def put(self, id, **kwargs): parsed_args = boulder_parser.parse_args() boulder = dbs.query(Boulder).filter(Boulder.id == id).first() if not boulder: abort(404, message="(Code 071) Boulder {} doesn't exist".format(id)) if parsed_args['confirmed'] and not (kwargs['user'].administrator or kwargs['user'].moderator): abort(401, message="(Code 054) Unauthorized!") elif parsed_args['confirmed']: boulder.confirmed = True if not (parsed_args['grade'] == "leicht" or parsed_args['grade'] == "mittel" or parsed_args[ 'grade'] == "schwer"): parsed_args['grade'] = parsed_args['grade'].upper() if parsed_args['grade'] not in grades: abort(400, message="(Code 060) Field 'grade' has to be a valid Vermin, Fontainebleau or " "NB scale (leicht, mittel, schwer) grade!") boulder.name = parsed_args['name'] boulder.block_id = parsed_args['block_id'] boulder.grade = parsed_args['grade'] boulder.rock_type = parsed_args['rock_type'] boulder.rock_texture = parsed_args['rock_texture'] boulder.height = parsed_args['height'] boulder.beta = parsed_args['beta'] boulder.landing_area = parsed_args['landing_area'] boulder.first_ascent_athlete = parsed_args['first_ascent_athlete'] boulder.first_ascent_date = parsed_args['first_ascent_date'] dbs.add(boulder) dbs.commit() return boulder, 201
def put(self, id, **kwargs): parsed_args = promotion_parser.parse_args() user = dbs.query(User).filter(User.id == id).first() if not user: abort(404, message="(Code 037) User {} doesn't exist".format(id)) if parsed_args['promoteToAdmin']: if user.administrator: abort(404, message="(Code 040) User is already an administrator!") else: if kwargs['user'].administrator: user.administrator = True user.moderator = True else: abort(401, message="(Code 038) Unauthorized!") if parsed_args['promoteToMod']: if user.administrator: abort(404, message="(Code 041) User is already an administrator!") elif user.moderator: abort(404, message="(Code 042) User is already a moderator!") else: if kwargs['user'].moderator or kwargs['user'].administrator: user.moderator = True else: abort(401, message="(Code 039) Unauthorized!") dbs.add(user) dbs.commit() return user, 201
def post(self, **kwargs): parsed_args = boulder_parser.parse_args() if parsed_args['confirmed'] and not (kwargs['user'].administrator or kwargs['user'].moderator): abort(401, message="(Code 058) Unauthorized!") if not (parsed_args['grade'] == "leicht" or parsed_args['grade'] == "mittel" or parsed_args[ 'grade'] == "schwer"): parsed_args['grade'] = parsed_args['grade'].upper() if parsed_args['grade'] not in grades: abort(400, message="(Code 059) Field 'grade' has to be a valid Vermin, Fontainebleau or " "NB scale (leicht, mittel, schwer) grade!") boulder = Boulder(name=parsed_args['name'], grade=parsed_args['grade'], block_id=parsed_args['block_id'], rock_type=parsed_args['rock_type'], rock_texture=parsed_args['rock_texture'], height=parsed_args['height'], beta=parsed_args['beta'], landing_area=parsed_args['landing_area'], first_ascent_date=parsed_args['first_ascent_date'], first_ascent_athlete=parsed_args['first_ascent_athlete'], original_author_id=kwargs['user'].id, confirmed=parsed_args['confirmed']) dbs.add(boulder) dbs.commit() return boulder, 201
def post(self, **kwargs): parsed_args = entity_photo_parser.parse_args() entityphoto = request.files.get('entityphoto') if not entityphoto: abort(400, message="(Code XXX) No picture provided!") else: try: filename = entityphotos.save(entityphoto) except UploadNotAllowed: abort(400, message="(Code XXX) The upload was not allowed!") else: try: image_set = create_image_set(entityphotos.path(filename)) except resizeimage.ImageSizeError as e: abort(400, message="(Code XXX) %s" % e.message) finally: os.remove(entityphotos.path(filename)) basename = os.path.split(image_set['original'])[1] entityphotoset = EntityPhotoSet( text=parsed_args['text'], uploader_id=kwargs['user'].id, entity_id=parsed_args['entity_id'], basename=basename ) dbs.add(entityphotoset) dbs.commit() return entityphotoset, 201
def delete(self, id, **kwargs): comment = dbs.query(Comment).filter(Comment.id == id).first() if not comment: abort(404, message="(Code 066) Comment {} doesn't exist".format(id)) if not (comment.author_id == kwargs["user"].id or kwargs["user"].administrator): abort(401, message="(Code 067) Unauthorized".format(id)) dbs.delete(comment) dbs.commit() return {}, 204
def delete(self, id, **kwargs): if kwargs['protected_action_permission'] != 'delete': abort(401, message='(Code 025) Wrong permissions!') user = dbs.query(User).filter(User.id == id).first() if not user: abort(404, message="(Code 002) User {} doesn't exist".format(id)) dbs.delete(user) dbs.commit() return {}, 204
