Ejemplo n.º 1
0
def put_group(group_id):
    old_group = Group.query.get(group_id)
    if old_group is None:  # 그룹이 존재 하지 않을 경우
        return not_found('group does not exist')
    if request.json is None:  # 요청이 올바르지 않은 경우
        return bad_request('JSON request is invaild')
    if g.current_user.id != old_group.create_user:
        return forbidden('User cannot modify group')

    name = request.json.get('name')
    description = request.json.get('description')
    users = request.json.get('users')
    if users is None or users == []:
        old_group.users = [g.current_user]

    user_list = list(users)

    old_group.name = name
    old_group.description = description

    if type(user_list
            ) == list and user_list is not None and len(user_list) >= 1:
        old_group.users = [ User.query.filter_by(username=user_name).first() for user_name in user_list\
     if User.query.filter_by(username=user_name).count() != 0 ]
    db.session.commit()
    return jsonify(old_group.to_json())
Ejemplo n.º 2
0
def edit_post(id):
    post=Post.query.get_or_404(id)
    if g.current_user != post.author and not g.current_user.can(Permission.ADMINISTER):
        return forbidden('Insufficient permissions')
    post.body = request.json.get('body',post.body)
    db.session.add(post)
    return jsonify(post.to_json())
Ejemplo n.º 3
0
def get_group(group_id):
    group = Group.query.get(group_id)
    if group is None:
        return not_found('group does not exist')
    if g.current_user.id != group.create_user:
        return forbidden('User does not create this group')
    return jsonify(group.to_json())
Ejemplo n.º 4
0
def get_page(page_id):
	conn = g.mysql.connection
	cursor = conn.cursor()

	if not page_id:
		return bad_request('Page ID is not provided')

	try:
		cursor.execute("""
			SELECT 
				p.id,
				p.address,
				p.title,
				p.description,
				p.is_private,
				p.created,
				p.user_id
			FROM pages p
			WHERE id='{page_id}'
		""".format(
			page_id=page_id
		))
		page = cursor.fetchone()
		is_private, user_id = page[4], page[6]

		if is_private and not authorized(user_id):
			return forbidden()

	except Exception, error:
		print 'ERROR: ', error
		return bad_request(error)
Ejemplo n.º 5
0
def delete_notice_news(news_id):
    news = News.query.filter_by(id=news_id).first()
    if news is None:
        return not_found('News does not exist')
    if g.current_user.id != news.author_id:
        return forbidden('Cannot chang other user\'s news')
    news.notice = False
    return jsonify(news.to_json())
Ejemplo n.º 6
0
def get_news(id):
    news = News.query.get(id)
    if news is None:
        return not_found('News does not exist')
    # 전체 공개, 그룹 내 유저, 그룹 생성자만 신송 열람 허용
    if news.group is not None and g.current_user not in news.house.users\
                    and g.current_user.id != news.house.create_user:
        return forbidden('User does not in this group')
    return jsonify(news.to_json())
Ejemplo n.º 7
0
def delete_group(group_id):
    group = Group.query.get(group_id)
    if group is None:
        return not_found('Group does not exist')
    if g.current_user.id != group.create_user:
        return forbidden('User does not in this group')
    db.session.delete(group)
    db.session.commit()
    return '', 204
Ejemplo n.º 8
0
def get_users_in_group(group_id):
    group = Group.query.get(group_id)
    if group is None:
        return not_found('Group does not exist')
    if g.current_user.id != group.create_user:
        return forbidden('User does not create this group')
    users = group.users.all()
    if users is None:
        return not_found('User in group is not exist')
    return jsonify({'users': [user.to_json() for user in users]})
Ejemplo n.º 9
0
def delete_user_picture(id):
    user = User.query.filter_by(username=user_id).first()
    if user is None:
        return not_found('User does not exist')
    if g.current_user is not user:
        return forbidden('Cannot modify other user')
    os.remove(os.path.join(UPLOAD_FOLDER, user.pictureLocate))
    user.pictureName = None
    user.pictureLocate = None
    db.session.commit()
    return '', 204
Ejemplo n.º 10
0
def get_news_file(id):
    news = News.query.get(id)
    if news is None:
        return not_found('News does not exist')
    if news.group is not None and g.current_user not in news.house.users\
                    and g.current_user.id != news.house.create_user:
        return forbidden('User does not in this group')
    filelocate = news.filelocate
    if filelocate is None:
        return not_found('File does not exist')
    return send_from_directory(UPLOAD_FOLDER, filelocate)
Ejemplo n.º 11
0
def delete_comment_file(comment_id):
    comment = Comment.query.get(comment_id)
    if comment is None:
        return not_found('Comment does not exist')
    if g.current_user.id != comment.author_id:
        return forbidden('Cannot Delete File')
    os.remove(os.path.join(UPLOAD_FOLDER, comment.filelocate))
    comment.filename = None
    comment.filelocate = None
    db.session.commit()
    return '', 204 
Ejemplo n.º 12
0
def delete_news_file(id):
    news = News.query.get(id)
    if news is None:
        return not_found('News does not exist')
    if g.current_user.id != news.author_id:
        return forbidden('Cannot Delete File')
    os.remove(os.path.join(UPLOAD_FOLDER, news.filelocate))
    news.filename = None
    news.filelocate = None
    db.session.commit()
    return '', 204 
Ejemplo n.º 13
0
def get_files(address):

