def file_upload(parent_id=None):
"""
Upload a file.
The file must be a multi-part parameter called "file". If no parent id is given,
the file is located on user's root.
:param parent_id: the parent's id, null if root folder
:return: the created file's details
"""
if 'file' not in request.files:
return bad_request('File parameter required.')
buffer = request.files['file']
if buffer.filename == '':
return bad_request('No selected file.')
replace_id = request.form.get('replace_id', None)
if replace_id is not None:
file = Resource.query.get(replace_id)
Resource.add_version(file, buffer)
db.session.commit()
return created('File version uploaded.', file.deep)
owner = current_user
parent = None
if parent_id is not None:
parent = Resource.query.get(parent_id)
owner = parent.owner
f_details = buffer.filename.rsplit('.', 1)
filename = f_details[0]
extension = None
if len(f_details) > 1:
extension = f_details[1]
file = Resource.create(filename, extension, owner, parent, buffer)
db.session.commit()
return created('File uploaded.', file.deep)
def user_register():
"""
Create a new user with the provided information.
"""
messages = []
content = request.get_json()
if content is None:
content = {}
username = content.get('username', None)
if username is None:
messages.append('Missing parameter: username.')
password = content.get('password', None)
if password is None:
messages.append('Missing parameter: password.')
if len(messages) > 0:
return bad_request(messages)
email = content.get('email', None)
user = User.query.filter_by(username=username).first()
if user is not None:
messages.append('Username already in use.')
if email not in ['', None]:
user = User.query.filter_by(email=email).first()
if user is not None:
messages.append('Email address already in use.')
if len(password) < 6:
messages.append('Password too short.')
if len(messages) > 0:
return bad_request(messages)
user = User.create(username, password, email)
db.session.commit()
login_user(user)
return created('User created', user.serialized)
def wrapper(*args, **kwargs):
parent_id = extract_parameter('parent_id')
if parent_id is None:
if not required:
return f(*args, **kwargs)
else:
return bad_request('No parent id provided.')
folder = Resource.query.get(parent_id)
if folder is None:
return not_found('Parent folder does not exist.')
if folder.type != resource_type.folder:
return bad_request('Parent is not a folder.')
if not check_resource_rights(folder, current_user, action):
return unauthorized('You cannot access parent folder.')
return f(*args, **kwargs)
def resource_create():
"""
Create a resource.
Create a resource with given details. The name and type are required. If no parent id is given,
the resource is created in user's root folder. The resource cannot be a file
:return: the created resource's details
"""
content = request.get_json()
if content is None:
content = {}
messages = []
name = content.get('name', None)
if name is None:
messages.append('Name parameter required.')
r_type = content.get('type', None)
if r_type is None:
messages.append('Type parameter required.')
else:
if r_type == resource_type.file:
messages.append('Cannot create file without content.')
if r_type not in resource_type:
messages.append('Not a valid type')
if len(messages) > 0:
return bad_request(messages)
parent_id = content.get('parent_id', None)
parent = None
if parent_id is not None:
parent = Resource.query.get(parent_id)
folder = Resource.create_folder(name, current_user, parent)
db.session.commit()
return created('Folder created', folder.deep)
def file_upload_version(res_id):
"""
Upload a new version for an existing file.
:param res_id: the file's id
:return: the file's details
"""
if 'file' not in request.files:
return bad_request('File parameter required.')
file = Resource.query.get(res_id)
buffer = request.files['file']
if buffer.filename == '':
return bad_request('No selected file.')
Resource.add_version(file, buffer)
db.session.commit()
return created('File version uploaded.', file.deep)
def wrapper(*args, **kwargs):
user_id = extract_parameter('user_id')
if user_id is None:
return bad_request('No user id provided.')
user = User.query.get(user_id)
if user is None:
return not_found('User not found.')
return f(*args, **kwargs)
def wrapper(*args, **kwargs):
res_id = extract_parameter('res_id')
version_id = extract_parameter('version_id')
if version_id is None or res_id is None:
return bad_request('No file version id provided.')
version = Version.query.filter_by(id=version_id, res_id=res_id).first()
if version is None:
return not_found('This resource does not exist.')
return f(*args, **kwargs)
def wrapper(*args, **kwargs):
res_id = extract_parameter(key)
if res_id is None:
if not required:
return f(*args, **kwargs)
else:
return bad_request('No resource id provided.')
res = Resource.query.get(res_id)
if res is None:
return not_found('This resource does not exist.')
if not check_resource_rights(res, current_user, action):
return unauthorized('You cannot access this resource.')
return f(*args, **kwargs)
def share_resource(res_id, user_id, r_type=role_type.view):
"""
Share a resource with a user.
:param res_id: resource's id
:param user_id: user's id
:param r_type: type of sharing (edit or view)
:return: created link
"""
if r_type not in role_type.values():
return bad_request('Invalid sharing type')
res = Resource.query.get(res_id)
user = User.query.get(user_id)
role = Role.link(res, user, r_type)
if role is None:
return conflict('Resource already shared with user.')
db.session.commit()
return created('Resource shared.', role.deep)
def user_login():
"""
Log the user in.
:return: the user info if login is successful
"""
content = request.get_json()
if content is None:
content = {}
username = content.get('username', None)
if username is None:
return bad_request('Username must be submitted.')
user = User.query.filter_by(username=username).first()
if user is None:
return unauthorized('Wrong credentials.')
password = content.get('password', None)
if not bcrypt.check_password_hash(user.password, password):
return unauthorized('Wrong credentials.')
login_user(user)
return ok('Login successful.', user.serialized)
def resource_update(res_id):
"""
Update a resource's details.
:param res_id: the requested resource's id
:return: the updated resource
"""
resource = Resource.query.get(res_id)
content = request.get_json()
params = {}
if 'name' in content:
params['name'] = content['name']
if 'extension' in content and resource.type == resource_type.file:
params['extension'] = content['extension']
if 'parent_id' in content:
parent_id = content['parent_id']
parent = Resource.query.get(
parent_id) if parent_id is not None else None
params['parent'] = parent
if parent.owner.id != resource.owner.id:
return bad_request('Resource cannot be moved here')
Resource.update(resource, **params)
db.session.commit()
return ok('Resource updated', resource.deep)
def wrapper(*args, **kwargs):
res_id = extract_parameter('res_id')
file = Resource.query.get(res_id)
if file.type != resource_type.file:
return bad_request('Resource is not a file.')
return f(*args, **kwargs)