def put(self, id, **kwargs): parsed_args = parser.parse_args() comment = dbs.query(Comment).filter(Comment.id == id).first() if not comment: abort(404, message="(Code 068) Comment {} doesn't exist".format(id)) if not (comment.author_id == kwargs["user"].id): abort(401, message="(Code 069) Unauthorized".format(id)) comment.text = parsed_args["text"] dbs.add(comment) dbs.commit() return comment, 201
def delete(self, id, **kwargs): crag = dbs.query(Crag).filter(Crag.id == id).first() if not crag: abort(404, message="(Code 035) Crag {} doesn't exist".format(id)) if crag.confirmed and not (kwargs['user'].administrator or kwargs['user'].moderator): abort(401, message="(Code 046) Unauthorized!") if not crag.confirmed and not (kwargs['user'].id == crag.original_author_id or kwargs['user'].administrator or kwargs['user'].moderator): abort(401, message="(Code 047) Unauthorized!") dbs.delete(crag) dbs.commit() return {}, 204
def delete(self, id, **kwargs): block = dbs.query(Block).filter(Block.id == id).first() if not block: abort(404, message="(Code 031) Block {} doesn't exist".format(id)) if block.confirmed and not (kwargs['user'].administrator or kwargs['user'].moderator): abort(401, message="(Code 049) Unauthorized!") if not block.confirmed and not (kwargs['user'].id == block.original_author_id or kwargs['user'].administrator or kwargs['user'].moderator): abort(401, message="(Code 050) Unauthorized!") dbs.delete(block) dbs.commit() return {}, 204
def delete(self, id, **kwargs): boulder = dbs.query(Boulder).filter(Boulder.id == id).first() if not boulder: abort(404, message="(Code 033) Boulder {} doesn't exist".format(id)) if boulder.confirmed and not (kwargs['user'].administrator or kwargs['user'].moderator): abort(401, message="(Code 052) Unauthorized!") if not boulder.confirmed and not (kwargs['user'].id == boulder.original_author_id or kwargs['user'].administrator or kwargs['user'].moderator): abort(401, message="(Code 053) Unauthorized!") dbs.delete(boulder) dbs.commit() return {}, 204
def post(self, **kwargs): parsed_args = area_parser.parse_args() if parsed_args["confirmed"] and not (kwargs["user"].administrator or kwargs["user"].moderator): abort(401, message="(Code 055) Unauthorized!") area = Area( name=parsed_args["name"], description=parsed_args["description"], original_author_id=kwargs["user"].id, confirmed=parsed_args["confirmed"], ) dbs.add(area) dbs.commit() return area, 201
def delete(self, id, **kwargs): area = dbs.query(Area).filter(Area.id == id).first() if not area: abort(404, message="(Code 029) Area {} doesn't exist".format(id)) if area.confirmed and not (kwargs["user"].administrator or kwargs["user"].moderator): abort(401, message="(Code 043) Unauthorized!") if not area.confirmed and not ( kwargs["user"].id == area.original_author_id or kwargs["user"].administrator or kwargs["user"].moderator ): abort(401, message="(Code 044) Unauthorized!") dbs.delete(area) dbs.commit() return {}, 204
def post(self, **kwargs): parsed_args = crag_parser.parse_args() if parsed_args['confirmed'] and not (kwargs['user'].administrator or kwargs['user'].moderator): abort(401, message="(Code 056) Unauthorized!") crag = Crag(name=parsed_args['name'], area_id=parsed_args['area_id'], description=parsed_args['description'], longitude=parsed_args['longitude'], latitude=parsed_args['latitude'], original_author_id=kwargs['user'].id, confirmed=parsed_args['confirmed']) dbs.add(crag) dbs.commit() return crag, 201
def post(self, **kwargs): parsed_args = block_parser.parse_args() if parsed_args['confirmed'] and not (kwargs['user'].administrator or kwargs['user'].moderator): abort(401, message="(Code 057) Unauthorized!") block = Block(name=parsed_args['name'], crag_id=parsed_args['crag_id'], description=parsed_args['description'], longitude=parsed_args['longitude'], latitude=parsed_args['latitude'], original_author_id=kwargs['user'].id, confirmed=parsed_args['confirmed']) dbs.add(block) dbs.commit() return block, 201
def put(self, id, **kwargs): parsed_args = area_parser.parse_args() area = dbs.query(Area).filter(Area.id == id).first() if not area: abort(404, message="(Code 079) Area {} doesn't exist".format(id)) if parsed_args["confirmed"] and not (kwargs["user"].administrator or kwargs["user"].moderator): abort(401, message="(Code 045) Unauthorized!") elif parsed_args["confirmed"]: area.confirmed = True area.name = parsed_args["name"] area.description = parsed_args["description"] dbs.add(area) dbs.commit() return area, 201
