-
Notifications
You must be signed in to change notification settings - Fork 0
/
api.py
515 lines (471 loc) · 23.5 KB
/
api.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
# Jinja templates
import os
import jinja2
# Database access
import database
# Remote services
import urllib
# JSON library
import json
# Session handler
import session
from session import SessionManager as Session
# Email handler
import email_handler
import security
# Blobstore
from google.appengine.api.blobstore import blobstore
from google.appengine.ext import blobstore as blobstore_2
JINJA_ENVIRONMENT = jinja2.Environment(
loader=jinja2.FileSystemLoader(os.path.dirname(__file__)),
extensions=['jinja2.ext.autoescape'],
autoescape=True)
class ApiRegister(session.BaseSessionHandler):
def get(self, option):
# Load response template
template = JINJA_ENVIRONMENT.get_template('static/templates/api.json')
self.response.headers['Content-Type'] = 'application/json'
if option == "emailExists":
email = self.request.get("q")
user = database.UserManager.select_by_email(email)
if user is not None:
data = '{"email": "' + email + '", "exists": true}'
else:
data = '{"email": "' + email + '", "exists": false}'
result = "OK"
elif option == "userExists":
username = self.request.get("q")
user = database.UserManager.select_by_username(username)
if user is not None:
data = '{"username": "' + username + '", "exists": true}'
else:
data = '{"username": "' + username + '", "exists": false}'
result = "OK"
else:
data = '{"error": "Method not allowed"}'
result = "FAIL"
self.response.write(template.render(feature="register",
data=data,
query=self.request.url,
result=result))
class ApiMap(session.BaseSessionHandler):
def get(self, option):
# Load response template
template = JINJA_ENVIRONMENT.get_template('static/templates/api.json')
self.response.headers['Content-Type'] = 'application/json'
if option == "searchSite":
# Ask google maps API for location
service_url = 'http://maps.googleapis.com/maps/api/geocode/json?'
address = self.request.get('q')
url = service_url + urllib.urlencode({'address': address})
uh = urllib.urlopen(url)
data = uh.read()
js = json.loads(data)
# Purge result and prepare response
query_result = js['status']
if query_result == "OK":
address = js['results'][0]['formatted_address']
lat = js['results'][0]['geometry']["location"]["lat"]
lng = js['results'][0]['geometry']["location"]["lng"]
data = '{"site":"' + address + '", "lat": ' + str(lat) + ', "lng": ' + str(lng) + '}'
result = "OK"
elif query_result == "ZERO_RESULTS":
data = '{"error": "Site not found"}'
result = "FAIL"
else:
data = '{"error": "Unknown error"}'
result = "FAIL"
# Write response
self.response.write(template.render(feature="map",
data=data,
query=self.request.url,
result=result))
class ApiPhotosUpload(session.BlobUploadSessionHandler):
def post(self):
# Load response template
template = JINJA_ENVIRONMENT.get_template('static/templates/api.json')
self.response.headers['Content-Type'] = 'application/json'
# Session request handler
current_session = Session(self)
# Retrieve uploaded info
upload_files = self.get_uploads("file")
blob_info = upload_files[0]
# Check if user can upload the photo
if current_session.get_role_level() < 2:
self.response.headers['Content-Type'] = 'application/json'
data = '{"error": "Permission denied"}'
result = "FAIL"
self.response.write(template.render(feature="photo",
data=data,
query=self.request.url,
result=result))
# Remove photo from blob store
blobstore.delete(blob_info.key)
return None
# Save photo to database
photo_id = database.PhotosManager.createPhoto("", current_session.get_user_key(), 2, blob_info.key())
# Prompt response to user
data = '{"photo_id": ' + str(photo_id) + '}'
result = "OK"
self.response.write(template.render(feature="photo", data=data, query=self.request.url, result=result))
class ApiPhotosUploadPath(session.BlobUploadSessionHandler):
def get(self):
# Load response template
template = JINJA_ENVIRONMENT.get_template('static/templates/api.json')
self.response.headers['Content-Type'] = 'application/json'
# Retrieve a new session path to upload
upload_url = blobstore.create_upload_url('/api/photos/upload')
