Ejemplo n.º 1
0
def del_project_user(id):
    # Check if specified ID is an integer
    if not function.isInt(id):
        return jsonify({"error": "id is not an integer"}), 400

    # Fetch form data
    projectDetails = request.get_json()
    user = projectDetails.get('user')

    if user is None:
        return jsonify({"error": "Projectuser id not specified"}), 400

    # Check if project actually exists
    project = database.getProjectByID(id)
    if project is None:
        return jsonify({"error": "Specified project does not exist"})

    # Retrieve projectrole of user
    userRole = function.getProjectUserRole(get_jwt_identity(), id)
    # Retrieve projectrole of target
    targetRole = function.getProjectUserRole(user, id)

    # Check if both users are part of the same project
    if userRole is None:
        return jsonify({"error":
                        "Must be a project member to delete users"}), 403
    elif targetRole is None:
        return jsonify(
            {"error": "Target user is not a member of specified project"}), 403

    # User is trying to delete somebody else
    if not (str(get_jwt_identity()) == str(user)):
        if userRole not in ['ADMIN', 'OWNER']:
            return jsonify({
                "error":
                "Cannot delete project users without ADMIN or OWNER status"
            }), 403
        elif targetRole == 'OWNER':
            return jsonify({"error":
                            "Cannot delete the owner of a project"}), 403
        elif targetRole == 'ADMIN':
            if userRole != 'OWNER':
                return jsonify({
                    "error":
                    "Cannot delete a project admin without OWNER permission"
                }), 403
    # User is trying to deleting himself, check that he is not the owner of the project
    else:
        if userRole == 'OWNER':
            return jsonify(
                {"error": "Cannot delete yourself from your own project"}), 403

    # Delete project user
    if database.deleteProjectUser(id, user):
        return jsonify({"Info": "Projectuser deleted successfully"}), 200
    else:
        return jsonify(
            {"erorr": "Something went wrong deleting the projectuser"}), 500
Ejemplo n.º 2
0
def add_post(id):
    # Check if specified ID is an integer
    if not function.isInt(id):
        return jsonify({"error": "id is not an integer"}), 400

    # Fetch form data
    projectDetails = request.get_json()
    title = projectDetails.get('title')
    content = projectDetails.get('content')
    owner = get_jwt_identity()

    # Check if all data is supplied
    if title is None:
        return jsonify({"error": "Post title not specified"}), 400
    if content is None:
        return jsonify({"error": "Post content not specified"}), 400
    if owner is None:
        return jsonify({"error": "Project owner not specified"}), 400
    if not function.isInt(owner):
        return jsonify({"error": "ownerID should be string"})

    # Check if project actually exists
    project = database.getProjectByID(id)
    if project is None:
        return jsonify({"error": "Specified project does not exist"})

    # Check if you have permission to post on this project
    userRole = function.getProjectUserRole(get_jwt_identity(), id)
    if not function.isProjectMember(userRole):
        return jsonify({"error": "Must be a project member to add post"}), 403

    # Add post to the database
    post = database.addProjectPost(title, content, owner, id)
    return jsonify(post), 201
Ejemplo n.º 3
0
def get_project_post(id):
    limit = request.args.get('limit')
    offset = request.args.get('offset')

    if limit is not None and not function.isInt(limit):
        return jsonify({"error": "limit is not an integer"}), 400
    if offset is not None and not function.isInt(offset):
        return jsonify({"error": "offset is not an integer"}), 400

    dataCount = database.getProjectPostsCount(id)
    data = database.getProjectPosts(id, limit, offset)
    if data is None:
        return jsonify({"error": "No results found"}), 404
    else:
        project = database.getProjectByID(id)
        if (project['projectVisibility'] == 'PRIVATE'):
            userRole = function.getProjectUserRole(get_jwt_identity(), id)
            if not function.isProjectMember(userRole):
                return jsonify(
                    {"error":
                     "Must be project member to view project posts"}), 403
        for projectpost in data:
            user = database.getUserInfo(str(projectpost['postUser']))
            projectpost['user'] = user
        dataCount['data'] = data
        return jsonify(dataCount), 200
Ejemplo n.º 4
0
def delete_comment(id):
    # Check if specified ID is an integer
    if not function.isInt(id):
        return jsonify({"error": "id is not an integer"}), 400

