Revision 30dc8c1a snf-astakos-app/astakos/im/api.py
| b/snf-astakos-app/astakos/im/api.py | ||
|---|---|---|
| 45 | 45 |
from django.utils import simplejson as json |
| 46 | 46 |
from django.core.urlresolvers import reverse |
| 47 | 47 |
|
| 48 |
from astakos.im.faults import BadRequest, Unauthorized, InternalServerError, Fault |
|
| 48 |
from astakos.im.faults import BadRequest, Unauthorized, InternalServerError, \ |
|
| 49 |
Fault, ItemNotFound, Forbidden |
|
| 49 | 50 |
from astakos.im.models import AstakosUser |
| 50 | 51 |
from astakos.im.settings import CLOUD_SERVICES, INVITATIONS_ENABLED, COOKIE_NAME, \ |
| 51 | 52 |
EMAILCHANGE_ENABLED |
| 52 | 53 |
from astakos.im.util import epoch |
| 53 | 54 |
|
| 54 | 55 |
logger = logging.getLogger(__name__) |
| 56 |
format = ('%a, %d %b %Y %H:%M:%S GMT')
|
|
| 55 | 57 |
|
| 56 | 58 |
def render_fault(request, fault): |
| 57 | 59 |
if isinstance(fault, InternalServerError) and settings.DEBUG: |
| ... | ... | |
| 65 | 67 |
response['Content-Length'] = len(response.content) |
| 66 | 68 |
return response |
| 67 | 69 |
|
| 68 |
def api_method(http_method=None, token_required=False, perms=[]):
|
|
| 70 |
def api_method(http_method=None, token_required=False, perms=None):
|
|
| 69 | 71 |
"""Decorator function for views that implement an API method.""" |
| 72 |
if not perms: |
|
| 73 |
perms = [] |
|
| 70 | 74 |
|
| 71 | 75 |
def decorator(func): |
| 72 | 76 |
@wraps(func) |
| ... | ... | |
| 81 | 85 |
try: |
| 82 | 86 |
user = AstakosUser.objects.get(auth_token=x_auth_token) |
| 83 | 87 |
if not user.has_perms(perms): |
| 84 |
raise Unauthorized('Unauthorized request')
|
|
| 88 |
raise Forbidden('Unauthorized request')
|
|
| 85 | 89 |
except AstakosUser.DoesNotExist, e: |
| 86 | 90 |
raise Unauthorized('Invalid X-Auth-Token')
|
| 87 | 91 |
kwargs['user'] = user |
| ... | ... | |
| 221 | 225 |
|
| 222 | 226 |
return HttpResponse(content=data, mimetype=mimetype) |
| 223 | 227 |
|
| 224 |
@api_method(http_method='GET', token_required=True, perms=['astakos.im.can_find_userid'])
|
|
| 225 |
def find_userid(request):
|
|
| 226 |
# Normal Response Codes: 204
|
|
| 228 |
@api_method(http_method='GET', token_required=True, perms=['im.can_access_userinfo'])
|
|
| 229 |
def get_user_by_email(request, user=None):
|
|
| 230 |
# Normal Response Codes: 200
|
|
| 227 | 231 |
# Error Response Codes: internalServerError (500) |
| 228 | 232 |
# badRequest (400) |
| 229 | 233 |
# unauthorised (401) |
| 230 |
email = request.GET.get('email')
|
|
| 234 |
# forbidden (403) |
|
| 235 |
# itemNotFound (404) |
|
| 236 |
email = request.GET.get('name')
|
|
| 231 | 237 |
if not email: |
| 232 | 238 |
raise BadRequest('Email missing')
|
| 233 | 239 |
try: |
| 234 |
user = AstakosUser.objects.get(email = email, is_active=True)
|
|
| 240 |
user = AstakosUser.objects.get(email = email) |
|
| 235 | 241 |
except AstakosUser.DoesNotExist, e: |
| 236 |
raise BadRequest('Invalid email')
|
|
| 242 |
raise ItemNotFound('Invalid email')
|
|
