15
15
# along with this program; if not, write to the Free Software
16
16
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
18
# Author: Matt Giuca, Will Grant, Nick Chadwick
18
# Author: Matt Giuca, Will Grant
26
import genshi.template
28
25
from ivle.webapp.base.views import BaseView
29
from ivle.webapp.errors import BadRequest, MethodNotAllowed, Unauthorized
26
from ivle.webapp.errors import BadRequest, MethodNotAllowed
31
28
class RESTView(BaseView):
36
33
content_type = "application/octet-stream"
35
def __init__(self, req, *args, **kwargs):
37
setattr(self, key, kwargs[key])
38
39
def render(self, req):
39
40
raise NotImplementedError()
48
49
lambda self: [m for m in ('GET', 'PUT', 'PATCH')
49
50
if hasattr(self, m)] + ['POST'])
51
def authorize(self, req):
52
return True # Real authz performed in render().
54
def authorize_method(self, req, op):
55
if not hasattr(op, '_rest_api_permission'):
58
if op._rest_api_permission not in self.get_permissions(req.user):
61
def convert_bool(self, value):
62
if value in ('True', 'true', True):
64
elif value in ('False', 'false', False):
69
52
def render(self, req):
70
53
if req.method not in self._allowed_methods:
71
54
raise MethodNotAllowed(allowed=self._allowed_methods)
73
56
if req.method == 'GET':
74
self.authorize_method(req, self.GET)
75
57
outjson = self.GET(req)
76
58
# Since PATCH isn't yet an official HTTP method, we allow users to
77
59
# turn a PUT into a PATCH by supplying a special header.
78
60
elif req.method == 'PATCH' or (req.method == 'PUT' and
79
61
'X-IVLE-Patch-Semantics' in req.headers_in and
80
62
req.headers_in['X-IVLE-Patch-Semantics'].lower() == 'yes'):
81
self.authorize_method(req, self.PATCH)
83
64
input = cjson.decode(req.read())
84
65
except cjson.DecodeError:
85
66
raise BadRequest('Invalid JSON data')
86
67
outjson = self.PATCH(req, input)
87
68
elif req.method == 'PUT':
88
self.authorize_method(req, self.PUT)
90
70
input = cjson.decode(req.read())
91
71
except cjson.DecodeError:
94
74
# POST implies named operation.
95
75
elif req.method == 'POST':
96
76
# TODO: Check Content-Type and implement multipart/form-data.
98
opargs = dict(cgi.parse_qsl(data, keep_blank_values=1))
77
opargs = dict(cgi.parse_qsl(req.read()))
100
79
opname = opargs['ivle.op']
101
80
del opargs['ivle.op']
111
90
not op._rest_api_callable:
112
91
raise BadRequest('Invalid named operation.')
114
self.authorize_method(req, op)
116
93
# Find any missing arguments, except for the first two (self, req)
117
94
(args, vaargs, varkw, defaults) = inspect.getargspec(op)
139
116
outjson = op(req, **opargs)
141
118
req.content_type = self.content_type
142
self.write_json(req, outjson)
144
#This is a separate function to allow additional data to be passed through
145
def write_json(self, req, outjson):
146
119
if outjson is not None:
147
120
req.write(cjson.encode(outjson))
151
class XHTMLRESTView(JSONRESTView):
152
"""A special type of RESTView which takes enhances the standard JSON
153
with genshi XHTML functions.
155
XHTMLRESTViews should have a template, which is rendered using their
156
context. This is returned in the JSON as 'html'"""
158
ctx = genshi.template.Context()
160
def render_fragment(self):
161
if self.template is None:
162
raise NotImplementedError()
164
rest_template = os.path.join(os.path.dirname(
165
inspect.getmodule(self).__file__), self.template)
166
loader = genshi.template.TemplateLoader(".", auto_reload=True)
167
tmpl = loader.load(rest_template)
169
return tmpl.generate(self.ctx).render('xhtml', doctype='xhtml')
171
# This renders the template and adds it to the json
172
def write_json(self, req, outjson):
173
outjson["html"] = self.render_fragment()
174
req.write(cjson.encode(outjson))
177
class named_operation(object):
123
def named_operation(meth):
178
124
'''Declare a function to be accessible to HTTP users via the REST API.
180
def __init__(self, permission):
181
self.permission = permission
183
def __call__(self, func):
184
func._rest_api_callable = True
185
func._rest_api_permission = self.permission
188
class require_permission(object):
189
'''Declare the permission required for use of a method via the REST API.
191
def __init__(self, permission):
192
self.permission = permission
194
def __call__(self, func):
195
func._rest_api_permission = self.permission
126
meth._rest_api_callable = True