def get(self, request, *args, **kwargs): model = self.resource.model try: if request.user.is_authenticated(): # take the user data from the authentication. return request.user.get_profile() # look up based on the NetworkHost of this request profile = None ip = request.META['REMOTE_ADDR'] mac = get_mac_address(ip) if mac == None: # unknown MAC raise ErrorResponse(status.HTTP_404_NOT_FOUND) try: h = NetworkHost.objects.get(mac_address__iexact=mac) if h.user_profile == None: # no user associated with this host raise ErrorResponse(status.HTTP_404_NOT_FOUND) return h.user_profile except: # networkhost record does not exist raise ErrorResponse(status.HTTP_404_NOT_FOUND) except: pass # other error raise ErrorResponse(status.HTTP_500_INTERNAL_SERVER_ERROR)
def check_placeholder_html_id(html_id, extras_id=[]): """ Check if the placeholder html ID is valid and return split of ID. Valid IDs examples are : 'header-placeholder-1' or 'clipboard-placeholder'. If ID doesn't valid, raise a response 400. Parameters : - extras_id : List of additional id value. If list is empty, just int value is accepted. """ # Extra ID accepted, eg placeholder default. if html_id in extras_id: return html_id # Check structure of html id items_html_id = html_id.rsplit(settings.SLUG_SEP, 2) if len(items_html_id) != 3 or\ items_html_id[1] != settings.SLUG_PLACEHOLDER: raise ErrorResponse(status.HTTP_400_BAD_REQUEST, {'msg': MESSAGES.get('default_error', "")}) # Last item must be an int try: int(items_html_id[2]) except ValueError: raise ErrorResponse(status.HTTP_400_BAD_REQUEST, {'msg': MESSAGES.get('default_error', "")}) return items_html_id
def filter_response(self, obj): """ Given the response content, paginate and then serialize. The response is modified to include to useful data relating to the number of objects, number of pages, next/previous urls etc. etc. The serialised objects are put into `results` on this new, modified response """ # We don't want to paginate responses for anything other than GET requests if self.method.upper() != 'GET': return self._resource.filter_response(obj) paginator = Paginator(obj, self.get_limit()) try: page_num = int(self.request.GET.get('page', '1')) except ValueError: raise ErrorResponse(status.HTTP_404_NOT_FOUND, {'detail': 'That page contains no results'}) if page_num not in paginator.page_range: raise ErrorResponse(status.HTTP_404_NOT_FOUND, {'detail': 'That page contains no results'}) page = paginator.page(page_num) serialized_object_list = self._resource.filter_response(page.object_list) serialized_page_info = self.serialize_page_info(page) serialized_page_info['results'] = serialized_object_list return serialized_page_info
def unpack_data_blob(data): """ Input is a mapping. Find a key named 'data', decode it as a JSON blob, and merge the result into the mapping (in place; returns None). """ import json from djangorestframework.response import ErrorResponse # Don't let the CSRF middleware token muck up our data. if 'csrfmiddlewaretoken' in data: del data['csrfmiddlewaretoken'] # Handle the JSON data blob submitted through a form. if 'data' in data: try: data_blob = json.loads(data['data']) except ValueError: raise ErrorResponse( status.HTTP_400_BAD_REQUEST, {'detail': 'data blob must be a valid JSON object string'}) if not isinstance(data_blob, dict): raise ErrorResponse( status.HTTP_400_BAD_REQUEST, {'detail': 'data blob must be a valid JSON object string'}) del data['data'] data.update(data_blob)
def _get_instance_by_id(self, model, mid): try: id = int(mid) except ValueError: raise ErrorResponse(status.HTTP_404_NOT_FOUND) try: instance = model.objects.get(pk=id) except model.DoesNotExist: raise ErrorResponse(status.HTTP_404_NOT_FOUND) return instance
def post(self, request, number): car = get_model_or_404(Car, number=number) try: car.sell_to(self.user) except Car.NotAllowedException: raise ErrorResponse( 403, {'detail': 'You are not allowed to purchase this car'}) except UserProfile.InsufficientFundsException: raise ErrorResponse(403, {'detail': 'You cannot afford this car'}) else: return {'status': 'ok'}
