MCPcopy
hub / github.com/pyload/pyload / call_api

Function call_api

module/web/api_app.py:30–65  ·  view source on GitHub ↗
(func, args="")

Source from the content-addressed store, hash-verified

28@route("/api/:func:args#[a-zA-Z0-9\-_/\"'\[\]%{}]*#")
29@route("/api/:func:args#[a-zA-Z0-9\-_/\"'\[\]%{}]*#", method="POST")
30def call_api(func, args=""):
31 response.headers.replace("Content-type", "application/json")
32 response.headers.append("Cache-Control", "no-cache, must-revalidate")
33
34 if 'u' in request.POST and 'p' in request.POST:
35 info = PYLOAD.checkAuth(request.POST['u'], request.POST['p'])
36 if info:
37 if not PYLOAD.isAuthorized(func, {"role": info["role"], "permission": info["permission"]}):
38 return HTTPError(401, json.dumps("Unauthorized"))
39
40 else:
41 return HTTPError(403, json.dumps("Forbidden"))
42
43 else:
44 s = request.environ.get('beaker.session')
45 if 'session' in request.POST:
46 s = s.get_by_id(request.POST['session'])
47
48 if not s or not s.get("authenticated", False):
49 return HTTPError(403, json.dumps("Forbidden"))
50
51 if not PYLOAD.isAuthorized(func, {"role": s["role"], "permission": s["perms"]}):
52 return HTTPError(401, json.dumps("Unauthorized"))
53
54 args = args.split("/")[1:]
55 kwargs = {}
56
57 for x, y in chain(request.GET.iteritems(), request.POST.iteritems()):
58 if x in ("u", "p", "session"): continue
59 kwargs[x] = unquote(y)
60
61 try:
62 return callApi(func, *args, **kwargs)
63 except Exception, e:
64 print_exc()
65 return HTTPError(500, json.dumps({"error": e.message, "traceback": format_exc()}))
66
67
68def callApi(func, *args, **kwargs):

Callers

nothing calls this directly

Calls 11

HTTPErrorClass · 0.90
callApiFunction · 0.85
isAuthorizedMethod · 0.80
get_by_idMethod · 0.80
splitMethod · 0.80
format_excFunction · 0.50
replaceMethod · 0.45
appendMethod · 0.45
checkAuthMethod · 0.45
getMethod · 0.45
iteritemsMethod · 0.45

Tested by

no test coverage detected