def obj_create(self, bundle, request=None, **kwargs): request = bundle.request create_type = bundle.data.pop('type') key = request.GET.get('oauth_consumer_key') user = MyUser.objects.get( username=verify_access_token(key).user.username) if (create_type == 'create'): new_group = StudyGroup(description=bundle.data.pop('description')) new_group.save() self.add_user_to_group(user, new_group) raise ImmediateHttpResponse(http.HttpAccepted(t.user)) elif (create_type == 'delete'): group = StudyGroup.objects.get(id=bundle.data.pop('id')) for m in Membership.objects.filter(group=group): m.delete() group.delete() raise ImmediateHttpResponse(http.HttpAccepted()) elif create_type == "add_to_group": group = StudyGroup.objects.get(id=bundle.data.pop('id')) self.add_user_to_group(user, group) elif create_type == "quit_group": group = StudyGroup.objects.get(id=bundle.data.pop('id')) m = Membership.objects.get(person=user, group=group)
def post_zip(self, request, **kwargs): self.method_check(request, allowed=['post']) self.is_authenticated(request) self.throttle_check(request) try: event_obj = Event.objects.get(pk=kwargs['pk']) cont = rackspace.cloud_files.get_container( event_obj.container_name) album_zip = cont.get_object('{}.zip'.format(event_obj.uuid)) response_body = { 'zip_url': event_obj.zip_download_url, 'created_at': album_zip.last_modified + "Z", } return self.create_response(request, response_body) except ObjectDoesNotExist: return http.HttpNotFound() except MultipleObjectsReturned: return http.HttpMultipleChoices( "More than one resource is found at this URI.") else: # check if there's already a job running that is creating an album archive if app.backend.get('event:{0}:create_album_zip'.format( kwargs['pk'])): http409 = http.HttpResponse http409.status_code = 409 return http409() else: event.create_album_zip.delay(kwargs['pk']) return http.HttpAccepted()
def inner(self, request, **kwargs): """ Handle ``{method}`` request. Implement ``async_{method} to add custom request, returning celery.result.AsyncResult. If it returns None, HttpBadRequest is returned from this method. If you don't implement the custom method, it will return HttpNotImplemented. """ try: result = getattr(self, 'async_' + method)( request, **self.remove_api_resource_names(kwargs)) if result is None: return http.HttpBadRequest() except NotImplementedError: return http.HttpNotImplemented() if isinstance(result, AsyncResult): if isinstance(result, EagerResult): EAGER_RESULTS[result.id] = result response = http.HttpAccepted() response['Location'] = self._build_reverse_url( 'api_async_state', kwargs={ 'api_name': self._meta.api_name, 'resource_name': self._meta.resource_name, 'task_id': result.id }) return response else: return result
def obj_create(self, bundle, request=None, **kwargs): create_type = bundle.data.pop('type', 'register') if create_type == 'register': form = USER_CREATION_FORM(bundle.data) if form.is_valid(): new_user = form.save() new_user.send_email('activate') bundle.obj = new_user raise ImmediateHttpResponse(http.HttpAccepted()) #auto login, means request twice, first register, then login! else: #output the errors for tatstypie bundle.errors[self._meta.resource_name] = form.errors self.error_response(bundle.errors, request) elif create_type == 'login': expiry_seconds = bundle.data.pop('expiry_seconds', None) user = auth.authenticate(**bundle.data) if user is not None and user.is_active: auth.login(request, user) if expiry_seconds: request.session.set_expiry(int(expiry_seconds)) self.show_keys(request) elif user is not None and not user.is_active: raise BadRequest('not active') else: raise BadRequest('login error') else: raise BadRequest('create user resource error')
def obj_delete(self, bundle, **kwargs): user = CommCareUser.get(kwargs['pk']) if user: user.retire(bundle.request.domain, deleted_by=bundle.request.couch_user, deleted_via=USER_CHANGE_VIA_API) return ImmediateHttpResponse(response=http.HttpAccepted())
