def create_or_update(collection=None, source=None): if collection is not None: authz.require(authz.collection(authz.WRITE, collection)) if source is not None: authz.require(authz.source(authz.WRITE, source)) resource_type = Permission.COLLECTION if collection else Permission.SOURCE resource_id = collection or source data = request_data() validate(data, permissions_schema) # check that the role exists. rq = session.query(Role).filter(Role.id == data['role']) if rq.first() is None: raise BadRequest() q = session.query(Permission) q = q.filter(Permission.role_id == data['role']) q = q.filter(Permission.resource_type == resource_type) q = q.filter(Permission.resource_id == resource_id) permission = q.first() if permission is None: permission = Permission() permission.role_id = data['role'] permission.resource_type = resource_type permission.resource_id = resource_id permission.read = data['read'] permission.write = data['write'] session.add(permission) session.commit() return jsonify({ 'status': 'ok', 'updated': permission })
def collection_entity_save(collection): collection = get_collection(collection, authz.WRITE) data = request_data() update_operation = 'id' in data entities = get_loom_config().entities schema = data.get('$schema') if update_operation and schema is None: schema = entities.get_schema(data['id'], right=authz.entity_right()) if schema not in get_loom_config().schemas.values(): raise BadRequest() # this will raise if it fails: validate(data, schema) subject = entities.save(schema, data, collection_id=collection.id, author=request.auth_user, right=authz.entity_right()) collection_add_entity(collection, subject) get_loom_indexer().index_one(subject, schema=schema) entity = entities.get(subject, schema=schema, depth=2, right=authz.entity_right()) return jsonify({ 'status': 'ok', 'data': entity }, status=200 if update_operation else 201)
def update(id): collection = get_collection(id, authz.WRITE) data = request_data() validate(data, collections_schema) collection.title = data.get('title') session.add(collection) update_subjects(collection, data) session.commit() return jsonify({'status': 'ok', 'data': collection})
def update(id): source = session.query(Source).filter(Source.id == id).first() source = obj_or_404(source) authz.require(authz.source(authz.WRITE, source.id)) data = request_data() validate(data, sources_schema) source.title = data.get('title') source.url = data.get('url') session.add(source) session.commit() return jsonify({'status': 'ok', 'data': source})
def create(): authz.require(authz.logged_in()) data = request_data() validate(data, collections_schema) collection = Collection() collection.title = data.get('title') session.add(collection) update_subjects(collection, data) session.flush() permission = Permission() permission.resource_id = collection.id permission.resource_type = Permission.COLLECTION permission.read = True permission.write = True permission.role_id = request.auth_user session.add(permission) session.commit() return jsonify({'status': 'ok', 'data': collection}, status=201)