aboutsummaryrefslogtreecommitdiff
path: root/src/web/views/api/common.py
diff options
context:
space:
mode:
Diffstat (limited to 'src/web/views/api/common.py')
-rw-r--r--src/web/views/api/common.py245
1 files changed, 245 insertions, 0 deletions
diff --git a/src/web/views/api/common.py b/src/web/views/api/common.py
new file mode 100644
index 00000000..3476cad9
--- /dev/null
+++ b/src/web/views/api/common.py
@@ -0,0 +1,245 @@
+#! /usr/bin/env python
+# -*- coding: utf-8 -
+
+"""For a given resources, classes in the module intend to create the following
+routes :
+ GET resource/<id>
+ -> to retrieve one
+ POST resource
+ -> to create one
+ PUT resource/<id>
+ -> to update one
+ DELETE resource/<id>
+ -> to delete one
+
+ GET resources
+ -> to retrieve several
+ POST resources
+ -> to create several
+ PUT resources
+ -> to update several
+ DELETE resources
+ -> to delete several
+"""
+import ast
+import json
+import logging
+import dateutil.parser
+from functools import wraps
+from werkzeug.exceptions import Unauthorized, BadRequest
+from flask import request, g, session, Response
+from flask.ext.restful import Resource, reqparse
+
+from web.lib.utils import default_handler
+from web.models import User
+
+logger = logging.getLogger(__name__)
+
+
+def authenticate(func):
+ """
+ Decorator for the authentication to the web services.
+ """
+ @wraps(func)
+ def wrapper(*args, **kwargs):
+ logged_in = False
+ if not getattr(func, 'authenticated', True):
+ logged_in = True
+ # authentication based on the session (already logged on the site)
+ elif 'email' in session or g.user.is_authenticated:
+ logged_in = True
+ else:
+ # authentication via HTTP only
+ auth = request.authorization
+ if auth is not None:
+ user = User.query.filter(
+ User.nickname == auth.username).first()
+ if user and user.check_password(auth.password) \
+ and user.activation_key == "":
+ g.user = user
+ logged_in = True
+ if logged_in:
+ return func(*args, **kwargs)
+ raise Unauthorized({'WWWAuthenticate': 'Basic realm="Login Required"'})
+ return wrapper
+
+
+def to_response(func):
+ """Will cast results of func as a result, and try to extract
+ a status_code for the Response object"""
+ def wrapper(*args, **kwargs):
+ status_code = 200
+ result = func(*args, **kwargs)
+ if isinstance(result, Response):
+ return result
+ elif isinstance(result, tuple):
+ result, status_code = result
+ return Response(json.dumps(result, default=default_handler),
+ status=status_code)
+ return wrapper
+
+
+class PyAggAbstractResource(Resource):
+ method_decorators = [authenticate, to_response]
+ attrs = {}
+ to_date = [] # list of fields to cast to datetime
+
+ def __init__(self, *args, **kwargs):
+ super(PyAggAbstractResource, self).__init__(*args, **kwargs)
+
+ @property
+ def controller(self):
+ return self.controller_cls(getattr(g.user, 'id', None))
+
+ @property
+ def wider_controller(self):
+ if g.user.is_admin():
+ return self.controller_cls()
+ return self.controller_cls(getattr(g.user, 'id', None))
+
+ def reqparse_args(self, req=None, strict=False, default=True, args=None):
+ """
+ strict: bool
+ if True will throw 400 error if args are defined and not in request
+ default: bool
+ if True, won't return defaults
+ args: dict
+ the args to parse, if None, self.attrs will be used
+ """
+ parser = reqparse.RequestParser()
+ for attr_name, attrs in (args or self.attrs).items():
+ if attrs.pop('force_default', False):
+ parser.add_argument(attr_name, location='json', **attrs)
+ elif not default and (not request.json
+ or request.json and attr_name not in request.json):
+ continue
+ else:
+ parser.add_argument(attr_name, location='json', **attrs)
+ parsed = parser.parse_args(strict=strict) if req is None \
+ else parser.parse_args(req, strict=strict)
+ for field in self.to_date:
+ if parsed.get(field):
+ try:
+ parsed[field] = dateutil.parser.parse(parsed[field])
+ except Exception:
+ logger.exception('failed to parse %r', parsed[field])
+ return parsed
+
+
+class PyAggResourceNew(PyAggAbstractResource):
+
+ def post(self):
+ """Create a single new object"""
+ return self.controller.create(**self.reqparse_args()), 201
+
+
+class PyAggResourceExisting(PyAggAbstractResource):
+
+ def get(self, obj_id=None):
+ """Retreive a single object"""
+ return self.controller.get(id=obj_id)
+
+ def put(self, obj_id=None):
+ """update an object, new attrs should be passed in the payload"""
+ args = self.reqparse_args(default=False)
+ new_values = {key: args[key] for key in
+ set(args).intersection(self.attrs)}
+ if 'user_id' in new_values and g.user.is_admin():
+ controller = self.wider_controller
+ else:
+ controller = self.controller
+ return controller.update({'id': obj_id}, new_values), 200
+
+ def delete(self, obj_id=None):
+ """delete a object"""
+ self.controller.delete(obj_id)
+ return None, 204
+
+
+class PyAggResourceMulti(PyAggAbstractResource):
+
+ def get(self):
+ """retrieve several objects. filters can be set in the payload on the
+ different fields of the object, and a limit can be set in there as well
+ """
+ try:
+ limit = request.json.pop('limit', 10)
+ order_by = request.json.pop('order_by', None)
+ query = self.controller.read(**request.json)
+ except:
+ args = {}
+ for k, v in request.args.items():
+ if k in self.attrs.keys():
+ if self.attrs[k]['type'] in [bool, int]:
+ args[k] = ast.literal_eval(v)
+ else:
+ args[k] = v
+ limit = request.args.get('limit', 10)
+ order_by = request.args.get('order_by', None)
+ query = self.controller.read(**args)
+ if order_by:
+ query = query.order_by(order_by)
+ if limit:
+ query = query.limit(limit)
+ return [res for res in query]
+
+ def post(self):
+ """creating several objects. payload should be a list of dict.
+ """
+ if 'application/json' not in request.headers.get('Content-Type'):
+ raise BadRequest("Content-Type must be application/json")
+ status = 201
+ results = []
+ for attrs in request.json:
+ try:
+ results.append(self.controller.create(**attrs).id)
+ except Exception as error:
+ status = 206
+ results.append(str(error))
+ # if no operation succeded, it's not partial anymore, returning err 500
+ if status == 206 and results.count('ok') == 0:
+ status = 500
+ return results, status
+
+ def put(self):
+ """creating several objects. payload should be:
+ >>> payload
+ [[obj_id1, {attr1: val1, attr2: val2}]
+ [obj_id2, {attr1: val1, attr2: val2}]]
+ """
+ if 'application/json' not in request.headers.get('Content-Type'):
+ raise BadRequest("Content-Type must be application/json")
+ status = 200
+ results = []
+ for obj_id, attrs in request.json:
+ try:
+ new_values = {key: attrs[key] for key in
+ set(attrs).intersection(self.attrs)}
+ self.controller.update({'id': obj_id}, new_values)
+ results.append('ok')
+ except Exception as error:
+ status = 206
+ results.append(str(error))
+ # if no operation succeded, it's not partial anymore, returning err 500
+ if status == 206 and results.count('ok') == 0:
+ status = 500
+ return results, status
+
+ def delete(self):
+ """will delete several objects,
+ a list of their ids should be in the payload"""
+ if 'application/json' not in request.headers.get('Content-Type'):
+ raise BadRequest("Content-Type must be application/json")
+ status = 204
+ results = []
+ for obj_id in request.json:
+ try:
+ self.controller.delete(obj_id)
+ results.append('ok')
+ except Exception as error:
+ status = 206
+ results.append(error)
+ # if no operation succeded, it's not partial anymore, returning err 500
+ if status == 206 and results.count('ok') == 0:
+ status = 500
+ return results, status
bgstack15