Cleanup, fixed a bug with delete action

Change the returned type of every action from JSON to list/object

committer: Ralf Schlatterbeck <[email protected]>

Author: kinggreedy

roundup/cgi/client.py

@@ -488,10 +488,6 @@ def handle_xmlrpc(self):
         self.write(output)
 
     def handle_rest(self):
-        # Pull the parameters data out of the form.  The "value" attribute
-        # will be the raw content of the request.
-        input = self.form.value
-
         # Set the charset and language
         self.determine_charset()
         self.determine_language()
@@ -502,7 +498,8 @@ def handle_rest(self):
 
         # Call rest library to handle the request
         handler = rest.RestfulInstance(self.db)
-        output = handler.dispatch(self.env['REQUEST_METHOD'], self.path, input)
+        output = handler.dispatch(self.env['REQUEST_METHOD'], self.path,
+                                  self.form)
 
         # self.setHeader("Content-Type", "text/xml")
         self.setHeader("Content-Length", str(len(output)))

roundup/rest.py

@@ -8,7 +8,7 @@
 import json
 import pprint
 from roundup import hyperdb
-from roundup.cgi.templating import Unauthorised
+from roundup.exceptions import *
 from roundup import xmlrpc
 
 
@@ -21,28 +21,32 @@ def __init__(self, db):
         self.db = db
 
     def get_collection(self, class_name, input):
+        if not self.db.security.hasPermission('View', self.db.getuid(),
+                                              class_name):
+            raise Unauthorised('Permission to view %s denied' % class_name)
         class_obj = self.db.getclass(class_name)
         prop_name = class_obj.labelprop()
         result = [{'id': item_id, 'name': class_obj.get(item_id, prop_name)}
                   for item_id in class_obj.list()
                   if self.db.security.hasPermission('View', self.db.getuid(),
-                                                    class_name, None, item_id)
-                  ]
-        result = json.JSONEncoder().encode(result)
-
+                                                    class_name,
+                                                    itemid=item_id)]
         return result
 
     def get_element(self, class_name, item_id, input):
+        if not self.db.security.hasPermission('View', self.db.getuid(),
+                                              class_name, itemid=item_id):
+            raise Unauthorised('Permission to view %s item %d denied' %
+                               (class_name, item_id))
         class_obj = self.db.getclass(class_name)
         props = class_obj.properties.keys()
         props.sort()  # sort properties
         result = [(prop_name, class_obj.get(item_id, prop_name))
                   for prop_name in props
                   if self.db.security.hasPermission('View', self.db.getuid(),
                                                     class_name, prop_name,
-                                                    item_id)
-                  ]
-        result = json.JSONEncoder().encode(dict(result))
+                                                    item_id)]
+        result = dict(result)
 
         return result
 
@@ -54,12 +58,13 @@ def post_collection(self, class_name, input):
         class_obj = self.db.getclass(class_name)
 
         # convert types
-        props = xmlrpc.props_from_args(self.db, class_obj, input)
+        input_data = ["%s=%s" % (item.name, item.value) for item in input.value]
+        props = xmlrpc.props_from_args(self.db, class_obj, input_data)
 
         # check for the key property
         key = class_obj.getkey()
         if key and key not in props:
-            raise xmlrpc.UsageError, 'Must provide the "%s" property.' % key
+            raise UsageError('Must provide the "%s" property.' % key)
 
         for key in props:
             if not self.db.security.hasPermission('Create', self.db.getuid(),
@@ -69,10 +74,12 @@ def post_collection(self, class_name, input):
 
         # do the actual create
         try:
-            result = class_obj.create(**props)
+            item_id = class_obj.create(**props)
             self.db.commit()
         except (TypeError, IndexError, ValueError), message:
-            raise xmlrpc.UsageError, message
+            raise UsageError(message)
+
+        result = {id: item_id}
         return result
 
     def post_element(self, class_name, item_id, input):
@@ -89,13 +96,15 @@ def delete_collection(self, class_name, input):
         raise NotImplementedError
 
     def delete_element(self, class_name, item_id, input):
-        # TODO: BUG with DELETE without form data. Working with random data
-        #       crash at line self.form = cgi.FieldStorage(fp=request.rfile, environ=env)
-        try:
-            self.db.destroynode(class_name, item_id)
-            result = 'OK'
-        except IndexError:
-            result = 'Error'
+        if not self.db.security.hasPermission('Delete', self.db.getuid(),
+                                              class_name, itemid=item_id):
+            raise Unauthorised('Permission to delete %s %s denied' %
+                               (class_name, item_id))
+        if item_id != input['id'].value:
+            raise UsageError('Must provide id key as confirmation')
+        self.db.destroynode(class_name, item_id)
+        self.db.commit()
+        result = {"status": "ok"}
 
         return result
 
@@ -106,33 +115,26 @@ def patch_element(self, class_name, item_id, input):
         raise NotImplementedError
 
     def dispatch(self, method, uri, input):
-        print "METHOD: " + method + " URI: " + uri
-        print type(input)
-        pprint.pprint(input)
-        # TODO: process input_form directly instead of making a new array
-        # TODO: rest server
-        # TODO: check roundup/actions.py
-        # TODO: if uri_path has more than 2 child, return 404
-        # TODO: custom JSONEncoder to handle other data type
-        # TODO: catch all error and display error.
-
         # PATH is split to multiple pieces
         # 0 - rest
         # 1 - resource
-
         resource_uri = uri.split("/")[1]
-        input_data = ["%s=%s" % (item.name, item.value) for item in input]
 
+        output = None
         try:
             if resource_uri in self.db.classes:
-                output = getattr(self, "%s_collection" % method.lower())(resource_uri, input_data)
+                output = getattr(self, "%s_collection" % method.lower())(
+                    resource_uri, input)
             else:
                 class_name, item_id = hyperdb.splitDesignator(resource_uri)
-                output = getattr(self, "%s_element" % method.lower())(class_name, item_id, input_data)
+                output = getattr(self, "%s_element" % method.lower())(
+                    class_name, item_id, input)
         except hyperdb.DesignatorError:
-            pass  # invalid URI
+            raise NotImplementedError('Invalid URI')
         except AttributeError:
-            raise NotImplementedError  # Error: method is invalid
+            raise NotImplementedError('Method is invalid')
+        finally:
+            output = json.JSONEncoder().encode(output)
 
         print "Length: %s - Content(50 char): %s" % (len(output), output[:50])
         return output