def get(self, environ, params):
try:
Controller().checkToken()
#relation = Controller().getRelation()
me = Controller().getUid()
# if relation != 2:
# output.error('#UserUnauthorized : none of your business', 403)
Db().get('settings').ensure_index(
[('uid', ASCENDING)], {'background': True})
settings = Db().get('settings').find_one({'uid': me})
if not settings:
settings = {}
settings['datas'] = {}
# output.noCache()
# output.varnishCacheManager('1 year', 'Rox-User-Relation')
output.success(settings['datas'], 200)
except Error:
pass
return Controller().getResponse(True)
def save(self, environ, params):
try:
req = Controller().getRequest()
router = Controller().getRouter()
a = ActivityFactory.get(params['rid'])
if not a:
output.error('activity not found', 404)
cT = req.headers['Content-Type'] or 'application/octet-stream'
blobId = BlobFactory.insert(
'attachments',
'draft',
req.body,
cT,
activity=params['rid']
)
resultUrl = router.getRoute('graph.Blob.fetch', {
'version': params['version'],
'bid': str(blobId),
'release': 'draft'
})
output.success({
'url': resultUrl,
'blobId': str(blobId)
}, 201)
except Error:
pass
return Controller().getResponse(True)
def set(self, environ, params):
try:
Controller().checkToken()
req = Controller().getRequest()
router = Controller().getRouter()
u = UserFactory.get(params["uid"])
if not u:
output.error("user not found", 404)
cT = req.headers["Content-Type"] or "application/octet-stream"
blobId = BlobFactory.getBlobIds(user=params["uid"], release="published", type="avatar")
if not len(blobId):
blobId = BlobFactory.insert("avatar", "published", req.body, cT, user=params["uid"])
else:
blobId = blobId[0]
BlobFactory.update(blobId, "avatar", "published", req.body, cT, user=params["uid"])
UserFactory.setAvatar(u.uid, True)
resultUrl = router.getRoute(
"graph.Blob.fetch", {"version": params["version"], "bid": str(blobId), "release": "published"}
)
output.success({"url": resultUrl, "blobId": str(blobId)}, 201)
except Error:
pass
return Controller().getResponse(True)
def set(self, environ, params):
try:
Controller().checkToken()
#relation = Controller().getRelation()
me = Controller().getUid()
apikey = Controller().getApiKey()
if Controller().getApiType() != 1:
output.error('Not your api business', 403)
me = UserFactory.get(me)
if me.level < 3:
output.error('forbidden', 403)
user = UserFactory.get(params['uid'])
newLevel = params['role']
if newLevel == 'admin':
user.level = 3
elif newLevel == 'reviewer':
user.level = 2
else :
user.level = 1
Db().get('users').update({'uid': user.uid}, user)
output.success('acl changed', 200)
except Error:
pass
return Controller().getResponse(True)
def update(self, environ, params):
try:
req = Controller().getRequest()
router = Controller().getRouter()
b = BlobFactory.get(params['bid'])
if not b:
output.error('blob not found', 404)
cT = req.headers['Content-Type'] or 'application/octet-stream'
BlobFactory.update(
params['bid'],
b.type,
'draft',
req.body,
cT,
activity=b.activity
)
resultUrl = router.getRoute('graph.Blob.fetch', {
'version': params['version'],
'bid': params['bid'],
'release': 'draft'
})
output.success({
'url': resultUrl,
'blobId': params['bid']
}, 202)
except Error:
pass
return Controller().getResponse(True)
def list(self, environ, params):
try:
Controller().checkToken()
me = Controller().getUid()
apikey = Controller().getApiKey()
u = UserFactory.get(me)
if u.level < 3:
output.error('forbidden', 403)
users, total = UserFactory.getAllUsers()
result = []
for user in users:
profile = user.getProfile()
uObject = user.toObject()
uObject['profile'] = profile['datas']
result.append(uObject)
output.success(result, 200)
except Error:
pass
return Controller().getResponse(True)
def set(self, environ, params):
try:
Controller().checkToken()
#relation = Controller().getRelation()
me = Controller().getUid()
if Controller().getApiType() != 1:
output.error(
'#ApiKeyUnauthorized : none of your business', 403)
# if relation != 2:
# output.error('#UserUnauthorized : none of your business', 403)
data = Controller().getPostJson()
if not data:
output.error('bad json format', 400)
Db().get('settings').update({'uid': me}, {
'datas': data,
'uid': me,
'updated': datetime.datetime.utcnow()
}, True)
#Let's flush a few stuff
#FlushRequest().request('users.Settings.[get]', {'uid': me})
output.success('settings updated', 200)
except Error:
