def put_group(group_id): old_group = Group.query.get(group_id) if old_group is None: # 그룹이 존재 하지 않을 경우 return not_found('group does not exist') if request.json is None: # 요청이 올바르지 않은 경우 return bad_request('JSON request is invaild') if g.current_user.id != old_group.create_user: return forbidden('User cannot modify group') name = request.json.get('name') description = request.json.get('description') users = request.json.get('users') if users is None or users == []: old_group.users = [g.current_user] user_list = list(users) old_group.name = name old_group.description = description if type(user_list ) == list and user_list is not None and len(user_list) >= 1: old_group.users = [ User.query.filter_by(username=user_name).first() for user_name in user_list\ if User.query.filter_by(username=user_name).count() != 0 ] db.session.commit() return jsonify(old_group.to_json())
def edit_post(id): post=Post.query.get_or_404(id) if g.current_user != post.author and not g.current_user.can(Permission.ADMINISTER): return forbidden('Insufficient permissions') post.body = request.json.get('body',post.body) db.session.add(post) return jsonify(post.to_json())
def get_group(group_id): group = Group.query.get(group_id) if group is None: return not_found('group does not exist') if g.current_user.id != group.create_user: return forbidden('User does not create this group') return jsonify(group.to_json())
def get_page(page_id): conn = g.mysql.connection cursor = conn.cursor() if not page_id: return bad_request('Page ID is not provided') try: cursor.execute(""" SELECT p.id, p.address, p.title, p.description, p.is_private, p.created, p.user_id FROM pages p WHERE id='{page_id}' """.format( page_id=page_id )) page = cursor.fetchone() is_private, user_id = page[4], page[6] if is_private and not authorized(user_id): return forbidden() except Exception, error: print 'ERROR: ', error return bad_request(error)
def delete_notice_news(news_id): news = News.query.filter_by(id=news_id).first() if news is None: return not_found('News does not exist') if g.current_user.id != news.author_id: return forbidden('Cannot chang other user\'s news') news.notice = False return jsonify(news.to_json())
def get_news(id): news = News.query.get(id) if news is None: return not_found('News does not exist') # 전체 공개, 그룹 내 유저, 그룹 생성자만 신송 열람 허용 if news.group is not None and g.current_user not in news.house.users\ and g.current_user.id != news.house.create_user: return forbidden('User does not in this group') return jsonify(news.to_json())
def delete_group(group_id): group = Group.query.get(group_id) if group is None: return not_found('Group does not exist') if g.current_user.id != group.create_user: return forbidden('User does not in this group') db.session.delete(group) db.session.commit() return '', 204
def get_users_in_group(group_id): group = Group.query.get(group_id) if group is None: return not_found('Group does not exist') if g.current_user.id != group.create_user: return forbidden('User does not create this group') users = group.users.all() if users is None: return not_found('User in group is not exist') return jsonify({'users': [user.to_json() for user in users]})
def delete_user_picture(id): user = User.query.filter_by(username=user_id).first() if user is None: return not_found('User does not exist') if g.current_user is not user: return forbidden('Cannot modify other user') os.remove(os.path.join(UPLOAD_FOLDER, user.pictureLocate)) user.pictureName = None user.pictureLocate = None db.session.commit() return '', 204
def get_news_file(id): news = News.query.get(id) if news is None: return not_found('News does not exist') if news.group is not None and g.current_user not in news.house.users\ and g.current_user.id != news.house.create_user: return forbidden('User does not in this group') filelocate = news.filelocate if filelocate is None: return not_found('File does not exist') return send_from_directory(UPLOAD_FOLDER, filelocate)
def delete_comment_file(comment_id): comment = Comment.query.get(comment_id) if comment is None: return not_found('Comment does not exist') if g.current_user.id != comment.author_id: return forbidden('Cannot Delete File') os.remove(os.path.join(UPLOAD_FOLDER, comment.filelocate)) comment.filename = None comment.filelocate = None db.session.commit() return '', 204
def delete_news_file(id): news = News.query.get(id) if news is None: return not_found('News does not exist') if g.current_user.id != news.author_id: return forbidden('Cannot Delete File') os.remove(os.path.join(UPLOAD_FOLDER, news.filelocate)) news.filename = None news.filelocate = None db.session.commit() return '', 204
def get_files(address): conn = g.mysql.connection cursor = conn.cursor() if not address: return bad_request('Page address is not provided') else: cursor.execute(""" SELECT id, address, title, description, is_private, created, user_id FROM pages WHERE address='{address}' """.format(address=address)) page = cursor.fetchone() is_private, user_id = page[4], page[6] if not page: return bad_request('Can\'t find page by provided address') if is_private and not authorized(user_id): return forbidden() try: cursor.execute(""" SELECT f.id, f.name, f.size, f.type, f.ipfs_hash, f.tx_id, f.title, f.description, UNIX_TIMESTAMP(f.created), p.user_id FROM files f, pages p WHERE p.id=f.page_id AND p.address='{address}' ORDER BY f.created DESC """.format(address=address)) files = cursor.fetchall() except Exception, error: print 'ERROR: ', error return bad_request(error)