def register(self, request, **kwargs): self.method_check(request, allowed=['post']) self.is_authenticated_apikey_only(request) self.is_authorized(request) self.throttle_check(request) deserialized = self.deserialize(request, request.raw_post_data, format=request.META.get('CONTENT_TYPE', 'application/json')) deserialized = self.alter_deserialized_detail_data(request, deserialized) email = deserialized['email'] or '' password = deserialized['password'] or '' newsletter = bool(deserialized['newsletter']) try: validate_email(email) except: raise BadRequest('Please provide a valid email address.') if password == '': raise BadRequest('Please provide a password.') try: NewsletterBackend().register(request, username=email, email=email, password1=password, newsletter=newsletter) except IntegrityError: raise BadRequest('A user with that email address already exists.') self.log_throttled_access(request) return http.HttpAccepted()
def obj_delete(self, bundle, **kwargs): try: obj = self.obj_get(bundle, **kwargs) except ObjectDoesNotExist: raise NotFound("A model instance matching the provided arguments could not be found.") ScanDaemonRpcInterface().remove_resource(obj.id) raise ImmediateHttpResponse(http.HttpAccepted())
def post(self, request, pk=None, params=None, **kwargs): """ Sets user's roles to given list of ids as ``role_id`` param. """ user = get_object_or_404(User, pk=pk) roles = Role.objects.filter(id__in=params.role_ids) user.roles.clear() user.roles.add(*roles) return http.HttpAccepted()
def obj_create(self, bundle, request, **kwargs): log.info('Resizing product icon %s @ %s to %s for webpay' % (bundle.data['ext_url'], bundle.data['ext_size'], bundle.data['size'])) tasks.fetch_product_icon.delay(bundle.data['ext_url'], bundle.data['ext_size'], bundle.data['size']) # Tell the client that deferred processing will create an object. raise ImmediateHttpResponse(response=http.HttpAccepted())
def patch_detail(self, request, **kwargs): """ Updates a resource in-place. Calls ``obj_update``. If the resource is updated, return ``HttpAccepted`` (202 Accepted). If the resource did not exist, return ``HttpNotFound`` (404 Not Found). """ request = convert_post_to_patch(request) basic_bundle = self.build_bundle(request=request) # We want to be able to validate the update, but we can't just pass # the partial data into the validator since all data needs to be # present. Instead, we basically simulate a PUT by pulling out the # original data and updating it in-place. # So first pull out the original object. This is essentially # ``get_detail``. try: obj = self.cached_obj_get(bundle=basic_bundle, **self.remove_api_resource_names(kwargs)) except ObjectDoesNotExist: return http.HttpNotFound() except MultipleObjectsReturned: return http.HttpMultipleChoices( "More than one resource is found at this URI.") self.post_obj_get(obj) bundle = self.build_bundle(obj=obj, request=request) bundle = self.full_dehydrate(bundle) bundle = self.alter_detail_data_to_serialize(request, bundle) # Now update the bundle in-place. deserialized = self.deserialize(request, request.body, format=request.META.get( 'CONTENT_TYPE', 'application/json')) self.update_in_place(request, bundle, deserialized) # TODO: Check if this try/except is neccessary #try: # self.update_in_place(request, bundle, deserialized) #except ObjectDoesNotExist: # return http.HttpNotFound() # if not self._meta.always_return_data: return http.HttpAccepted() else: bundle = self.full_dehydrate(bundle) bundle = self.alter_detail_data_to_serialize(request, bundle) return self.create_response(request, bundle, response_class=http.HttpAccepted)
def expire_token(self, request, **kwargs): self.method_check(request, allowed=['post']) self.is_authenticated(request) self.is_authorized(request) self.throttle_check(request) if hasattr(request, 'token'): request.token.delete() self.log_throttled_access(request) return http.HttpAccepted()
def api_auth(request): """ authentication gate for the REST clients. Wraps the normal login method into JSON shell """ if not request.method == "POST": return http.HttpMethodNotAllowed() form = AuthenticationForm(data=request.POST) if form.is_valid(): login(request, form.get_user()) return http.HttpAccepted() else: return http.HttpUnauthorized("Invalid credentials")
