def delete_token(auth_token, token_value):
"""Revoke the given authentication token."""
db_session.query(Token).filter(
Token.owner == auth_token.owner,
Token.value == token_value
).delete(synchronize_session='fetch')
db_session.commit()
return '', 204
def delete_milestone(auth_token, slug):
try:
db_session.query(Milestone).filter(Milestone.slug == slug).delete()
except NoResultFound:
abort(404)
db_session.commit()
return '', 204
def delete_comment(auth_token, uid):
try:
db_session.query(Comment).filter(Comment.uid == uid).delete()
except NoResultFound:
abort(404)
db_session.commit()
return '', 204
def delete_issue(auth_token, uid):
try:
db_session.query(Issue).filter(Issue.uid == uid).delete()
except NoResultFound:
abort(404)
db_session.commit()
return '', 204
def delete_tag(auth_token, name):
try:
db_session.query(Tag).filter(Tag.name == name).delete()
except NoResultFound:
abort(404)
db_session.commit()
return '', 204
def show_tag(auth_token, name):
try:
tag = db_session.query(Tag).filter(Tag.name == name).one()
except NoResultFound:
abort(404)
return jsonify(tag.to_dict(max_depth=2))
def show_milestone(auth_token, slug):
try:
milestone = db_session.query(Milestone).filter(Milestone.slug == slug).one()
except NoResultFound:
abort(404)
return jsonify(milestone.to_dict(max_depth=2))
def show_comment(auth_token, uid):
try:
comment = db_session.query(Comment).filter(Comment.uid == uid).one()
except NoResultFound:
abort(404)
return jsonify(comment.to_dict(max_depth=2))
def show_issue(auth_token, uid):
try:
issue = db_session.query(Issue).filter(Issue.uid == uid).one()
except NoResultFound:
abort(404)
return jsonify(issue.to_dict(max_depth=2))
def get_attachment_content(auth_token, uid):
try:
attachment = db_session.query(Attachment).filter(Attachment.uid == uid).one()
except NoResultFound:
abort(404)
return send_file(attachment.filename, mimetype=attachment.mime_type)
def show_user(auth_token, email):
if email == 'me':
user = auth_token.owner
else:
try:
user = db_session.query(User).filter(User.email == email).one()
except NoResultFound:
abort(404)
return jsonify(user.to_dict(max_depth=2))
def list_comments(auth_token, uid):
try:
issue = db_session.query(Issue).filter(Issue.uid == uid).one()
except NoResultFound:
abort(404)
count_only = ('count' in request.args) and (request.args['count'] in ('', '1', 'true'))
rv = None or db_session.query(Comment)
limit = request.args.get('limit', 20)
offset = request.args.get('offset', 0)
rv = rv.order_by(Comment.created_at.desc()).limit(limit).offset(offset)
query = rv
if count_only:
return jsonify({'count': query.count()})
else:
rv = [m.to_dict(max_depth=2) for m in query]
return jsonify_list(rv)
def delete_user(auth_token, email):
if email == 'me':
user = auth_token.owner
else:
try:
user = db_session.query(User).filter(User.email == email).one()
except NoResultFound:
abort(404)
db_session.delete(user)
db_session.commit()
return '', 204
def make_issue_list_query(query_base=None, paged=True):
rv = query_base or db_session.query(Issue)
filters_string = request.args.get('filters')
if filters_string:
rv = parse_filters(rv, Issue, filters_string, [Issue.label, Issue.description])
if paged:
limit = request.args.get('limit', 20)
offset = request.args.get('offset', 0)
rv = rv.order_by(Issue.open_at.desc()).limit(limit).offset(offset)
return rv
def list_issues(auth_token, slug):
try:
milestone = db_session.query(Milestone).filter(Milestone.slug == slug).one()
except NoResultFound:
abort(404)
count_only = ('count' in request.args) and (request.args['count'] in ('', '1', 'true'))
query = make_issue_list_query(query_base=milestone.issues, paged=(not count_only))
if count_only:
return jsonify({'count': query.count()})
else:
rv = [m.to_dict(max_depth=2) for m in query]
return jsonify_list(rv)
def delete_attachment(auth_token, uid):
try:
attachment = db_session.query(Attachment).filter(Attachment.uid == uid).one()
except NoResultFound:
abort(404)