data = '{"url": "' + upload_url + '"}'
self.response.write(template.render(feature="photo", data=data, query=self.request.url, result="OK"))
class ApiPhotoDownload(session.BlobDownloadSessionHandler):
def get(self, photo_id):
# Session
current_session = Session(self)
# Load response template
template = JINJA_ENVIRONMENT.get_template('static/templates/api.json')
# Retrieve photo url for photo_id
photo = database.PhotosManager.get_photo_by_id(int(photo_id))
if current_session.get_id() is None:
user = None
else:
user = database.UserManager.select_by_id(current_session.get_id())
if not photo:
self.response.write("No photo")
elif not blobstore_2.get(photo.image):
self.response.write("No blob")
else:
# Check visualization permissions to current user
if security.PhotoSecurity.user_is_allowed_to_watch_photo(photo, user):
self.send_blob(photo.image)
else:
self.error(404)
class ApiUserManagement(session.BaseSessionHandler):
def post(self, user_id, option):
# Session
current_session = Session(self)
# Load response template
template = JINJA_ENVIRONMENT.get_template('static/templates/api.json')
self.response.headers['Content-Type'] = 'application/json'
# Check if request is done by admin or himself
user_id = int(user_id)
if current_session.get_role_level() < 3 and current_session.get_id() != user_id:
role_level = str(current_session.get_role_level())
data = '{"error": "Permission denied"}'
result = "FAIL"
self.response.write(template.render(feature="user",
data=data,
query=self.request.url,
result=result))
return None
# Check if user exists
user = database.UserManager.select_by_id(int(user_id))
# If user not exists
if user is None:
data = '{"error": "User not exists."}'
result = "FAIL"
self.response.write(template.render(feature="user",
data=data,
query=self.request.url,
result=result))
return None
# Options
if option == "changeUserData": # update email and user
email = self.request.get("email", None)
username = self.request.get("username", None)
background = self.request.get("background", None)
photo_id = self.request.get("photo", None)
if email is not None:
userbyemail = database.UserManager.select_by_email(email)
if userbyemail is None:
database.UserManager.modify_user(user.key, email=email)
else:
data = '{"error": "Field exists", "field": "email"}'
result = "FAIL"
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
if username is not None:
userbyname = database.UserManager.select_by_username(username)
if userbyname is None:
database.UserManager.modify_user(user.key, username=username)
else:
data = '{"error": "Field exists", "field": "username"}'
result = "FAIL"
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
if background is not None:
# Check if photo exists
background_photo = database.PhotosManager.get_photo_by_id(int(background))
if background_photo is not None:
# Change user background image
database.UserManager.modify_user(user.key, background=background_photo.key.id())
else:
data = '{"error": "Field not exists", "field": "background"}'
result = "FAIL"
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
if photo_id is not None:
# Check if photo exists
photo = database.PhotosManager.get_photo_by_id(int(photo_id))
if photo is not None:
# Change user background image
database.UserManager.modify_user(user.key, photo=photo.key.id())
else:
data = '{"error": "Field not exists", "field": "background"}'
result = "FAIL"
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
data = '{"message": "User updated"}'
result = "OK"
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
def get(self, user_id, option):
# Session
current_session = Session(self)
# Load response template
template = JINJA_ENVIRONMENT.get_template('static/templates/api.json')
self.response.headers['Content-Type'] = 'application/json'
user_id = int(user_id)
# If user is not admin and not himself, not allow to query anything
if current_session.get_role_level() < 3 and current_session.get_id() != user_id:
role_level = str(current_session.get_role_level())
data = '{"error": "Permission denied' + role_level + '"}'
result = "FAIL"
self.response.write(template.render(feature="user",
data=data,
query=self.request.url,
result=result))
return None
