-
Notifications
You must be signed in to change notification settings - Fork 2k
/
__init__.py
349 lines (284 loc) · 11.2 KB
/
__init__.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
import functools
import logging
import types
import re
from ckan.lib.base import _, c
import ckan.authz
import ckan.model as model
from ckan.new_authz import is_authorized
from ckan.lib.navl.dictization_functions import flatten_dict, DataError
from ckan.plugins import PluginImplementations
from ckan.plugins.interfaces import IActions
log = logging.getLogger(__name__)
class AttributeDict(dict):
def __getattr__(self, name):
try:
return self[name]
except KeyError:
raise AttributeError('No such attribute %r' % name)
def __setattr__(self, name, value):
raise AttributeError(
'You cannot set attributes of this object directly'
)
class ActionError(Exception):
def __init__(self, extra_msg=None):
self.extra_msg = extra_msg
def __str__(self):
err_msgs = (super(ActionError, self).__str__(),
self.extra_msg)
return ' - '.join([str(err_msg) for err_msg in err_msgs if err_msg])
class NotFound(ActionError):
pass
class NotAuthorized(ActionError):
pass
class ParameterError(ActionError):
pass
class ValidationError(ParameterError):
def __init__(self, error_dict, error_summary=None, extra_msg=None):
# tags errors are a mess so let's clean them up
if 'tags' in error_dict:
tag_errors = []
for error in error_dict['tags']:
try:
tag_errors.append(', '.join(error['name']))
except KeyError:
pass
error_dict['tags'] = tag_errors
self.error_dict = error_dict
self._error_summary = error_summary
self.extra_msg = extra_msg
@property
def error_summary(self):
''' autogenerate the summary if not supplied '''
def summarise(error_dict):
''' Do some i18n stuff on the error_dict keys '''
def prettify(field_name):
field_name = re.sub('(?<!\w)[Uu]rl(?!\w)', 'URL',
field_name.replace('_', ' ').capitalize())
return _(field_name.replace('_', ' '))
summary = {}
for key, error in error_dict.iteritems():
if key == 'resources':
summary[_('Resources')] = _('Package resource(s) invalid')
elif key == 'extras':
summary[_('Extras')] = _('Missing Value')
elif key == 'extras_validation':
summary[_('Extras')] = error[0]
elif key == 'tags':
summary[_('Tags')] = error[0]
else:
summary[_(prettify(key))] = error[0]
return summary
if self._error_summary:
return self._error_summary
return summarise(self.error_dict)
def __str__(self):
err_msgs = (super(ValidationError, self).__str__(),
self.error_summary)
return ' - '.join([str(err_msg) for err_msg in err_msgs if err_msg])
log = logging.getLogger(__name__)
def parse_params(params, ignore_keys=None):
'''Takes a dict and returns it with some values standardised.
This is done on a dict before calling tuplize_dict on it.
'''
parsed = {}
for key in params:
if ignore_keys and key in ignore_keys:
continue
value = params.getall(key)
# Blank values become ''
if not value:
value = ''
# A list with only one item is stripped of being a list
if len(value) == 1:
value = value[0]
parsed[key] = value
return parsed
def clean_dict(data_dict):
'''Takes a dict and if any of the values are lists of dicts,
the empty dicts are stripped from the lists (recursive).
e.g.
>>> clean_dict(
{'name': u'testgrp4',
'title': u'',
'description': u'',
'packages': [{'name': u'testpkg'}, {'name': u'testpkg'}],
'extras': [{'key': u'packages', 'value': u'["testpkg"]'},
{'key': u'', 'value': u''},
{'key': u'', 'value': u''}],
'state': u'active'}
{'name': u'testgrp4',
'title': u'',
'description': u'',
'packages': [{'name': u'testpkg'}, {'name': u'testpkg'}],
'extras': [{'key': u'packages', 'value': u'["testpkg"]'}],
'state': u'active'}
'''
for key, value in data_dict.items():
if not isinstance(value, list):
continue
for inner_dict in value[:]:
if isinstance(inner_dict, basestring):
break
if not any(inner_dict.values()):
value.remove(inner_dict)
else:
clean_dict(inner_dict)
return data_dict
def tuplize_dict(data_dict):
'''Takes a dict with keys of the form 'table__0__key' and converts them
to a tuple like ('table', 0, 'key').
Dict should be put through parse_dict before this function, to have
values standardized.
May raise a DataError if the format of the key is incorrect.
