Python can_user_view Beispiele

Beispiel #1

Datei: views.py Projekt: i-5ive/cmput404-project

 def retrieve(self, request, pk):
     print("PostsViewSet retrieve:", request, pk)
     if ServerUtil.is_server(request.user):
         xUser = request.META.get("HTTP_X_REQUEST_USER_ID")
         if not xUser:
             return Response(
                 "Foreign node failed to provide required X-Header.",
                 status=400)
         data = {"author": {"url": xUser}}
         return self.__do_a_get_post(request.user, data, pk)
     try:
         post = Posts.objects.get(pk=pk)
     except:
         return Response(
             {
                 "success": False,
                 "message": "No post was found with that ID",
                 "query": "post"
             },
             status=404)
     if not can_user_view(request.user, post):
         return Response(
             {
                 "success": False,
                 "message": "You are not authorized to view this post.",
                 "query": "post"
             },
             status=status.HTTP_403_FORBIDDEN)
     serializer = PostsSerializer(post, context={'request': request})
     return Response({
         "query": "posts",
         "count": 1,
         "size": 1,
         "posts": [serializer.data]
     })

Beispiel #2

Datei: views.py Projekt: i-5ive/cmput404-project

 def image(self, request, pk):
     try:
         post = Posts.objects.get(pk=pk)
     except:
         return Response(
             {
                 "success": False,
                 "message": "No post was found with that ID",
                 "query": "getImage"
             },
             status=404)
     if not can_user_view(request.user, post):
         return Response(
             {
                 "success": False,
                 "message": "You are not authorized to view this post.",
                 "query": "post"
             },
             status=status.HTTP_403_FORBIDDEN)
     if (post.visibility == "PUBLIC"):
         if ("," in post.content):
             data = post.content.split(",")[1]
         else:
             data = post.content
         data = data.encode()
         data = base64.b64decode(data)
     else:
         data = post.content
     return HttpResponse(data, content_type=post.contentType.split(";")[0])

Beispiel #3

Datei: test_can_view_post.py Projekt: i-5ive/cmput404-project

    def test_visible(self):
        post = Posts.objects.create(**{
            'title': 'Hello World',
            'author': self.author1,
            'visibility': "PUBLIC"
        })

        self.assertTrue(can_user_view(self.author2.user, post))

Beispiel #4

Datei: test_can_view_post.py Projekt: i-5ive/cmput404-project

    def test_friend_not_allowed(self):
        post = Posts.objects.create(
            **{
                'title': 'Hello World',
                'author': self.author1,
                'visibility': "FRIENDS"
            })

        self.assertFalse(can_user_view(self.author2.user, post))

Beispiel #5

Datei: test_can_view_post.py Projekt: i-5ive/cmput404-project

    def test_server_only(self):
        post = Posts.objects.create(
            **{
                'title': 'Hello World',
                'author': self.author1,
                'visibility': "SERVERONLY"
            })

        self.assertFalse(can_user_view(self.author2.user, post))

Beispiel #6

Datei: test_can_view_post.py Projekt: i-5ive/cmput404-project

    def test_foaf_no_mutual(self):
        post = Posts.objects.create(**{
            'title': 'Hello World',
            'author': self.author3,
            'visibility': "FOAF"
        })

        make_friends(self.author2, self.author3)
        self.assertFalse(can_user_view(self.author1.user, post))

Beispiel #7

Datei: views.py Projekt: i-5ive/cmput404-project

def create_comment(request, pk=None):
    post = get_object_or_404(Posts, pk=pk)

    is_server = ServerUtil.is_server(request.user)

    if (not is_server and not can_user_view(request.user, post)):
        return Response(status=status.HTTP_403_FORBIDDEN)
    if post:
        data = request.data
        comment = data.get("comment", None)
        if (isinstance(comment, str)):
            comment = json.loads(comment)
        author = comment.get('author', None)
        author_id = author['id']
        try:
            su = ServerUtil(authorUrl=author_id)
            if (is_server
                    and not (su.is_valid() and su.should_share_posts()
                             and can_external_user_view(author_id, post))):
                return Response(
                    {
                        "query": "addComment",
                        "success": False,
                        "message": POST_NOT_VISIBLE,
                    },
                    status=status.HTTP_403_FORBIDDEN)
        except Exception as e:
            print(e)
            return Response(
                {
                    "query": "addComment",
                    "success": False,
                    "message": POST_NOT_VISIBLE,
                },
                status=status.HTTP_403_FORBIDDEN)
        comment['author'] = author_id
        serializer = CommentsSerializer(data=comment)
        if serializer.is_valid():
            post.comments.create(**serializer.validated_data)
            return Response(
                {
                    "query": "addComment",
                    "success": True,
                    "message": COMMENT_ADDED
                },
                status=status.HTTP_200_OK)
        else:
            return Response(
                {
                    "query": "addComment",
                    "success": False,
                    "message": COMMENT_NOT_ALLOWED,
                },
                status=status.HTTP_403_FORBIDDEN)
    else:
        return Response(status=status.HTTP_404_NOT_FOUND)

Beispiel #8

Datei: test_can_view_post.py Projekt: i-5ive/cmput404-project

    def test_server_only_allowed(self):
        post = Posts.objects.create(
            **{
                'title': 'Hello World',
                'author': self.author1,
                'visibility': "SERVERONLY"
            })

        make_friends(self.author1, self.author2)
        self.assertTrue(can_user_view(self.author2.user, post))

