.session.add(user)
db.session.commit()
return view(login)
def ingest_upload(collection_id):
collection = obj_or_404(Collection.by_id(collection_id))
request.authz.require(request.authz.collection_write(collection.id))
log_event(request)
crawler_run = make_textid()
try:
meta = json.loads(request.form.get('meta', '{}'))
except Exception as ex:
raise BadRequest(unicode(ex))
documents = []
for storage in request.files.values():
sec_fn = os.path.join(upload_folder, secure_filename(storage.filename))
storage.save(sec_fn)
content_hash = checksum(sec_fn)
document = Document.by_keys(collection=collection,
content_hash=content_hash)
document.crawler = 'user_upload:%s' % request.authz.role.id
document.crawler_run = crawler_run
document.mime_type = storage.mimetype
document.file_name = storage.filename
try:
meta = json.loads(request.form.get('meta', '{}'))
validate(meta, 'metadata.json#')
document.meta.update(meta)
except Exception as ex:
raise BadRequest(unicode(ex))
ingest_document(document, sec_fn, user_queue=True)
os.unlink(sec_fn)
documents.append(document)
return jsonify({'status': 'ok', 'documents': documents})
def update(slug):
authz.require(authz.source_write(slug))
source = obj_or_404(Source.by_slug(slug))
source.update(request_data(), current_user)
db.session.add(source)
db.session.commit()
return view(slug)
def crawl(slug):
logging.debug('starting a crawl of %s' % slug)
authz.require(authz.source_write(slug))
source = obj_or_404(Source.by_slug(slug))
crawl_source.delay(source.slug)
logging.debug('started crawl')
return jsonify({'status': 'ok'})
def create():
# also handles update
data = request.get_json()
print(data)
if 'query_text' not in data:
return jsonify({'status': 'invalid'})
authz.require(authz.logged_in())
if data.get('alert_id', None): # UPDATE
alert_id = int(data['alert_id'])
alert = obj_or_404(Alert.by_id(alert_id))
authz.require(alert.role_id == request.auth_role.id)
alert.query_text = data['query_text']
alert.custom_label = data.get('custom_label' '') or data['query_text']
alert.checking_interval=int(data.get('checking_interval', 9))
else: # CREATE
alert = Alert(
role_id = request.auth_role.id,
query_text=data['query_text'],
custom_label=data.get('custom_label' '') or data['query_text'],
checking_interval=int(data.get('checking_interval', 9))
)
db.session.add(alert)
db.session.commit()
return view(alert.id)
def delete(id):
entity = obj_or_404(Entity.by_id(id))
authz.require(authz.watchlist_write(entity.watchlist_id))
entity.delete()
db.session.commit()
analyze_entity.delay(id)
return jsonify({"status": "ok"})
def update(id):
authz.require(authz.system_edit())
entity = obj_or_404(EntityQuery.by_id(id))
context = Context.create(current_user, {})
entity.update(request_data(), context)
db.session.commit()
return redirect(url_for(".view", id=entity.id))
def update(id):
authz.require(authz.source_write(id))
source = obj_or_404(Source.by_id(id))
source.update(request_data())
db.session.add(source)
db.session.commit()
return view(id)
def delete(id):
entity = obj_or_404(Entity.by_id(id))
check_authz(entity, authz.WRITE)
entity.delete()
db.session.commit()
update_entity(entity)
return jsonify({'status': 'ok'})
def delete(id):
authz.require(authz.logged_in())
alert = obj_or_404(Alert.by_id(id, role=request.auth_role))
alert.delete()
db.session.commit()
log_event(request)
return jsonify({'status': 'ok'})
def update(login):
user = obj_or_404(User.by_login(login))
authz.require(user.id == current_user.id)
user.update(request_data())
db.session.add(user)
db.session.commit()
return view(login)
def update(id):
authz.require(authz.collection_write(id))
coll = obj_or_404(Collection.by_id(id))