def patch_detail(self, request, **kwargs): data = json.loads(request.META.get('data', request.raw_post_data)) action_type = data.pop('action', None) if action_type: # triggerre by action/function if action_type == 'change_password': change_password(request.user, data.get('new_password')) self.show_keys(request) elif action_type == 'request_reset_password': try: email = data.get('email') if not email: raise BadRequest('need email to reset password') user = User.objects.get(email=email) user.send_email('reset_password') except User.DoesNotExist: raise BadRequest('the email is not registered') elif action_type == 're_activate': try: user = User.objects.get(username=data.get('username')) if user.is_active: raise BadRequest('already activated') else: user.send_email('re_activate') except User.DoesNotExist: raise BadRequest('need username') elif action_type == 'reset_password': uid = base36_to_int(data['uid']) user = User.objects.get(id=uid) if default_token_generator.check_token(user, data['token']): change_password(user, data.get('new_password')) if AUTO_LOGIN_AFTER_RESET_PASSWORD: user.backend = DEFAULT_USER_BACKEND auth.login(request, user) self.show_keys(request) else: raise BadRequest('token error can not reset your password') else: raise BadRequest('not allowed ') #at last raise ImmediateHttpResponse(http.HttpAccepted()) if not action_type and request.user.is_authenticated(): return super(UserResource, self).patch_detail(request, **kwargs) else: raise BadRequest('can not modify info of other user')
def patch_detail(self, request, **kwargs): """ Updates a resource in-place. Calls ``obj_update``. If the resource is updated, return ``HttpAccepted`` (202 Accepted). If the resource did not exist, return ``HttpNotFound`` (404 Not Found). """ # request = self.convert_post_to_patch(request) basic_bundle = self.build_bundle(request=request) # We want to be able to validate the update, but we can't just pass # the partial data into the validator since all data needs to be # present. Instead, we basically simulate a PUT by pulling out the # original data and updating it in-place. # So first pull out the original object. This is essentially # ``get_detail``. try: obj = self._meta.object_class.objects.get(id=kwargs['pk']) except ObjectDoesNotExist: return http.HttpNotFound() except MultipleObjectsReturned: return http.HttpMultipleChoices( "More than one resource is found at this URI.") bundle = self.build_bundle(obj=obj, request=request) bundle = self.full_dehydrate(bundle) bundle = self.alter_detail_data_to_serialize(request, bundle) # Now update the bundle in-place. deserialized = self.deserialize(request, request.body, format=request.META.get( 'CONTENT_TYPE', 'application/json')) self.update_in_place(request, bundle, deserialized) if not self._meta.always_return_data: return http.HttpAccepted() else: # Invalidate prefetched_objects_cache for bundled object # because we might have changed a prefetched field bundle.obj._prefetched_objects_cache = {} bundle = self.full_dehydrate(bundle) bundle = self.alter_detail_data_to_serialize(request, bundle) return self.create_response(request, bundle, response_class=http.HttpAccepted)
def post_detail(self, request, **kwargs): if 'ssh_key' not in request.FILES: res = HttpResponse("Please upload an ssh_key file") res.status_code = 500 return res basic_bundle = self.build_bundle(request=request) try: obj = self.cached_obj_get(bundle=basic_bundle, **self.remove_api_resource_names(kwargs)) except ObjectDoesNotExist: return http.HttpNotFound() except MultipleObjectsReturned: return http.HttpMultipleChoices( "More than one resource is found at this URI.") ssh_key = request.FILES['ssh_key'] got = ssh_key.read() ssh_key.seek(0) try: SSHKey(got, obj.password).key_obj except paramiko.ssh_exception.SSHException as error: res = HttpResponse(error) res.status_code = 500 return res obj.ssh_key = File(ssh_key) obj.save() if not self._meta.always_return_data: return http.HttpAccepted() else: bundle = self.build_bundle(obj=obj, request=request) bundle = self.full_dehydrate(bundle) bundle = self.alter_detail_data_to_serialize(request, bundle) return self.create_response(request, bundle, response_class=http.HttpAccepted)
def post_invites(self, request, **kwargs): ### start copied from tasytpie ### body = request.body deserialized = self.deserialize(request, body, format=request.META.get( 'CONTENT_TYPE', 'application/json')) deserialized = self.alter_deserialized_detail_data( request, deserialized) bundle = self.build_bundle(data=dict_strip_unicode_keys(deserialized), request=request) ## start custom code ## try: event_obj = Event.objects.get(pk=kwargs['pk']) except ObjectDoesNotExist: return http.HttpNotFound() except MultipleObjectsReturned: return http.HttpMultipleChoices( "More than one resource is found at this URI.") else: event.email_guests.delay(kwargs['pk'], bundle.data['message']) return http.HttpAccepted()
