

created 31-mar-2019 by richb@instantlinux.net


BasicCRUD([resource, model])

Controller base class

class apicrud.basic_crud.BasicCRUD(resource=None, model=None)

Controller base class

Create/Read/Update/Delete/find controller operations.

This class provides permission-based, paginated access to database models behind your application’s endpoints. Most endpoints need no boilerplate code, and can inherit these functions directly. Some endpoints only need a few lines of code before or after inheriting these functions. You can always write your own custom function for special-case endpoints.

  • resource (str) – a resource name (endpoint prefix)

  • model (obj) – the model corresponding to the resource

static create(body, id_prefix='x-', limit_related={})

Controller for POST endpoints. This method assigns a new object ID, sets the _created_ timestamp, evaluates user’s permissions, adds a default category_id if the model has this attribute, and inserts a row to the back-end database.

  • body (dict) – resource fields as defined by openapi.yaml schema

  • id_prefix (str) – generated objects will be assigned a random 10- to 16-character ID; you can set a unique prefix if desired

  • limit_related (dict) – limits on number of related records, keyed by relationship name


first element is a dict with the id, second element is response code (201 on success)

Return type:



Activate a SQLalchemy query object for the specified ID in the current model


id (str) – object ID


query object

Return type:


static delete(ids, force=False)

Controller for DELETE endpoints. This method looks for existing records, evaluates user’s permissions, and updates or removes rows in the back-end database.

  • ids (list of str) – record IDs to be flagged for removal

  • force (bool) – flag for removal if false; remove data if true


first element is a dict with the id, second element is response code (200 on success)

Return type:


static find(**kwargs)

Find records which match query parameters passed from connexion by name, in a dictionary that also includes user and token info

  • cursor_next (str) – pagination token to fetch subsequent records

  • filter (dict) – field/value pairs to query (simple queries only, with string or list matching; or * for any)

  • limit (int) – max records to fetch

  • offset (int) – old-style pagination starting offset

  • sort (str) – <field>[:{asc|desc}]

  • status (str) – value is added to filter


items (list), count(int), cursor_next (str)

Return type:


static get(id)

Controller for GET endpoints. This method evaluates privacy settings against the user’s permissions, looks up category, owner and geocode values, and fetches the object from back-end database.


id (str) – ID of the desired resource


first element is a dict with the object or error message, second element is response code (200 on success)

Return type:


static update(id, body, access='u', limit_related={})

Controller for PUT endpoints. This method looks for an existing record, evaluates user’s permissions, and updates the row in the back-end database.

  • body (dict) – fields to be updated

  • access (str) – access-level required for RBAC evaluation

  • limit_related (dict) – limits on number of related records, indexed by relationship name


first element is a dict with the id, second element is response code (200 on success)

Return type:


static update_contact(id, body)

This is a special-case function for the contact-update resource

  • validate sms carrier

  • keep person identity in sync with primary contact

  • id (str) – resource ID

  • body (dict) – as defined in openapi.yaml