# Delete the attachment file and its thumbails from the filesystem.
for filename in glob.glob(attachment.filename + '*'):
os.remove(filename)
db_session.delete(attachment)
db_session.commit()
return '', 204
def list_user(auth_token):
query = db_session.query(User)
count_only = ('count' in request.args) and (request.args['count'] in ('', '1', 'true'))
if count_only:
return jsonify({'count': query.count()})
else:
limit = request.args.get('limit', 20)
offset = request.args.get('offset', 0)
query = query.limit(limit).offset(offset)
rv = [m.to_dict(max_depth=2) for m in query]
return jsonify_list(rv)
def list_comments(auth_token):
count_only = ('count' in request.args) and (request.args['count'] in ('', '1', 'true'))
query = db_session.query(Comment)
if count_only:
return jsonify({'count': query.count()})
else:
limit = request.args.get('limit', 20)
offset = request.args.get('offset', 0)
query = query.order_by(Comment.created_at).limit(limit).offset(offset)
rv = [m.to_dict(max_depth=2) for m in query]
return jsonify_list(rv)
def update_tag(auth_token, name):
try:
tag = db_session.query(Tag).filter(Tag.name == name).one()
except NoResultFound:
abort(404)
try:
post_data = request.get_json(force=True)
except BadRequest as e:
raise ApiError(e.description)
tag.update(post_data)
db_session.commit()
return jsonify(tag.to_dict(max_depth=2))
def __call__(self):
# Create an application context.
app = create_app(__name__, [])
ctx = app.test_request_context()
ctx.push()
parser = argparse.ArgumentParser(
prog=self.argv[0],
description="Manage the user's account.")
subparsers = parser.add_subparsers(dest='subcommand')
subparsers.required = True
sub = subparsers.add_parser('add', help='add a user')
sub.add_argument('email', action='store', help="the email of the new user's account")
sub.add_argument(
'-n', '--name', dest='name', action='store',
help='the full name of the user (default: email address)')
sub.add_argument(
'-p', '--password', dest='password', action='store',
help='the full name of the user (will be asked if not provided)')
sub = subparsers.add_parser('list', help='list users')
args = parser.parse_args(self.argv[1:])
if args.subcommand == 'add':
new_user = User()
new_user.email = args.email
new_user.name = args.name or args.email
if args.password:
password = args.password
else:
password = getpass('password: '******'confirm: ') != password:
raise InvalidArgumentError('Password do not match.')
new_user.password = md5(password.encode()).hexdigest()
db_session.add(new_user)
db_session.commit()
elif args.subcommand == 'list':
for user in db_session.query(User):
print('name: {:>15}, email: {:>15}'.format(user.name, user.email))
ctx.pop()
def update_comment(auth_token, uid):
try:
comment = db_session.query(Comment).filter(Comment.uid == uid).one()
except NoResultFound:
abort(404)
try:
post_data = request.get_json(force=True)
except BadRequest as e:
raise ApiError(e.description)
post_data['updated_at'] = utcnow()
comment.update(post_data)
db_session.commit()
return jsonify(comment.to_dict(max_depth=2))
def update_milestone(auth_token, slug):
try:
milestone = db_session.query(Milestone).filter(Milestone.slug == slug).one()
except NoResultFound:
abort(404)
try:
post_data = request.get_json(force=True)
except BadRequest as e:
raise ApiError(e.description)
if 'due_date' in post_data:
post_data['due_date'] = from_unix_timestamp(post_data['due_date'])
milestone.update(post_data)
db_session.commit()
return jsonify(milestone.to_dict(max_depth=2))
def list_tags(auth_token):
query = db_session.query(Tag)
filters_string = request.args.get('filters')
if filters_string:
query = parse_filters(query, Tag, filters_string, [Tag.name])
count_only = ('count' in request.args) and (request.args['count'] in ('', '1', 'true'))
if count_only:
return jsonify({'count': query.count()})
else:
limit = request.args.get('limit', 20)
offset = request.args.get('offset', 0)
query = query.limit(limit).offset(offset)
rv = [m.to_dict(max_depth=2) for m in query]
return jsonify_list(rv)
def create_issue(auth_token, slug):
try:
milestone = db_session.query(Milestone).filter(Milestone.slug == slug).one()
except NoResultFound:
abort(404)
try:
post_data = request.get_json(force=True)
except BadRequest as e:
raise ApiError(e.description)
post_data['author'] = auth_token.owner.email
new_issue = Issue()
new_issue.update(post_data)
milestone.issues.append(new_issue)
db_session.commit()
return jsonify(new_issue.to_dict(max_depth=2))
def list_milestones(auth_token):
query = db_session.query(Milestone)
filters_string = request.args.get('filters')
if filters_string:
query = parse_filters(
query, Milestone, filters_string, [Milestone.name, Milestone.description])
count_only = ('count' in request.args) and (request.args['count'] in ('', '1', 'true'))
if count_only:
return jsonify({'count': query.count()})
else:
limit = request.args.get('limit', 20)
offset = request.args.get('offset', 0)
query = query.order_by(Milestone.due_date).limit(limit).offset(offset)
rv = [m.to_dict(max_depth=2) for m in query]
return jsonify_list(rv)
def create_attachment(auth_token):
