crits · mgoffin · Apr 24, 2015 · Mar 17, 2015 · Mar 18, 2015 · Mar 19, 2015
diff --git a/crits/actors/api.py b/crits/actors/api.py
@@ -17,7 +17,7 @@ class ActorResource(CRITsAPIResource):
 
     class Meta:
         object_class = Actor
-        allowed_methods = ('get', 'post')
+        allowed_methods = ('get', 'post', 'patch')
         resource_name = "actors"
         authentication = MultiAuthentication(CRITsApiKeyAuthentication(),
                                              CRITsSessionAuthentication())

diff --git a/crits/actors/handlers.py b/crits/actors/handlers.py
@@ -448,26 +448,26 @@ def get_actor_tags_by_type(tag_type):
         tags = [t.name for t in results]
     return tags
 
-def update_actor_tags(actor_id, tag_type, tags, username):
+def update_actor_tags(id_, tag_type, tags, user, **kwargs):
     """
     Update a subset of tags for an Actor.
 
-    :param actor_id: The ObjectId of the Actor to update.
-    :type actor_id: str
+    :param id_: The ObjectId of the Actor to update.
+    :type id_: str
     :param tag_type: The type of tag we are updating.
     :type tag_type: str
     :param tags: The tags we are setting.
     :type tags: list
     :returns: dict
     """
 
-    actor = Actor.objects(id=actor_id).first()
+    actor = Actor.objects(id=id_).first()
     if not actor:
         return {'success': False,
                 'message': 'No actor could be found.'}
     else:
         actor.update_tags(tag_type, tags)
-        actor.save(username=username)
+        actor.save(username=user)
         return {'success': True}
 
 def add_new_actor_identifier(identifier_type, identifier=None, source=None,
@@ -564,34 +564,36 @@ def actor_identifier_type_values(type_=None, username=None):
     return result
 
 def attribute_actor_identifier(id_, identifier_type, identifier=None,
-                               confidence="low", analyst=None):
+                               confidence="low", user=None, **kwargs):
     """
     Attribute an Actor Identifier to an Actor in CRITs.
 
+    :param id_: The Actor ObjectId.
+    :type id_: str
     :param identifier_type: The Actor Identifier Type.
     :type identifier_type: str
     :param identifier: The Actor Identifier.
     :type identifier: str
-    :param analyst: The user attributing this identifier.
-    :type analyst: str
+    :param user: The user attributing this identifier.
+    :type user: str
     :returns: dict with keys:
               "success" (boolean),
               "message" (str),
     """
 
-    sources = user_sources(analyst)
-    admin = is_admin(analyst)
+    sources = user_sources(user)
+    admin = is_admin(user)
     actor = Actor.objects(id=id_,
                           source__name__in=sources).first()
     if not actor:
         return {'success': False,
                 'message': "Could not find actor"}
 
     c = len(actor.identifiers)
-    actor.attribute_identifier(identifier_type, identifier, confidence, analyst)
-    actor.save(username=analyst)
+    actor.attribute_identifier(identifier_type, identifier, confidence, user)
+    actor.save(username=user)
     actor.reload()
-    actor_identifiers = actor.generate_identifiers_list(analyst)
+    actor_identifiers = actor.generate_identifiers_list(user)
 
     if len(actor.identifiers) <= c:
         return {'success': False,
@@ -606,7 +608,7 @@ def attribute_actor_identifier(id_, identifier_type, identifier=None,
             'message': html}
 
 def set_identifier_confidence(id_, identifier=None, confidence="low",
-                              analyst=None):
+                              user=None, **kwargs):
     """
     Set the Identifier attribution confidence.
 
@@ -615,51 +617,51 @@ def set_identifier_confidence(id_, identifier=None, confidence="low",
     :type identifier: str
     :param confidence: The confidence level.
     :type confidence: str
-    :param analyst: The user editing this identifier.
-    :type analyst: str
+    :param user: The user editing this identifier.
+    :type user: str
     :returns: dict with keys:
               "success" (boolean),
               "message" (str),
     """
 
-    sources = user_sources(analyst)
+    sources = user_sources(user)
     actor = Actor.objects(id=id_,
                           source__name__in=sources).first()
     if not actor:
         return {'success': False,
                 'message': "Could not find actor"}
 
     actor.set_identifier_confidence(identifier, confidence)
-    actor.save(username=analyst)
+    actor.save(username=user)
 
     return {'success': True}
 
-def remove_attribution(id_, identifier=None, analyst=None):
+def remove_attribution(id_, identifier=None, user=None, **kwargs):
     """
     Remove an attributed identifier.
 