def base_view(self, request, html_id_object, url_action): """ Basic View of actions admin. This method gets the object related to the request and return the action asked. """ # Get and check app/plugin object HTML ID # Types accepted : PluginRelation or App # If slug not valid => raise HTTP_400_BAD_REQUEST object_type, object_id = check_object_html_id( html_id_object, types=[settings.SLUG_PLUGIN, settings.SLUG_APP]) # Case #1 - Object Type : PluginRelation if object_type == settings.SLUG_PLUGIN: # Get plugin relation try: obj_relation = PluginRelation.objects\ .get(id__exact=object_id) except PluginRelation.DoesNotExist: # If the plugin is not found => 404 raise ErrorResponse(status.HTTP_404_NOT_FOUND, {'msg': MESSAGES.get('default_error', "")}) # Get plugin object obj = obj_relation.content_object # Case #2 - Object Type : App # Necessarily : object_type == settings.SLUG_APP: else: # Get app object obj = request.page.app_page_object # We check that slug parameter is correct if obj.pk != int(object_id): raise ErrorResponse(status.HTTP_404_NOT_FOUND, {'msg': MESSAGES.get('default_error', "")}) # Formatting url action # (add '/' at the begining and the ending) if url_action[0] != '/': url_action = '/' + url_action if url_action[-1] != '/': url_action = url_action + '/' # Dispatcher View try: match = resolve(url_action, urlconf=obj.get_actions_urlconf()) return match.func(request, html_id_object, obj, **match.kwargs) except Http404: raise ErrorResponse(status.HTTP_404_NOT_FOUND, {'msg': MESSAGES.get('action_not_found', "")})
def get_model_or_404(model, *args, **kwargs): try: return model.objects.get(*args, **kwargs) except ObjectDoesNotExist: raise ErrorResponse(404, {'detail': '{model} not found'.format( model=model.__name__)})
def get(self, request, page_pk=None): """ Return the form to edit a app page. If 'page_pk' parameter is None, returns the edit form of the current page (ie request.page), else returns the edit form of the page with the id 'page_pk'. """ # Get page with ID 'page_pk' if page_pk is not None: try: page = request.website.pages.select_related()\ .get(pk=page_pk) app_page = page.app_page_object except Page.DoesNotExist: raise ErrorResponse(status.HTTP_400_BAD_REQUEST, {'msg': MESSAGES.get('default_error', "")}) else: page = request.page app_page = request.page.app_page_object # Page App Admin Form PageAppForm = app_page.get_admin_form() form = PageAppForm(instance=app_page) data_context = {'form': form, 'object': app_page} if page_pk: data_context['page'] = page content = render_to_string('administration/app/app-edit.html', data_context, context_instance=RequestContext(request)) response = Response(status.HTTP_200_OK, { 'html': content, }) return self.render(response)
def post(self, request, relation_id, plugin, action_pk=None): links_html_id = request.POST.getlist('links_id[]') if links_html_id: # New ordering items order = 1 for link_id in map(lambda s: s.split('-')[1], links_html_id): try: obj = Link.objects.get(pk=link_id) if obj.plugin == plugin: obj.order = order obj.save() order += 1 except Link.DoesNotExist: pass # Rendering new content html = request.page.render_page(request).content if isinstance(html, HTMLRendering): html = html.content response = Response( status.HTTP_200_OK, { 'msg': MESSAGES.get('items_edit_success', ""), 'html': html, 'placeholder_type': placeholder_type, 'html_id': relation_id }) return self.render(response) else: raise ErrorResponse(status.HTTP_400_BAD_REQUEST, {'msg': MESSAGES.get('default_error', "")})
def post(self, request): user = request.user parentNode = self.CONTENT.get('parent') text = self.CONTENT.get('text') reType = self.CONTENT.get('type') description = self.CONTENT.get('description') for node in parentNode.node_set.all(): if node.text == text: raise ErrorResponse(status.HTTP_400_BAD_REQUEST, 'Duplicated name under ' + parentNode.text) site, parentRelativePath = parentNode.get_site_and_path() nodeRelativePath = os.path.join(parentRelativePath, text) nodeFolder = os.path.join(parentNode.get_full_path(), text) if(reType == 'R'): if(User.has_perm(user, 'repo.add_repository', None)): p2_folder = p2.Folder(nodeFolder) p2_folder.addRepositoryFolder() repo = dbhandler.create_repository(text, nodeRelativePath, description, site, parentNode) node = repo.node else: raise PermissionDenied if(reType == 'C'): if(User.has_perm(user, 'repo.add_composite', None)): p2_folder = p2.Folder(nodeFolder) p2_folder.addCompositeFolder() com = dbhandler.create_composite(text, nodeRelativePath, site, parentNode) node = com.node else: raise PermissionDenied return node.as_node()