# Check if the file format is valid (solely on its filename).
file = request.files['file']
if not (file and check_file_ext(file.filename)):
raise ApiError('Invalid file format.')
# Create a file UID based on the file content, so we avoid storing
# duplicates under different filenames.
h = md5()
while True:
buf = file.read(128)
if not buf:
break
h.update(buf)
fuid = h.hexdigest()
# Seek for an existing file reference on the upload.
attachment = db_session.query(Attachment).filter(Attachment.uid == fuid).first()
if attachment is None:
# Create the attachment reference in the database.
attachment = Attachment()
attachment.uid = fuid
attachment.name = file.filename
attachment.filename = os.path.join(current_app.config['UPLOAD_FOLDER'], fuid)
file_type, _ = mimetypes.guess_type(file.filename)
if file_type is not None:
attachment.mime_type = file_type
# Save the upload.
file.seek(0)
file.save(attachment.filename)
db_session.add(attachment)
db_session.commit()
return_status = 201
else:
return_status = 200
return jsonify(attachment.to_dict(max_depth=2)), return_status
def get_attachment_thumbnail(auth_token, uid):
# Return the original content thumbnails aren't enabled.
if not current_app.config['ENABLE_THUMBAILS']:
return redirect(url_for('attachments.get_attachment_content', uid=uid))
from PIL import Image
try:
attachment = db_session.query(Attachment).filter(Attachment.uid == uid).one()
except NoResultFound:
abort(404)
size = int(request.args.get('size', 128))
thumbnail_filename = '%s-%i' % (attachment.filename, size)
# Only create the thumbnail if it doesn't exists on the filesystem yet.
if not os.path.isfile(thumbnail_filename):
im = Image.open(attachment.filename)
im.thumbnail((size, size))
im.save(thumbnail_filename, 'png')
return send_file(thumbnail_filename)
def create_token():
post_data = request.get_json(force=True)
# get the credentials
email = post_data.get('email')
password = md5(post_data.get('password', '').encode()).hexdigest()
# search for the user identified by email/password
user = db_session.query(User).filter(
User.email == email,
User.password == password
).first()
if user is None:
abort(403)
# generate a new token for the authenticated user
token = make_auth_token(user)
db_session.add(token)
db_session.commit()
return jsonify(token.to_dict()), 201
def update_issue(auth_token, uid):
try:
issue = db_session.query(Issue).filter(Issue.uid == uid).one()
except NoResultFound:
abort(404)
try:
post_data = request.get_json(force=True)
except BadRequest as e:
raise ApiError(e.description)
# Update the closing time if the status of the issue gets updated.
if ('status' in post_data) and post_data['status'] != issue.status:
if post_data['status'] == 'closed':
post_data['closed_at'] = utcnow()
else:
post_data['closed_at'] = None
issue.update(post_data)
db_session.commit()
return jsonify(issue.to_dict(max_depth=2))
def update_user(auth_token, email):
if email == 'me':
user = auth_token.owner
else:
try:
user = db_session.query(User).filter(User.email == email).one()
except NoResultFound:
abort(404)
try:
post_data = request.get_json(force=True)
except BadRequest as e:
raise ApiError(e.description)
# Remove password from post data since user's password shouldn't be
# updated using this endpoint.
if 'password' in post_data:
del post_data['password']
user.update(post_data)
db_session.commit()
return jsonify(user.to_dict(max_depth=2))