18
18
# Author: Matt Giuca, Will Grant, Nick Chadwick
26
27
import genshi.template
28
29
from ivle.webapp.base.views import BaseView
30
from ivle.webapp.base.xhtml import GenshiLoaderMixin
29
31
from ivle.webapp.errors import BadRequest, MethodNotAllowed, Unauthorized
31
33
class RESTView(BaseView):
36
38
content_type = "application/octet-stream"
38
def __init__(self, req, *args, **kwargs):
40
setattr(self, key, kwargs[key])
42
40
def render(self, req):
43
41
raise NotImplementedError()
59
57
if not hasattr(op, '_rest_api_permission'):
60
58
raise Unauthorized()
62
if op._rest_api_permission not in self.get_permissions(req.user):
60
if (op._rest_api_permission not in
61
self.get_permissions(req.user, req.config)):
63
62
raise Unauthorized()
65
64
def convert_bool(self, value):
75
74
raise MethodNotAllowed(allowed=self._allowed_methods)
77
76
if req.method == 'GET':
78
self.authorize_method(req, self.GET)
79
outjson = self.GET(req)
77
qargs = dict(cgi.parse_qsl(
78
urlparse.urlparse(req.unparsed_uri).query,
80
if 'ivle.op' in qargs:
81
outjson = self._named_operation(req, qargs, readonly=True)
83
self.authorize_method(req, self.GET)
84
outjson = self.GET(req)
80
85
# Since PATCH isn't yet an official HTTP method, we allow users to
81
86
# turn a PUT into a PATCH by supplying a special header.
82
87
elif req.method == 'PATCH' or (req.method == 'PUT' and
100
105
# TODO: Check Content-Type and implement multipart/form-data.
101
106
data = req.read()
102
107
opargs = dict(cgi.parse_qsl(data, keep_blank_values=1))
104
opname = opargs['ivle.op']
105
del opargs['ivle.op']
107
raise BadRequest('No named operation specified.')
110
op = getattr(self, opname)
111
except AttributeError:
112
raise BadRequest('Invalid named operation.')
114
if not hasattr(op, '_rest_api_callable') or \
115
not op._rest_api_callable:
116
raise BadRequest('Invalid named operation.')
118
self.authorize_method(req, op)
120
# Find any missing arguments, except for the first two (self, req)
121
(args, vaargs, varkw, defaults) = inspect.getargspec(op)
124
# To find missing arguments, we eliminate the provided arguments
125
# from the set of remaining function signature arguments. If the
126
# remaining signature arguments are in the args[-len(defaults):],
128
unspec = set(args) - set(opargs.keys())
129
if unspec and not defaults:
130
raise BadRequest('Missing arguments: ' + ', '.join(unspec))
132
unspec = [k for k in unspec if k not in args[-len(defaults):]]
135
raise BadRequest('Missing arguments: ' + ', '.join(unspec))
137
# We have extra arguments if the are no match args in the function
138
# signature, AND there is no **.
139
extra = set(opargs.keys()) - set(args)
140
if extra and not varkw:
141
raise BadRequest('Extra arguments: ' + ', '.join(extra))
143
outjson = op(req, **opargs)
108
outjson = self._named_operation(req, opargs)
145
110
req.content_type = self.content_type
146
111
self.write_json(req, outjson)
151
116
req.write(cjson.encode(outjson))
155
class XHTMLRESTView(JSONRESTView):
119
def _named_operation(self, req, opargs, readonly=False):
121
opname = opargs['ivle.op']
122
del opargs['ivle.op']
124
raise BadRequest('No named operation specified.')
127
op = getattr(self, opname)
128
except AttributeError:
129
raise BadRequest('Invalid named operation.')
131
if not hasattr(op, '_rest_api_callable') or \
132
not op._rest_api_callable:
133
raise BadRequest('Invalid named operation.')
135
if readonly and op._rest_api_write_operation:
136
raise BadRequest('POST required for write operation.')
138
self.authorize_method(req, op)
140
# Find any missing arguments, except for the first two (self, req)
141
(args, vaargs, varkw, defaults) = inspect.getargspec(op)
144
# To find missing arguments, we eliminate the provided arguments
145
# from the set of remaining function signature arguments. If the
146
# remaining signature arguments are in the args[-len(defaults):],
148
unspec = set(args) - set(opargs.keys())
149
if unspec and not defaults:
150
raise BadRequest('Missing arguments: ' + ', '.join(unspec))
152
unspec = [k for k in unspec if k not in args[-len(defaults):]]
155
raise BadRequest('Missing arguments: ' + ', '.join(unspec))
157
# We have extra arguments if the are no match args in the function
158
# signature, AND there is no **.
159
extra = set(opargs.keys()) - set(args)
160
if extra and not varkw:
161
raise BadRequest('Extra arguments: ' + ', '.join(extra))
163
return op(req, **opargs)
166
class XHTMLRESTView(GenshiLoaderMixin, JSONRESTView):
156
167
"""A special type of RESTView which takes enhances the standard JSON
157
168
with genshi XHTML functions.
162
173
ctx = genshi.template.Context()
164
def __init__(self, req, *args, **kwargs):
166
setattr(self, key, kwargs[key])
168
175
def render_fragment(self):
169
176
if self.template is None:
170
177
raise NotImplementedError()
172
179
rest_template = os.path.join(os.path.dirname(
173
180
inspect.getmodule(self).__file__), self.template)
174
loader = genshi.template.TemplateLoader(".", auto_reload=True)
175
tmpl = loader.load(rest_template)
181
tmpl = self._loader.load(rest_template)
177
183
return tmpl.generate(self.ctx).render('xhtml', doctype='xhtml')
182
188
req.write(cjson.encode(outjson))
185
class named_operation(object):
191
class _named_operation(object):
186
192
'''Declare a function to be accessible to HTTP users via the REST API.
188
def __init__(self, permission):
194
def __init__(self, write_operation, permission):
195
self.write_operation = write_operation
189
196
self.permission = permission
191
198
def __call__(self, func):
192
199
func._rest_api_callable = True
200
func._rest_api_write_operation = self.write_operation
193
201
func._rest_api_permission = self.permission
204
write_operation = functools.partial(_named_operation, True)
205
read_operation = functools.partial(_named_operation, False)
196
207
class require_permission(object):
197
208
'''Declare the permission required for use of a method via the REST API.
added
removed
ivle/webapp/base/rest.py