def post_detail(self, request, **kwargs): basic_bundle = self.build_bundle(request=request) try: obj = self.cached_obj_get(bundle=basic_bundle, **self.remove_api_resource_names(kwargs)) except ObjectDoesNotExist: return http.HttpNotFound() except MultipleObjectsReturned: return http.HttpMultipleChoices( "More than one resource is found at this URI.") obj.save() if not self._meta.always_return_data: return http.HttpAccepted() else: bundle = self.build_bundle(obj=obj, request=request) bundle = self.full_dehydrate(bundle) bundle = self.alter_detail_data_to_serialize(request, bundle) return self.create_response(request, bundle, response_class=http.HttpAccepted)
def patch_passwordreset(self, request, **kwargs): # Now update the bundle in-place. deserialized = self.deserialize(request, request.body, format=request.META.get( 'CONTENT_TYPE', 'application/json')) bundle = self.build_bundle(data=dict_strip_unicode_keys(deserialized), request=request) if bundle.data['nonce'] is not None and bundle.data[ 'password'] is not None: try: passnonce = PasswordNonce.objects.get( is_valid=True, nonce=bundle.data['nonce']) passnonce.is_valid = False # invalidate the nonce so it can't be used again passnonce.save() passnonce.user.set_password(bundle.data['password']) passnonce.user.save() except ObjectDoesNotExist: return http.HttpNotFound() if not self._meta.always_return_data: return http.HttpAccepted() else: bundle = self.build_get_detail(request, passnonce.user) return self.create_response(request, bundle, response_class=http.HttpAccepted) else: return self.create_response(request, bundle, response_class=http.HttpBadRequest)
def patch_list(self, request, **kwargs): """ Since there is no RESTful way to do what we want to do, and since ``PATCH`` is poorly defined with regards to RESTfulness, we are overloading ``PATCH`` to take a single request that performs combinatorics and creates multiple objects. """ import itertools from django.db import transaction from tastypie.utils import dict_strip_unicode_keys deserialized = self.deserialize(request, request.body, format=request.META.get( 'CONTENT_TYPE', 'application/json')) # verify input categories = deserialized.pop('categories', []) if not categories or not isinstance(categories, list): error_msg = "PATCH request must contain categories list." logger.error(error_msg) raise ImmediateHttpResponse( response=http.HttpBadRequest(error_msg)) # do the combinatorics elem_lists = [] for cat in categories: # do some type validation / variation if isinstance(cat, basestring): # simple case of create all the combinations cat = Category.objects.filter(id=self._id_from_uri(cat)) elem_list = Element.objects.filter(category=cat) elif isinstance(cat, dict): # we must be working with at least one partial category category = Category.objects.filter( id=self._id_from_uri(cat['category'])) elem_list = Element.objects.filter(category=category) if 'exclude' in cat: # exclude some element(s) from the combinations exclude_uris = cat['exclude'] exclude_ids = [ int(self._id_from_uri(x)) for x in exclude_uris ] elem_list = [ elem for elem in elem_list if elem.id not in exclude_ids ] elif 'include' in cat: # include only a few elements in the combinations include_uris = cat['include'] include_ids = [ int(self._id_from_uri(x)) for x in include_uris ] elem_list = [ elem for elem in elem_list if elem.id in include_ids ] else: # don't worry about this, # it'll act like a list of categories pass # pragma: no cover else: error_msg = "categories list must contain resource uris or hashes." logger.error(error_msg) raise ImmediateHttpResponse( response=http.HttpBadRequest(error_msg)) # save off the elements from this category that will be used elem_lists.append(elem_list) # create all the combinations of elements from categories combinatorics = itertools.product(*elem_lists) # do the creation with transaction.commit_on_success(): for combo in combinatorics: deserialized['elements'] = combo bundle = self.build_bundle( data=dict_strip_unicode_keys(deserialized)) bundle.request.META['REQUEST_METHOD'] = 'PATCH' if getattr(request, 'user', None): bundle.request.user = request.user self.is_valid(bundle) self.obj_create(bundle, request=request) # don't try to reply with data, the request doesn't # really match the results. return http.HttpAccepted()
