anoopmb
/
frappe
1
0
포크 0
코드 이슈 0 풀 리퀘스트 0 릴리즈 0 위키 활동
25개 이상의 토픽을 선택하실 수 없습니다. Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
14761 커밋
1 브렌치
314 MiB
 
 
 
 
 
 
트리: 3c59f8f422
브랜치 태그
${ item.name }
${ searchTerm } 브랜치 생성
from '3c59f8f422'
${ noResults }
frappe/frappe/api.py

152 lines
4.5 KiB
Raw Blame 히스토리 

  1. # Copyright (c) 2015, Frappe Technologies Pvt. Ltd. and Contributors

  2. # MIT License. See license.txt

  3. from __future__ import unicode_literals

  4. 

  5. import json

  6. import frappe

  7. import frappe.handler

  8. import frappe.client

  9. from frappe.utils.response import build_response

  10. from frappe import _

  11. from six.moves.urllib.parse import urlparse, urlencode

  12. 

  13. def handle():

  14. 	"""

  15. 	Handler for `/api` methods

  16. 

  17. 	### Examples:

  18. 

  19. 	`/api/method/{methodname}` will call a whitelisted method

  20. 

  21. 	`/api/resource/{doctype}` will query a table

  22. 		examples:

  23. 		- `?fields=["name", "owner"]`

  24. 		- `?filters=[["Task", "name", "like", "%005"]]`

  25. 		- `?limit_start=0`

  26. 		- `?limit_page_length=20`

  27. 

  28. 	`/api/resource/{doctype}/{name}` will point to a resource

  29. 		`GET` will return doclist

  30. 		`POST` will insert

  31. 		`PUT` will update

  32. 		`DELETE` will delete

  33. 

  34. 	`/api/resource/{doctype}/{name}?run_method={method}` will run a whitelisted controller method

  35. 	"""

  36. 

  37. 	validate_oauth()

  38. 

  39. 	parts = frappe.request.path[1:].split("/",3)

  40. 	call = doctype = name = None

  41. 

  42. 	if len(parts) > 1:

  43. 		call = parts[1]

  44. 

  45. 	if len(parts) > 2:

  46. 		doctype = parts[2]

  47. 

  48. 	if len(parts) > 3:

  49. 		name = parts[3]

  50. 

  51. 	if call=="method":

  52. 		frappe.local.form_dict.cmd = doctype

  53. 		return frappe.handler.handle()

  54. 

  55. 	elif call=="resource":

  56. 		if "run_method" in frappe.local.form_dict:

  57. 			method = frappe.local.form_dict.pop("run_method")

  58. 			doc = frappe.get_doc(doctype, name)

  59. 			doc.is_whitelisted(method)

  60. 

  61. 			if frappe.local.request.method=="GET":

  62. 				if not doc.has_permission("read"):

  63. 					frappe.throw(_("Not permitted"), frappe.PermissionError)

  64. 				frappe.local.response.update({"data": doc.run_method(method, **frappe.local.form_dict)})

  65. 

  66. 			if frappe.local.request.method=="POST":

  67. 				if not doc.has_permission("write"):

  68. 					frappe.throw(_("Not permitted"), frappe.PermissionError)

  69. 

  70. 				frappe.local.response.update({"data": doc.run_method(method, **frappe.local.form_dict)})

  71. 				frappe.db.commit()

  72. 

  73. 		else:

  74. 			if name:

  75. 				if frappe.local.request.method=="GET":

  76. 					doc = frappe.get_doc(doctype, name)

  77. 					if not doc.has_permission("read"):

  78. 						raise frappe.PermissionError

  79. 					frappe.local.response.update({"data": doc})

  80. 

  81. 				if frappe.local.request.method=="PUT":

  82. 					data = json.loads(frappe.local.form_dict.data)

  83. 					doc = frappe.get_doc(doctype, name)

  84. 

  85. 					if "flags" in data:

  86. 						del data["flags"]

  87. 

  88. 					# Not checking permissions here because it's checked in doc.save

  89. 					doc.update(data)

  90. 

  91. 					frappe.local.response.update({

  92. 						"data": doc.save().as_dict()

  93. 					})

  94. 					frappe.db.commit()

  95. 

  96. 				if frappe.local.request.method=="DELETE":

  97. 					# Not checking permissions here because it's checked in delete_doc

  98. 					frappe.delete_doc(doctype, name, ignore_missing=False)

  99. 					frappe.local.response.http_status_code = 202

  100. 					frappe.local.response.message = "ok"

  101. 					frappe.db.commit()

  102. 

  103. 

  104. 			elif doctype:

  105. 				if frappe.local.request.method=="GET":

  106. 					if frappe.local.form_dict.get('fields'):

  107. 						frappe.local.form_dict['fields'] = json.loads(frappe.local.form_dict['fields'])

  108. 					frappe.local.form_dict.setdefault('limit_page_length', 20)

  109. 					frappe.local.response.update({

  110. 						"data":  frappe.call(frappe.client.get_list,

  111. 							doctype, **frappe.local.form_dict)})

  112. 

  113. 				if frappe.local.request.method=="POST":

  114. 					data = json.loads(frappe.local.form_dict.data)

  115. 					data.update({

  116. 						"doctype": doctype

  117. 					})

  118. 					frappe.local.response.update({

  119. 						"data": frappe.get_doc(data).insert().as_dict()

  120. 					})

  121. 					frappe.db.commit()

  122. 			else:

  123. 				raise frappe.DoesNotExistError

  124. 

  125. 	else:

  126. 		raise frappe.DoesNotExistError

  127. 

  128. 	return build_response("json")

  129. 

  130. def validate_oauth():

  131. 	from frappe.oauth import get_url_delimiter

  132. 	form_dict = frappe.local.form_dict

  133. 	authorization_header = frappe.get_request_header("Authorization").split(" ") if frappe.get_request_header("Authorization") else None

  134. 	if authorization_header and authorization_header[0].lower() == "bearer":

  135. 		from frappe.integrations.oauth2 import get_oauth_server

  136. 		token = authorization_header[1]

  137. 		r = frappe.request

  138. 		parsed_url = urlparse(r.url)

  139. 		access_token = { "access_token": token}

  140. 		uri = parsed_url.scheme + "://" + parsed_url.netloc + parsed_url.path + "?" + urlencode(access_token)

  141. 		http_method = r.method

  142. 		body = r.get_data()

  143. 		headers = r.headers

  144. 

  145. 		required_scopes = frappe.db.get_value("OAuth Bearer Token", token, "scopes").split(get_url_delimiter())

  146. 

  147. 		valid, oauthlib_request = get_oauth_server().verify_request(uri, http_method, body, headers, required_scopes)

  148. 

  149. 		if valid:

  150. 			frappe.set_user(frappe.db.get_value("OAuth Bearer Token", token, "user"))

  151. 			frappe.local.form_dict = form_dict