def delete(self, request, *args, **kwargs): """ Only the creator should be able to delete an instance. """ model = self.resource.model query_kwargs = self.get_query_kwargs(request, *args, **kwargs) try: instance = self.get_instance(**query_kwargs) except model.DoesNotExist: raise ErrorResponse(status.HTTP_404_NOT_FOUND, None, {}) if instance.created_by == self.user: instance.delete() else: raise ErrorResponse(status.HTTP_401_UNAUTHORIZED, None, {})
def get(self, request, lat, lon): try: location = (float(lon), float(lat)) except ValueError: raise ErrorResponse(400, {'detail': 'Invalid Coordinates'}) return Stop.objects.find_nearby(location)[:settings.STOP_SEARCH_LIMIT]
def delete(self,request, site_id): if not request.user.is_superuser: raise PermissionDenied site = self._get_instance_by_id(Site, site_id) node = self._get_instance_by_id(Node, site_id) composites = getReferredComRepoForSite(site) if(len(composites) != 0): restr = '' for x in composites: restr = restr+',' restr = restr + x.name+'in site'+x.site.name raise ErrorResponse(status.HTTP_412_PRECONDITION_FAILED, 'Repository is referenced by composite ' + restr) if site.name in conf.CONF.get('REPOSITORY_SITES'): del conf.CONF.get('REPOSITORY_SITES')[site.name] conf.CONF.save() if os.path.isdir(site.get_location()): oldName=site.get_location() newName = site.get_location()+time.strftime('%Y%m%d%H%I%S',time.localtime(time.time())) os.rename(oldName, newName) #cascading delete site, site's node, repo and repo'nodes, composites and composites' nodes dbhandler.delete_site(site.id) return site
def check_permission(self, user): if (not user.is_staff and self.view.method not in SAFE_METHODS): raise ErrorResponse(status.HTTP_403_FORBIDDEN, {'detail': 'You do not have permission to access this resource. ' + 'Only staff members may perform the requested action.'})
def http_method_not_allowed(self, request, *args, **kwargs): """ Return an HTTP 405 error if an operation is called which does not have a handler method. """ raise ErrorResponse(status.HTTP_405_METHOD_NOT_ALLOWED, { 'detail': 'Method \'%s\' not allowed on this resource.' % self.method })
def get(self, request, number): model = self.resource.model model_instance = get_model_or_404(model, number=number) #Only the car's owner can view detailed information if not model_instance.owner == self.user.get_profile(): raise ErrorResponse(403, {'detail': 'You do not own this car'}) return model_instance
def post(self, request): data = self.get_data(request) try: value = int(self.CONTENT["value"]) except (KeyError, TypeError): raise ErrorResponse(status.BAD_REQUEST) data.add(value) request.session.modified = True return Response(status.CREATED, data)
def get(self, request, *args, **kwargs): model = self.resource.model query_kwargs = self.get_query_kwargs(request, *args, **kwargs) try: self.model_instance = self.get_instance(**query_kwargs) except model.DoesNotExist: raise ErrorResponse(status.HTTP_404_NOT_FOUND) return self.model_instance
def delete(self, request, *args, **kwargs): model = self.resource.model try: instance = model.objects.get(self.build_query(*args, **kwargs)) except model.DoesNotExist: raise ErrorResponse(status.HTTP_404_NOT_FOUND, None, {}) instance.delete() return
def post(self, request): data = self.get_data(request) try: key = self.CONTENT["key"] value = self.CONTENT["value"] except KeyError: raise ErrorResponse(status.BAD_REQUEST) data[key] = value request.session.modified = True return Response(status.CREATED, data)
def get(self, request, operation_id): op = self._get_instance_by_id(Operation, operation_id) commit_id = op.commit_id if commit_id: repository = op.repository p2_repo = p2.Repo(repository.get_full_path()) diff = p2_repo.get_commit_diff(commit_id) return diff else: raise ErrorResponse(status.HTTP_404_NOT_FOUND, 'No diff information.')
