def PUT_revelations_unreveal(request, format):
""" Respond to the "PUT revelations/unreveal" request.
"""
# Get the request parameters.
params = apiHelper.get_params(request, resource_name="revelation")
error = apiHelper.check_params(
params, required_params=["token", "profile_id", "recipient_id", "field_name"], optional_params=[]
)
if error != None:
return error
token = params["token"]
field_name = params["field_name"]
# Check that the login token is still valid.
if not session.validate(token):
return HttpResponseBadRequest("Invalid token")
user = session.get_user(token)
# Check that the source and recipient profiles both exist, and that the
# currently logged-in user owns the source profile.
try:
profile = Profile.objects.get(id=params["profile_id"])
except Profile.DoesNotExist:
return HttpResponseBadRequest("No such profile")
try:
recipient = Profile.objects.get(id=params["recipient_id"])
except Profile.DoesNotExist:
return HttpResponseBadRequest("No such recipient profile")
if profile.user != user:
return HttpResponseBadRequest("Not your profile")
# Check that the field name is valid.
if field_name not in Revelation.VALID_FIELD_NAMES:
return HttpResponseBadRequest("Invalid field_name")
# Remove the existing revelation for this field, if any.
Revelation.objects.filter(profile=profile, recipient=recipient, field_name=field_name).delete()
# Tell the push gateway that the profile has changed.
push_gateway.send_profile(profile, recipient)
# Finally, return an empty response back to the caller.
return apiHelper.response(None, format=format, status=HTTP_RESPONSE_PUT_OK)
def POST_revelations(request, format):
""" Respond to the "POST revelations" request.
"""
# Get the request parameters.
params = apiHelper.get_params(request, resource_name="revelation")
error = apiHelper.check_params(params,
required_params=["token", "profile_id",
"recipient_id"],
optional_params=[
"field_names",
"revelations[][recipient_id]",
"revelations[][profile_id]",
"revelations[][field_name]"])
if error != None: return error
token = params['token']
if params.get("field_names") != None:
param_style = "NEW"
elif params.get("revelations[][field_name]") != None:
param_style = "OLD"
else:
return HttpResponseBadRequest("Invalid parameters")
if param_style == "NEW":
required_params = ["field_names"]
prohibited_params = ["revelations[][recipient_id]",
"revelations[][profile_id]",
"revelations[][field_name]"]
elif param_style == "OLD":
required_params = ["revelations[][recipient_id]",
"revelations[][profile_id]",
"revelations[][field_name]"]
prohibited_params = ["field_names"]
else:
required_params = []
prohibited_params = []
for param in required_params:
if param not in params:
return HttpResponseBadRequest("Missing '%s' parameter" % param)
for param in prohibited_params:
if param in params:
return HttpResponseBadRequest("Unexpected '%s' parameter" % param)
# Check that the login token is still valid.
if not session.validate(token):
return HttpResponseBadRequest("Invalid token")
user = session.get_user(token)
# Check that the source and recipient profiles both exist, and that the
# currently logged-in user owns the source profile.
try:
profile = Profile.objects.get(id=params['profile_id'])
except Profile.DoesNotExist:
return HttpResponseBadRequest("No such profile")
try:
recipient = Profile.objects.get(id=params['recipient_id'])
except Profile.DoesNotExist:
return HttpResponseBadRequest("No such recipient profile")
if profile.user != user:
return HttpResponseBadRequest("Not your profile")
# Extract the list of fields to reveal. Note that how we do this depends
# on the parameter style being used.
if param_style == "NEW":
fields_to_reveal = params['field_names'].split(",")
else:
fields_to_reveal = []
for field_name in params.getlist("revelations[][field_name]"):
fields_to_reveal.append(field_name)
# Check that the field names are all correct.
for field_name in fields_to_reveal:
if field_name not in Revelation.VALID_FIELD_NAMES:
return HttpResponseBadRequest("Invalid field: %s" % field_name)
# Remove the existing revelations for these source and destination
# profiles.
Revelation.objects.filter(profile=profile, recipient=recipient).delete()
# Now add the new revelations to the database.
revelations = []
for field_name in fields_to_reveal:
revelation = Revelation()
revelation.profile = profile
revelation.recipient = recipient
revelation.field_name = field_name
revelation.created_at = datetime.datetime.now()
revelation.updated_at = datetime.datetime.now()
revelation.save()
revelations.append({'revelation' : revelation.to_dict()})
# Tell the push gateway that the profile has changed.
push_gateway.send_profile(profile, recipient)
# Finally, return the newly-created revelations back to the caller.
return apiHelper.response(revelations,
format=format, status=HTTP_RESPONSE_POST_OK)