pyaggr3g470r/views/api/common.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76

from functools import wraps
from flask import request, g, session, Response, jsonify
from flask.ext.restful import Resource

from pyaggr3g470r.models import User
from pyaggr3g470r.lib.exceptions import PyAggError


def authenticate(func):
    """
    Decorator for the authentication to the web services.
    """
    @wraps(func)
    def wrapper(*args, **kwargs):
        if not getattr(func, 'authenticated', True):
            return func(*args, **kwargs)

        # authentication based on the session (already logged on the site)
        if 'email' in session or g.user.is_authenticated():
            return func(*args, **kwargs)

        # authentication via HTTP only
        auth = request.authorization
        try:
            email = auth.username
            user = User.query.filter(User.email == email).first()
            if user and user.check_password(auth.password) and user.activation_key == "":
                g.user = user
                return func(*args, **kwargs)
        except AttributeError:
            pass

        return Response('<Authentication required>', 401,
                        {'WWWAuthenticate':'Basic realm="Login Required"'})
    return wrapper


def to_response(func):
    def wrapper(*args, **kwargs):
        try:
            res = func(*args, **kwargs)
        except PyAggError, error:
            response = jsonify(**error.message)
            response.status_code = error.status_code
            return response
        if isinstance(res, tuple):
            response = jsonify(**res[0])
            if len(res) > 1:
                response.status_code = res[1]
            return response
        return res
    return wrapper


class PyAggResource(Resource):
    method_decorators = [authenticate, to_response]
    controller_cls = None
    editable_attrs = []

    def __init__(self, *args, **kwargs):
        self.controller = self.controller_cls(g.user.id)
        super(PyAggResource, self).__init__(*args, **kwargs)

    def get(self, obj_id=None):
        return {'result': [self.controller.get(id=obj_id).dump()]}

    def put(self, obj_id=None):
        args = self.reqparse.parse_args()
        new_values = {key: args[key] for key in
                      set(args).intersection(self.editable_attrs)}
        self.controller.update(obj_id, **new_values)
        return {"message": "ok"}

    def delete(self, obj_id=None):
        self.controller.delete(obj_id)
        return {"message": "ok"}, 204