def delete(self, uid):
menus_uid=request.args.get('menus_uid')
if menus_uid is None:
abort(400, 'Missing menus_uid parameter. Not allowed to delete items without a menu to be referenced')
self.delete_entity(MenuItem, active=1, items_uid=uid, menus_uid=menus_uid)
return self.delete_response()
def check_user_permission(user):
#Fetch to see wether the user has the permission in one of the groups where he is.
resource = request.endpoint.split('.')[0]
permission = request.method
result = GroupResourcePermission.query.join(Group,Permission, Resource)\
.filter(Permission.name == permission, Resource.name==resource).\
join(UserGroup).join(User).filter(User.uid==user.uid).all()
if not result:
abort(403,"Not authorized to access this resource")
def object_from_json(self,uid,json):
menus_uid=request.args.get('menus_uid')
if menus_uid is None:
abort(400, 'Missing menus_uid parameter. Not allowed to create items without a menu to be referenced')
addon = False
if json.has_key('addon') and bool(json.has_key('addon')):
addon = bool(json['addon'])
item = Item(uid,json['title'],json['description'],json['price'], addon = addon)
menu_item = MenuItem(menus_uid,uid)
return [item,menu_item]
def get(self, uid=None, template=None, join= None, *join_criterion,**kwargs):
"""
Base method for retrieving objects from a resource it will by default:
- Validate offset and limit as wel as other query string parameters.
- Query from the schema_table a list or a single record (if uid was provided).
- In case no record can be found a 404 will be thrown.
"""
self.offset= int(self.get_parameter('offset'))
self.limit= int(self.get_parameter('limit',50))
self.expand=request.args.get('expand')
self.template=template
query = self.schema_table.query.filter_by(active=1)
if uid:
query = query.filter_by(uid=uid)
model_object = query.first()
return model_object if model_object else abort(404, "Resources was not found")
if join:
query = query.join(join)
if len(kwargs)>0:
query = query.filter_by(**kwargs)
query.limit(self.limit).offset(self.offset)
return query.all()
def put(self, uid=None):
"""
PUT a single menu item and return 200 repsonse if successful
{
uid:'unique_identifier',
title:'TITLEMENU'
}
"""
json=request.json
try:
getattr(self,"update_object")(json)
except AttributeError as e:
abort(501, "Method not implemented %s" % e.message)
db.session.commit()
return self.put_response()
def unauthorized_call():
#TODO: smellin code this should be in a utility
best_match = request.accept_mimetypes.best_match(['application/json','text/html'])
if request.mimetype =='application/json' or best_match == 'application/json':
return abort(401,'Unauthorized call please provide the proper credentials' )
return redirect(login_url(login_manager.login_view, request.url))
def validate_request():
print current_app.config['SQLALCHEMY_DATABASE_URI']
"""
Ensure that the request sent has the proper basic information to
be handle by the endpoint. Otherwise it would be a waste of resources
to proceed to following stages.
"""
if request.endpoint in ['user.loginService','file_uploads.upload_file']:
return None
#Validate mime type to always be json
if request.mimetype != 'application/json' and request.method not in ['GET','DELETE']:
abort(415)
if request.method in ('POST','PUT') and not request.json:
#in case there is no json data
bad_request_response()
def update_object(self,json):
menus_uid=request.args.get('menus_uid')
if menus_uid is None:
abort(400, 'Missing menus_uid parameter. Not allowed to update items without a menu to be referenced')
item=Item.query.filter_by(active=1, uid=json['uid']).first()
item.title = json['title']
item.description = json['description']
item.price = json['price']
addon = False
if json.has_key('addon') and bool(json.has_key('addon')):
addon = bool(json['addon'])
item.addon = addon
menu_item = MenuItem.query.filter_by(active=1, items_uid=json['uid']).first()
menu_item.menus_uid = menus_uid
def post(self):
"""
Post a single menu item and return 204 repsonse if successful
{title:'TITLEMENU'}
"""
json = request.json
uid =str(uuid.uuid1())
try:
data_objects = getattr(self, "object_from_json")(uid,json)
except AttributeError as e:
abort(501, 'Method not implemented %s' % e.message)
except KeyError as e:
abort(400, 'Bad request Resource, please check the posted data %s' % e.message)
try:
for data_object in data_objects:
db.session.add(data_object)
db.session.commit()
except sqlalchemy.exc.IntegrityError as e:
abort(409, 'Conflict on creating record. %s' % e.message)
response_object = self.get(uid);
return self.post_response(response_object.data, uid)
def validate_user():
if request.json:
(username,password)=request.json['username'],request.json['password']
else:
(username,password)=request.form['username'],request.form['password']
if not password or not username:
abort(400, 'Password or user cannot be empty')
user = User.query.filter_by( username = username ).first()
if not user:
return user
meta_user = MetaUser.query.filter_by( user_uid = user.uid ).first()
#record=db.get("select iteraction,product,modified_on from meta_users where user_uid=%s",record_user.uid,)
#Ignore iterate, salt, time will not be use this time we just need the encrypted password
password,_,_,_=encrypt_with_interaction(password,random_salt=meta_user.product,iterate=meta_user.iteraction,t=meta_user.modified_on)
if password==user.password:
return create_user_from_record(user)
