def post(self, request): try: # we are expecting payload with the request document_name = request.data['document_name'] data = request.data['data'] # here the below user id is manually added # for demonstration purpose # you can extract an user id from the request # or from the jwt token if you implement user_id = '862bdaf0-6fa4-476e-be07-43ededfc222c' # user id is an optional parameter if you want to ignore security # if ignore_security=True, then row level security will be ignored error, result = data_update(document_name, data, ignore_security=True, user_id=user_id) if error: response = error_response(result) return Response(response, status=status.HTTP_400_BAD_REQUEST) response = success_response(result) return Response(response, status=status.HTTP_400_BAD_REQUEST) except BaseException as e: response = error_response(str(e)) return Response(response, status=status.HTTP_400_BAD_REQUEST)
def post(self, request): try: params = request.data document_name = params['document_name'] query = params['query'] # here the below user id is manually added # for demonstration purpose # you can extract an user id from the request # or from the jwt token if you implement user_id = '862bdaf0-6fa4-476e-be07-43ededfc222c' error, data = data_read(document_name, query, user_id=user_id, readable=False, error_track=True) return Response(data, status=status.HTTP_200_OK if not error else status.HTTP_400_BAD_REQUEST) except BaseException as e: return Response(error_response(str(e)), status=status.HTTP_400_BAD_REQUEST)
def basic_data_read(document_name, fields='__all__', page_size=10, page_num=1, order_by=None, include_security_fields=False, error_track=False): try: document = get_document(document_name) if not document or not document_name: return True, error_response( f'document by name `{document_name}` doesn\'t exists') if fields != '__all__' and not isinstance(fields, (list, tuple)): return True, error_response('fields must be a list or tuple') sql_ctrl = GenericReadManager() data, cnt = sql_ctrl.read(document_name, Q(), page_size, page_num, order_by) if cnt == 0: return False, success_response_with_total_records([], cnt) gsa = GenericSerializerAlpha(document_name=document_name) if not fields == '__all__': for field in fields: gsa.select(field) else: fields = get_fields(document_name) if not include_security_fields: fields = tuple(set(fields) - set(SECURITY_ATTRIBUTES)) gsa.fields(fields) json = gsa.serialize(data) res = success_response_with_total_records(json.data, cnt) return False, res except BaseException as e: if error_track: print_traceback() return True, error_response(str(e))
def post(self, request): try: # we are expecting payload with the request document_name = request.data['document_name'] data = request.data['data'] # as we are not checking row level security, # ignoring offered row level security error, result = data_insert(document_name, data, ignore_security=True) if error: response = error_response(result) return Response(response, status=status.HTTP_400_BAD_REQUEST) response = success_response(result) return Response(response, status=status.HTTP_400_BAD_REQUEST) except BaseException as e: response = error_response(str(e)) return Response(response, status=status.HTTP_400_BAD_REQUEST)
def get(self, request): try: document_name = 'Award' fields = ('ItemId', 'Title', 'Year', 'Description') error, data_or_exception = basic_data_read(document_name, fields=fields) return Response(data_or_exception, status=status.HTTP_200_OK if not error else status.HTTP_400_BAD_REQUEST) except BaseException as e: return Response(error_response(str(e)), status=status.HTTP_400_BAD_REQUEST)
def post(self, request): try: document_name = request.data['document_name'] fields = request.data['fields'] page_size = request.data.get('pageSize', 10) # optional params page_number = request.data.get('pageNumber', 1) # optional params order_by = request.data.get('order_by', []) # optional params error, data_or_exception = basic_data_read(document_name, fields=fields, page_size=page_size, page_num=page_number, order_by=order_by) return Response(data_or_exception, status=status.HTTP_200_OK if not error else status.HTTP_400_BAD_REQUEST) except BaseException as e: return Response(error_response(str(e)), status=status.HTTP_400_BAD_REQUEST)