'''
tuplized_dict = {}
for key, value in data_dict.iteritems():
key_list = key.split('__')
for num, key in enumerate(key_list):
if num % 2 == 1:
try:
key_list[num] = int(key)
except ValueError:
raise DataError('Bad key')
tuplized_dict[tuple(key_list)] = value
return tuplized_dict
def untuplize_dict(tuplized_dict):
data_dict = {}
for key, value in tuplized_dict.iteritems():
new_key = '__'.join([str(item) for item in key])
data_dict[new_key] = value
return data_dict
def flatten_to_string_key(dict):
flattented = flatten_dict(dict)
return untuplize_dict(flattented)
def check_access(action, context, data_dict=None):
user = context.get('user')
log.debug('check access - user %r, action %s' % (user, action))
if action:
#if action != model.Action.READ and user in
# (model.PSEUDO_USER__VISITOR, ''):
# # TODO Check the API key is valid at some point too!
# log.debug('Valid API key needed to make changes')
# raise NotAuthorized
logic_authorization = is_authorized(action, context, data_dict)
if not logic_authorization['success']:
msg = logic_authorization.get('msg', '')
raise NotAuthorized(msg)
elif not user:
msg = _('No valid API key provided.')
log.debug(msg)
raise NotAuthorized(msg)
log.debug('Access OK.')
return True
def check_access_old(entity, action, context):
user = context.get('user')
if context.get('ignore_auth'):
return True
log.debug('check access - user %r, action %s' % (user, action))
if action and entity and not isinstance(entity, model.PackageRelationship):
if action != model.Action.READ and user == '':
log.debug('Valid API key needed to make changes')
return False
#raise NotAuthorized
am_authz = ckan.authz.Authorizer().is_authorized(user, action, entity)
if not am_authz:
log.debug('User is not authorized to %s %s' % (action, entity))
return False
#raise NotAuthorized
elif not user:
log.debug('No valid API key provided.')
return False
#raise NotAuthorized
log.debug('Access OK.')
return True
_actions = {}
def get_action(action):
if _actions:
if not action in _actions:
raise KeyError("Action '%s' not found" % action)
return _actions.get(action)
# Otherwise look in all the plugins to resolve all possible
# First get the default ones in the ckan/logic/action directory
# Rather than writing them out in full will use __import__
# to load anything from ckan.logic.action that looks like it might
# be an action
for action_module_name in ['get', 'create', 'update', 'delete']:
module_path = 'ckan.logic.action.' + action_module_name
module = __import__(module_path)
for part in module_path.split('.')[1:]:
module = getattr(module, part)
for k, v in module.__dict__.items():
if not k.startswith('_'):
# Only load functions from the action module.
if isinstance(v, types.FunctionType):
_actions[k] = v
# Whitelist all actions defined in logic/action/get.py as
# being side-effect free.
v.side_effect_free = getattr(v, 'side_effect_free', True)\
and action_module_name == 'get'
# Then overwrite them with any specific ones in the plugins:
resolved_action_plugins = {}
fetched_actions = {}
for plugin in PluginImplementations(IActions):
for name, auth_function in plugin.get_actions().items():
if name in resolved_action_plugins:
raise Exception(
'The action %r is already implemented in %r' % (
name,
resolved_action_plugins[name]
)
)
log.debug('Auth function %r was inserted', plugin.name)
resolved_action_plugins[name] = plugin.name
fetched_actions[name] = auth_function
# Use the updated ones in preference to the originals.
_actions.update(fetched_actions)
# wrap the functions
for action_name, _action in _actions.items():
def make_wrapped(_action, action_name):
def wrapped(context, data_dict=None):
context.setdefault('model', model)
context.setdefault('session', model.Session)
context.setdefault('user', c.user or c.author)
return _action(context, data_dict)
return wrapped
_actions[action_name] = make_wrapped(_action, action_name)
return _actions.get(action)
def get_or_bust(data_dict, keys):
'''Try and get values from dictionary and if they are not there
raise a validation error.
data_dict: a dictionary
keys: either a single string key in which case will return a single value,
or a iterable which will return a tuple for unpacking purposes.
e.g single_value = get_or_bust(data_dict, 'a_key')
value_1, value_2 = get_or_bust(data_dict, ['key1', 'key2'])
'''
values = []
errors = {}
if isinstance(keys, basestring):
keys = [keys]
for key in keys:
try:
value = data_dict[key]
values.append(value)
except KeyError:
errors[key] = _('Missing value')
if errors:
raise ValidationError(errors)
if len(values) == 1:
return values[0]
return tuple(values)
def side_effect_free(action):
'''A decorator that marks the given action as side-effect-free.
The consequence of which is that the action becomes available through a
GET request in the action API.
This decorator is for users defining their own actions through the IAction
interface, and they want to expose their action with a GET request as well
as the usual POST request.
'''
@functools.wraps(action)
def wrapper(context, data_dict):
return action(context, data_dict)
wrapper.side_effect_free = True
return wrapper