Source code for assembl.views.api

"""The classical API for IdeaLoom.

This is a RESTful API based on `cornice <https://cornice.readthedocs.io/en/latest/>`.
It should remain somewhat stable, and allows optimization of complex queries.
"""
import os
import simplejson
from cornice.renderer import CorniceRenderer

FIXTURE_DIR = os.path.join(
    os.path.dirname(__file__), '..', '..', 'static', 'js', 'tests', 'fixtures')
API_PREFIX = '/api/v1/'
API_DISCUSSION_PREFIX = API_PREFIX + 'discussion/{discussion_id:\d+}'
API_ETALAB_DISCUSSIONS_PREFIX = '/instances'


def instance_check_permission_id(request, permission, cls, id, **kwargs):
    assert id, "No id in instance request"
    instance = cls.get_instance(id)
    if not instance:
        request.errors.add('querystring', 'id', 'No such object exists')
        request.errors.status = 404
        return False
    if permission in request.base_permissions:
        return True
    if permission not in instance.local_permissions_req(request):
        request.errors.add("querystring", 'permissions', "Lacking permission "+permission)
        request.errors.status = 403
        return False
    return True


def instance_check_permission(request, permission, cls, **kwargs):
    return instance_check_permission_id(
        request, permission, cls, request.matchdict['id'])


def instance_check_op(request, op, cls, **kwargs):
    id = request.matchdict['id']
    assert id, "No id in instance request"
    instance = cls.get_instance(id)
    if not instance:
        request.errors.add('querystring', 'id', 'No such object exists')
        request.errors.status = 404
        return False
    if not instance.user_can_req(op, request):
        request.errors.add("querystring", 'permissions', f"Not authorized {op}")
        request.errors.status = 403
        return False
    return True


[docs]class SimpleJSONRenderer(CorniceRenderer): def __init__(self, **kwargs): kwargs["serializer"] = simplejson.dumps
[docs]def includeme(config): """ Initialize views and renderers at app start-up time. """ config.add_route('csrf_token', 'api/v1/token') config.add_route('check_password_token', 'api/v1/check_password_token/{token}') config.add_route('mime_type', 'api/v1/mime_type') config.add_route('oembed', 'api/v1/oembed') config.add_route('saml_metadata', 'api/v1/saml_metadata') config.add_renderer(None, SimpleJSONRenderer())