    conn = g.mysql.connection
    cursor = conn.cursor()

    if not address:
        return bad_request('Page address is not provided')
    else:
        cursor.execute("""
			SELECT
				id,
				address,
				title,
				description,
				is_private,
				created,
				user_id
			FROM pages
			WHERE address='{address}'
		""".format(address=address))
        page = cursor.fetchone()
        is_private, user_id = page[4], page[6]

        if not page:
            return bad_request('Can\'t find page by provided address')

        if is_private and not authorized(user_id):
            return forbidden()

    try:
        cursor.execute("""
			SELECT 
				f.id,
				f.name,
				f.size,
				f.type,
				f.ipfs_hash,
				f.tx_id,
				f.title,
				f.description,
				UNIX_TIMESTAMP(f.created),
				p.user_id
			FROM files f, pages p
			WHERE p.id=f.page_id
			AND p.address='{address}'
			ORDER BY f.created DESC
		""".format(address=address))
        files = cursor.fetchall()

    except Exception, error:
        print 'ERROR: ', error
        return bad_request(error)
Ejemplo n.º 14
0
def put_comment(comment_id):
    if request.json is None:  # 요청이 올바르지 않은 경우 - 덧글의 내용이 없다던가
        return bad_request('JSON Request is invaild')
    old_comment = Comment.query.filter_by(id=comment_id).first()
    if old_comment is None:  # 덧글이 존재 하지 않을 경우
        return not_found('Comment does not exist')
    if g.current_user.id != old_comment.author_id:  # 다른 유저의 덧글을 수정하려고 하는 경우
        return forbidden('Cannot modify other user\'s comment')
    comment = Comment.from_json(request.json)
    old_comment.context = comment.context
    old_comment.parsed_context = comment.parsed_context
    old_comment.author_name = g.current_user.realname
    return jsonify(old_comment.to_json())
Ejemplo n.º 15
0
def delete_comment(comment_id):
    comment = Comment.query.filter_by(id=comment_id).first()
    if comment is None:
        return not_found('Comment does not exist')
    if g.current_user.id != comment.author_id:  # 다른 유저의 덧글을 삭제하려고 하는 경우
        return forbidden('Cannot delete other user\'s comment')
    if comment.filename is not None:
        os.remove(
            os.path.join(api.root_path, '../../file/', comment.filelocate))
    Comment.query.filter(Comment.parent_id == comment.id).delete()
    db.session.delete(comment)
    db.session.commit()
    return '', 204
Ejemplo n.º 16
0
def modify_user(user_id):
    user = User.query.filter_by(username=user_id).first()
    if user is None:  # 유저가 존재 하지 않을 경우
        return not_found('User does not exist')
    if g.current_user.username is not user.username:  # 다른 유저를 수정하려고 하는 경우
        return forbidden('Cannot modify other user')
    if request.json is None:  # 요청이 올바르지 않은 경우
        return bad_request('JSON Request is invaild')
    if request.json.get('pw') is not None:  # pw 를 수정하는 경우
        user.password = request.json.get('pw')
    user.realname = request.json.get('name', user.realname)
    db.session.add(user)
    return jsonify(user.to_json())
Ejemplo n.º 17
0
def delete_particle(particle_id):
    particle = Particle.query.filter_by(id=particle_id).first()
    if request.json is None:
        return bad_request('JSON Request is invaild')
    if request.json.get('author_id') is None:
        return bad_request('author`s ID is invaild')
    if int(request.json.get('author_id')) != particle.author_id:
        return forbidden('Cannot delete other user\'s particle')

