anoopmb
/
frappe
1
0
Fork 0
Código Incidencias 0 Pull Requests 0 Lanzamientos 0 Wiki Actividad
No puede seleccionar más de 25 temas Los temas deben comenzar con una letra o número, pueden incluir guiones ('-') y pueden tener hasta 35 caracteres de largo.
13128 Commits
1 Rama
314 MiB
 
 
 
 
 
 
Árbol: d56fbaba41
Ramas Etiquetas
${ item.name }
Crear rama ${ searchTerm }
desde 'd56fbaba41'
${ noResults }
frappe/frappe/api.py

153 líneas
4.5 KiB
Original Blame Histórico 

  1. # Copyright (c) 2015, Frappe Technologies Pvt. Ltd. and Contributors

  2. # MIT License. See license.txt

  3. from __future__ import unicode_literals

  4. 

  5. import json

  6. import frappe

  7. import frappe.handler

  8. import frappe.client

  9. from frappe.utils.response import build_response

  10. from frappe import _

  11. from urlparse import urlparse

  12. from urllib import urlencode

  13. 

  14. def handle():

  15. 	"""

  16. 	Handler for `/api` methods

  17. 

  18. 	### Examples:

  19. 

  20. 	`/api/method/{methodname}` will call a whitelisted method

  21. 

  22. 	`/api/resource/{doctype}` will query a table

  23. 		examples:

  24. 		- `?fields=["name", "owner"]`

  25. 		- `?filters=[["Task", "name", "like", "%005"]]`

  26. 		- `?limit_start=0`

  27. 		- `?limit_page_length=20`

  28. 

  29. 	`/api/resource/{doctype}/{name}` will point to a resource

  30. 		`GET` will return doclist

  31. 		`POST` will insert

  32. 		`PUT` will update

  33. 		`DELETE` will delete

  34. 

  35. 	`/api/resource/{doctype}/{name}?run_method={method}` will run a whitelisted controller method

  36. 	"""

  37. 

  38. 	validate_oauth()

  39. 

  40. 	parts = frappe.request.path[1:].split("/",3)

  41. 	call = doctype = name = None

  42. 

  43. 	if len(parts) > 1:

  44. 		call = parts[1]

  45. 

  46. 	if len(parts) > 2:

  47. 		doctype = parts[2]

  48. 

  49. 	if len(parts) > 3:

  50. 		name = parts[3]

  51. 

  52. 	if call=="method":

  53. 		frappe.local.form_dict.cmd = doctype

  54. 		return frappe.handler.handle()

  55. 

  56. 	elif call=="resource":

  57. 		if "run_method" in frappe.local.form_dict:

  58. 			method = frappe.local.form_dict.pop("run_method")

  59. 			doc = frappe.get_doc(doctype, name)

  60. 			doc.is_whitelisted(method)

  61. 

  62. 			if frappe.local.request.method=="GET":

  63. 				if not doc.has_permission("read"):

  64. 					frappe.throw(_("Not permitted"), frappe.PermissionError)

  65. 				frappe.local.response.update({"data": doc.run_method(method, **frappe.local.form_dict)})

  66. 

  67. 			if frappe.local.request.method=="POST":

  68. 				if not doc.has_permission("write"):

  69. 					frappe.throw(_("Not permitted"), frappe.PermissionError)

  70. 

  71. 				frappe.local.response.update({"data": doc.run_method(method, **frappe.local.form_dict)})

  72. 				frappe.db.commit()

  73. 

  74. 		else:

  75. 			if name:

  76. 				if frappe.local.request.method=="GET":

  77. 					doc = frappe.get_doc(doctype, name)

  78. 					if not doc.has_permission("read"):

  79. 						raise frappe.PermissionError

  80. 					frappe.local.response.update({"data": doc})

  81. 

  82. 				if frappe.local.request.method=="PUT":

  83. 					data = json.loads(frappe.local.form_dict.data)

  84. 					doc = frappe.get_doc(doctype, name)

  85. 

  86. 					if "flags" in data:

  87. 						del data["flags"]

  88. 

  89. 					# Not checking permissions here because it's checked in doc.save

  90. 					doc.update(data)

  91. 

  92. 					frappe.local.response.update({

  93. 						"data": doc.save().as_dict()

  94. 					})

  95. 					frappe.db.commit()

  96. 

  97. 				if frappe.local.request.method=="DELETE":

  98. 					# Not checking permissions here because it's checked in delete_doc

  99. 					frappe.delete_doc(doctype, name)

  100. 					frappe.local.response.http_status_code = 202

  101. 					frappe.local.response.message = "ok"

  102. 					frappe.db.commit()

  103. 

  104. 

  105. 			elif doctype:

  106. 				if frappe.local.request.method=="GET":

  107. 					if frappe.local.form_dict.get('fields'):

  108. 						frappe.local.form_dict['fields'] = json.loads(frappe.local.form_dict['fields'])

  109. 					frappe.local.form_dict.setdefault('limit_page_length', 20)

  110. 					frappe.local.response.update({

  111. 						"data":  frappe.call(frappe.client.get_list,

  112. 							doctype, **frappe.local.form_dict)})

  113. 

  114. 				if frappe.local.request.method=="POST":

  115. 					data = json.loads(frappe.local.form_dict.data)

  116. 					data.update({

  117. 						"doctype": doctype

  118. 					})

  119. 					frappe.local.response.update({

  120. 						"data": frappe.get_doc(data).insert().as_dict()

  121. 					})

  122. 					frappe.db.commit()

  123. 			else:

  124. 				raise frappe.DoesNotExistError

  125. 

  126. 	else:

  127. 		raise frappe.DoesNotExistError

  128. 

  129. 	return build_response("json")

  130. 

  131. def validate_oauth():

  132. 	from frappe.oauth import get_url_delimiter

  133. 	form_dict = frappe.local.form_dict

  134. 	authorization_header = frappe.get_request_header("Authorization").split(" ") if frappe.get_request_header("Authorization") else None

  135. 	if authorization_header and authorization_header[0].lower() == "bearer":

  136. 		from frappe.integrations.oauth2 import get_oauth_server

  137. 		token = authorization_header[1]

  138. 		r = frappe.request

  139. 		parsed_url = urlparse(r.url)

  140. 		access_token = { "access_token": token}

  141. 		uri = parsed_url.scheme + "://" + parsed_url.netloc + parsed_url.path + "?" + urlencode(access_token)

  142. 		http_method = r.method

  143. 		body = r.get_data()

  144. 		headers = r.headers

  145. 

  146. 		required_scopes = frappe.db.get_value("OAuth Bearer Token", token, "scopes").split(get_url_delimiter())

  147. 

  148. 		valid, oauthlib_request = get_oauth_server().verify_request(uri, http_method, body, headers, required_scopes)

  149. 

  150. 		if valid:

  151. 			frappe.set_user(frappe.db.get_value("OAuth Bearer Token", token, "user"))

  152. 			frappe.local.form_dict = form_dict