    # Check if comment actually exists
    comment = database.getCommentByID(id)
    if comment is None:
        return jsonify({"error": "Specified comment does not exist"})

    # Check if the user trying to delete the post is the post owner
    post = database.getPostByID(str(comment['commentPost']))
    userRole = function.getProjectUserRole(get_jwt_identity(),
                                           post['postProject'])
    if not function.isProjectAdmin(userRole):
        if comment['commentUser'] != get_jwt_identity():
            return jsonify(
                {"error":
                 "Must be admin to delete comment of other user"}), 400

    # Delete comment
    commentDeleted = database.deleteComment(id)
    if commentDeleted is True:
        return jsonify({"Info": "Comment deleted successfully"}), 200
    else:
        return jsonify({"error":
                        "Something went wrong deleting the comment"}), 500
Ejemplo n.º 5
0
def put_project_user(id):
    # Check if specified ID is an integer
    if not function.isInt(id):
        return jsonify({"error": "id is not an integer"}), 400

    # Fetch form data
    projectDetails = request.get_json()
    user = projectDetails.get('user')
    role = projectDetails.get('role')

    # Check if all data is supplied
    if user is None:
        return jsonify({"error": "Projectuser id not specified"}), 400
    if role is None:
        return jsonify({"error": "Projectuser role not specified"}), 400
    if role not in allowed_projectUser_states:
        return jsonify({"error": "Projectuser role not a legal value"}), 400

    # Check if project actually exists
    project = database.getProjectByID(id)
    if project is None:
        return jsonify({"error": "Specified project does not exist"})

    # Check that you are not trying to change project owner
    if role == 'OWNER':
        return jsonify({"error":
                        "Cannot set or tranfer project ownership"}), 403
    # Retrieve projectrole of user
    userRole = function.getProjectUserRole(get_jwt_identity(), id)
    # If user issuing the request is not changing his own data, check if user is admin
    if not (str(get_jwt_identity()) == user):
        if not function.isProjectAdmin(userRole):
            return jsonify(
                {"error": "Must be a project admin to update user roles"}), 403
    # If user issuing the request is changing own data, he can only change himself from invited to user
    elif userRole == 'INVITED':
        if role != 'USER':
            return jsonify({
                "error":
                "May only change your own role from pending to user"
            }), 403
    else:
        return jsonify(
            {"error":
             "May only change your own role from pending to user"}), 403

    data = database.updateProjectUser(id, user, role)
    if data is not None:
        return jsonify(data), 200
    else:
        return jsonify({"error": "No results found"}), 404
Ejemplo n.º 6
0
def get_project_id(id):
    # Check if specified ID is an integer
    if not function.isInt(id):
        return jsonify({"error": "id is not an integer"}), 400

    data = database.getProjectByID(id)
    if data is None:
        return jsonify({"error": "No results found"}), 404
    else:
        if (data['projectVisibility'] == 'PRIVATE'):
            userRole = function.getProjectUserRole(get_jwt_identity(), id)
            if not function.isProjectMember(userRole):
                return jsonify(
                    {"error": "Must be project member to view project"}), 403
        user = database.getUserInfo(str(data['projectOwner']))
        data['owner'] = user
        return jsonify(data), 200
Ejemplo n.º 7
0
def del_project(id):
    # Check if specified ID is an integer
    if not function.isInt(id):
        return jsonify({"error": "id is not an integer"}), 400

    # Check if project actually exists
    project = database.getProjectByID(id)
    if project is None:
        return jsonify({"error": "Specified project does not exist"})

    # Check if you are the owner of the project you are trying to delete
    userRole = function.getProjectUserRole(get_jwt_identity(), id)
    if not function.isProjectOwner(userRole):
        return jsonify({"error":
                        "Must be project owner to delete a project"}), 403

    # Delete project
    if database.deleteProject(id):
        return jsonify({"Info": "Project deleted successfully"}), 200
    else:
        return jsonify({"erorr":
                        "Something went wrong deleting the project"}), 500
Ejemplo n.º 8
0
def add_comment(id):
    # Check if specified ID is an integer
    if not function.isInt(id):
        return jsonify({"error": "id is not an integer"}), 400