coll.update(request_data(), current_user)
db.session.add(coll)
db.session.commit()
return view(id)
def view(id):
authz.require(id == current_user.id or authz.is_admin())
user = obj_or_404(User.by_id(id))
data = user.to_dict()
if user.id != current_user.id:
del data['email']
return jsonify(data)
def delete(id):
entity = obj_or_404(Entity.by_id(id))
check_authz(entity, authz.WRITE)
delete_entity(entity)
db.session.commit()
log_event(request, entity_id=entity.id)
return jsonify({'status': 'ok'})
def update(id):
user = obj_or_404(User.by_id(id))
authz.require(user.id == current_user.id or authz.is_admin())
user.update(request_data())
db.session.add(user)
db.session.commit()
return jsonify(user)
def delete(id):
authz.require(authz.collection_write(id))
collection = obj_or_404(Collection.by_id(id))
analyze_terms.delay(collection.terms)
collection.delete()
db.session.commit()
return jsonify({'status': 'ok'})
def ingest_upload(collection_id):
collection = obj_or_404(Collection.by_id(collection_id))
request.authz.require(request.authz.collection_write(collection.id))
log_event(request)
try:
meta = json.loads(request.form.get('meta', '{}'))
meta['crawler_id'] = 'user_upload:%s' % request.authz.role.id
meta['crawler_run'] = make_textid()
except Exception as ex:
raise BadRequest(unicode(ex))
metas = []
for storage in request.files.values():
file_meta = meta.copy()
file_meta['mime_type'] = storage.mimetype
file_meta['file_name'] = storage.filename
file_meta['source_path'] = storage.filename
validate(file_meta, 'metadata.json#')
file_meta = Metadata.from_data(file_meta)
sec_fn = os.path.join(upload_folder, secure_filename(storage.filename))
storage.save(sec_fn)
ingest_file(collection_id, file_meta, sec_fn, move=True,
queue=USER_QUEUE, routing_key=USER_ROUTING_KEY)
metas.append(file_meta)
return jsonify({'status': 'ok', 'metadata': metas})
def delete(id):
authz.require(authz.watchlist_write(id))
watchlist = obj_or_404(Watchlist.by_id(id))
analyze_terms.delay(watchlist.terms)
watchlist.delete()
db.session.commit()
return jsonify({'status': 'ok'})
def view(dataset, id):
dataset = get_dataset(dataset)
run = obj_or_404(Run.by_id(dataset, id))
data = run.to_dict()
package = data_manager.package(dataset.name)
data['messages'] = list(logger.load(package, run.id))
return jsonify(data)
def delete(id):
entity = obj_or_404(Entity.by_id(id))
authz.require(authz.collection_write(entity.collection_id))
entity.delete()
db.session.commit()
analyze_entity.delay(id)
return jsonify({'status': 'ok'})
def update(slug):
authz.require(authz.source_write(slug))
source = obj_or_404(Source.by_slug(slug))
source.update(request_data(), current_user)
db.session.add(source)
db.session.commit()
return view(slug)
def view(id):
authz.require(authz.logged_in())
role = obj_or_404(Role.by_id(id))
data = role.to_dict()
if role.id != request.auth_role.id:
del data["email"]
return jsonify(data)
def delete(id):
request.authz.require(request.authz.session_write())
alert = obj_or_404(Alert.by_id(id, role=request.authz.role))
alert.delete()
db.session.commit()
log_event(request)
return jsonify({'status': 'ok'})
def delete(id):
entity = obj_or_404(Entity.by_id(id))
check_authz(entity, authz.WRITE)
entity.delete()
db.session.commit()
update_entity(entity)
return jsonify({'status': 'ok'})
def update(id):
authz.require(authz.collection_write(id))
collection = obj_or_404(Collection.by_id(id))
collection.update(request_data())
db.session.add(collection)
db.session.commit()
return view(id)
def update(id):
authz.require(authz.source_write(id))
source = obj_or_404(Source.by_id(id))
source.update(request_data())
db.session.add(source)
db.session.commit()