     :param id_: The ObjectId of the Actor.
     :param identifier: The Actor Identifier ObjectId.
     :type identifier: str
-    :param analyst: The user removing this attribution.
-    :type analyst: str
+    :param user: The user removing this attribution.
+    :type user: str
     :returns: dict with keys:
               "success" (boolean),
               "message" (str),
     """
 
-    sources = user_sources(analyst)
-    admin = is_admin(analyst)
+    sources = user_sources(user)
+    admin = is_admin(user)
     actor = Actor.objects(id=id_,
                           source__name__in=sources).first()
     if not actor:
         return {'success': False,
                 'message': "Could not find actor"}
 
     actor.remove_attribution(identifier)
-    actor.save(username=analyst)
+    actor.save(username=user)
     actor.reload()
-    actor_identifiers = actor.generate_identifiers_list(analyst)
+    actor_identifiers = actor.generate_identifiers_list(user)
 
     html = render_to_string('actor_identifiers_widget.html',
                             {'actor_identifiers': actor_identifiers,
@@ -669,52 +671,52 @@ def remove_attribution(id_, identifier=None, analyst=None):
     return {'success': True,
             'message': html}
 
-def set_actor_name(id_, name, analyst):
+def set_actor_name(id_, name, user, **kwargs):
     """
     Set an Actor name.
 
     :param id_: Actor ObjectId.
     :type id_: str
     :param name: The new name.
     :type name: str
-    :param analyst: The user updating the name.
-    :type analyst: str
+    :param user: The user updating the name.
+    :type user: str
     :returns: dict with keys:
               "success" (boolean),
               "message" (str),
     """
 
-    sources = user_sources(analyst)
+    sources = user_sources(user)
     actor = Actor.objects(id=id_,
                           source__name__in=sources).first()
     if not actor:
         return {'success': False,
                 'message': "Could not find actor"}
 
     actor.name = name.strip()
-    actor.save(username=analyst)
+    actor.save(username=user)
     return {'success': True}
 
-def update_actor_aliases(actor_id, aliases, analyst):
+def update_actor_aliases(id_, aliases, user, **kwargs):
     """
     Update aliases for an Actor.
 
-    :param actor_id: The ObjectId of the Actor to update.
-    :type actor_id: str
+    :param id_: The ObjectId of the Actor to update.
+    :type id_: str
     :param aliases: The aliases we are setting.
     :type aliases: list
-    :param analyst: The user updating the aliases.
-    :type analyst: str
+    :param user: The user updating the aliases.
+    :type user: str
     :returns: dict
     """
 
-    sources = user_sources(analyst)
-    actor = Actor.objects(id=actor_id,
+    sources = user_sources(user)
+    actor = Actor.objects(id=id_,
                           source__name__in=sources).first()
     if not actor:
         return {'success': False,
                 'message': 'No actor could be found.'}
     else:
         actor.update_aliases(aliases)
-        actor.save(username=analyst)
+        actor.save(username=user)
         return {'success': True}
diff --git a/crits/actors/views.py b/crits/actors/views.py
@@ -246,14 +246,14 @@ def actor_tags_modify(request):
 
     if request.method == "POST" and request.is_ajax():
         tag_type = request.POST.get('tag_type', None)
-        actor_id = request.POST.get('oid', None)
+        id_ = request.POST.get('oid', None)
         tags = request.POST.get('tags', None)
-        username = request.user.username
+        user = request.user.username
         if not tag_type:
             return HttpResponse(json.dumps({'success': False,
                                             'message': 'Need a tag type.'}),
                                 mimetype="application/json")
-        result = update_actor_tags(actor_id, tag_type, tags, username)
+        result = update_actor_tags(id_, tag_type, tags, user)
         return HttpResponse(json.dumps(result),
                             mimetype="application/json")
     else:
@@ -339,7 +339,7 @@ def attribute_identifier(request):
     """
 