def process_file(self, request, **kwargs): """ :param request: incoming http request :param pk: ID of the object that has file fields :param attr_name: name of the attribute where the file is stored :return: Http Response """ attr_name = kwargs.pop('attr_name') if not request.method in ['GET', 'POST']: return http.HttpMethodNotAllowed("Use GET or POST to manage files") try: bundle = self.build_bundle(data={'pk': kwargs['pk']}, request=request) obj = self.cached_obj_get(bundle=bundle, **self.remove_api_resource_names(kwargs)) except ObjectDoesNotExist: return http.HttpGone() except MultipleObjectsReturned: return http.HttpMultipleChoices("More than one object found " "at this URL.") try: field = self._meta.object_class._meta.get_field_by_name( attr_name)[0] except FieldDoesNotExist: return http.HttpBadRequest("Attribute %s does not exist" % attr_name) if not isinstance(field, models.FileField): return http.HttpBadRequest("Attribute %s is not a data-field" % attr_name) if request.method == 'GET': ffile = getattr(obj, attr_name) try: filepath = ffile.path except ValueError: # file is not set, empty return http.HttpNoContent() with open(filepath, 'r') as f: response = HttpResponse(f.read(), content_type='application/x-hdf') response['Content-Disposition'] = "attachment; filename=%s" % \ os.path.basename(filepath) response['Content-Length'] = os.path.getsize(f.name) return response if not obj.is_editable(request.user): return http.HttpUnauthorized("No access to the update this object") if not len(request.FILES) > 0: return http.HttpNoContent() # take first file in the multipart/form request setattr(obj, attr_name, request.FILES.values()[0]) obj.save() return http.HttpAccepted("File content updated successfully")
def create_patch_response(self, request, original_bundle, new_data): self.update_in_place(request, original_bundle, new_data) return http.HttpAccepted()
def obj_delete(self, bundle, **kwargs): user = CommCareUser.get(kwargs['pk']) if user: user.retire() return ImmediateHttpResponse(response=http.HttpAccepted())
def obj_create(self, bundle, **kwargs): request = bundle.request create_type = bundle.data.pop('type') print("f**k") try: key = request.GET.get('oauth_consumer_key') my_user = User.objects.get( username=verify_access_token(key).user.username) except OAuthError: my_user = None if create_type == 'register': username = bundle.data.pop('username') password1 = bundle.data.pop('password1') password2 = bundle.data.pop('password2') email = bundle.data.pop('email') if (password1 == password2): new_user = User.objects.create_user(username, email, password1) new_user.save() bundle.obj = new_user raise ImmediateHttpResponse(http.HttpAccepted()) else: raise BadRequest('signup error: password did not match') # form = USER_CREATION_FORM(bundle.data) # if form.is_valid(): # new_user = form.save() # new_user.send_email('activate') # bundle.obj = new_user # raise ImmediateHttpResponse(http.HttpAccepted()) # #auto login, means request twice, first register, then login! # else: # #output the errors for tatstypie # bundle.errors[self._meta.resource_name] = form.errors # raise ImmediateHttpResponse(self.error_response(request, bundle.errors)) elif create_type == 'login': expiry_seconds = bundle.data.pop('expiry_seconds', None) user = auth.authenticate(**bundle.data) if user is not None and user.is_active: auth.login(request, user) if expiry_seconds: request.session.set_expiry(int(expiry_seconds)) self.show_keys(request) elif user is not None and not user.is_active: raise BadRequest('not active') else: raise BadRequest('login error') elif create_type == 'set_gis': if my_user: my_user.longitude = bundle.data.pop('longitude') my_user.latitude = bundle.data.pop('latitude') my_user.save() raise ImmediateHttpResponse( http.HttpAccepted(my_user.longitude)) else: BadRequest('set user gis info error') elif create_type == 'notify': if (my_user): recipient = MyUser.objects.get(bundle.data.pop("recipient")) verb = bundle.data.pop("verb") notify.send(my_user, recipient=recipient, verb=verb) elif create_type == 'get_groups': if (user != None): all_groups = set() for m in Membership.objects.filter(person=user): all_groups.add(m.group) raise ImmediateHttpResponse( http.HttpAccepted(str(list(all_groups)))) else: raise BadRequest('get user group error') else: raise BadRequest('create user resource error')