API for Views and models


If we move to greenlets as well we need to test that ability. As such I have not introduced a pool for psyocpg2 work yet. (see sessioncache)



views.py - View code for the repository application.

Structure: We have three main view-areas.

  1. the models (Folder, Collection, Module)
  2. the helper views (workspace)
  3. binary uploads.
  4. openid and persona


I try to stick to these

  1. Every action (GET POST PUT DELETE) must have a useruri passed in to authorise
  2. views recevie back either a model.<> object or a json-encodeable version of that


todo: convert to factory based app entirely todo: remove view / as thats now JS todo: remove apply_cors and apply internally. Or just use it? todo: remove crash and burn


Handler for resource file uploads


A callable function (not decorator) to take the output of a app_end and convert it to a Flask response with appropriate Json-ified wrappings.


strictly for testing purposes I want to fake three sessions with known ids. Also generate a “real” session with a known user FIXME - there has to be a better way


At this point there is either a valid session (so redirect to atc) or there is a need to let the visitor choose either to get an anonymous session, or that they are registered, and they should choose to log in again.

There is a logic choice that might improve things - if they have previously visited us, redirect to /login.


We now serve everything form api/content

uid = content/1234-1234-12334
^^^ uuid

router logic is subtly different

  1. if we are GET, DELETE, HEAD then no payload and an uid do not collect payload, do collect uid route
  2. POST payload no uid
  3. PUT payload and uid

(Ignore OPTIONS etc)


Respond with a the resource file.


Serves up the index.html file. This will be removed.


Returns a list of keywords for the authenticated user.


before_request is supplied with this to run before each __call_

>>> simple_xss_validation("US-12345678-1")
>>> simple_xss_validation("<script>Evil</script>")

This is very quick and dirty, and we need some consideration over XSS escaping. FIXME


When a user wants to edit anonymously, they need to hit this first. This is to avoid the logic problems in knowing if a user should be redirected if they have one but not two cookies etc.

Here we generate a temperoiary userid (that is not linked to cnx-user) then setup a session based on that userid. All work will be lost at end of session.


Given a (json) formatted payload, return whether the google tracking ID is valid


Given a (json) formatted payload, find out if it is a module. collection, folder and return appropriate mediatype

possible enhancements include using a acceptHeader to determine mediatype returns mediatype - seems odd..

rhaptos2.repo.views.verify_schema(model_dict, mediatype)[source]

Given a json object, verify it matches the claimed mediaType schema

model_dict: dict of the model as out of json - MUST be pure mediaType, not SOFT form mediatype: WHat we think the dict confirms to

FixMe: we do not have versioning of schemas FixMe: we don’t have a jsonschema verifier...


returns Either 401 if OpenID not available or JSON document of form

{“openid_url”: “https://www.google.com/accounts/o8/id?id=AItOawlWRa8JTK7NyaAvAC4KrGaZik80gsKfe2U”, # noqa
“email”: “Not Implemented”, “name”: “Not Implemented”}