def required(self, request, *args): if request.META.get('REQUEST_METHOD') == 'GET': if len(args) > 0: response = error_response( 'Get method should not have required parameters. Config error.', status=400) return True, Response(response, status=status.HTTP_400_BAD_REQUEST) params, files = request.data, request.FILES required_fields = args missing_fields = [] if len(required_fields) == 0: return False, None ignore_on_files = [] for field in required_fields: if params.get(field) is None: missing_fields.append(field) else: ignore_on_files.append(field) for field in required_fields: if files.get(field) is None: if field not in ignore_on_files and field not in missing_fields: missing_fields.append(field) if len(missing_fields) == 0: return False, None response = { "error": 400, "error_message": "missing required payload fields in this request", "missing_fields": missing_fields } return True, Response(response, status=status.HTTP_400_BAD_REQUEST)
def data_read(document_name, sql_text, user_id=None, roles=None, checking_roles=True, readable=True, security_attributes=True, selectable=True, read_all=False, exclude_default=False, page_number=1, _size=10, error_track=False): """ :param page_number: :param _size: :param checking_roles: :param document_name: :param sql_text: :param user_id: :param roles: :param readable: :param security_attributes: :param selectable: :param read_all: :return: """ document = get_document(document_name) # checking either model exists # or entity exists in not selectable entities if not document: return False, error_response('document model not found') if is_abstract_document(document_name): return False, error_response('document model not found') if selectable and document_name in NOT_SELECTABLE_ENTITIES_BY_PDS: return False, error_response('document model is not selectable') try: parser = QueryParser(sql_text) dictionary = parser.parse() # filtering fields in where clause _filters = [] if dictionary.get(FILTER, None): _filters = dictionary[FILTER] filter_fields = set(_filters) document_fields = set(get_fields(document_name)) if len(filter_fields - document_fields) > 0: return True, error_response( 'Where clause contains unknown attribute to this Document') if security_attributes: security_attr = set(SECURITY_ATTRIBUTES) contains_security_attributes = filter_fields.intersection( security_attr) if len(contains_security_attributes) > 0: return True, error_response( 'Security attributes found in where clause') # checking user readable data from database for this particular request fields = ['ItemId'] if dictionary.get(SELECT, None): fields = dictionary[SELECT] if read_all: fields = document_fields urm_ctrl = UserRoleMapsManager() if readable: urds_ctrl = UserReadableDataManager() __roles = None if user_id and not roles: __roles = urm_ctrl.get_user_roles(user_id) err, _fields = urds_ctrl.get_user_readable_data_fields( document_name, __roles, exclude_default) if err: msg = f'Entity \'{document_name}\' is missing from user readable data\'s' return True, error_response(msg) diff = set(fields) - _fields # _fields are already a set if len(diff) > 0: return True, error_response( "Select clause contains non readable attributes") sql_ctrl = GenericReadManager() __raw__where = dictionary.get(RAW_WHERE, {}) page_num = dictionary.get(PAGE_NUM, page_number) page_size = dictionary.get(PAGE_SIZE, _size) q = Q() if dictionary.get(WHERE, None): q = dictionary[WHERE] # checking for row level permission starts q2 = Q() if user_id: q2 = Q(IdsAllowedToRead=user_id) if checking_roles: if not roles and user_id: roles = urm_ctrl.get_user_roles(user_id) if roles and not isinstance(roles, (list, tuple)): return True, error_response('roles must be a list or a tuple.') for role in roles: q2 = q2.__or__(Q(RolesAllowedToRead=role)) if user_id or (checking_roles and roles): q = q.__and__(q2) # checking for row level permission ends order_by = [] if dictionary.get(ORDER_BY, None): order_by = dictionary[ORDER_BY] data, cnt = sql_ctrl.read(document_name, q, page_size, page_num, order_by) if cnt == 0: return False, success_response_with_total_records([], cnt) gsa = GenericSerializerAlpha(document_name=document_name) for field in fields: gsa.select(field) json = gsa.serialize(data) res = success_response_with_total_records(json.data, cnt) return False, res except BaseException as e: if error_track: print_traceback() return True, error_response(str(e))