def post(self, hashing=None):
"""
POST /password[/<hashing>]
:return:
"""
if not self.request.body:
self.userError("empty request")
return
try:
data = escape.json_decode(self.request.body)
except json.decoder.JSONDecodeError as e:
self.userError("Malformed request", e)
return
except Exception as e:
self.userError("Malformed request", e)
return
try:
# NEW Event UPDATE PASSWORD
if not hashing:
if not 'email' in data:
self.userError("Email not specified")
return
if not 'hashing' in data:
data['hashing'] = str(uuid.uuid4())
user = None
cursor = yield r.table('users').filter({
'email': data['email']
}).run(self.dbconnection)
while (yield cursor.fetch_next()):
user = yield cursor.next()
if not user:
self.userError("no user found or permission denied")
return
event = Event({
'action': EventAction.CREATE,
'user': None,
'object': {
'type': ObjectType.PASSWORD,
'id': user['id']
},
'data': data
})
# APPROVE Event UPDATE PASSWORD
else:
if not 'password' in data:
self.userError("Password not specified")
return
# Find the Event based on the hashing
cursor = yield r.table('activity').filter(
lambda ev: ev["data"]["hashing"] == hashing).run(
self.application.dbconnection)
while (yield cursor.fetch_next()):
ev = yield cursor.next()
event = Event(ev)
user = None
cursor = yield r.table('users').filter({
'email':
event.data['email']
}).run(self.dbconnection)
while (yield cursor.fetch_next()):
user = yield cursor.next()
if not user:
self.userError("user not found or permission denied")
return
#user = User(user)
# Crypt password
new_password = crypt_password(data['password'])
event.data['password'] = new_password
event.setApproved()
except Exception as e:
self.userError("Can't create request", e)
return
else:
result = yield dispatch(self.dbconnection, event)
self.write(
json.dumps({
"result": "success",
"error": None,
"debug": None
},
cls=myJSONEncoder))
def put(self, id):
"""
PUT /requests/<id>
{ action: <approve|deny|message>, message: <string> }
:return:
"""
current_user = self.get_current_user()
if not current_user:
self.userError("not authenticated")
return
user = User(current_user)
if id is None:
self.userError("wrong ID missing")
try:
action = escape.json_decode(self.request.body)['action']
except json.decoder.JSONDecodeError as e:
self.userError("malformed request", e.message)
return
try:
if 'message' in escape.json_decode(self.request.body):
message = escape.json_decode(self.request.body)['message']
else:
message = None
except json.decoder.JSONDecodeError as e:
self.userError("malformed request", e.message)
return
if action != 'approve' and action != 'deny':
self.userError("action must be approve or deny")
return
# retrieve the event from db, and see if it is in pending status
ev = yield r.table('activity').get(id).run(self.dbconnection)
if not ev:
self.userError("request not found {}".format(id))
return
event = Event(ev)
if not event.isPending():
self.serverError("malformed request")
return
# TODO: if message, user that created Event can send a message
if not user.has_privilege(event):
self.userError("Permission denied")
return
# Manager that approve / deny the Event
# Used to save the object using manager's credentials
event.setManager(user.id)
if action == 'approve':
event.setApproved()
if action == 'deny':
event.setDenied()
event.notify = True
if message:
event.message(user.id, message)
yield dispatch(self.dbconnection, event)
requests = []
# Get the updated event after dispatch
ev = yield r.table('activity').get(id).run(self.dbconnection)
requests.append(ev)
self.finish(json.dumps({"result": requests}, cls=myJSONEncoder))