    # Fetch form data
    postDetails = request.get_json()
    content = postDetails.get('content')
    parent = postDetails.get('parent')
    # Swap userID for JWT id
    userID = get_jwt_identity()

    if content is None:
        return jsonify({"error": "Comment content not specified"}), 400
    if userID is None:
        return jsonify({"error": "Comment user id not specified"}), 400

    # Check if post actually exists
    post = database.getPostByID(id)
    if post is None:
        return jsonify({"error": "Specified post does not exist"}), 400

    # Check if you have permission to comment on this post
    userRole = function.getProjectUserRole(get_jwt_identity(), post['postProject'])
    if not function.isProjectMember(userRole):
        return jsonify({"error": "Must be a project member to comment on this post"}), 403

    # Check if parent actually exists
    if parent is not None:
        comment = database.getCommentByID(str(parent))
        if comment is None:
            return jsonify({"error": "Parent comment does not exist"}), 400

    # Add comment
    comment = database.addPostComment(content, parent, userID, id)
    user = database.getUserByID(str(comment['commentUser']))
    comment['user'] = user
    return jsonify(comment), 201
Ejemplo n.º 9
0
def put_project(id):
    # Check if specified ID is an integer
    if not function.isInt(id):
        return jsonify({"error": "id is not an integer"}), 400

    # Fetch form data
    projectDetails = request.get_json()
    title = projectDetails.get('title')
    content = projectDetails.get('content')
    visibility = projectDetails.get('visibility')

    # Check if all data is supplied
    if title is None:
        return jsonify({"error": "Project title not specified"}), 400
    if content is None:
        return jsonify({"error": "Project content not specified"}), 400
    if visibility is None:
        return jsonify({"error": "Project visibility not specified"}), 400
    if visibility not in allowed_project_visibilities:
        return jsonify({"error": "Project visibility not a legal value"}), 400

    # Check if project actually exists
    project = database.getProjectByID(id)
    if project is None:
        return jsonify({"error": "Specified project does not exist"})

    # Check if you have permission to update the project
    userRole = function.getProjectUserRole(get_jwt_identity(), id)
    if not function.isProjectAdmin(userRole):
        return jsonify(
            {"error": "Must be a project admin to update the project"}), 403

    data = database.updateProject(id, title, content, visibility)
    if data is not None:
        return jsonify(data), 200
    else:
        return jsonify({"error": "No results found"}), 404
Ejemplo n.º 10
0
def add_project_user(id):
    # Fetch form data
    projectDetails = request.get_json()
    user = projectDetails.get('user')
    role = projectDetails.get('role')

    # Check if all data is supplied
    if user is None:
        return jsonify({"error": "Project user not specified"}), 400
    if role is None:
        return jsonify({"error": "Project user role not specified"}), 400
    if role not in allowed_projectUser_states:
        return jsonify({"error": "Project user role not a legal value"}), 400

    # Check if project actually exists
    project = database.getProjectByID(id)
    if project is None:
        return jsonify({"error": "Specified project does not exist"})

    # Check if you have permission to add a user to this project
    projectVisibility = project['projectVisibility']
    userRole = function.getProjectUserRole(get_jwt_identity(), id)
    validTarget = function.getProjectUserRole(role, id)
    print(type(user))
    print(type(str(get_jwt_identity())))
    print(user)
    print(get_jwt_identity())
    if validTarget is None:
        if projectVisibility == 'PUBLIC':
            if role not in ['INVITED', 'USER']:
                return jsonify(
                    {"error": "May only invite or add user on public project"})
        elif projectVisibility == 'RESTRICTED':
            if role == 'INVITED':
                if not function.isProjectAdmin(userRole):
                    return jsonify({
                        "error":
                        "Only admins can invite users on restricted projects"
                    })
            elif role == 'PENDING':
                if user != str(get_jwt_identity()):
                    return jsonify({
                        "error":
                        "Only a user can request membership for himself"
                    })
            else:
                return jsonify({
                    "error":
                    "May only invite or request user on restricted project"
                })
        elif projectVisibility == 'PRIVATE':
            if role == 'INVITED':
                if not function.isProjectAdmin(userRole):
                    return jsonify({
                        "error":
                        "Only admins can invite users on private projects"
                    })
            else:
                return jsonify({
                    "error":
                    "You may only invite users for private projects"
                })
    else:
        return jsonify({"error": "User already has a project role"})

    projectUser = database.addProjectUser(user, id, role)
    return jsonify(projectUser), 201