Merge pull request #26 from somul-project/kujyp/protected-fields/180409

Separate protected fields (#10)
somul-project · Apr 11, 2018 · 5616cf2 · 5616cf2
2 parents 3ada39b + fa2f814
commit 5616cf2
Show file tree

Hide file tree

Showing 4 changed files with 118 additions and 74 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -24,7 +24,7 @@ jobs:
  name: run lint
  command: |
  . venv/bin/activate
- flake8 --exclude venv
+ flake8 --exclude venv,migrations
 
 workflows:
  version: 2

diff --git a/app/utils/errors.py b/app/utils/errors.py
@@ -11,3 +11,7 @@ class DataNotFoundError(HTTPException):
 
 class DuplicatedDataError(HTTPException):
  code = 400
+
+
+class WrongSecretkeyError(HTTPException):
+ code = 400
diff --git a/app/v1/controllers/__init__.py b/app/v1/controllers/__init__.py
@@ -1,5 +1,10 @@
+from hashlib import sha256
+
+from flask_restful import reqparse
+
+from app.config import Config
 from app.database import db
-from app.utils.errors import DataNotFoundError
+from app.utils.errors import DataNotFoundError, WrongSecretkeyError
 
 
 def get_or_404(model_clazz, pk):
@@ -9,3 +14,28 @@ def get_or_404(model_clazz, pk):
  "{} {} Not found".format(model_clazz.__name__, pk))
 
  return instance
+
+
+secretkey_reqparser = reqparse.RequestParser()
+secretkey_reqparser.add_argument('secretkey', type=str,
+ location='headers')
+
+
+def digest_from_plainstr(key):
+ encoded = key.encode('utf-8')
+
+ return sha256(encoded).digest()
+
+
+def get_is_admin():
+ args = secretkey_reqparser.parse_args()
+ if args.secretkey is None:
+ return False
+
+ disgested = digest_from_plainstr(args.secretkey)
+ stored_digested = digest_from_plainstr(Config.secret_key)
+
+ if disgested == stored_digested:
+ return True
+ else:
+ raise WrongSecretkeyError("Secretkey is incorrect.")
diff --git a/app/v1/controllers/libraries.py b/app/v1/controllers/libraries.py
@@ -1,12 +1,12 @@
 from flask import Blueprint
 from flask_restful import (Resource, reqparse, fields,
- marshal_with, Api)
+ marshal_with, Api, marshal)
 from sqlalchemy.exc import IntegrityError
 
 from app.database import db
 from app.database.models import Library
 from app.utils.errors import DuplicatedDataError
-from app.v1.controllers import get_or_404
+from app.v1.controllers import get_or_404, get_is_admin
 
 library_fields = {
  '_id': fields.Integer,
@@ -15,9 +15,6 @@
  'location_number': fields.String,
  'location_detail': fields.String,
 
- 'manager_name': fields.String,
- 'manager_email': fields.String,
- 'manager_phone': fields.String,
  'audiences': fields.String,
 
  'fac_beam_screen': fields.Boolean,
@@ -30,82 +27,92 @@
  'req_speaker': fields.String,
 }
 
