def update_model(self, request, instance, data):
odm = request.app.odm()
with odm.begin() as session:
for key, value in data.items():
setattr(instance, key, value)
session.add(instance)
return instance
def create_model(self, request, data):
odm = request.app.odm()
model = odm[self.model.name]
with odm.begin() as session:
instance = model(**data)
session.add(instance)
return instance
def meta(self, request):
meta = super().meta(request)
odm = request.app.odm()
model = odm[self.model.name]
with odm.begin() as session:
query = session.query(model)
meta['total'] = query.count()
return meta
def read_update_delete(self, request):
if request.method == 'OPTIONS':
request.app.fire('on_preflight', request)
return request.response
model = self.model(request.app)
odm = request.app.odm()
with odm.begin() as session:
instance = self.get_instance(request, session=session)
if request.method == 'GET':
self.check_model_permission(request, rest.READ)
data = model.serialise(request, instance)
elif request.method == 'HEAD':
self.check_model_permission(request, rest.READ)
return request.response
elif request.method in ('POST', 'PUT'):
form_class = model.updateform
if not form_class:
raise MethodNotAllowed
self.check_model_permission(request, rest.UPDATE)
columns = model.columns_with_permission(request, rest.UPDATE)
columns = model.column_fields(columns, 'name')
data, files = request.data_and_files()
form = form_class(request, data=data, files=files,
previous_state=instance)
if form.is_valid(exclude_missing=True):
# At the moment, we silently drop any data
# for columns the user doesn't have update access to,
# like they don't exist
filtered_data = {k: v for k, v in form.cleaned_data.items()
if k in columns}
instance = model.update_model(request, instance,
filtered_data)
data = model.serialise(request, instance)
else:
data = form.tojson()
elif request.method == 'DELETE':
self.check_model_permission(request, rest.DELETE)
model.delete_model(request, instance)
request.response.status_code = 204
return request.response
else:
raise MethodNotAllowed
return Json(data).http_response(request)
def get_instance(self, request, session=None, **args):
odm = request.app.odm()
args = args or self.urlargs(request)
if not args: # pragma nocover
raise Http404
model = self.model(request)
with odm.begin(session=session) as session:
query = model.query(request, session)
try:
return query.filter_by(**args).one()
except (DataError, NoResultFound):
raise Http404
def get_model(self, request):
odm = request.app.odm()
model = odm[self.model.name]
args = request.urlargs
if not args: # pragma nocover
raise Http404
with odm.begin() as session:
query = session.query(model)
try:
return query.filter_by(**args).one()
except (DataError, NoResultFound):
raise Http404
def get_instance(self, request, session=None, **args):
odm = request.app.odm()
args = args or self.urlargs(request)
if not args: # pragma nocover
raise Http404
model = self.model(request)
with odm.begin(session=session) as session:
query = model.query(request, session)
try:
return query.filter_by(**args).one()
except (DataError, NoResultFound):
raise Http404
def read_update_delete(self, request):
if request.method == "OPTIONS":
request.app.fire("on_preflight", request)
return request.response
model = self.model(request.app)
odm = request.app.odm()
with odm.begin() as session:
instance = self.get_instance(request, session=session)
if request.method == "GET":
self.check_model_permission(request, rest.READ)
data = model.serialise(request, instance)
elif request.method == "HEAD":
self.check_model_permission(request, rest.READ)
return request.response
elif request.method in ("POST", "PUT"):
form_class = model.updateform
if not form_class:
raise MethodNotAllowed
self.check_model_permission(request, rest.UPDATE)
columns = model.columns_with_permission(request, rest.UPDATE)
columns = model.column_fields(columns, "name")
data, files = request.data_and_files()
form = form_class(request, data=data, files=files, previous_state=instance)
if form.is_valid(exclude_missing=True):
# At the moment, we silently drop any data
# for columns the user doesn't have update access to,
# like they don't exist
filtered_data = {k: v for k, v in form.cleaned_data.items() if k in columns}
instance = model.update_model(request, instance, filtered_data)
data = model.serialise(request, instance)
else:
data = form.tojson()
elif request.method == "DELETE":
self.check_model_permission(request, rest.DELETE)
model.delete_model(request, instance)
request.response.status_code = 204
return request.response
else:
raise MethodNotAllowed
return Json(data).http_response(request)
def collection(self, request, limit, offset, text):
app = request.app
odm = app.odm()
model = odm[self.model.name]
with odm.begin() as session:
query = session.query(model)
query = self.filter(request, query, text)
total = query.count()
query = self.sortby(request, query)
data = query.limit(limit).offset(offset).all()
data = self.serialise(request, data)
return app.pagination(request, data, total, limit, offset)