def post(self):
# Load response template
template = JINJA_ENVIRONMENT.get_template("static/templates/api.json")
self.response.headers["Content-Type"] = "application/json"
# Session request handler
current_session = Session(self)
# Retrieve uploaded info
upload_files = self.get_uploads("file")
blob_info = upload_files[0]
# Check if user can upload the photo
if current_session.get_role_level() < 2:
self.response.headers["Content-Type"] = "application/json"
data = '{"error": "Permission denied"}'
result = "FAIL"
self.response.write(template.render(feature="photo", data=data, query=self.request.url, result=result))
# Remove photo from blob store
blobstore.delete(blob_info.key)
return None
# Save photo to database
photo_id = database.PhotosManager.createPhoto("", current_session.get_user_key(), 2, blob_info.key())
# Prompt response to user
data = '{"photo_id": ' + str(photo_id) + "}"
result = "OK"
self.response.write(template.render(feature="photo", data=data, query=self.request.url, result=result))
def post(self, photo_id):
# Session
current_session = Session(self)
# Load response template
template = JINJA_ENVIRONMENT.get_template("static/templates/api.json")
self.response.headers["Content-Type"] = "application/json"
photo = database.PhotosManager.get_photo_by_id(int(photo_id))
if photo is None:
data = '{"error": "Photo does not exist."}'
result = "FAIL"
else:
# Check permission for this petition (only owner or admin can modify)
if (photo.owner == current_session.get_user_key()) or (current_session.get_role_level() > 2):
name = self.request.get("name")
privacy = int(self.request.get("privacy"))
database.PhotosManager.modify_photo(photo.key, name, privacy)
data = '{"message": "Changes done"}'
result = "OK"
else:
data = '{"error": "No permission to change."}'
result = "FAIL"
# Response result json
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
def post(self):
# Load response template
template = JINJA_ENVIRONMENT.get_template('static/templates/api.json')
self.response.headers['Content-Type'] = 'application/json'
# Session request handler
current_session = Session(self)
# Retrieve uploaded info
upload_files = self.get_uploads("file")
blob_info = upload_files[0]
# Check if user can upload the photo
if current_session.get_role_level() < 2:
self.response.headers['Content-Type'] = 'application/json'
data = '{"error": "Permission denied"}'
result = "FAIL"
self.response.write(template.render(feature="photo",
data=data,
query=self.request.url,
result=result))
# Remove photo from blob store
blobstore.delete(blob_info.key)
return None
# Save photo to database
photo_id = database.PhotosManager.createPhoto("", current_session.get_user_key(), 2, blob_info.key())
# Prompt response to user
data = '{"photo_id": ' + str(photo_id) + '}'
result = "OK"
self.response.write(template.render(feature="photo", data=data, query=self.request.url, result=result))
def post(self, photo_id):
# Session
current_session = Session(self)
# Load response template
template = JINJA_ENVIRONMENT.get_template('static/templates/api.json')
self.response.headers['Content-Type'] = 'application/json'
photo = database.PhotosManager.get_photo_by_id(int(photo_id))
if photo is None:
data = '{"error": "Photo does not exist."}'
result = "FAIL"
else:
# Check permission for this petition (only owner or admin can modify)
if(photo.owner == current_session.get_user_key()) or (current_session.get_role_level() > 2):
name = self.request.get('name')
privacy = int(self.request.get('privacy'))
database.PhotosManager.modify_photo(photo.key, name, privacy)
data = '{"message": "Changes done"}'
result = "OK"
else:
data = '{"error": "No permission to change."}'
result = "FAIL"
# Response result json
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
def get(self):
# Session request handler
current_session = Session(self)
JINJA_ENVIRONMENT.globals['session'] = current_session
# Language request handler
Language.language(self)
# Check if user is admin
if (current_session.get_role_level() < 3):
self.redirect("/")
return None
# Retrieve users
users = database.UserManager.select()
# Render template
template = JINJA_ENVIRONMENT.get_template('static/templates/users.html')
self.response.write(template.render(users=users))
def get(self, user_id, photo_id, option):
# Session
current_session = Session(self)
# Load response template
template = JINJA_ENVIRONMENT.get_template("static/templates/api.json")
