124 lines
3.3 KiB
Python
124 lines
3.3 KiB
Python
# Copyright (c) 2013, Web Notes Technologies Pvt. Ltd. and Contributors
|
|
# MIT License. See license.txt
|
|
|
|
import json
|
|
import frappe
|
|
import frappe.handler
|
|
import frappe.client
|
|
import frappe.desk.reportview
|
|
from frappe.utils.response import build_response
|
|
from frappe import _
|
|
|
|
def handle():
|
|
"""
|
|
Handler for `/api` methods
|
|
|
|
### Examples:
|
|
|
|
`/api/method/{methodname}` will call a whitelisted method
|
|
|
|
`/api/resource/{doctype}` will query a table
|
|
examples:
|
|
- `?fields=["name", "owner"]`
|
|
- `?filters=[["Task", "name", "like", "%005"]]`
|
|
- `?limit_start=0`
|
|
- `?limit_page_length=20`
|
|
|
|
`/api/resource/{doctype}/{name}` will point to a resource
|
|
`GET` will return doclist
|
|
`POST` will insert
|
|
`PUT` will update
|
|
`DELETE` will delete
|
|
|
|
`/api/resource/{doctype}/{name}?run_method={method}` will run a whitelisted controller method
|
|
"""
|
|
parts = frappe.request.path[1:].split("/",3)
|
|
call = doctype = name = None
|
|
|
|
if len(parts) > 1:
|
|
call = parts[1]
|
|
|
|
if len(parts) > 2:
|
|
doctype = parts[2]
|
|
|
|
if len(parts) > 3:
|
|
name = parts[3]
|
|
|
|
if call=="method":
|
|
frappe.local.form_dict.cmd = doctype
|
|
return frappe.handler.handle()
|
|
|
|
elif call=="resource":
|
|
if "run_method" in frappe.local.form_dict:
|
|
method = frappe.local.form_dict.pop("run_method")
|
|
doc = frappe.get_doc(doctype, name)
|
|
doc.is_whitelisted(method)
|
|
|
|
if frappe.local.request.method=="GET":
|
|
if not doc.has_permission("read"):
|
|
frappe.throw(_("Not permitted"), frappe.PermissionError)
|
|
doc.run_method(method, **frappe.local.form_dict)
|
|
|
|
if frappe.local.request.method=="POST":
|
|
if not doc.has_permission("write"):
|
|
frappe.throw(_("Not permitted"), frappe.PermissionError)
|
|
|
|
doc.run_method(method, **frappe.local.form_dict)
|
|
frappe.db.commit()
|
|
|
|
else:
|
|
if name:
|
|
if frappe.local.request.method=="GET":
|
|
doc = frappe.get_doc(doctype, name)
|
|
if not doc.has_permission("read"):
|
|
raise frappe.PermissionError
|
|
frappe.local.response.update({"data": doc})
|
|
|
|
if frappe.local.request.method=="PUT":
|
|
data = json.loads(frappe.local.form_dict.data)
|
|
doc = frappe.get_doc(doctype, name)
|
|
|
|
if "flags" in data:
|
|
del data["flags"]
|
|
|
|
# Not checking permissions here because it's checked in doc.save
|
|
doc.update(data)
|
|
|
|
frappe.local.response.update({
|
|
"data": doc.save().as_dict()
|
|
})
|
|
frappe.db.commit()
|
|
|
|
if frappe.local.request.method=="DELETE":
|
|
# Not checking permissions here because it's checked in delete_doc
|
|
frappe.delete_doc(doctype, name)
|
|
frappe.local.response.http_status_code = 202
|
|
frappe.local.response.message = "ok"
|
|
frappe.db.commit()
|
|
|
|
|
|
elif doctype:
|
|
if frappe.local.request.method=="GET":
|
|
if frappe.local.form_dict.get('fields'):
|
|
frappe.local.form_dict['fields'] = json.loads(frappe.local.form_dict['fields'])
|
|
frappe.local.form_dict.setdefault('limit_page_length', 20)
|
|
frappe.local.response.update({
|
|
"data": frappe.call(frappe.client.get_list,
|
|
doctype, **frappe.local.form_dict)})
|
|
|
|
if frappe.local.request.method=="POST":
|
|
data = json.loads(frappe.local.form_dict.data)
|
|
data.update({
|
|
"doctype": doctype
|
|
})
|
|
frappe.local.response.update({
|
|
"data": frappe.get_doc(data).insert().as_dict()
|
|
})
|
|
frappe.db.commit()
|
|
else:
|
|
raise frappe.DoesNotExistError
|
|
|
|
else:
|
|
raise frappe.DoesNotExistError
|
|
|
|
return build_response("json")
|