← Back to branch summary

~azzar1/unity/add-show-desktop-key

« back to all changes in this revision

Viewing changes to ivle/webapp/base/rest.py

  • Committer: William Grant
  • Date: 2010-07-03 10:50:28 UTC
  • mto: This revision was merged to the branch mainline in revision 1797.
  • Revision ID: grantw@unimelb.edu.au-20100703105028-aohivx8czzf66qqe
Replace @named_operation with @read_operation and @write_operation. Allow execution of read operations with a GET rather than a POST.

Show diffs side-by-side

added added

removed removed

Lines of Context:
ivle/webapp/base/rest.py
17
17
 
18
18
# Author: Matt Giuca, Will Grant, Nick Chadwick
19
19
 
 
20
import cgi
 
21
import functools
 
22
import inspect
20
23
import os
21
 
import cgi
22
24
import urlparse
23
 
import inspect
24
25
 
25
26
import cjson
26
27
import genshi.template
73
74
            raise MethodNotAllowed(allowed=self._allowed_methods)
74
75
 
75
76
        if req.method == 'GET':
76
 
            self.authorize_method(req, self.GET)
77
 
            outjson = self.GET(req)
 
77
            qargs = dict(cgi.parse_qsl(
 
78
                urlparse.urlparse(req.uri).query, keep_blank_values=1))
 
79
            if 'ivle.op' in qargs:
 
80
                outjson = self._named_operation(req, qargs, readonly=True)
 
81
            else:
 
82
                self.authorize_method(req, self.GET)
 
83
                outjson = self.GET(req)
78
84
        # Since PATCH isn't yet an official HTTP method, we allow users to
79
85
        # turn a PUT into a PATCH by supplying a special header.
80
86
        elif req.method == 'PATCH' or (req.method == 'PUT' and
109
115
            req.write(cjson.encode(outjson))
110
116
            req.write("\n")
111
117
 
112
 
    def _named_operation(self, req, opargs):
 
118
    def _named_operation(self, req, opargs, readonly=False):
113
119
        try:
114
120
            opname = opargs['ivle.op']
115
121
            del opargs['ivle.op']
125
131
           not op._rest_api_callable:
126
132
            raise BadRequest('Invalid named operation.')
127
133
 
 
134
        if readonly and op._rest_api_write_operation:
 
135
            raise BadRequest('POST required for write operation.')
 
136
 
128
137
        self.authorize_method(req, op)
129
138
 
130
139
        # Find any missing arguments, except for the first two (self, req)
178
187
        req.write(cjson.encode(outjson))
179
188
        req.write("\n")
180
189
 
181
 
class named_operation(object):
 
190
class _named_operation(object):
182
191
    '''Declare a function to be accessible to HTTP users via the REST API.
183
192
    '''
184
 
    def __init__(self, permission):
 
193
    def __init__(self, write_operation, permission):
 
194
        self.write_operation = write_operation
185
195
        self.permission = permission
186
196
 
187
197
    def __call__(self, func):
188
198
        func._rest_api_callable = True
 
199
        func._rest_api_write_operation = self.write_operation
189
200
        func._rest_api_permission = self.permission
190
201
        return func
191
202
 
 
203
write_operation = functools.partial(_named_operation, True)
 
204
read_operation = functools.partial(_named_operation, False)
 
205
 
192
206
class require_permission(object):
193
207
    '''Declare the permission required for use of a method via the REST API.
194
208
    '''