    Like.query.filter(Like.particle_id == particle.id).delete()
    db.session.delete(particle)
    db.session.commit()
    return '', 204
Ejemplo n.º 18
0
def get_news_comments(news_id):
    news = News.query.get(news_id)
    if news is None:
        return not_found('News does not exist')
    if news.group is not None and g.current_user not in news.house.users\
            and g.current_user.id != news.house.create_user:
        return forbidden('User does not in this group')
    return jsonify({
        'comments': [
            comment.to_json() for comment in news.comments
            if comment.parent_id is None
        ]
    })
Ejemplo n.º 19
0
def delete_news(news_id):
    news = News.query.filter_by(id=news_id).first()
    if news is None:
        return not_found('News does not exist')
    if g.current_user.id != news.author_id:  # 다른 유저의 신송을 삭제하려고 하는 경우
        return forbidden('Cannot delete other user\'s news')
    if news.filename is not None:
        os.remove(
            os.path.join(os.path.join(api.root_path, '../../file/'),
                         news.filelocate))
    Comment.query.filter(Comment.news_id == news.id).delete()
    db.session.delete(news)
    db.session.commit()
    return '', 204
Ejemplo n.º 20
0
def put_news(news_id):
    if request.json is None:  # 요청이 올바르지 않은 경우
        return bad_request('JSON Request is invaild')
    old_news = News.query.filter_by(id=news_id).first()
    if old_news is None:  # 신송이 존재 하지 않을 경우
        return not_found('News does not exist')
    if g.current_user.id != old_news.author_id:  # 다른 유저의 신송을 수정하려고 하는 경우
        return forbidden('Cannot modify other user\'s news')
    news = News.from_json(request.json)
    old_news.context = news.context
    old_news.parsed_context = news.parsed_context
    old_news.modified_at = datetime.utcnow()
    old_news.group = news.group
    return jsonify(old_news.to_json())
Ejemplo n.º 21
0
def get_news_in_group(group_id):
    group = Group.query.get(group_id)
    if group is None:
        return not_found('Group does not exist')
    if g.current_user not in group.users:
        return forbidden('User does not in this group')

    page = request.args.get('page', 1, type=int)
    per_page = request.args.get('per_page', 20, type=int)
    pagination = group.news.order_by(News.created_at.desc()).paginate(
        page, per_page, error_out=False)
    pag_news = pagination.items
    if pagination.total < 1:
        return not_found('News is not exist')
    return jsonify({'news': [news.to_json() for news in pag_news]})
Ejemplo n.º 22
0
def get_notice_group(group_id):
    group = Group.query.get(group_id)
    if group is None:
        return not_found('Group does not exist')
    if g.current_user not in group.users:
        return forbidden('User does not in this group')

    notice = group.news.filter_by(notice=True).order_by(
        News.created_at.desc()).all()
    return jsonify({
        'notice': [
            news.to_json() for news in notice
            if news.group is None or g.current_user in news.house.users
        ]
    })
Ejemplo n.º 23
0
def post_user_picture(user_id):
    user = User.query.filter_by(username=user_id).first()
    if user is None:
        return not_found('User does not exist')
    if g.current_user is not user:
        return forbidden('Cannot modify other user')
    if request.files['file'] is None:
        return bad_request('File Request in invaild')
    file = request.files['file']
    if file and allowed_picture(file.filename.lower()):
        pictureName = file.filename
        pictureLocate = addTimestamp(pictureName)
        file.save(os.path.join(UPLOAD_FOLDER, pictureLocate))
        user.pictureName = pictureName
        user.pictureLocate = pictureLocate
        db.session.commit()
    return jsonify(user.to_json()), 200
Ejemplo n.º 24
0
def put_particle(particle_id):
    old_particle = Particle.query.filter_by(id=particle_id).first()

    if request.json is None:
        return bad_request('JSON Request is invaild')
    if request.json.get('author_id') is None:
        return bad_request('author`s ID is invaild')
    if int(request.json.get('author_id')) != old_particle.author_id:
        return forbidden('Cannot delete other user\'s particle')
    if old_particle is None:
        return not_found('Particle does not exist')

    particle = Particle.from_json(request.json)
    old_particle.anonymous = particle.anonymous
    old_particle.context = particle.context
    old_particle.parsed_context = particle.parsed_context
    db.session.commit()
    return jsonify(old_particle.to_json())
Ejemplo n.º 25
0
def get_file(file_id):

    conn = g.mysql.connection
    cursor = conn.cursor()

    if not file_id:
        return bad_request('File ID is not provided')

    try:
        cursor.execute("""
			SELECT 
				f.id,
				f.name,
				f.size,
				f.type,
				f.title,
				f.description,
				f.ipfs_hash,
				f.tx_id,
				UNIX_TIMESTAMP(f.created),
				p.id,
				p.address,
				p.title,
				p.description,
				UNIX_TIMESTAMP(p.created),
				p.is_private,
				u.id,
				UNIX_TIMESTAMP(u.created)
			FROM files f, pages p, users u
			WHERE f.id='{file_id}'
			AND f.page_id = p.id
			AND p.user_id = u.id
		""".format(file_id=file_id))
        file_data = cursor.fetchone()
        is_private = file_data[14]