self.response.headers["Content-Type"] = "application/json"
# Check if user and photo exists
photo = database.PhotosManager.get_photo_by_id(int(photo_id))
user = database.UserManager.select_by_id(int(user_id))
if photo is None:
data = '{"error": "Photo does not exist."}'
result = "FAIL"
elif user is None:
data = '{"error": "User does not exist."}'
result = "FAIL"
else:
# Check permission for this petition (only owner or admin can modify)
if (photo.owner == current_session.get_user_key()) or (current_session.get_role_level() > 2):
if option == "give":
result = database.PhotoUserPermissionManager.give_permission(photo, user)
if result is None:
data = '{"error": "Permission already set."}'
result = "FAIL"
else:
data = '{"message": "Permission allowed."}'
result = "OK"
elif option == "restrict":
result = database.PhotoUserPermissionManager.restrict_permission(photo, user)
if result is True:
data = '{"message": "Permission restricted."}'
result = "OK"
else:
data = '{"error": "Permission is not set. Cannot restrict"}'
result = "FAIL"
else:
data = '{"error": "Permission denied. Operation cannot do."}'
result = "FAIL"
# Response result json
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
def get(self, user_id, photo_id, option):
# Session
current_session = Session(self)
# Load response template
template = JINJA_ENVIRONMENT.get_template('static/templates/api.json')
self.response.headers['Content-Type'] = 'application/json'
# Check if user and photo exists
photo = database.PhotosManager.get_photo_by_id(int(photo_id))
user = database.UserManager.select_by_id(int(user_id))
if photo is None:
data = '{"error": "Photo does not exist."}'
result = "FAIL"
elif user is None:
data = '{"error": "User does not exist."}'
result = "FAIL"
else:
# Check permission for this petition (only owner or admin can modify)
if(photo.owner == current_session.get_user_key()) or (current_session.get_role_level() > 2):
if option == "give":
result = database.PhotoUserPermissionManager.give_permission(photo, user)
if result is None:
data = '{"error": "Permission already set."}'
result = "FAIL"
else:
data = '{"message": "Permission allowed."}'
result = "OK"
elif option == "restrict":
result = database.PhotoUserPermissionManager.restrict_permission(photo, user)
if result is True:
data = '{"message": "Permission restricted."}'
result = "OK"
else:
data = '{"error": "Permission is not set. Cannot restrict"}'
result = "FAIL"
else:
data = '{"error": "Permission denied. Operation cannot do."}'
result = "FAIL"
# Response result json
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
def get(self, user_id, option):
# Session
current_session = Session(self)
# Load response template
template = JINJA_ENVIRONMENT.get_template("static/templates/api.json")
self.response.headers["Content-Type"] = "application/json"
user_id = int(user_id)
# If user is not admin and not himself, not allow to query anything
if current_session.get_role_level() < 3 and current_session.get_id() != user_id:
role_level = str(current_session.get_role_level())
data = '{"error": "Permission denied' + role_level + '"}'
result = "FAIL"
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
return None
# Check if user exists
user = database.UserManager.select_by_id(int(user_id))
# If user not exists
if user is None:
data = '{"error": "User not exists."}'
result = "FAIL"
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
return None
# Options
if option == "activateAccountByAdmin":
# Only admin is allowed to change permissions
if current_session.get_role_level() < 3:
data = '{"error": "You cannot change your permission level."}'
result = "FAIL"
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
return None
# If user has not his account activated, admin cannot active it
if user.role_level != 1:
data = '{"error": "User has not his account activated yet."}'
result = "FAIL"
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
return None
# Activate account by admin
database.UserManager.modify_user(user.key, role_level=2)
data = '{"message": "Account activated by admin."}'
result = "OK"
elif option == "deactivateAccountByAdmin":
# Only admin is allowed to change permissions
if current_session.get_role_level() < 3:
data = '{"error": "You cannot change your permission level."}'
result = "FAIL"
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
return None
# If user has not his account activated, admin cannot active it
if user.role_level != 2:
data = '{"error": "User account can not deactivated."}'
result = "FAIL"
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
return None
# Activate account by admin
database.UserManager.modify_user(user.key, role_level=1)
data = '{"message": "Account deactivated by admin."}'
result = "OK"
elif option == "blockAccount":
# Only admin is allowed to block account
if current_session.get_role_level() < 3:
data = '{"error": "You cannot change your block status."}'
result = "FAIL"
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
return None
# No anyone is allowed to block an admin
if user.role_level == 3:
data = '{"error": "You cannot block an admin account."}'
result = "FAIL"
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
return None
database.UserManager.modify_user(user.key, attempts=3) # Account is blocked with 3 attempts
data = '{"message": "Account blocked by admin."}'
result = "OK"
elif option == "unblockAccount":
# Only admin is allowed to unblock account
if current_session.get_role_level() < 3:
data = '{"error": "You cannot change your permission level."}'
result = "FAIL"
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
return None
database.UserManager.modify_user(user.key, attempts=0) # Account is unblocked with 0 attempts
data = '{"message": "Account unblock by admin."}'
result = "OK"
elif option == "profileChangeRequest":
# Only user himself is allowed to change profile
if current_session.get_id() == user_id:
token = database.TokenManager.create_token(user.key)
email_handler.Email.send_change_profile(user.name, token.id(), user.email)
data = '{"message": "Change profile email send"}'
result = "OK"
else:
data = '{"error": "Method not allowed"}'
result = "FAIL"
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
def post(self, user_id, option):
# Session
current_session = Session(self)
# Load response template
template = JINJA_ENVIRONMENT.get_template("static/templates/api.json")
self.response.headers["Content-Type"] = "application/json"
# Check if request is done by admin or himself
user_id = int(user_id)
if current_session.get_role_level() < 3 and current_session.get_id() != user_id:
role_level = str(current_session.get_role_level())
data = '{"error": "Permission denied"}'
result = "FAIL"
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
return None
# Check if user exists
user = database.UserManager.select_by_id(int(user_id))
# If user not exists
if user is None:
data = '{"error": "User not exists."}'
result = "FAIL"
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
return None
# Options
if option == "changeUserData": # update email and user
email = self.request.get("email", None)
username = self.request.get("username", None)
background = self.request.get("background", None)
photo_id = self.request.get("photo", None)
if email is not None:
userbyemail = database.UserManager.select_by_email(email)
if userbyemail is None:
database.UserManager.modify_user(user.key, email=email)
else:
data = '{"error": "Field exists", "field": "email"}'
result = "FAIL"
self.response.write(
template.render(feature="user", data=data, query=self.request.url, result=result)
)
if username is not None:
userbyname = database.UserManager.select_by_username(username)
if userbyname is None:
database.UserManager.modify_user(user.key, username=username)
else:
data = '{"error": "Field exists", "field": "username"}'
result = "FAIL"
self.response.write(
template.render(feature="user", data=data, query=self.request.url, result=result)
)
if background is not None:
# Check if photo exists
background_photo = database.PhotosManager.get_photo_by_id(int(background))
if background_photo is not None:
# Change user background image
database.UserManager.modify_user(user.key, background=background_photo.key.id())
else:
data = '{"error": "Field not exists", "field": "background"}'
result = "FAIL"
self.response.write(
template.render(feature="user", data=data, query=self.request.url, result=result)
)
if photo_id is not None:
# Check if photo exists
photo = database.PhotosManager.get_photo_by_id(int(photo_id))
if photo is not None:
# Change user background image
database.UserManager.modify_user(user.key, photo=photo.key.id())
else:
data = '{"error": "Field not exists", "field": "background"}'
result = "FAIL"
self.response.write(
template.render(feature="user", data=data, query=self.request.url, result=result)
)
