myems-api/core/privilege.py
import falcon
import mysql.connector
import simplejson as json
from core.useractivity import user_logger, admin_control
import config
class PrivilegeCollection:
def __init__(self):
""""Initializes PrivilegeCollection"""
pass
@staticmethod
def on_options(req, resp):
resp.status = falcon.HTTP_200
@staticmethod
def on_get(req, resp):
admin_control(req)
cnx = mysql.connector.connect(**config.myems_user_db)
cursor = cnx.cursor()
query = (" SELECT id, name, data "
" FROM tbl_privileges "
" ORDER BY id DESC ")
cursor.execute(query)
rows = cursor.fetchall()
cursor.close()
cnx.close()
result = list()
if rows is not None and len(rows) > 0:
for row in rows:
meta_result = {"id": row[0],
"name": row[1],
"data": row[2]}
result.append(meta_result)
resp.text = json.dumps(result)
@staticmethod
@user_logger
def on_post(req, resp):
"""Handles POST requests"""
admin_control(req)
try:
raw_json = req.stream.read().decode('utf-8')
new_values = json.loads(raw_json)
except Exception as ex:
raise falcon.HTTPError(status=falcon.HTTP_400,
title='API.BAD_REQUEST',
description='API.FAILED_TO_READ_REQUEST_STREAM')
if 'name' not in new_values['data'] or \
not isinstance(new_values['data']['name'], str) or \
len(str.strip(new_values['data']['name'])) == 0:
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST',
description='API.INVALID_PRIVILEGE_NAME')
name = str.strip(new_values['data']['name'])
if 'data' not in new_values['data'] or \
not isinstance(new_values['data']['data'], str) or \
len(str.strip(new_values['data']['data'])) == 0:
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST',
description='API.INVALID_PRIVILEGE_DATA')
data = str.strip(new_values['data']['data'])
cnx = mysql.connector.connect(**config.myems_user_db)
cursor = cnx.cursor()
cursor.execute(" SELECT name "
" FROM tbl_privileges "
" WHERE name = %s ", (name,))
if cursor.fetchone() is not None:
cursor.close()
cnx.close()
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST',
description='API.PRIVILEGE_NAME_IS_ALREADY_IN_USE')
add_row = (" INSERT INTO tbl_privileges "
" (name, data) "
" VALUES (%s, %s) ")
cursor.execute(add_row, (name, data, ))
new_id = cursor.lastrowid
cnx.commit()
cursor.close()
cnx.close()
resp.status = falcon.HTTP_201
resp.location = '/privileges/' + str(new_id)
class PrivilegeItem:
def __init__(self):
""""Initializes PrivilegeItem"""
pass
@staticmethod
def on_options(req, resp, id_):
resp.status = falcon.HTTP_200
@staticmethod
@user_logger
def on_delete(req, resp, id_):
admin_control(req)
if not id_.isdigit() or int(id_) <= 0:
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST',
description='API.INVALID_PRIVILEGE_ID')
cnx = mysql.connector.connect(**config.myems_user_db)
cursor = cnx.cursor()
# check relation with users
cursor.execute(" SELECT id "
" FROM tbl_users "
" WHERE privilege_id = %s ", (id_,))
rows_users = cursor.fetchall()
if rows_users is not None and len(rows_users) > 0:
cursor.close()
cnx.close()
raise falcon.HTTPError(status=falcon.HTTP_400,
title='API.BAD_REQUEST',
description='API.THERE_IS_RELATION_WITH_USERS')
cursor.execute(" SELECT name "
" FROM tbl_privileges "
" WHERE id = %s ", (id_,))
if cursor.fetchone() is None:
cursor.close()
cnx.close()
raise falcon.HTTPError(status=falcon.HTTP_404, title='API.NOT_FOUND',
description='API.PRIVILEGE_NOT_FOUND')
# TODO: delete associated objects
cursor.execute(" DELETE FROM tbl_privileges WHERE id = %s ", (id_,))
cnx.commit()
cursor.close()
cnx.close()
resp.status = falcon.HTTP_204
@staticmethod
@user_logger
def on_put(req, resp, id_):
"""Handles PUT requests"""
admin_control(req)
try:
raw_json = req.stream.read().decode('utf-8')
new_values = json.loads(raw_json)
except Exception as ex:
raise falcon.HTTPError(status=falcon.HTTP_400,
title='API.BAD_REQUEST',
description='API.FAILED_TO_READ_REQUEST_STREAM')
if not id_.isdigit() or int(id_) <= 0:
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST',
description='API.INVALID_PRIVILEGE_ID')
if 'name' not in new_values['data'] or \
not isinstance(new_values['data']['name'], str) or \
len(str.strip(new_values['data']['name'])) == 0:
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST',
description='API.INVALID_PRIVILEGE_NAME')
name = str.strip(new_values['data']['name'])
if 'data' not in new_values['data'] or \
not isinstance(new_values['data']['data'], str) or \
len(str.strip(new_values['data']['data'])) == 0:
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST',
description='API.INVALID_PRIVILEGE_DATA')
data = str.strip(new_values['data']['data'])
cnx = mysql.connector.connect(**config.myems_user_db)
cursor = cnx.cursor()
cursor.execute(" SELECT name "
" FROM tbl_privileges "
" WHERE id = %s ", (id_,))
if cursor.fetchone() is None:
cursor.close()
cnx.close()
raise falcon.HTTPError(status=falcon.HTTP_404, title='API.NOT_FOUND',
description='API.PRIVILEGE_NOT_FOUND')
cursor.execute(" SELECT name "
" FROM tbl_privileges "
" WHERE name = %s AND id != %s ", (name, id_))
if cursor.fetchone() is not None:
cursor.close()
cnx.close()
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST',
description='API.PRIVILEGE_NAME_IS_ALREADY_IN_USE')
update_row = (" UPDATE tbl_privileges "
" SET name = %s, data = %s "
" WHERE id = %s ")
cursor.execute(update_row, (name, data, id_,))
cnx.commit()
cursor.close()
cnx.close()
resp.status = falcon.HTTP_200