def put_comment(comment_id): if request.json is None: # 요청이 올바르지 않은 경우 - 덧글의 내용이 없다던가 return bad_request('JSON Request is invaild') old_comment = Comment.query.filter_by(id=comment_id).first() if old_comment is None: # 덧글이 존재 하지 않을 경우 return not_found('Comment does not exist') if g.current_user.id != old_comment.author_id: # 다른 유저의 덧글을 수정하려고 하는 경우 return forbidden('Cannot modify other user\'s comment') comment = Comment.from_json(request.json) old_comment.context = comment.context old_comment.parsed_context = comment.parsed_context old_comment.author_name = g.current_user.realname return jsonify(old_comment.to_json())
def delete_comment(comment_id): comment = Comment.query.filter_by(id=comment_id).first() if comment is None: return not_found('Comment does not exist') if g.current_user.id != comment.author_id: # 다른 유저의 덧글을 삭제하려고 하는 경우 return forbidden('Cannot delete other user\'s comment') if comment.filename is not None: os.remove( os.path.join(api.root_path, '../../file/', comment.filelocate)) Comment.query.filter(Comment.parent_id == comment.id).delete() db.session.delete(comment) db.session.commit() return '', 204
def modify_user(user_id): user = User.query.filter_by(username=user_id).first() if user is None: # 유저가 존재 하지 않을 경우 return not_found('User does not exist') if g.current_user.username is not user.username: # 다른 유저를 수정하려고 하는 경우 return forbidden('Cannot modify other user') if request.json is None: # 요청이 올바르지 않은 경우 return bad_request('JSON Request is invaild') if request.json.get('pw') is not None: # pw 를 수정하는 경우 user.password = request.json.get('pw') user.realname = request.json.get('name', user.realname) db.session.add(user) return jsonify(user.to_json())
def delete_particle(particle_id): particle = Particle.query.filter_by(id=particle_id).first() if request.json is None: return bad_request('JSON Request is invaild') if request.json.get('author_id') is None: return bad_request('author`s ID is invaild') if int(request.json.get('author_id')) != particle.author_id: return forbidden('Cannot delete other user\'s particle') Like.query.filter(Like.particle_id == particle.id).delete() db.session.delete(particle) db.session.commit() return '', 204
def get_news_comments(news_id): news = News.query.get(news_id) if news is None: return not_found('News does not exist') if news.group is not None and g.current_user not in news.house.users\ and g.current_user.id != news.house.create_user: return forbidden('User does not in this group') return jsonify({ 'comments': [ comment.to_json() for comment in news.comments if comment.parent_id is None ] })
def delete_news(news_id): news = News.query.filter_by(id=news_id).first() if news is None: return not_found('News does not exist') if g.current_user.id != news.author_id: # 다른 유저의 신송을 삭제하려고 하는 경우 return forbidden('Cannot delete other user\'s news') if news.filename is not None: os.remove( os.path.join(os.path.join(api.root_path, '../../file/'), news.filelocate)) Comment.query.filter(Comment.news_id == news.id).delete() db.session.delete(news) db.session.commit() return '', 204
def put_news(news_id): if request.json is None: # 요청이 올바르지 않은 경우 return bad_request('JSON Request is invaild') old_news = News.query.filter_by(id=news_id).first() if old_news is None: # 신송이 존재 하지 않을 경우 return not_found('News does not exist') if g.current_user.id != old_news.author_id: # 다른 유저의 신송을 수정하려고 하는 경우 return forbidden('Cannot modify other user\'s news') news = News.from_json(request.json) old_news.context = news.context old_news.parsed_context = news.parsed_context old_news.modified_at = datetime.utcnow() old_news.group = news.group return jsonify(old_news.to_json())
def get_news_in_group(group_id): group = Group.query.get(group_id) if group is None: return not_found('Group does not exist') if g.current_user not in group.users: return forbidden('User does not in this group') page = request.args.get('page', 1, type=int) per_page = request.args.get('per_page', 20, type=int) pagination = group.news.order_by(News.created_at.desc()).paginate( page, per_page, error_out=False) pag_news = pagination.items if pagination.total < 1: return not_found('News is not exist') return jsonify({'news': [news.to_json() for news in pag_news]})
def get_notice_group(group_id): group = Group.query.get(group_id) if group is None: return not_found('Group does not exist') if g.current_user not in group.users: return forbidden('User does not in this group') notice = group.news.filter_by(notice=True).order_by( News.created_at.desc()).all() return jsonify({ 'notice': [ news.to_json() for news in notice if news.group is None or g.current_user in news.house.users ] })
def post_user_picture(user_id): user = User.query.filter_by(username=user_id).first() if user is None: return not_found('User does not exist') if g.current_user is not user: return forbidden('Cannot modify other user') if request.files['file'] is None: return bad_request('File Request in invaild') file = request.files['file'] if file and allowed_picture(file.filename.lower()): pictureName = file.filename pictureLocate = addTimestamp(pictureName) file.save(os.path.join(UPLOAD_FOLDER, pictureLocate)) user.pictureName = pictureName user.pictureLocate = pictureLocate db.session.commit() return jsonify(user.to_json()), 200