pass
return Controller().getResponse(True)
def update(self, environ, params):
try:
req = app.Controller().getRequest()
uid = req.POST.get("uid")
login = req.POST.get("login")
password = req.POST.get("password")
if not uid or not login or not password:
output.error("invalid format", 400)
login = login.lower()
user = users.Factory.get(login)
if (not user) or (user.uid != uid):
output.error("unknown acess", 404)
user.setDigest(password)
storage.Db().get("auth_users").update({"login": login, "uid": uid}, user)
storage.Memcache().delete(login, "auth")
output.success("user updated", 200)
except app.Error:
pass
return app.Controller().getResponse(True)
def create(self, environ, params):
try:
req = app.Controller().getRequest()
keyid = req.POST.get('keyid')
isAdmin = req.POST.get('xxxadmin')
hosts = req.POST.get('hosts').split(',')
secret = req.POST.get('secret')
if not keyid:
output.error('invalid format', 400)
exists = access.KeyFactory().get(keyid)
if exists:
output.error('already exists', 403)
apiKey = access.ApiKey()
apiKey.key = keyid
apiKey.hosts = hosts
if not secret:
apiKey.generateSecret()
else:
apiKey.secret = secret
if isAdmin:
apiKey.admin = True
access.KeyFactory().new(apiKey)
output.success(apiKey.secret, 201)
except app.Error:
pass
return app.Controller().getResponse(True)
def get(self, environ, params):
try:
Controller().checkToken()
# relation = Controller().getRelation()
me = Controller().getUid()
apikey = Controller().getApiKey()
# if relation != 2:
# output.error(
# '#ApiKeyUnauthorized : none of your business', 403)
Db().get('preferences').ensure_index(
[('uid', ASCENDING), ('apikey', ASCENDING)],
{'background': True}
)
prefs = Db().get('preferences').find_one({
'uid': me,
'apikey': apikey
})
if not prefs:
prefs = {}
prefs['datas'] = {}
# output.noCache()
# output.varnishCacheManager(
# '1 year', ['Rox-User-Relation', 'Rox-Api-Key'])
output.success(prefs['datas'], 200)
except Error:
pass
return Controller().getResponse(True)
def fetch(self, environ, params):
try:
output.success('woooohooooo', 200)
except Error:
pass
return Controller().getResponse(True)
def list(self, environ, params):
try:
req = Controller().getRequest()
criteria = {}
if params['filter'] == 'mine':
criteria['author.uid'] = Controller().getUid()
elif params['filter'] == 'reported':
criteria['isReported'] = True
elif params['filter'] == 'published':
criteria['isPublished'] = True
for key in req.GET:
criteria[key] = req.GET[key]
search = ActivityFactory.list(criteria)
result = []
for activity in search:
result.append(activity.toObject())
output.success(result, 200)
except Error:
pass
return Controller().getResponse(True)
def delete(self, environ, params):
try:
Controller().checkToken()
if Controller().getApiType() != 1:
output.error("Not your api business", 403)
u = UserFactory.get(params["uid"])
if not u:
output.error("user not found", 404)
uid = params["uid"]
blobId = BlobFactory.getBlobIds(user=params["uid"], release="published", type="avatar")
if not len(blobId):
output.error("avatar not found", 404)
blobId = blobId.pop()
BlobFactory.delete(blobId, "published")
UserFactory.setAvatar(u.uid, False)
output.success("avatar deleted", 200)
except Error:
pass
return Controller().getResponse(True)
def reminderSend(self, environ, params):
try:
email = Controller().getRequest().GET['email']
if not email:
output.error('need email', 400)
user = UserFactory.get({'email': email})
if user is None:
output.error('unknown user', 400)
user.generatePasswordReminder()
Db().get('users').update({'uid': user.uid}, user)
#send mail
AsyncMailer(
template_name='password-reminder',
template_content=[{
'name': 'validation_code',
'content': user.password_reminder
}],
global_merge_vars=[
],
message={
'subject': 'Mot de passe perdu Éducation et Numérique',
'from_email': '*****@*****.**',
'from_name': 'Education & Numérique',
'headers': {},
'to': [
{
'email': user.email,
'name': user.username
}
],
'metadata': {
'uid': user.uid,
'email_validation_code': user.password_reminder
},
'tags': ['password-reminder'],
'google_analytics_domains': ['beta.lxxl.com'],
'google_analytics_campaign': [
'internal_password_reminder'
],
'auto_text': True,
'track_opens': True,
'track_clicks': True
}
).start()
output.success('reminder send', 200)
except Error:
pass
return Controller().getResponse(True)
def fetch(self, environ, params):
try:
