def get_or_add_objects(api_root, id_):
# TODO: Check if user has access to read or write objects in collection - right now just check for permissions on the collection.
if request.method == "GET":
if permission_to_read(api_root, id_):
objects = get_backend().get_objects(api_root, id_, request.args, ("id", "type", "version"))
if objects:
return Response(response=flask.json.dumps(objects),
status=200,
mimetype=MEDIA_TYPE_STIX_V20)
else:
abort(404)
else:
abort(403)
elif request.method == "POST":
if permission_to_write(api_root, id_):
# can't I get this from the request itself?
request_time = common.format_datetime(common.get_timestamp())
status = get_backend().add_objects(api_root, id_, request.get_json(force=True), request_time)
return Response(response=flask.json.dumps(status),
status=202,
mimetype=MEDIA_TYPE_TAXII_V20)
else:
abort(403)
评论列表
文章目录
