def delete(cls, vid_id, actioner_uuid):
vid = cls.get_raw(vid_id)
if not AuthSender.has_permission(vid.uuid, actioner_uuid):
raise BadRequestError("Only the author can delete their video!")
vid.comments = []
vid.reactions = []
db.session.delete(vid)
db.session.commit()
MediaSender.delete_vid(vid_id)
def delete(self, user_id, friend_id):
parser = reqparse.RequestParser()
parser.add_argument("x-access-token", location='headers')
args = parser.parse_args()
viewer_uuid = AuthSender.get_uuid_from_token(args["x-access-token"])
if not AuthSender.has_permission(user_id, viewer_uuid):
raise BadRequestError(
f"You don't have permission to delete other users' friends")
UsersDAO.delete_friendship(user_id, friend_id)
return {"msg": "OK"}, 200
def edit(cls, vid_id, args, uuid):
vid = cls.get_raw(vid_id)
if not AuthSender.has_permission(vid.uuid, uuid):
raise BadRequestError(f"Only the author can edit their video!")
if "description" in args:
vid.description = args["description"]
if "location" in args:
vid.location = args["location"]
if "title" in args:
vid.title = args["title"]
if "is_private" in args:
vid.is_private = args["is_private"]
db.session.commit()
return vid.serialize()
def delete(self, user_id):
parser = reqparse.RequestParser()
parser.add_argument("x-access-token",
location='headers',
required=True,
help='Missing user token!')
args = parser.parse_args()
viewer_uuid = AuthSender.get_uuid_from_token(args["x-access-token"])
if not AuthSender.has_permission(user_id, viewer_uuid):
self.logger.info(
f"User {viewer_uuid} attempted to delete user's {user_id} account. Access Denied."
)
raise BadRequestError(f"You can't delete other users profiles!")
UsersDAO.delete_user(user_id, args["x-access-token"])
return {"message": "OK"}, 200
def _cant_view(cls, is_private, user1_id, user2_id):
return is_private and not AuthSender.has_permission(
user1_id, user2_id) and not UsersDAO.are_friends(
user1_id, user2_id)