req = Controller().getRequest()
a = ActivityFactory.get(params['rid'])
if not a:
output.error('not found', 404)
output.success(a.toObject(), 200)
except Error:
pass
return Controller().getResponse(True)
def seen(self, environ, params):
try:
a = ActivityFactory.get(params['rid'])
if not a:
output.error('not found', 404)
ActivityFactory.incSeen(a)
output.success(a.toObject(), 200)
except Error:
pass
return Controller().getResponse(True)
def delete(self, environ, params):
try:
b = BlobFactory.get(params['bid'])
if not b:
output.error('blob not found', 404)
BlobFactory.delete(params['bid'])
output.success('blob deleted', 202)
except Error:
pass
return Controller().getResponse(True)
def delete(self, environ, params):
try:
a = ActivityFactory.get(params['rid'])
if not a:
output.error('not found', 404)
ActivityFactory.delete(a)
output.success('Activity deleted', 200)
except Error:
pass
return Controller().getResponse(True)
def unreport(self, environ, params):
try:
a = ActivityFactory.get(params['rid'])
if not a:
output.error('not found', 404)
a.isReported = False
ActivityFactory.update(a)
output.success(a.toObject(), 200)
except Error:
pass
return Controller().getResponse(True)
def authenticate(self, environ, params):
try:
Controller().checkToken()
output.noCache()
Controller().getResponse(
).headers['X-UID'] = '%s' % Controller().getUid()
output.success('authenticated', 200)
except Error:
pass
return Controller().getResponse(True)
def get(self, environ, params):
try:
Controller().checkToken()
#relation = Controller().getRelation()
me = Controller().getUid()
# fix privacy
# if relation < 1:
# output.error('#ApiKeyUnauthorized', 403)
user = UserFactory.get(params['uid'])
if not user:
output.error('unknown user', 404)
#XXX uncomment me ?
# if user.activate == 0:
# output.error('unactivated user', 404)
result = {}
Db().get('profile').ensure_index(
[('uid', ASCENDING)], {'background': True})
profile = Db().get('profile').find_one({'uid': params['uid']})
if not profile:
profile = {}
profile['datas'] = {}
result['profile'] = profile['datas']
result['email'] = user.email
result['username'] = user.username
result['uid'] = user.uid
result['level'] = user.level
if user.hasAvatar is True:
result['hasAvatar'] = True
else:
result['hasAvatar'] = False
result['friends'] = user.friends_count
output.success(result, 200)
except Error:
pass
return Controller().getResponse(True)
def create(self, environ, params):
try:
req = Controller().getRequest()
if not req.json:
output.error('invalid json', 400)
a = Activity()
a.saveDraft(**req.json)
a.setAuthor(UserFactory.get(Controller().getUid()))
a.creationDate = int(time.time())
ActivityFactory.new(a)
output.success(a.toObject(), 201)
except Error:
pass
return Controller().getResponse(True)
def publish(self, environ, params):
try:
req = Controller().getRequest()
a = ActivityFactory.get(params['rid'])
if not a:
output.error('not found', 404)
a.publish()
for (blobType, values) in a.published['blobs'].items():
for blobId in values:
BlobFactory.publish(blobId)
ActivityFactory.update(a)
output.success(a.toObject(), 200)
except Error:
pass
return Controller().getResponse(True)
def save(self, environ, params):
try:
req = Controller().getRequest()
if not req.json:
output.error('invalid json', 400)
a = ActivityFactory.get(params['rid'])
if not a:
output.error('not found', 404)
a.saveDraft(**req.json)
ActivityFactory.update(a)
output.success(a.toObject(), 200)
except Error:
pass
return Controller().getResponse(True)
def set(self, environ, params):
try:
Controller().checkToken()
#relation = Controller().getRelation()
me = Controller().getUid()
apikey = Controller().getApiKey()
me = UserFactory.get(me)
if me.uid != params['uid'] and me.level < 3:
output.error('UserUnauthorized', 403)
if Controller().getApiType() != 1:
output.error('Not your api business', 403)
# if relation != 2:
# output.error(
# '#ApiKeyUnauthorized : none of your business', 403)
user = UserFactory.get(params['uid'])
if not user:
output.error('unknown user', 404)
data = Controller().getRequest().json
if not data:
output.error('bad json format', 400)
Db().get('profile').update({'uid': user.uid}, {
'datas': data,
'uid': user.uid,
'updated': datetime.datetime.utcnow()
}, True)
output.success('profile updated', 200)
except Error:
pass
return Controller().getResponse(True)
def reminderValidate(self, environ, params):