Beispiel #9

Datei: test_can_view_post.py Projekt: i-5ive/cmput404-project

    def test_private_allowed(self):
        post = Posts.objects.create(
            **{
                'title': 'Hello World',
                'author': self.author1,
                'visibility': "PRIVATE",
                "visibleTo": [self.author2.get_url()]
            })

        self.assertTrue(can_user_view(self.author2.user, post))

Beispiel #10

Datei: test_can_view_post.py Projekt: i-5ive/cmput404-project

    def test_non_public_unauthenticated(self):
        post = Posts.objects.create(
            **{
                'title': 'Hello World',
                'author': self.author1,
                'visibility': "PRIVATE",
                "visibleTo": [self.author2.get_url()]
            })

        self.assertFalse(
            can_user_view(MockUnauthenticatedUser(self.author2.get_url()),
                          post))

Beispiel #11

Datei: views.py Projekt: i-5ive/cmput404-project

def list_comments(request, pk=None):
    size = int(request.query_params.get("size", 5))
    queryPage = int(request.query_params.get('page', 0))
    if size < 1 or queryPage < 0 or size > 100:
        return Response(
            {
                "success": False,
                "message": "The query parameters were invalid",
                "query": "comments"
            },
            status=status.HTTP_400_BAD_REQUEST)

    post = get_object_or_404(Posts, pk=pk)
    if not can_user_view(request.user, post):
        return Response(
            {
                "success": False,
                "message":
                "You are not authorized to view this post's comments.",
                "query": "comments"
            },
            status=status.HTTP_403_FORBIDDEN)

    comments = Comments.objects.filter(post=post)

    try:
        paginator = Paginator(comments, size)
        page = paginator.page(queryPage + 1)
        serializer = CommentsSerializer(page,
                                        many=True,
                                        context={'request': request})
        comments_to_return = serializer.data
    except:
        comments_to_return = []

    data = {
        "comments": comments_to_return,
        "query": "comments",
        "count": len(comments),
        "size": size
    }
    if (len(comments_to_return) > 0):
        add_page_details_to_response(request, data, page, queryPage)

    return Response(data)

Beispiel #12

Datei: views.py Projekt: i-5ive/cmput404-project

    def get_home_feed(self, request):
        size = int(request.query_params.get("size", DEFAULT_POST_PAGE_SIZE))
        queryPage = int(request.query_params.get('page', 0))
        if size < 1 or queryPage < 0 or size > 100:
            return Response(
                {
                    "success": False,
                    "message": "The query parameters were invalid",
                    "query": "homeFeed"
                }, 400)

        if request.user.is_authenticated:
            requester_url = request.user.author.get_url()

            posts = Posts.objects.filter(author=request.user.author,
                                         unlisted=False)
            followed = Follow.objects.filter(follower=requester_url)
            localFollowedIds = []
            externalPosts = []
            for follow in followed:
                if (is_external_host(follow.followed)):
                    external_host_url = follow.followed.split("/author/")[0]
                    sUtil = ServerUtil(authorUrl=external_host_url)
                    if not sUtil.valid_server():
                        print("authorUrl found, but not in DB",
                              external_host_url)
                        continue  # We couldn't find a server that matches the friend URL base
                    # split the id from the URL and ask the external server about them
                    success, fetched_posts = sUtil.get_posts_by_author(
                        follow.followed.split("/author/")[1], requester_url)
                    if not success:
                        continue  # We couldn't successfully fetch from an external server

                    externalPosts += fetched_posts["posts"]
                else:
                    localFollowedIds.append(get_author_id(follow.followed))
            posts |= Posts.objects.filter(
                author__id__in=localFollowedIds,
                unlisted=False).exclude(visibility="PRIVATE")
            posts |= Posts.objects.filter(author__id__in=localFollowedIds,
                                          unlisted=False,
                                          visibility="PRIVATE",
                                          visibleTo__contains=[requester_url])
            viewable_posts = []
            for post in posts:
                if (can_user_view(request.user, post)):
                    viewable_posts.append(post)

            github_stream = get_github_activity(request.user.author)
            posts = merge_posts_with_github_activity(viewable_posts,
                                                     github_stream)
        else:
            posts = Posts.objects.filter(visibility__in=["PUBLIC"],
                                         unlisted=False)
            externalPosts = []

        try:
            # don't look at this
            if (len(externalPosts) > 0):
                serializer = PostsSerializer(posts,
                                             many=True,
                                             context={'request': request})
                posts_to_return = serializer.data

                sorted_posts = sorted(externalPosts + posts_to_return,
                                      key=lambda x: x["published"],
                                      reverse=True)
                paginator = Paginator(sorted_posts, size)
                page = paginator.page(queryPage + 1)
                posts_to_return = page.object_list
            else:
                paginator = Paginator(posts, size)
                page = paginator.page(queryPage + 1)
                serializer = PostsSerializer(page,
                                             many=True,
                                             context={'request': request})
                posts_to_return = serializer.data

        except Exception as e:
            print(e)
            posts_to_return = []

        data = {
            "query": "homeFeed",
            "success": True,
            "posts": posts_to_return,
            "count": len(posts),
            "size": size
        }
        if len(posts_to_return) > 0:
            add_page_details_to_response(request, data, page, queryPage)
        return Response(data)