Mercurial > p > roundup > code
comparison roundup/rest.py @ 5702:61874fd78ced
Fix OPTIONS responses:
Remove all HEAD methods as they return errors.
Do not advertise writable method for class/id/properties path if
property is read only (i.e. protected prop).
Collections do not have PUT, PATCH, DELETE (delete is accepted but
always returns 400 code).
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Wed, 10 Apr 2019 17:56:08 -0400 |
| parents | fabb12ba9466 |
| children | 457fc482e6b1 |
comparison
equal
deleted
inserted
replaced
| 5701:fabb12ba9466 | 5702:61874fd78ced |
|---|---|
| 1303 int: http status code 204 (No content) | 1303 int: http status code 204 (No content) |
| 1304 body (string): an empty string | 1304 body (string): an empty string |
| 1305 """ | 1305 """ |
| 1306 if class_name not in self.db.classes: | 1306 if class_name not in self.db.classes: |
| 1307 raise NotFound('Class %s not found' % class_name) | 1307 raise NotFound('Class %s not found' % class_name) |
| 1308 self.client.setHeader( | |
| 1309 "Allow", | |
| 1310 "OPTIONS, GET, POST" | |
| 1311 ) | |
| 1308 return 204, "" | 1312 return 204, "" |
| 1309 | 1313 |
| 1310 @Routing.route("/data/<:class_name>/<:item_id>", 'OPTIONS') | 1314 @Routing.route("/data/<:class_name>/<:item_id>", 'OPTIONS') |
| 1311 @_data_decorator | 1315 @_data_decorator |
| 1312 def options_element(self, class_name, item_id, input): | 1316 def options_element(self, class_name, item_id, input): |
| 1320 raise NotFound('Class %s not found' % class_name) | 1324 raise NotFound('Class %s not found' % class_name) |
| 1321 self.client.setHeader( | 1325 self.client.setHeader( |
| 1322 "Accept-Patch", | 1326 "Accept-Patch", |
| 1323 "application/x-www-form-urlencoded, multipart/form-data" | 1327 "application/x-www-form-urlencoded, multipart/form-data" |
| 1324 ) | 1328 ) |
| 1329 self.client.setHeader( | |
| 1330 "Allow", | |
| 1331 "OPTIONS, GET, PUT, DELETE, PATCH" | |
| 1332 ) | |
| 1325 return 204, "" | 1333 return 204, "" |
| 1326 | 1334 |
| 1327 @Routing.route("/data/<:class_name>/<:item_id>/<:attr_name>", 'OPTIONS') | 1335 @Routing.route("/data/<:class_name>/<:item_id>/<:attr_name>", 'OPTIONS') |
| 1328 @_data_decorator | 1336 @_data_decorator |
| 1329 def option_attribute(self, class_name, item_id, attr_name, input): | 1337 def option_attribute(self, class_name, item_id, attr_name, input): |
| 1333 int: http status code 204 (No content) | 1341 int: http status code 204 (No content) |
| 1334 body (string): an empty string | 1342 body (string): an empty string |
| 1335 """ | 1343 """ |
| 1336 if class_name not in self.db.classes: | 1344 if class_name not in self.db.classes: |
| 1337 raise NotFound('Class %s not found' % class_name) | 1345 raise NotFound('Class %s not found' % class_name) |
| 1338 self.client.setHeader( | 1346 class_obj = self.db.getclass(class_name) |
| 1339 "Accept-Patch", | 1347 if attr_name in class_obj.getprops(protected=False): |
| 1340 "application/x-www-form-urlencoded, multipart/form-data" | 1348 self.client.setHeader( |
| 1341 ) | 1349 "Accept-Patch", |
| 1350 "application/x-www-form-urlencoded, multipart/form-data" | |
| 1351 ) | |
| 1352 self.client.setHeader( | |
| 1353 "Allow", | |
| 1354 "OPTIONS, GET, PUT, DELETE, PATCH" | |
| 1355 ) | |
| 1356 elif attr_name in class_obj.getprops(protected=True): | |
| 1357 # It must match a protected prop. These can't be written. | |
| 1358 self.client.setHeader( | |
| 1359 "Allow", | |
| 1360 "OPTIONS, GET" | |
| 1361 ) | |
| 1362 else: | |
| 1363 raise NotFound('Attribute %s not valid for Class %s' %( | |
| 1364 attr_name,class_name)) | |
| 1342 return 204, "" | 1365 return 204, "" |
| 1343 | 1366 |
| 1344 @Routing.route("/") | 1367 @Routing.route("/") |
| 1345 @_data_decorator | 1368 @_data_decorator |
| 1346 def describe(self, input): | 1369 def describe(self, input): |
| 1502 "Access-Control-Allow-Headers", | 1525 "Access-Control-Allow-Headers", |
| 1503 "Content-Type, Authorization, X-HTTP-Method-Override" | 1526 "Content-Type, Authorization, X-HTTP-Method-Override" |
| 1504 ) | 1527 ) |
| 1505 self.client.setHeader( | 1528 self.client.setHeader( |
| 1506 "Allow", | 1529 "Allow", |
| 1507 "HEAD, OPTIONS, GET, POST, PUT, DELETE, PATCH" | 1530 "OPTIONS, GET, POST, PUT, DELETE, PATCH" |
| 1508 ) | 1531 ) |
| 1509 self.client.setHeader( | 1532 self.client.setHeader( |
| 1510 "Access-Control-Allow-Methods", | 1533 "Access-Control-Allow-Methods", |
| 1511 "HEAD, OPTIONS, GET, PUT, DELETE, PATCH" | 1534 "HEAD, OPTIONS, GET, PUT, DELETE, PATCH" |
| 1512 ) | 1535 ) |