try:
datas = Controller().getRequest().json
if not 'email' in datas or not 'code' in datas or not 'password' in datas:
output.error('invalidate code', 400)
user = UserFactory.get({'email': datas['email']})
if user is None:
output.error('unknown user', 400)
if not user.password_reminder:
output.error('no password reminder asked', 403)
if user.password_reminder != datas['code']:
output.error('wrong code', 400)
#Init account on admin service
try:
uri = '/1.0/user/' + user.uid
resp = AdminRequest().request(uri, {
'uid': user.uid,
'login': user.email,
'password': datas['password']
})
except AdminError as e:
output.error('Registration error : %s' % e, 500)
if resp is None or int(resp.getHeader('status')) != 200:
output.error('activation troubles ...', 500)
user.password_reminder = None
Db().get('users').update({'uid': user.uid}, user)
output.success('password changed', 200)
except Error:
pass
return Controller().getResponse(True)
def password(self, environ, params):
try:
Controller().checkToken()
me = Controller().getUid()
password = Controller().getRequest().json['password']
apikey = Controller().getApiKey()
if not password:
output.error('invalid format', 400)
me = UserFactory.get(me)
if me.uid != params['uid'] and me.level < 3:
output.error('UserUnauthorized', 403)
if Controller().getApiType() != 1:
output.error('Not your api business', 403)
user = UserFactory.get(params['uid'])
if not user:
output.error('unknown user', 404)
#Init account on admin service
try:
uri = '/1.0/user/' + user.uid
resp = AdminRequest().request(uri, {
'uid': user.uid,
'login': user.email,
'password': password
})
except AdminError as e:
output.error('Registration error : %s' % e, 500)
if resp is None or int(resp.getHeader('status')) != 200:
output.error('activation troubles ...', 500)
output.success('password changed', 200)
except Error:
pass
return Controller().getResponse(True)
def activate(self, environ, params):
try:
req = app.Controller().getRequest()
uid = req.POST.get("uid")
login = req.POST.get("login")
if not uid or not login:
output.error("invalid format", 400)
login = login.lower()
user = users.Factory.get(login)
##########################################################
# A reprende pour faire face aux différentes éventualités.
# Mais je ne cause pas Python, alors .... (JBT)
# if (not user):
# output.error('unknown access', 404) # "Ce compte n'existe pas"
#
# if (user) and (user.activate == 1):
# output.error('invalid format', 400) # "Votre compte est déjà activé"
# if (user) and (user.uid != uid):
# output.error('unknown access', 404) # "Ce code n'est pas valable"
##########################################################
if (not user) or (user.uid != uid):
output.error("unknown access", 404)
user.activate = 1
storage.Db().get("auth_users").update({"login": login, "uid": uid}, user)
storage.Memcache().delete(login, "auth")
output.success("user activated", 200)
except app.Error:
pass
return app.Controller().getResponse(True)
def deactivate(self, environ, params):
try:
Controller().checkToken()
me = Controller().getUid()
apikey = Controller().getApiKey()
u = UserFactory.get(me)
if u.level < 3:
output.error('forbidden', 403)
if u.uid == params['uid']:
output.error('cannot delete yourself', 403)
user = UserFactory.get(params['uid'])
if not user:
output.error('unknown user', 404)
user.activate = 0
user.deactivated = True
#Init account on admin service
try:
uri = '/1.0/user/' + user.uid + '/deactivate'
resp = AdminRequest().request(uri, {
'uid': user.uid,
'login': user.email
})
except AdminError as e:
output.error('Registration error : %s' % e, 500)
if resp is None or int(resp.getHeader('status')) != 200:
output.error('activation troubles ...', 500)
Db().get('users').update({'uid': user.uid}, user)
output.success('deactivated user', 200)
except Error:
pass
return Controller().getResponse(True)
def create(self, environ, params):
try:
req = app.Controller().getRequest()
uid = req.POST.get("uid")
login = req.POST.get("login")
password = req.POST.get("password")
if not uid or not login or not password:
output.error("invalid format", 400)
user = users.User()
user.uid = uid
user.login = login.lower()
user.realm = Config().get("realm")
user.activate = 0
user.setDigest(password)
users.Factory.new(user)
output.success("user created", 201)
except app.Error:
pass
return app.Controller().getResponse(True)