data = '{"message": "User updated"}'
result = "OK"
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
def get(self, photo_id):
# Session request handler
current_session = Session(self)
JINJA_ENVIRONMENT.globals['session'] = current_session
# Language request handler
Language.language(self)
# Load jinja template
template = JINJA_ENVIRONMENT.get_template('static/templates/photo.html')
# Check permission
photo = database.PhotosManager.get_photo_by_id(int(photo_id))
if current_session.get_id() is None:
request_user = None
else:
request_user = database.UserManager.select_by_id(current_session.get_id())
if not security.PhotoSecurity.user_is_allowed_to_watch_photo(photo, request_user):
self.redirect("/")
# Get photo info to display
user = photo.owner.get()
privacy = photo.privacy
date = photo.date
# Check if user can edit photo attributes
edition_permission = (current_session.get_role_level() is 3) or (photo.owner == current_session.get_user_key())
# Get user allowed to watch photo
if privacy == 1:
allowed_users = database.PhotoUserPermissionManager.get_allowed_users_by_photo(photo)
else:
allowed_users = None
# Count photo visited by user
if current_session.get_id() is None:
database.PhotoViewManager.newView(photo, None)
else:
database.PhotoViewManager.newView(photo, current_session.user)
# Photo visualization count
photo_views = database.PhotoViewManager.select_users_by_photo(photo)
views_counter = {}
for photo_view in photo_views:
if photo_view.user is None:
if "Anonymous" in views_counter:
views_counter["Anonymous"]['count'] += 1
else:
views_counter["Anonymous"] = {'count':1,
'name':"Anonymous",
'id': None}
else:
photo_view_user = photo_view.user
if photo_view_user.get().name in views_counter:
views_counter[photo_view_user.get().name]['count'] += 1
else:
views_counter[photo_view_user.get().name] = {'count':1,
'name':photo_view_user.get().name,
'id': photo_view_user.id()}
# Response page
self.response.write(template.render(
photo_id=photo_id,
owner=user,
name=photo.name,
edition_permission= edition_permission,
date= date,
privacy=privacy,
views=views_counter,
every_user_list=database.UserManager.select(),
allowed_users=allowed_users
))
def get(self, user_id, option):
# Session
current_session = Session(self)
# Load response template
template = JINJA_ENVIRONMENT.get_template('static/templates/api.json')
self.response.headers['Content-Type'] = 'application/json'
user_id = int(user_id)
# If user is not admin and not himself, not allow to query anything
if current_session.get_role_level() < 3 and current_session.get_id() != user_id:
role_level = str(current_session.get_role_level())
data = '{"error": "Permission denied' + role_level + '"}'
result = "FAIL"
self.response.write(template.render(feature="user",
data=data,
query=self.request.url,
result=result))
return None
# Check if user exists
user = database.UserManager.select_by_id(int(user_id))
# If user not exists
if user is None:
data = '{"error": "User not exists."}'
result = "FAIL"
self.response.write(template.render(feature="user",
data=data,
query=self.request.url,
result=result))
return None
# Options
if option == "activateAccountByAdmin":
# Only admin is allowed to change permissions
if current_session.get_role_level() < 3:
data = '{"error": "You cannot change your permission level."}'
result = "FAIL"
self.response.write(template.render(feature="user",
data=data,
query=self.request.url,
result=result))
return None
# If user has not his account activated, admin cannot active it
if user.role_level != 1:
data = '{"error": "User has not his account activated yet."}'
result = "FAIL"
self.response.write(template.render(feature="user",
data=data,
query=self.request.url,
result=result))
return None
# Activate account by admin
database.UserManager.modify_user(user.key, role_level=2)
data = '{"message": "Account activated by admin."}'
result = "OK"
elif option == "deactivateAccountByAdmin":
# Only admin is allowed to change permissions
if current_session.get_role_level() < 3:
data = '{"error": "You cannot change your permission level."}'
result = "FAIL"
self.response.write(template.render(feature="user",
data=data,
query=self.request.url,
result=result))
return None
# If user has not his account activated, admin cannot active it
if user.role_level != 2:
data = '{"error": "User account can not deactivated."}'
result = "FAIL"
self.response.write(template.render(feature="user",
data=data,
query=self.request.url,