# Check if user exists
user = database.UserManager.select_by_id(int(user_id))
# If user not exists
if user is None:
data = '{"error": "User not exists."}'
result = "FAIL"
self.response.write(template.render(feature="user",
data=data,
query=self.request.url,
result=result))
return None
# Options
if option == "activateAccountByAdmin":
# Only admin is allowed to change permissions
if current_session.get_role_level() < 3:
data = '{"error": "You cannot change your permission level."}'
result = "FAIL"
self.response.write(template.render(feature="user",
data=data,
query=self.request.url,
result=result))
return None
# If user has not his account activated, admin cannot active it
if user.role_level != 1:
data = '{"error": "User has not his account activated yet."}'
result = "FAIL"
self.response.write(template.render(feature="user",
data=data,
query=self.request.url,
result=result))
return None
# Activate account by admin
database.UserManager.modify_user(user.key, role_level=2)
data = '{"message": "Account activated by admin."}'
result = "OK"
elif option == "deactivateAccountByAdmin":
# Only admin is allowed to change permissions
if current_session.get_role_level() < 3:
data = '{"error": "You cannot change your permission level."}'
result = "FAIL"
self.response.write(template.render(feature="user",
data=data,
query=self.request.url,
result=result))
return None
# If user has not his account activated, admin cannot active it
if user.role_level != 2:
data = '{"error": "User account can not deactivated."}'
result = "FAIL"
self.response.write(template.render(feature="user",
data=data,
query=self.request.url,
result=result))
return None
# Activate account by admin
database.UserManager.modify_user(user.key, role_level=1)
data = '{"message": "Account deactivated by admin."}'
result = "OK"
elif option == "blockAccount":
# Only admin is allowed to block account
if current_session.get_role_level() < 3:
data = '{"error": "You cannot change your block status."}'
result = "FAIL"
self.response.write(template.render(feature="user",
data=data,
query=self.request.url,
result=result))
return None
# No anyone is allowed to block an admin
if user.role_level == 3:
data = '{"error": "You cannot block an admin account."}'
result = "FAIL"
self.response.write(template.render(feature="user",
data=data,
query=self.request.url,
result=result))
return None
database.UserManager.modify_user(user.key, attempts=3) # Account is blocked with 3 attempts
data = '{"message": "Account blocked by admin."}'
result = "OK"
elif option == "unblockAccount":
# Only admin is allowed to unblock account
if current_session.get_role_level() < 3:
data = '{"error": "You cannot change your permission level."}'
result = "FAIL"
self.response.write(template.render(feature="user",
data=data,
query=self.request.url,
result=result))
return None
database.UserManager.modify_user(user.key, attempts=0) # Account is unblocked with 0 attempts
data = '{"message": "Account unblock by admin."}'
result = "OK"
elif option == "profileChangeRequest":
# Only user himself is allowed to change profile
if current_session.get_id() == user_id:
token = database.TokenManager.create_token(user.key)
email_handler.Email.send_change_profile(user.name, token.id(), user.email)
data = '{"message": "Change profile email send"}'
result = "OK"
else:
data = '{"error": "Method not allowed"}'
result = "FAIL"
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
class ApiUserRecover(session.BaseSessionHandler):
def get(self, username):
# Load response template
template = JINJA_ENVIRONMENT.get_template('static/templates/api.json')
self.response.headers['Content-Type'] = 'application/json'
user = database.UserManager.select_by_username(username)
if user is not None:
token = database.TokenManager.create_token(user.key)
email_handler.Email.send_change_profile(user.name, token.id(), user.email)
data = '{"message": "Change profile email send"}'
result = "OK"
else:
data = '{"error": "User not exists"}'
result = "ERROR"
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
class ApiPhotosManager(session.BaseSessionHandler):
def get(self, option):
# Session
current_session = Session(self)