def post(self, request, site_id): if not request.user.is_superuser: raise PermissionDenied site = self._get_instance_by_id(Site, site_id) p2_site = p2.Site(site.get_location()) returncode, output = p2_site.recover() if returncode: raise ErrorResponse(status.HTTP_500_INTERNAL_SERVER_ERROR, output) else: return output
def raise_forbidden(self): """ Raise a 403 forbidden HTTP error. """ raise ErrorResponse( status.HTTP_403_FORBIDDEN, { 'detail': ('You do not have permission to access this ' 'resource. You may need to login or otherwise ' 'authenticate the request.') })
def post(self, request, number): car = get_model_or_404(Car, number=number) try: # import pdb; pdb.set_trace() car.buy_back(self.user) except Car.NotAllowedException: raise ErrorResponse(403, {'detail': 'This car does not belong to you'}) else: return {'status': 'ok'}
def get(self, request, *args, **kwargs): """Gets post data. If ?html option is specified, method will return only post html without any other fields. """ try: post = self.model.objects.get(**kwargs) if request.GET.get("html"): return {"html": post.html} return post except self.model.DoesNotExist: raise ErrorResponse(status.NOT_FOUND)
def post(self, request, repository_id): user = request.user if(User.has_perm(user, 'repo.change_repository', None)): repository = self._get_instance_by_id(Repository, repository_id) #check if the rollback operation can be done, operations should be ordered by commit_time desc operations = repository.operation_set.filter(committer=request.user).order_by('commit_time').reverse() flag = p2.check_rollback(operations) if flag == False: raise ErrorResponse(status.HTTP_400_BAD_REQUEST, 'Last operation can not be rolled back.') p2_repo = p2.Repo(repository.get_full_path()) try: p2_repo.rollback() op = repository.operation_set.create(message='Repository rollback by user.', type='R', committer=request.user) op.save() return op.to_resource() except P2Exception: raise ErrorResponse(status.HTTP_400_BAD_REQUEST, 'Not able to rollback') else: raise PermissionDenied
def delete(self, request, *args, **kwargs): """Deletes post.""" try: post = self.model.objects.get(id=kwargs["id"]) except self.model.DoesNotExist: raise ErrorResponse(status.NOT_FOUND) key = get_key(request.GET["password"]) if post.password == key: post.remove() elif is_mod(request, post.section_slug()): mod_delete_post(request, post) post.remove() else: raise ErrorResponse(status.FORBIDDEN, content={ "detail": u"{0}{1}. {2}".format( _("Error on deleting post #"), post.pid, _("Password mismatch") ) }) return Response(status.NO_CONTENT)
def post(self, request, *args, **kwargs): # Users should only be able to support a plan once, and this is enforced # by the ORM/DB. Gracefully handle the integrity error. try: return super(PlanSupportListView, self).post(request, *args, **kwargs) except IntegrityError: raise ErrorResponse( status.HTTP_409_CONFLICT, {'detail': ('User has already supported ' 'that plan.')})
def post(self, request, relation_html_id): """ Update plugin modifications. If modifications are correct return confirmation message and the new render of the layout section; if not, return the plugin form with error messages Parameters : - relation_html_id : PluginRelation Id POST parameters : - form fields - csrf token """ pk = check_object_html_id(relation_html_id)[1] try: plugin_relation = PluginRelation.objects.filter( pages__website__exact=request.website, id__exact=pk)[0] except IndexError: raise Http404 # Create the plugin form plugin = plugin_relation.content_object PluginFormClass = plugin.get_admin_form() form = PluginFormClass(request.POST, instance=plugin) if form.is_valid(): plugin = form.save() placeholder_slug_items = check_placeholder_html_id( plugin_relation.placeholder_slug) layout_section_slug = placeholder_slug_items[0] rendering_context = RenderingContext(request) html_rendering = rendering_context.get_html_layout(layout_section_slug) response = Response(status.HTTP_200_OK, {"msg": MESSAGES.get('item_edit_success',""), 'html': html_rendering, 'layout_section_slug': layout_section_slug}) return self.render(response) else: # Invalid form => 400 BAD REQUEST # with forms (and errors..) html = render_to_string('administration/plugin/plugin-edit.html', {'form': form, 'plugin': plugin, 'plugin_relation_html_id': relation_html_id}, context_instance = RequestContext(request)) raise ErrorResponse(status.HTTP_400_BAD_REQUEST, {'msg': MESSAGES.get('invalid_data', ""), 'html': html})