return view(id)
def view(id):
authz.require(authz.logged_in())
role = obj_or_404(Role.by_id(id))
data = role.to_dict()
if role.id != request.auth_role.id:
del data['email']
return jsonify(data)
def delete(id):
authz.require(authz.logged_in())
alert = obj_or_404(Alert.by_id(id))
authz.require(alert.user_id == current_user.id)
db.session.delete(alert)
db.session.commit()
return jsonify({'status': 'ok'})
def delete(id):
entity = obj_or_404(Entity.by_id(id))
authz.require(authz.collection_write(entity.collection_id))
entity.delete()
db.session.commit()
analyze_entity.delay(id)
return jsonify({'status': 'ok'})
def update(id):
authz.require(authz.watchlist_write(id))
watchlist = obj_or_404(Watchlist.by_id(id))
watchlist.update(request_data())
db.session.add(watchlist)
db.session.commit()
return view(id)
def create(collection_id):
collection = obj_or_404(Collection.by_id(collection_id))
authz.require(authz.collection_write(collection.id))
network = Network.create(request_data(), collection, request.auth_role)
db.session.commit()
log_event(request)
return view(collection_id, network.id)
def update(id):
role = obj_or_404(Role.by_id(id))
authz.require(authz.logged_in())
authz.require(role.id == request.auth_role.id)
role.update(request_data())
db.session.add(role)
db.session.commit()
return jsonify(role)
def update(id):
entity = obj_or_404(Entity.by_id(id))
entity = Entity.save(get_data(entity=entity),
collection_id=entity.collection_id,
merge=arg_bool('merge'))
db.session.commit()
analyze_entity.delay(entity.id)
return view(entity.id)
def view(id):
role = obj_or_404(Role.by_id(id))
request.authz.require(request.authz.logged_in)
request.authz.require(check_visible(role))
data = role.to_dict()
if role.id == request.authz.role.id:
data['email'] = role.email
return jsonify(data)
def update(id):
role = obj_or_404(Role.by_id(id))
authz.require(authz.logged_in())
authz.require(role.id == request.auth_role.id)
role.update(request_data())
db.session.add(role)
db.session.commit()
return jsonify(role)
def delete(id):
authz.require(authz.list_write(id))
lst = obj_or_404(List.by_id(id))
selectors = lst.terms
lst.delete()
db.session.commit()
refresh_selectors.delay(list(selectors))
return jsonify({'status': 'ok'})
def update(id):
authz.require(authz.collection_write(id))
collection = obj_or_404(Collection.by_id(id))
collection.update(request_data())
db.session.add(collection)
db.session.commit()
log_event(request)
return view(id)
def delete(id):
collection = obj_or_404(Collection.by_id(id))
authz.require(authz.collection_write(id))
collection.delete()
for entity in collection.entities:
update_entity(entity)
db.session.commit()
return jsonify({'status': 'ok'})
def update(id):
entity = obj_or_404(Entity.by_id(id))
entity = Entity.save(get_data(entity=entity),
collection_id=entity.collection_id,
merge=arg_bool('merge'))
db.session.commit()
analyze_entity.delay(entity.id)
return view(entity.id)
def delete(id):
entity = obj_or_404(Entity.by_id(id))
authz.require(authz.list_write(entity.list_id))
selectors = entity.terms
entity.delete()
db.session.commit()
refresh_selectors.delay(list(selectors))
return jsonify({'status': 'ok'})
def view(id):
## XXX seems to let any user get private info on other users?
authz.require(authz.logged_in())
role = obj_or_404(Role.by_id(id))
data = role.to_dict()
if role.id != request.auth_role.id:
del data['email']
return jsonify(data)
def update(id):
role = obj_or_404(Role.by_id(id))
request.authz.require(request.authz.session_write())
request.authz.require(role.id == request.authz.role.id)
role.update(request_data())
db.session.add(role)
db.session.commit()
log_event(request)
return jsonify(role)
