diff --git a/alembic/env.py b/alembic/env.py
index 6449b1da..b28f97ae 100755
--- a/alembic/env.py
+++ b/alembic/env.py
@@ -38,8 +38,8 @@ fileConfig(config.config_file_name)
# from myapp import mymodel
# target_metadata = mymodel.Base.metadata
# target_metadata = None
-from refstack.models import *
-target_metadata = Base.metadata
+from refstack.models import db
+target_metadata = db.metadata
# other values from the config, defined by the needs of env.py,
# can be acquired:
diff --git a/alembic/versions/449461dbc725_add_apikey.py b/alembic/versions/449461dbc725_add_apikey.py
new file mode 100644
index 00000000..9becd096
--- /dev/null
+++ b/alembic/versions/449461dbc725_add_apikey.py
@@ -0,0 +1,31 @@
+"""empty message
+
+Revision ID: 449461dbc725
+Revises: 59e15d864941
+Create Date: 2013-11-26 16:57:16.062788
+
+"""
+
+# revision identifiers, used by Alembic.
+revision = '449461dbc725'
+down_revision = '59e15d864941'
+
+from alembic import op
+import sqlalchemy as sa
+
+
+def upgrade():
+ op.create_table('apikey',
+ sa.Column('id', sa.Integer(), nullable=False),
+ sa.Column('name', sa.String(length=60), nullable=True),
+ sa.Column('key', sa.String(length=200), nullable=True),
+ sa.Column('openid', sa.String(length=200), nullable=True),
+ sa.Column('user_id', sa.Integer(), nullable=False),
+ sa.Column('timestamp', sa.DateTime(), nullable=True),
+ sa.ForeignKeyConstraint(['user_id'], ['user.id'], ),
+ sa.PrimaryKeyConstraint('id'),
+ )
+
+
+def downgrade():
+ op.drop_Table('apikey')
diff --git a/refstack/admin.py b/refstack/admin.py
new file mode 100644
index 00000000..39074dbf
--- /dev/null
+++ b/refstack/admin.py
@@ -0,0 +1,28 @@
+
+import flask
+from flask.ext.admin.contrib import sqla
+
+from refstack import models
+
+# Global admin object
+from .extensions import admin
+from .extensions import db
+
+
+class SecureView(sqla.ModelView):
+ def is_accessible(self):
+ # let us look at the admin if we're in debug mode
+ if flask.current_app.debug:
+ return True
+ return flask.g.user.su is not False
+
+
+def init_app(app):
+ admin.init_app(app)
+
+
+def configure_admin(app):
+ admin.add_view(SecureView(models.ApiKey, db.session))
+ admin.add_view(SecureView(models.Cloud, db.session))
+ admin.add_view(SecureView(models.User, db.session))
+ admin.add_view(SecureView(models.Vendor, db.session))
diff --git a/refstack/api.py b/refstack/api.py
new file mode 100644
index 00000000..14e675f4
--- /dev/null
+++ b/refstack/api.py
@@ -0,0 +1,68 @@
+"""Basic API code.
+
+This is using Flask-Restless at the moment because it is super simple,
+but probably should be moved to a more versatile framework like
+Flask-Restful later on.