     if request.method == "POST" and request.is_ajax():
-        username = request.user.username
+        user = request.user.username
         id_ = request.POST.get('id', None)
         identifier_type = request.POST.get('identifier_type', None)
         identifier = request.POST.get('identifier', None)
@@ -352,7 +352,7 @@ def attribute_identifier(request):
                                             identifier_type,
                                             identifier,
                                             confidence,
-                                            username)
+                                            user)
         return HttpResponse(json.dumps(result),
                             mimetype="application/json")
     else:
@@ -372,7 +372,7 @@ def edit_attributed_identifier(request):
     """
 
     if request.method == "POST" and request.is_ajax():
-        username = request.user.username
+        user = request.user.username
         id_ = request.POST.get('id', None)
         identifier = request.POST.get('identifier_id', None)
         confidence = request.POST.get('confidence', 'low')
@@ -383,7 +383,7 @@ def edit_attributed_identifier(request):
         result = set_identifier_confidence(id_,
                                            identifier,
                                            confidence,
-                                           username)
+                                           user)
         return HttpResponse(json.dumps(result),
                             mimetype="application/json")
     else:
@@ -403,7 +403,7 @@ def remove_attributed_identifier(request):
     """
 
     if request.method == "POST" and request.is_ajax():
-        username = request.user.username
+        user = request.user.username
         id_ = request.POST.get('object_type', None)
         identifier = request.POST.get('key', None)
         if not identifier:
@@ -412,7 +412,7 @@ def remove_attributed_identifier(request):
                                 mimetype="application/json")
         result = remove_attribution(id_,
                                     identifier,
-                                    username)
+                                    user)
         return HttpResponse(json.dumps(result),
                             mimetype="application/json")
     else:
@@ -434,15 +434,15 @@ def edit_actor_name(request, id_):
     """
 
     if request.method == "POST" and request.is_ajax():
-        username = request.user.username
+        user = request.user.username
         name = request.POST.get('name', None)
         if not name:
             return HttpResponse(json.dumps({'success': False,
                                             'message': 'Not all info provided.'}),
                                 mimetype="application/json")
         result = set_actor_name(id_,
                                 name,
-                                username)
+                                user)
         return HttpResponse(json.dumps(result),
                             mimetype="application/json")
     else:
@@ -463,9 +463,9 @@ def edit_actor_aliases(request):
 
     if request.method == "POST" and request.is_ajax():
         aliases = request.POST.get('aliases', None)
-        actor_id = request.POST.get('oid', None)
-        username = request.user.username
-        result = update_actor_aliases(actor_id, aliases, username)
+        id_ = request.POST.get('oid', None)
+        user = request.user.username
+        result = update_actor_aliases(id_, aliases, user)
         return HttpResponse(json.dumps(result),
                             mimetype="application/json")
     else:

diff --git a/crits/campaigns/api.py b/crits/campaigns/api.py
@@ -1,7 +1,6 @@
 from django.core.urlresolvers import reverse
 from tastypie import authorization
 from tastypie.authentication import MultiAuthentication
-from tastypie.exceptions import BadRequest
 
 from crits.campaigns.campaign import Campaign
 from crits.campaigns.handlers import add_campaign
@@ -18,7 +17,7 @@ class CampaignResource(CRITsAPIResource):
 
     class Meta:
         object_class = Campaign
-        allowed_methods = ('get', 'post')
+        allowed_methods = ('get', 'post', 'patch')
         resource_name = "campaigns"
         authentication = MultiAuthentication(CRITsApiKeyAuthentication(),
                                              CRITsSessionAuthentication())

diff --git a/crits/certificates/api.py b/crits/certificates/api.py
@@ -1,7 +1,6 @@
 from django.core.urlresolvers import reverse
 from tastypie import authorization
 from tastypie.authentication import MultiAuthentication
-from tastypie.exceptions import BadRequest
 
 from crits.certificates.certificate import Certificate
 from crits.certificates.handlers import handle_cert_file
@@ -18,7 +17,7 @@ class CertificateResource(CRITsAPIResource):
 
     class Meta:
         object_class = Certificate
-        allowed_methods = ('get', 'post')
+        allowed_methods = ('get', 'post', 'patch')
         resource_name = "certificates"
         authentication = MultiAuthentication(CRITsApiKeyAuthentication(),
                                              CRITsSessionAuthentication())