Example #1
0
def PUT_revelations_reveal(request, format):
    """ Respond to the "PUT revelations/reveal" request.
    """
    # Get the request parameters.

    params = apiHelper.get_params(request, resource_name="revelation")

    error = apiHelper.check_params(params,
                                   required_params=["token",
                                                    "profile_id",
                                                    "recipient_id",
                                                    "field_name"],
                                   optional_params=[])
    if error != None: return error

    token      = params['token']
    field_name = params['field_name']

    # Check that the login token is still valid.

    if not session.validate(token):
        return HttpResponseBadRequest("Invalid token")

    user = session.get_user(token)

    # Check that the source and recipient profiles both exist, and that the
    # currently logged-in user owns the source profile.

    try:
        profile = Profile.objects.get(id=params['profile_id'])
    except Profile.DoesNotExist:
        return HttpResponseBadRequest("No such profile")

    try:
        recipient = Profile.objects.get(id=params['recipient_id'])
    except Profile.DoesNotExist:
        return HttpResponseBadRequest("No such recipient profile")

    if profile.user != user:
        return HttpResponseBadRequest("Not your profile")

    # Check that the field name is valid.

    if field_name not in Revelation.VALID_FIELD_NAMES:
        return HttpResponseBadRequest("Invalid field_name")

    # Remove the existing revelation for this field, if any.

    Revelation.objects.filter(profile=profile, recipient=recipient,
                              field_name=field_name).delete()

    # Now add the new revelation to the database.

    revelation = Revelation()
    revelation.profile    = profile
    revelation.recipient  = recipient
    revelation.field_name = field_name
    revelation.created_at = datetime.datetime.now()
    revelation.updated_at = datetime.datetime.now()
    revelation.save()

    # Tell the push gateway that the profile has changed.

    push_gateway.send_profile(profile, recipient)

    # Finally, return an empty response back to the caller.

    return apiHelper.response(None,
                              format=format, status=HTTP_RESPONSE_PUT_OK)
Example #2
0
def POST_revelations(request, format):
    """ Respond to the "POST revelations" request.
    """
    # Get the request parameters.

    params = apiHelper.get_params(request, resource_name="revelation")

    error = apiHelper.check_params(params,
                                   required_params=["token", "profile_id",
                                                    "recipient_id"],
                                   optional_params=[
                                                "field_names",
                                                "revelations[][recipient_id]",
                                                "revelations[][profile_id]",
                                                "revelations[][field_name]"])
    if error != None: return error

    token = params['token']

    if params.get("field_names") != None:
        param_style = "NEW"
    elif params.get("revelations[][field_name]") != None:
        param_style = "OLD"
    else:
        return HttpResponseBadRequest("Invalid parameters")

    if param_style == "NEW":
        required_params   = ["field_names"]
        prohibited_params = ["revelations[][recipient_id]",
                             "revelations[][profile_id]",
                             "revelations[][field_name]"]
    elif param_style == "OLD":
        required_params   = ["revelations[][recipient_id]",
                             "revelations[][profile_id]",
                             "revelations[][field_name]"]
        prohibited_params = ["field_names"]
    else:
        required_params   = []
        prohibited_params = []

    for param in required_params:
        if param not in params:
            return HttpResponseBadRequest("Missing '%s' parameter" % param)
    for param in prohibited_params:
        if param in params:
            return HttpResponseBadRequest("Unexpected '%s' parameter" % param)

    # Check that the login token is still valid.

    if not session.validate(token):
        return HttpResponseBadRequest("Invalid token")

    user = session.get_user(token)

    # Check that the source and recipient profiles both exist, and that the
    # currently logged-in user owns the source profile.

    try:
        profile = Profile.objects.get(id=params['profile_id'])
    except Profile.DoesNotExist:
        return HttpResponseBadRequest("No such profile")

    try:
        recipient = Profile.objects.get(id=params['recipient_id'])
    except Profile.DoesNotExist:
        return HttpResponseBadRequest("No such recipient profile")

    if profile.user != user:
        return HttpResponseBadRequest("Not your profile")

    # Extract the list of fields to reveal.  Note that how we do this depends
    # on the parameter style being used.

    if param_style == "NEW":
        fields_to_reveal = params['field_names'].split(",")
    else:
        fields_to_reveal = []
        for field_name in params.getlist("revelations[][field_name]"):
            fields_to_reveal.append(field_name)

    # Check that the field names are all correct.

    for field_name in fields_to_reveal:
        if field_name not in Revelation.VALID_FIELD_NAMES:
            return HttpResponseBadRequest("Invalid field: %s" % field_name)

    # Remove the existing revelations for these source and destination
    # profiles.

    Revelation.objects.filter(profile=profile, recipient=recipient).delete()

    # Now add the new revelations to the database.

    revelations = []
    for field_name in fields_to_reveal:
        revelation = Revelation()
        revelation.profile    = profile
        revelation.recipient  = recipient
        revelation.field_name = field_name
        revelation.created_at = datetime.datetime.now()
        revelation.updated_at = datetime.datetime.now()
        revelation.save()
        revelations.append({'revelation' : revelation.to_dict()})

    # Tell the push gateway that the profile has changed.

    push_gateway.send_profile(profile, recipient)

    # Finally, return the newly-created revelations back to the caller.

    return apiHelper.response(revelations,
                              format=format, status=HTTP_RESPONSE_POST_OK)