| 243 |
|
|
| 244 |
if not user.is_active: |
|
| 245 |
raise ItemNotFound('Inactive user')
|
|
| 237 | 246 |
else: |
| 238 | 247 |
response = HttpResponse() |
| 239 |
response.status=204 |
|
| 240 |
user_info = {'userid':user.username}
|
|
| 248 |
response.status=200 |
|
| 249 |
user_info = {'id':user.id,
|
|
| 250 |
'username':user.username, |
|
| 251 |
'email':[user.email], |
|
| 252 |
'enabled':user.is_active, |
|
| 253 |
'name':user.realname, |
|
| 254 |
'auth_token_created':user.auth_token_created.strftime(format), |
|
| 255 |
'auth_token_expires':user.auth_token_expires.strftime(format), |
|
| 256 |
'has_credits':user.has_credits, |
|
| 257 |
'groups':[g.name for g in user.groups.all()], |
|
| 258 |
'user_permissions':[p.codename for p in user.user_permissions.all()], |
|
| 259 |
'group_permissions': list(user.get_group_permissions())} |
|
| 241 | 260 |
response.content = json.dumps(user_info) |
| 242 | 261 |
response['Content-Type'] = 'application/json; charset=UTF-8' |
| 243 | 262 |
response['Content-Length'] = len(response.content) |
| 244 | 263 |
return response |
| 245 | 264 |
|
| 246 |
@api_method(http_method='GET', token_required=True, perms=['astakos.im.can_find_email'])
|
|
| 247 |
def find_email(request):
|
|
| 248 |
# Normal Response Codes: 204
|
|
| 265 |
@api_method(http_method='GET', token_required=True, perms=['can_access_userinfo'])
|
|
| 266 |
def get_user_by_username(request, user_id, user=None):
|
|
| 267 |
# Normal Response Codes: 200
|
|
| 249 | 268 |
# Error Response Codes: internalServerError (500) |
| 250 | 269 |
# badRequest (400) |
| 251 | 270 |
# unauthorised (401) |
| 252 |
userid = request.GET.get('userid')
|
|
| 253 |
if not userid: |
|
| 254 |
raise BadRequest('Userid missing')
|
|
| 271 |
# forbidden (403) |
|
| 272 |
# itemNotFound (404) |
|
| 255 | 273 |
try: |
| 256 |
user = AstakosUser.objects.get(username = userid) |
|
| 274 |
user = AstakosUser.objects.get(username = user_id)
|
|
| 257 | 275 |
except AstakosUser.DoesNotExist, e: |
| 258 |
raise BadRequest('Invalid userid')
|
|
| 276 |
raise ItemNotFound('Invalid userid')
|
|
| 259 | 277 |
else: |
| 260 | 278 |
response = HttpResponse() |
| 261 |
response.status=204 |
|
| 262 |
user_info = {'userid':user.email}
|
|
| 279 |
response.status=200 |
|
| 280 |
user_info = {'id':user.id,
|
|
| 281 |
'username':user.username, |
|
| 282 |
'email':[user.email], |
|
| 283 |
'name':user.realname, |
|
| 284 |
'auth_token_created':user.auth_token_created.strftime(format), |
|
| 285 |
'auth_token_expires':user.auth_token_expires.strftime(format), |
|
| 286 |
'has_credits':user.has_credits, |
|
| 287 |
'enabled':user.is_active, |
|
| 288 |
'groups':[g.name for g in user.groups.all()]} |
|
| 263 | 289 |
response.content = json.dumps(user_info) |
| 264 | 290 |
response['Content-Type'] = 'application/json; charset=UTF-8' |
| 265 | 291 |
response['Content-Length'] = len(response.content) |
| 266 |
return response |
|
| 292 |
return response |
|
Also available in: Unified diff