+"""
+
+import flask
+from flask.ext import restless
+
+from refstack import models
+from refstack.extensions import api
+
+
+def init_app(app, *args, **kw):
+ api.init_app(app, *args, **kw)
+
+
+def access_control(**kw):
+ if not flask.g.user:
+ raise _not_authorized()
+
+ if not flask.g.user.su:
+ return _not_authorized()
+
+ # That's it, we're defaulting to superuser only access
+ # until we flesh this out further
+
+
+ALL_METHODS = {'GET_SINGLE': [access_control],
+ 'GET_MANY': [access_control],
+ 'PUT_SINGLE': [access_control],
+ 'PUT_MANY': [access_control],
+ 'POST': [access_control],
+ 'DELETE': [access_control]}
+
+
+def configure_api(app):
+ cloud_api = api.create_api_blueprint(models.Cloud,
+ preprocessors=ALL_METHODS)
+ cloud_api.before_request(authenticate)
+ app.register_blueprint(cloud_api)
+
+
+def _not_authorized():
+ return restless.ProcessingException(message='Not Authorized',
+ status_code=401)
+
+
+
+
+def authenticate():
+ # If we're already authenticated, we can ignore this
+ if flask.g.user:
+ return
+
+ # Otherwise check headers
+ openid = flask.request.headers.get('X-AUTH-OPENID')
+ if openid:
+ # In debug mode accept anything
+ if flask.current_app.debug and False:
+ flask.g.user = models.User.query.filter_by(openid=openid).first()
+ return
+
+ apikey = flask.request.headers.get('X-AUTH-APIKEY')
+ apikey_ref = models.ApiKey.query.filter_by(key=apikey)
+ if apikey_ref['openid'] == openid:
+ flask.g.user = apikey_ref.user
diff --git a/refstack/app.py b/refstack/app.py
index 1ce25609..b1570ae7 100644
--- a/refstack/app.py
+++ b/refstack/app.py
@@ -14,7 +14,11 @@ from .config import DefaultConfig
#from .api import api
#from .admin import admin
#from .extensions import db, mail, cache, login_manager, oid
-from .extensions import db, mail, login_manager, oid
+from refstack import admin
+from refstack import api
+from .extensions import db
+from .extensions import oid
+
from refstack import utils
@@ -89,6 +93,14 @@ def configure_extensions(app):
# flask-sqlalchemy
db.init_app(app)
+ # flask-admin
+ admin.init_app(app)
+ admin.configure_admin(app)
+
+ # flask-restless
+ api.init_app(app, flask_sqlalchemy_db=db)
+ api.configure_api(app)
+
## flask-mail
#mail.init_app(app)
@@ -112,8 +124,8 @@ def configure_extensions(app):
# return User.query.get(id)
#login_manager.setup_app(app)
- ## flask-openid
- #oid.init_app(app)
+ # flask-openid
+ oid.init_app(app)
def configure_blueprints(app, blueprints):
diff --git a/refstack/extensions.py b/refstack/extensions.py
index e83656c8..5d528c23 100644
--- a/refstack/extensions.py
+++ b/refstack/extensions.py
@@ -2,6 +2,12 @@
# This file based on MIT licensed code at: https://github.com/imwilsonxu/fbone
+from flask.ext.admin import Admin
+admin = Admin()
+
+from flask.ext.restless import APIManager
+api = APIManager()
+
from flask.ext.sqlalchemy import SQLAlchemy
db = SQLAlchemy()
diff --git a/refstack/models.py b/refstack/models.py
index 79bf662d..4a83fe66 100755
--- a/refstack/models.py
+++ b/refstack/models.py
@@ -41,6 +41,20 @@ class User(db.Model):
def __str__(self):
return self.name
+
+class ApiKey(db.Model):
+ __tablename__ = 'apikey'
+ id = db.Column(db.Integer, primary_key=True)
+ name = db.Column(db.String(60))
+ key = db.Column(db.String(200))
+ openid = db.Column(db.String(200))
+ timestamp = db.Column(db.DateTime, default=datetime.now)
+
+ user_id = db.Column(db.Integer, db.ForeignKey('user.id'))
+ user = db.relationship('User',
+ backref=db.backref('apikeys', lazy='dynamic'))
+
+
"""
Note: The vendor list will be pre-populated from the sponsoring company database.
TODO: better define the vendor object and its relationship with user
diff --git a/refstack/templates/admin/master.html b/refstack/templates/admin/master_legacy.html
similarity index 100%
rename from refstack/templates/admin/master.html
rename to refstack/templates/admin/master_legacy.html
diff --git a/refstack/templates/layout.html b/refstack/templates/layout.html
index 566df66b..c4fe3f0c 100755
--- a/refstack/templates/layout.html
+++ b/refstack/templates/layout.html
@@ -5,19 +5,19 @@
-
+
-
+
{% block head_css %}{% endblock %}
-
+
-