result=result))
return None
# Activate account by admin
database.UserManager.modify_user(user.key, role_level=1)
data = '{"message": "Account deactivated by admin."}'
result = "OK"
elif option == "blockAccount":
# Only admin is allowed to block account
if current_session.get_role_level() < 3:
data = '{"error": "You cannot change your block status."}'
result = "FAIL"
self.response.write(template.render(feature="user",
data=data,
query=self.request.url,
result=result))
return None
# No anyone is allowed to block an admin
if user.role_level == 3:
data = '{"error": "You cannot block an admin account."}'
result = "FAIL"
self.response.write(template.render(feature="user",
data=data,
query=self.request.url,
result=result))
return None
database.UserManager.modify_user(user.key, attempts=3) # Account is blocked with 3 attempts
data = '{"message": "Account blocked by admin."}'
result = "OK"
elif option == "unblockAccount":
# Only admin is allowed to unblock account
if current_session.get_role_level() < 3:
data = '{"error": "You cannot change your permission level."}'
result = "FAIL"
self.response.write(template.render(feature="user",
data=data,
query=self.request.url,
result=result))
return None
database.UserManager.modify_user(user.key, attempts=0) # Account is unblocked with 0 attempts
data = '{"message": "Account unblock by admin."}'
result = "OK"
elif option == "profileChangeRequest":
# Only user himself is allowed to change profile
if current_session.get_id() == user_id:
token = database.TokenManager.create_token(user.key)
email_handler.Email.send_change_profile(user.name, token.id(), user.email)
data = '{"message": "Change profile email send"}'
result = "OK"
else:
data = '{"error": "Method not allowed"}'
result = "FAIL"
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
def post(self, user_id, option):
# Session
current_session = Session(self)
# Load response template
template = JINJA_ENVIRONMENT.get_template('static/templates/api.json')
self.response.headers['Content-Type'] = 'application/json'
# Check if request is done by admin or himself
user_id = int(user_id)
if current_session.get_role_level() < 3 and current_session.get_id() != user_id:
role_level = str(current_session.get_role_level())
data = '{"error": "Permission denied"}'
result = "FAIL"
self.response.write(template.render(feature="user",
data=data,
query=self.request.url,
result=result))
return None
# Check if user exists
user = database.UserManager.select_by_id(int(user_id))
# If user not exists
if user is None:
data = '{"error": "User not exists."}'
result = "FAIL"
self.response.write(template.render(feature="user",
data=data,
query=self.request.url,
result=result))
return None
# Options
if option == "changeUserData": # update email and user
email = self.request.get("email", None)
username = self.request.get("username", None)
background = self.request.get("background", None)
photo_id = self.request.get("photo", None)
if email is not None:
userbyemail = database.UserManager.select_by_email(email)
if userbyemail is None:
database.UserManager.modify_user(user.key, email=email)
else:
data = '{"error": "Field exists", "field": "email"}'
result = "FAIL"
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
if username is not None:
userbyname = database.UserManager.select_by_username(username)
if userbyname is None:
database.UserManager.modify_user(user.key, username=username)
else:
data = '{"error": "Field exists", "field": "username"}'
result = "FAIL"
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
if background is not None:
# Check if photo exists
background_photo = database.PhotosManager.get_photo_by_id(int(background))
if background_photo is not None:
# Change user background image
database.UserManager.modify_user(user.key, background=background_photo.key.id())
else:
data = '{"error": "Field not exists", "field": "background"}'
result = "FAIL"
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
if photo_id is not None:
# Check if photo exists
photo = database.PhotosManager.get_photo_by_id(int(photo_id))
if photo is not None:
# Change user background image
database.UserManager.modify_user(user.key, photo=photo.key.id())
else:
data = '{"error": "Field not exists", "field": "background"}'
result = "FAIL"
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
data = '{"message": "User updated"}'
result = "OK"
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
