def search(self): """Return the list of file resources matching the input JSON query. :URL: ``SEARCH /files`` (or ``POST /files/search``) :request body: A JSON object of the form:: {"query": {"filter": [ ... ], "order_by": [ ... ]}, "paginator": { ... }} where the ``order_by`` and ``paginator`` attributes are optional. """ try: json_search_params = unicode(request.body, request.charset) python_search_params = json.loads(json_search_params) SQLAQuery = h.eagerload_file( self.query_builder.get_SQLA_query(python_search_params.get('query'))) query = h.filter_restricted_models('File', SQLAQuery) return h.add_pagination(query, python_search_params.get('paginator')) except h.JSONDecodeError: response.status_int = 400 return h.JSONDecodeErrorResponse except (OLDSearchParseError, Invalid), e: response.status_int = 400 return {'errors': e.unpack_errors()}
def edit(self, id): """Return a file and the data needed to update it. :URL: ``GET /files/edit`` with optional query string parameters :param str id: the ``id`` value of the file that will be updated. :returns: a dictionary of the form:: {"file": {...}, "data": {...}} where the value of the ``file`` key is a dictionary representation of the file and the value of the ``data`` key is a dictionary containing the objects necessary to update a file, viz. the return value of :func:`FilesController.new` .. note:: This action can be thought of as a combination of :func:`FilesController.show` and :func:`FilesController.new`. See :func:`get_new_edit_file_data` to understand how the query string parameters can affect the contents of the lists in the ``data`` dictionary. """ response.content_type = 'application/json' file = h.eagerload_file(Session.query(File)).get(id) if file: unrestricted_users = h.get_unrestricted_users() if h.user_is_authorized_to_access_model(session['user'], file, unrestricted_users): return {'data': get_new_edit_file_data(request.GET), 'file': file} else: response.status_int = 403 return h.unauthorized_msg else: response.status_int = 404 return {'error': 'There is no file with id %s' % id}
def show(self, id): """Return a file. :URL: ``GET /files/id`` :param str id: the ``id`` value of the file to be returned. :returns: a file model object. """ file = h.eagerload_file(Session.query(File)).get(id) if file: unrestricted_users = h.get_unrestricted_users() user = session['user'] if h.user_is_authorized_to_access_model(user, file, unrestricted_users): return file else: response.status_int = 403 return h.unauthorized_msg else: response.status_int = 404 return {'error': 'There is no file with id %s' % id}
def index(self): """Get all file resources. :URL: ``GET /files`` with optional query string parameters for ordering and pagination. :returns: a list of all file resources. .. note:: See :func:`utils.add_order_by` and :func:`utils.add_pagination` for the query string parameters that effect ordering and pagination. """ try: query = h.eagerload_file(Session.query(File)) query = h.add_order_by(query, dict(request.GET), self.query_builder) query = h.filter_restricted_models('File', query) return h.add_pagination(query, dict(request.GET)) except Invalid, e: response.status_int = 400 return {'errors': e.unpack_errors()}
def update(self, id): """Update a file and return it. :URL: ``PUT /files/id`` :Request body: JSON object representing the file with updated attribute values. :param str id: the ``id`` value of the file to be updated. :returns: the updated file model. """ file = h.eagerload_file(Session.query(File)).get(int(id)) if file: unrestricted_users = h.get_unrestricted_users() user = session['user'] if h.user_is_authorized_to_access_model(user, file, unrestricted_users): try: if getattr(file, 'parent_file', None): file = update_subinterval_referencing_file(file) elif getattr(file, 'url', None): file = update_externally_hosted_file(file) else: file = update_file(file) # file will be False if there are no changes if file: Session.add(file) Session.commit() return file else: response.status_int = 400 return {'error': u'The update request failed because the submitted data were not new.'} except h.JSONDecodeError: response.status_int = 400 return h.JSONDecodeErrorResponse except Invalid, e: response.status_int = 400 return {'errors': e.unpack_errors()} else: response.status_int = 403 return h.unauthorized_msg
def delete(self, id): """Delete an existing file and return it. :URL: ``DELETE /files/id`` :param str id: the ``id`` value of the file to be deleted. :returns: the deleted file model. .. note:: Only administrators and a file's enterer can delete it. """ file = h.eagerload_file(Session.query(File)).get(id) if file: if session['user'].role == u'administrator' or \ file.enterer is session['user']: delete_file(file) return file else: response.status_int = 403 return h.unauthorized_msg else: response.status_int = 404 return {'error': 'There is no file with id %s' % id}