def put_particle(particle_id): old_particle = Particle.query.filter_by(id=particle_id).first() if request.json is None: return bad_request('JSON Request is invaild') if request.json.get('author_id') is None: return bad_request('author`s ID is invaild') if int(request.json.get('author_id')) != old_particle.author_id: return forbidden('Cannot delete other user\'s particle') if old_particle is None: return not_found('Particle does not exist') particle = Particle.from_json(request.json) old_particle.anonymous = particle.anonymous old_particle.context = particle.context old_particle.parsed_context = particle.parsed_context db.session.commit() return jsonify(old_particle.to_json())
def get_file(file_id): conn = g.mysql.connection cursor = conn.cursor() if not file_id: return bad_request('File ID is not provided') try: cursor.execute(""" SELECT f.id, f.name, f.size, f.type, f.title, f.description, f.ipfs_hash, f.tx_id, UNIX_TIMESTAMP(f.created), p.id, p.address, p.title, p.description, UNIX_TIMESTAMP(p.created), p.is_private, u.id, UNIX_TIMESTAMP(u.created) FROM files f, pages p, users u WHERE f.id='{file_id}' AND f.page_id = p.id AND p.user_id = u.id """.format(file_id=file_id)) file_data = cursor.fetchone() is_private = file_data[14] if is_private and not authorized(file_data[15]): return forbidden() except Exception, error: print 'ERROR: ', error return bad_request(error)
def post_news(): if request.json is None: return bad_request('JSON Request is invaild') news = News.from_json(request.json) if news.group is not None and g.current_user.id != Group.query.filter_by( id=news.group).first().create_user: return forbidden('User does not in this group') news.author_id = g.current_user.id news.author_name = g.current_user.realname author = User.query.filter_by(id=g.current_user.id).first() author.recent_group = news.group db.session.add(news) db.session.commit() resp = make_response() resp.headers['Location'] = url_for('api.get_news', id=news.id) # 만들어진 신송 URI 제공 resp.status_code = 201 return resp
def post_news_comment(news_id): if request.json is None: return bad_request('JSON Request is invaild') news = News.query.get(news_id) if news is None: return not_found('news does not exist') if news.group is not None and g.current_user not in news.house.users\ and g.current_user.id != news.house.create_user: return forbidden('User does not in this group') comment = Comment.from_json(request.json) comment.news_id = news.id comment.author_id = g.current_user.id comment.author_name = g.current_user.realname db.session.add(comment) db.session.commit() resp = make_response() resp.headers['Location'] = url_for('api.get_comment', comment_id=comment.id) resp.status_code = 201 return resp
def post_news_file(id): news = News.query.get(id) if news is None: return not_found('News does not exist') if g.current_user.id != news.author_id: return forbidden('Cannot Upload File') if request.files['file'] is None: return bad_request('File Request in invaild') file = request.files['file'] if file and allowed_file(file.filename.lower()): filename = file.filename filelocate = addTimestamp(filename) if len(filename.rsplit('.')) is not 2: return bad_request('File have abnormal extension') file.save(os.path.join(UPLOAD_FOLDER, filelocate)) news.filename = filename news.filelocate = filelocate db.session.commit() return jsonify(news.to_json())
def put_comment_file(comment_id): comment = Comment.query.gt(comment_id) if comment is None: return not_found('Comment does not exist') if g.current_user.id != comment.author_id: return forbidden('Cannot Upload File') if request.files['file'] is None: return bad_request('File Request in invaild') os.remove(os.path.join(UPLOAD_FOLDER, comment.filelocate)) file = request.files['file'] if file and allowed_file(file.filename.lower()): filename = file.filename filelocate = addTimestamp(filename) if len(filename.rsplit('.')) is not 2: return bad_request('File have abnormal extension') file.save(os.path.join(UPLOAD_FOLDER, filelocate)) comment.filename = filename comment.filelocate = filelocate db.session.commit() return jsonify(comment.to_json())
def decorated_function(*args, **kw): if not verify_request(request): return forbidden('Invalid Request Signature') return f(*args, **kw)
def decorator_function(*args, **kwargs): if not g.current_user.can(permission): return forbidden('Insufficient permissions') return f(*args, **kwargs)
def before_request(): if not g.current_user.is_anonymous and not g.current_user.confirmed: return errors.forbidden('not confirmed')
def decorated_function(*args, **kwargs): if not g.current_user.can(permission): return forbidden('Insufficient permissions') return f(*args, **kwargs)
def before_request(): if g.current_user.is_anonymous(): return forbidden('Unconfirmed account')
def get_token(): if g.current_user.is_anonymous() or g.token_used: return forbidden('Unconfirmed account') return jsonify({'token': g.current_user.generate_auth_token( expiration=360000), 'expiration': 360000})
def before_request(): if not g.current_user.is_anonymous and \ not g.current_user.confirmed: return forbidden('Unconfirmed account.')