        if is_private and not authorized(file_data[15]):
            return forbidden()

    except Exception, error:
        print 'ERROR: ', error
        return bad_request(error)
Ejemplo n.º 26
0
def post_news():
    if request.json is None:
        return bad_request('JSON Request is invaild')
    news = News.from_json(request.json)
    if news.group is not None and g.current_user.id != Group.query.filter_by(
            id=news.group).first().create_user:
        return forbidden('User does not in this group')

    news.author_id = g.current_user.id
    news.author_name = g.current_user.realname
    author = User.query.filter_by(id=g.current_user.id).first()
    author.recent_group = news.group

    db.session.add(news)
    db.session.commit()
    resp = make_response()
    resp.headers['Location'] = url_for('api.get_news',
                                       id=news.id)  # 만들어진 신송 URI 제공
    resp.status_code = 201
    return resp
Ejemplo n.º 27
0
def post_news_comment(news_id):
    if request.json is None:
        return bad_request('JSON Request is invaild')
    news = News.query.get(news_id)
    if news is None:
        return not_found('news does not exist')
    if news.group is not None and g.current_user not in news.house.users\
                and g.current_user.id != news.house.create_user:
        return forbidden('User does not in this group')

    comment = Comment.from_json(request.json)
    comment.news_id = news.id
    comment.author_id = g.current_user.id
    comment.author_name = g.current_user.realname
    db.session.add(comment)
    db.session.commit()
    resp = make_response()
    resp.headers['Location'] = url_for('api.get_comment',
                                       comment_id=comment.id)
    resp.status_code = 201
    return resp
Ejemplo n.º 28
0
def post_news_file(id):
    news = News.query.get(id)
    if news is None:
        return not_found('News does not exist')
    if g.current_user.id != news.author_id:
        return forbidden('Cannot Upload File')
    if request.files['file'] is None:
        return bad_request('File Request in invaild')

    file = request.files['file']
    if file and allowed_file(file.filename.lower()):
        filename = file.filename
        filelocate = addTimestamp(filename)
        if len(filename.rsplit('.')) is not 2:
            return bad_request('File have abnormal extension')

        file.save(os.path.join(UPLOAD_FOLDER, filelocate))
        news.filename = filename
        news.filelocate = filelocate
        db.session.commit()
    return jsonify(news.to_json())
Ejemplo n.º 29
0
def put_comment_file(comment_id):
    comment = Comment.query.gt(comment_id)    
    if comment is None:
        return not_found('Comment does not exist')
    if g.current_user.id != comment.author_id:
        return forbidden('Cannot Upload File')
    if request.files['file'] is None:
        return bad_request('File Request in invaild')
    os.remove(os.path.join(UPLOAD_FOLDER, comment.filelocate))

    file = request.files['file']
    if file and allowed_file(file.filename.lower()):
        filename = file.filename
        filelocate = addTimestamp(filename)
        if len(filename.rsplit('.')) is not 2:
            return bad_request('File have abnormal extension')

        file.save(os.path.join(UPLOAD_FOLDER, filelocate))
        comment.filename = filename
        comment.filelocate = filelocate
        db.session.commit()
    return jsonify(comment.to_json())
Ejemplo n.º 30
0
 def decorated_function(*args, **kw):
     if not verify_request(request):
         return forbidden('Invalid Request Signature')
     return f(*args, **kw)
Ejemplo n.º 31
0
 def decorator_function(*args, **kwargs):
     if not g.current_user.can(permission):
         return forbidden('Insufficient permissions')
     return f(*args, **kwargs)
Ejemplo n.º 32
0
def before_request():
    if not g.current_user.is_anonymous and not g.current_user.confirmed:
        return errors.forbidden('not confirmed')
Ejemplo n.º 33
0
		def decorated_function(*args, **kwargs):
			if not g.current_user.can(permission):
				return forbidden('Insufficient permissions')
			return f(*args, **kwargs)
Ejemplo n.º 34
0
def before_request():
    if g.current_user.is_anonymous():
        return forbidden('Unconfirmed account')
Ejemplo n.º 35
0
def get_token():
    if g.current_user.is_anonymous() or g.token_used:
        return forbidden('Unconfirmed account')
    return jsonify({'token': g.current_user.generate_auth_token(
        expiration=360000), 'expiration': 360000})
Ejemplo n.º 36
0
def before_request():
    if not g.current_user.is_anonymous and \
            not g.current_user.confirmed:
        return forbidden('Unconfirmed account.')