app/v2/broadcast/post_broadcast.py

from itertools import chain
from flask import jsonify, request
from app import authenticated_service, api_user
from app.dao.dao_utils import dao_save_object
from app.notifications.validators import check_service_has_permission
from app.models import BROADCAST_TYPE, BroadcastMessage, BroadcastStatusType
from app.schema_validation import validate
from app.v2.broadcast import v2_broadcast_blueprint
from app.v2.broadcast.broadcast_schemas import post_broadcast_schema


@v2_broadcast_blueprint.route("", methods=['POST'])
def create_broadcast():

    check_service_has_permission(
        BROADCAST_TYPE,
        authenticated_service.permissions,
    )

    broadcast_json = validate(request.get_json(), post_broadcast_schema)

    broadcast_message = BroadcastMessage(
        service_id=authenticated_service.id,
        content=broadcast_json['content'],
        reference=broadcast_json['reference'],
        areas={
            'areas': [
                area['name'] for area in broadcast_json['areas']
            ],
            'simple_polygons': list(chain.from_iterable((
                area['polygons'] for area in broadcast_json['areas']
            )))
        },
        status=BroadcastStatusType.PENDING_APPROVAL,
        api_key_id=api_user.id,
        # The client may pass in broadcast_json['expires'] but it’s
        # simpler for now to ignore it and have the rules around expiry
        # for broadcasts created with the API match those created from
        # the admin app
    )

    dao_save_object(broadcast_message)

    return jsonify(broadcast_message.serialize()), 201
-												Validate broadcast against schema

This commit adds a JSONSchema which can validate the fields in an API
call to create a broadcast. It takes the CAP XML schema as a starting
point.

											
										
										
											2021-01-18 10:01:44 +00:00
+								from itertools import chain
-												Add public API endpoint to create emergency alerts

We know there is at least one system which wants to integrate with
Notify to send out emergency alerts, rather than creating them manually.

This commit adds an endpoint to the public API to let them do that.

To start with we’ll just let the system create them in a single call,
meaning they still have to be approved manually. This reduces the risk
of an attacker being able to broadcast an alert via the API, should the
other system be compromised.

We’ve worked with the owners of the other system to define which fields
we should care about initially.

											
										
										
											2021-01-18 10:01:44 +00:00
+								from flask import jsonify, request
 								from app import authenticated_service, api_user
 								from app.dao.dao_utils import dao_save_object
 								from app.notifications.validators import check_service_has_permission
 								from app.models import BROADCAST_TYPE, BroadcastMessage, BroadcastStatusType
-												Validate broadcast against schema

This commit adds a JSONSchema which can validate the fields in an API
call to create a broadcast. It takes the CAP XML schema as a starting
point.

											
										
										
											2021-01-18 10:01:44 +00:00
+								from app.schema_validation import validate
-												Add public API endpoint to create emergency alerts

We know there is at least one system which wants to integrate with
Notify to send out emergency alerts, rather than creating them manually.

This commit adds an endpoint to the public API to let them do that.

To start with we’ll just let the system create them in a single call,
meaning they still have to be approved manually. This reduces the risk
of an attacker being able to broadcast an alert via the API, should the
other system be compromised.

We’ve worked with the owners of the other system to define which fields
we should care about initially.

											
										
										
											2021-01-18 10:01:44 +00:00
+								from app.v2.broadcast import v2_broadcast_blueprint
-												Validate broadcast against schema

This commit adds a JSONSchema which can validate the fields in an API
call to create a broadcast. It takes the CAP XML schema as a starting
point.

											
										
										
											2021-01-18 10:01:44 +00:00
+								from app.v2.broadcast.broadcast_schemas import post_broadcast_schema
-												Add public API endpoint to create emergency alerts

We know there is at least one system which wants to integrate with
Notify to send out emergency alerts, rather than creating them manually.

This commit adds an endpoint to the public API to let them do that.

To start with we’ll just let the system create them in a single call,
meaning they still have to be approved manually. This reduces the risk
of an attacker being able to broadcast an alert via the API, should the
other system be compromised.

We’ve worked with the owners of the other system to define which fields
we should care about initially.

											
										
										
											2021-01-18 10:01:44 +00:00
 								@v2_broadcast_blueprint.route("", methods=['POST'])
 								def create_broadcast():
 								    check_service_has_permission(
 								        BROADCAST_TYPE,
 								        authenticated_service.permissions,
 								    )
-												Validate broadcast against schema

This commit adds a JSONSchema which can validate the fields in an API
call to create a broadcast. It takes the CAP XML schema as a starting
point.

											
										
										
											2021-01-18 10:01:44 +00:00
+								    broadcast_json = validate(request.get_json(), post_broadcast_schema)
-												Add public API endpoint to create emergency alerts

We know there is at least one system which wants to integrate with
Notify to send out emergency alerts, rather than creating them manually.

This commit adds an endpoint to the public API to let them do that.

To start with we’ll just let the system create them in a single call,
meaning they still have to be approved manually. This reduces the risk
of an attacker being able to broadcast an alert via the API, should the
other system be compromised.

We’ve worked with the owners of the other system to define which fields
we should care about initially.

											
										
										
											2021-01-18 10:01:44 +00:00
 								    broadcast_message = BroadcastMessage(
 								        service_id=authenticated_service.id,
-												Validate broadcast against schema

This commit adds a JSONSchema which can validate the fields in an API
call to create a broadcast. It takes the CAP XML schema as a starting
point.

											
										
										
											2021-01-18 10:01:44 +00:00
+								        content=broadcast_json['content'],
 								        reference=broadcast_json['reference'],
-												Add public API endpoint to create emergency alerts

We know there is at least one system which wants to integrate with
Notify to send out emergency alerts, rather than creating them manually.

This commit adds an endpoint to the public API to let them do that.

To start with we’ll just let the system create them in a single call,
meaning they still have to be approved manually. This reduces the risk
of an attacker being able to broadcast an alert via the API, should the
other system be compromised.

We’ve worked with the owners of the other system to define which fields
we should care about initially.

											
										
										
											2021-01-18 10:01:44 +00:00
+								        areas={
-												Validate broadcast against schema

This commit adds a JSONSchema which can validate the fields in an API
call to create a broadcast. It takes the CAP XML schema as a starting
point.

											
										
										
											2021-01-18 10:01:44 +00:00
+								            'areas': [
 								                area['name'] for area in broadcast_json['areas']
 								            ],
 								            'simple_polygons': list(chain.from_iterable((
 								                area['polygons'] for area in broadcast_json['areas']
 								            )))
-												Add public API endpoint to create emergency alerts

We know there is at least one system which wants to integrate with
Notify to send out emergency alerts, rather than creating them manually.

This commit adds an endpoint to the public API to let them do that.

To start with we’ll just let the system create them in a single call,
meaning they still have to be approved manually. This reduces the risk
of an attacker being able to broadcast an alert via the API, should the
other system be compromised.

We’ve worked with the owners of the other system to define which fields
we should care about initially.

											
										
										
											2021-01-18 10:01:44 +00:00
+								        },
 								        status=BroadcastStatusType.PENDING_APPROVAL,
 								        api_key_id=api_user.id,
 								        # The client may pass in broadcast_json['expires'] but it’s
 								        # simpler for now to ignore it and have the rules around expiry
 								        # for broadcasts created with the API match those created from
 								        # the admin app
 								    )
 								    dao_save_object(broadcast_message)
 								    return jsonify(broadcast_message.serialize()), 201