# Load response template
template = JINJA_ENVIRONMENT.get_template('static/templates/api.json')
self.response.headers['Content-Type'] = 'application/json'
if option == "list":
# List all accesible photos
photos = database.PhotosManager.retrieveAllPhotos()
if current_session.get_id() is None:
user = None
else:
user = database.UserManager.select_by_id(current_session.get_id())
data = '{"photos":['
isAnyPhotoAllowed = False
for photo in photos:
if security.PhotoSecurity.user_is_allowed_to_watch_photo(photo, user): # Check user has permission to retrieve
isAnyPhotoAllowed = True
id = photo.key.id()
username = photo.owner.get().name
date = photo.date
name = photo.name
data += '{"photo_id": ' + str(id) + ', "username": "' + username + '", "date": "' + str(
date) + '", "name": "' + name + '"},'
if isAnyPhotoAllowed:
data = data[:-1]
data += ']}'
result = "OK"
else:
# Print method not allowed
data = '{"error": "Method not allowed"}'
result = "FAIL"
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
class ApiPhotoModify(session.BaseSessionHandler):
def post(self, photo_id):
# Session
current_session = Session(self)
# Load response template
template = JINJA_ENVIRONMENT.get_template('static/templates/api.json')
self.response.headers['Content-Type'] = 'application/json'
photo = database.PhotosManager.get_photo_by_id(int(photo_id))
if photo is None:
data = '{"error": "Photo does not exist."}'
result = "FAIL"
else:
# Check permission for this petition (only owner or admin can modify)
if(photo.owner == current_session.get_user_key()) or (current_session.get_role_level() > 2):
name = self.request.get('name')
privacy = int(self.request.get('privacy'))
database.PhotosManager.modify_photo(photo.key, name, privacy)
data = '{"message": "Changes done"}'
result = "OK"
else:
data = '{"error": "No permission to change."}'
result = "FAIL"
# Response result json
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
class ApiPhotoDelete(session.BaseSessionHandler):
def get(self, photo_id):
# Session
current_session = Session(self)
# Load response template
template = JINJA_ENVIRONMENT.get_template('static/templates/api.json')
self.response.headers['Content-Type'] = 'application/json'
photo = database.PhotosManager.get_photo_by_id(int(photo_id))
if photo is None:
data = '{"error": "Photo does not exist."}'
result = "FAIL"
else:
# Check permission for this petition (only owner or admin can modify)
if(photo.owner == current_session.get_user_key()) or (current_session.get_role_level() > 2):
database.PhotosManager.delete_photo(int(photo_id))
data = '{"message": "Foto deleted."}'
result = "OK"
else:
data = '{"error": "No permission to change."}'
result = "FAIL"
# Response result json
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
class ApiPhotoUserPermission(session.BaseSessionHandler):
def get(self, user_id, photo_id, option):
# Session
current_session = Session(self)
# Load response template
template = JINJA_ENVIRONMENT.get_template('static/templates/api.json')
self.response.headers['Content-Type'] = 'application/json'
# Check if user and photo exists
photo = database.PhotosManager.get_photo_by_id(int(photo_id))
user = database.UserManager.select_by_id(int(user_id))
if photo is None:
data = '{"error": "Photo does not exist."}'
result = "FAIL"
elif user is None:
data = '{"error": "User does not exist."}'
result = "FAIL"
else:
# Check permission for this petition (only owner or admin can modify)
if(photo.owner == current_session.get_user_key()) or (current_session.get_role_level() > 2):
if option == "give":
result = database.PhotoUserPermissionManager.give_permission(photo, user)
if result is None:
data = '{"error": "Permission already set."}'
result = "FAIL"
else:
data = '{"message": "Permission allowed."}'
result = "OK"
elif option == "restrict":
result = database.PhotoUserPermissionManager.restrict_permission(photo, user)
if result is True:
data = '{"message": "Permission restricted."}'
result = "OK"
else:
data = '{"error": "Permission is not set. Cannot restrict"}'
result = "FAIL"
else:
data = '{"error": "Permission denied. Operation cannot do."}'
result = "FAIL"
# Response result json
self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))