-libraryReqparse = reqparse.RequestParser()
-libraryReqparse.add_argument('name', type=str, trim=True,
- location=['form', 'json'],
- required=True, nullable=False,
- help='No library name provided')
-libraryReqparse.add_argument('location_road', type=str, trim=True,
- location=['form', 'json'],
- required=True, nullable=False,
- help='No library location_road provided')
-libraryReqparse.add_argument('location_number', type=str, trim=True,
- location=['form', 'json'],
- required=True, nullable=False,
- help='No library location_number provided')
-libraryReqparse.add_argument('location_detail', type=str, trim=True,
- location=['form', 'json'],
- required=False)
-
-libraryReqparse.add_argument('manager_name', type=str, trim=True,
- location=['form', 'json'],
- required=True, nullable=False,
- help='No library manager_name provided')
-libraryReqparse.add_argument('manager_email', type=str, trim=True,
- location=['form', 'json'],
- required=True, nullable=False,
- help='No library manager_email provided')
-libraryReqparse.add_argument('manager_phone', type=str, trim=True,
- location=['form', 'json'],
- required=True, nullable=False,
- help='No library manager_phone provided')
-libraryReqparse.add_argument('audiences', type=str, trim=True,
- location=['form', 'json'],
- required=True, nullable=False,
- help='No library audiences provided')
-
-libraryReqparse.add_argument('fac_beam_screen', type=bool,
- location=['form', 'json'],
- required=True, nullable=False,
- help='No library fac_beam_screen provided')
-libraryReqparse.add_argument('fac_sound', type=bool,
- location=['form', 'json'],
- required=True, nullable=False,
- help='No library fac_sound provided')
-libraryReqparse.add_argument('fac_record', type=bool,
- location=['form', 'json'],
- required=True, nullable=False,
- help='No library fac_record provided')
-libraryReqparse.add_argument('fac_placard', type=bool,
- location=['form', 'json'],
- required=True, nullable=False,
- help='No library fac_placard provided')
-libraryReqparse.add_argument('fac_self_promo', type=bool,
- location=['form', 'json'],
- required=True, nullable=False,
- help='No library fac_self_promo provided')
-
-libraryReqparse.add_argument('fac_other', type=str, trim=True,
- location=['form', 'json'],
- required=False)
-libraryReqparse.add_argument('req_speaker', type=str, trim=True,
- location=['form', 'json'],
- required=False)
+library_protected_fields = {
+ 'manager_name': fields.String,
+ 'manager_email': fields.String,
+ 'manager_phone': fields.String,
+}
+
+
+library_reqparse = reqparse.RequestParser()
+library_reqparse.add_argument('name', type=str, trim=True,
+ location=['form', 'json'],
+ required=True, nullable=False,
+ help='No library name provided')
+library_reqparse.add_argument('location_road', type=str, trim=True,
+ location=['form', 'json'],
+ required=True, nullable=False,
+ help='No library location_road provided')
+library_reqparse.add_argument('location_number', type=str, trim=True,
+ location=['form', 'json'],
+ required=True, nullable=False,
+ help='No library location_number provided')
+library_reqparse.add_argument('location_detail', type=str, trim=True,
+ location=['form', 'json'],
+ required=False)
+
+library_reqparse.add_argument('manager_name', type=str, trim=True,
+ location=['form', 'json'],
+ required=True, nullable=False,
+ help='No library manager_name provided')
+library_reqparse.add_argument('manager_email', type=str, trim=True,
+ location=['form', 'json'],
+ required=True, nullable=False,
+ help='No library manager_email provided')
+library_reqparse.add_argument('manager_phone', type=str, trim=True,
+ location=['form', 'json'],
+ required=True, nullable=False,
+ help='No library manager_phone provided')
+library_reqparse.add_argument('audiences', type=str, trim=True,
+ location=['form', 'json'],
+ required=True, nullable=False,
+ help='No library audiences provided')
+
+library_reqparse.add_argument('fac_beam_screen', type=bool,
+ location=['form', 'json'],
+ required=True, nullable=False,
+ help='No library fac_beam_screen provided')
+library_reqparse.add_argument('fac_sound', type=bool,
+ location=['form', 'json'],
+ required=True, nullable=False,
+ help='No library fac_sound provided')
+library_reqparse.add_argument('fac_record', type=bool,
+ location=['form', 'json'],
+ required=True, nullable=False,
+ help='No library fac_record provided')
+library_reqparse.add_argument('fac_placard', type=bool,
+ location=['form', 'json'],
+ required=True, nullable=False,
+ help='No library fac_placard provided')
+library_reqparse.add_argument('fac_self_promo', type=bool,
+ location=['form', 'json'],
+ required=True, nullable=False,
+ help='No library fac_self_promo provided')
+
+library_reqparse.add_argument('fac_other', type=str, trim=True,
+ location=['form', 'json'],
+ required=False)
+library_reqparse.add_argument('req_speaker', type=str, trim=True,
+ location=['form', 'json'],
+ required=False)
 
 
 class LibraryListResource(Resource):
  def __init__(self):
  super().__init__()
 
- @marshal_with(library_fields)
  def get(self):
  libraries = db.query(Library).all()
 
- return libraries
+ resp_fields = library_fields
+ if get_is_admin():
+ resp_fields = {**library_fields, **library_protected_fields}
+
+ return marshal(libraries, resp_fields)
 
  @marshal_with(library_fields)
  def post(self):
- args = libraryReqparse.parse_args()
+ args = library_reqparse.parse_args()
 
  library = Library(**args)
 
@@ -125,15 +132,18 @@ def post(self):
 
 
 class LibraryResource(Resource):
- @marshal_with(library_fields)
  def get(self, pk):
  library = get_or_404(Library, pk)
 
- return library
+ resp_fields = library_fields
+ if get_is_admin():
+ resp_fields = {**library_fields, **library_protected_fields}
+
+ return marshal(library, resp_fields)
 
  @marshal_with(library_fields)
  def put(self, pk):
- args = libraryReqparse.parse_args()
+ args = library_reqparse.parse_args()
  library = get_or_404(Library, pk)
 
  for key, value in args.items():