Source code for fantastico.roa.resource_decorator

'''
Copyright 2013 Cosnita Radu Viorel

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated
documentation files (the "Software"), to deal in the Software without restriction, including without limitation
the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software,
and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE
WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

.. codeauthor:: Radu Viorel Cosnita <radu.cosnita@gmail.com>
.. py:module:: fantastico.roa.resource_decorator
'''

[docs]class Resource(object): ''' .. image:: /images/roa/roa_classes.png This class provides the main way for defining resources. Below you can find a very simple example for defining new resources: .. code-block:: python @Resource(name="app-setting", url="/app-settings") class AppSetting(BASEMODEL): id = Column("id", Integer, primary_key=True, autoincrement=True) name = Column("name", String(50), unique=True, nullable=False) value = Column("value", Text, nullable=False) def __init__(self, name=None, value=None): self.name = name self.value = value Starting from **Fantastico** version 0.6 ROA resources support OAuth2 authorization. Because of this, resources can now be user dependent or user independent. In order for authorization to work as expected for resources which are available only to certain users you can use the following code snippet: .. code-block:: python @Resource(name="app-setting", url="/app-settings", user_dependent=True) class AppSetting(BASEMODEL): id = Column("id", Integer, primary_key=True, autoincrement=True) name = Column("name", String(50), unique=True, nullable=False) value = Column("value", Text, nullable=False) user_id = Column("user_id", Integer, nullable=False) def __init__(self, name=None, value=None, user_id=None): self.name = name self.value = value self.user_id = user_id If you do not define a user_id property for user dependent resources a runtime exception is raised. In order to find out more about OAuth2 authorization implemented into fantastico please read: :doc:`/features/oauth2`. ''' @property
[docs] def name(self): '''This read only property holds the name of the resource.''' return self._name
@property
[docs] def url(self): '''This read only property holds the url of the resource.''' return self._url
@property
[docs] def version(self): '''This read only property holds the version of the resource.''' return self._version
@property
[docs] def model(self): '''This read only property holds the model of the resource.''' return self._model
@property
[docs] def user_dependent(self): '''This read only property returns True if user is owned only by one resource and False otherwise. It is really important to understand the impact of the property when set to True: #. Every GET on resource root url will also receive a filter user_id from access_token == resource.model.user_id #. Every GET on a specific resource id will be validated also on user_id field. #. Every POST for creating a new resource will automatically assign resource to user_id found in access_token. There is an exception when the resource does not require create scopes. #. Every PUT on a specific resource id will also check to ensure the user from the access_token owns the resource. #. Every DELETE on a specific resource id will also check to ensure the user from the access_token owns the resource.''' return self._user_dependent
@property
[docs] def subresources(self): '''This read only property holds the subresources of this resource. A resource can identify a subresource by one or multiple (composite uniquely identified resources) resource attributes. .. code-block:: python @Resource(name="person", url="/persons", version=1.0, subresources={"bill_address": ["bill_address_id"], "mail_address": ["mail_address_id"], "ship_address:" ["ship_address_id"]) class Person(BASEMODEL): id = Column("id", Integer, primary_key=True, autoincrement=True) first_name = Column("first_name", String(80)) last_name = Column("last_name", String(50)) bill_address_id = Column("bill_address_id", ForeignKey("addresses.id")) bill_address = relationship(Address, primaryjoin=bill_address_id == Address.id) ship_address_id = Column("ship_address_id", ForeignKey("addresses.id")) ship_address = relationship(Address, primaryjoin=ship_address_id == Address.id) mail_address_id = Column("ship_address_id", ForeignKey("addresses.id")) ship_address = relationship(Address, primaryjoin=mail_address_id == Address.id) ''' return self._subresources
@property
[docs] def validator(self): '''This property returns the validator type which must be used for this resource for creating / updating it. You can read more about it on :py:class:`fantastico.roa.resource_validator.ResourceValidator`.''' return self._validator
def __init__(self, name, url, version=1.0, subresources=None, validator=None, user_dependent=False): self._name = name self._url = url self._version = float(version) self._model = None self._subresources = subresources or {} self._validator = validator self._user_dependent = user_dependent def __call__(self, model_cls, resources_registry=None): '''This method is invoked when the model class is first imported into python virtual machine.''' from fantastico.roa.resources_registry import ResourcesRegistry resources_registry = resources_registry or ResourcesRegistry() self._model = model_cls resources_registry.register_resource(self) return model_cls def __lt__(self, resource): '''This method puts order between resources by name and version comparisons.''' if self.name == resource.name and self.version == resource.version: return False if self.name == resource.name: if self.version == "latest": return True return self.version < resource.version return self.name < resource.name