def put(self, id, **kwargs): parsed_args = parser.parse_args() if not (parsed_args['nickname'] or (parsed_args['firstname'] and parsed_args['lastname'])): abort(400, message="(Code 003) Either a nickname or a firstname and lastname need to be given!") if not re.match(r"[^@]+@[^@]+\.[^@]+", parsed_args['email']): abort(400, message="(Code 004) Email field is invalid!") if not parsed_args['sex'] in sexes: abort(400, message="(Code 027) Invalid sex!") user = dbs.query(User).filter(User.id == id).first() if not user: abort(404, message="(Code 080) User {} doesn't exist".format(id)) if kwargs['user'].email != user.email: abort(401, message="(Code 005) Unauthorized!") user.firstname = parsed_args['firstname'] user.lastname = parsed_args['lastname'] user.nickname = parsed_args['nickname'] user.size = parsed_args['size'] user.sex = parsed_args['sex'] user.birthday = datetime.strptime(parsed_args['birthday'], '%Y-%m-%d') if parsed_args[ 'birthday'] else None if user.email != parsed_args['email']: # Changing the email address needs special permissions if kwargs['protected_action_permission'] != 'put': abort(401, message='(Code 006) Unauthorized!') else: user.email = parsed_args['email'] generate_refreshed_jwt = True else: generate_refreshed_jwt = False if parsed_args['password']: # So does changing the password if kwargs['protected_action_permission'] != 'put': abort(401, message='(Code 007) Unauthorized!') else: user.password = parsed_args['password'] dbs.add(user) dbs.commit() if user.birthday: user.birthday = datetime.combine(user.birthday, datetime.min.time()) # Can't marshall date, only datetime marshalled_response = marshal(user, user_fields, envelope='data') # When email changed, the login JWT is now invalid and a new one has to be sent if generate_refreshed_jwt: marshalled_response['refreshedJWT'] = get_login_jwt(user.email) return marshalled_response, 201
def put(self, id, **kwargs): parsed_args = crag_parser.parse_args() crag = dbs.query(Crag).filter(Crag.id == id).first() if not crag: abort(404, message="(Code 070) Crag {} doesn't exist".format(id)) if parsed_args['confirmed'] and not (kwargs['user'].administrator or kwargs['user'].moderator): abort(401, message="(Code 048) Unauthorized!") elif parsed_args['confirmed']: crag.confirmed = True crag.name = parsed_args['name'] crag.area_id = parsed_args['area_id'] crag.description = parsed_args['description'] crag.description = parsed_args['latitude'] crag.description = parsed_args['longitude'] dbs.add(crag) dbs.commit() return crag, 201
def put(self, id, **kwargs): parsed_args = block_parser.parse_args() block = dbs.query(Block).filter(Block.id == id).first() if not block: abort(404, message="(Code 072) Block {} doesn't exist".format(id)) if parsed_args['confirmed'] and not (kwargs['user'].administrator or kwargs['user'].moderator): abort(401, message="(Code 051) Unauthorized!") elif parsed_args['confirmed']: block.confirmed = True block.name = parsed_args['name'] block.crag_id = parsed_args['crag_id'] block.description = parsed_args['description'] block.latitude = parsed_args['latitude'] block.longitude = parsed_args['longitude'] dbs.add(block) dbs.commit() return block, 201
def post(self, **kwargs): parsed_args = boulder_grading_parser.parse_args() former_grading = dbs.query(BoulderGrading).filter(BoulderGrading.user_id == kwargs['user'].id, BoulderGrading.boulder_id == parsed_args[ 'boulder_id']).first() if former_grading: dbs.delete(former_grading) boulder = dbs.query(Boulder).filter(Boulder.id == parsed_args['boulder_id']).first() if not boulder: abort(404, message="(Code 073) Boulder doesn't exist!") if not boulder.confirmed: abort(400, message="(Code 074) Cannot suggest a grade for an unconfirmed boulder!") if parsed_args['grade'] not in fb_scale + v_scale: abort(400, message="(Code 075) Field 'grade' has to be a valid Vermin or Fontainebleau grade!") grading = BoulderGrading(boulder_id=parsed_args['boulder_id'], grade=parsed_args['grade'], user_id=kwargs['user'].id) dbs.add(grading) dbs.commit() return None, 201
def post(self, **kwargs): parsed_args = parser.parse_args() entity = dbs.query(Entity).filter(Entity.id == parsed_args["entity_id"]).first() if not entity: abort(404, message="(Code 061) Entity doesn't exist!") if not entity.confirmed: abort(400, message="(Code 062) Cannot comment on an unconfirmed entity!") if parsed_args["parent_id"]: parent_comment = dbs.query(Comment).filter(Comment.id == parsed_args["parent_id"]).first() if not parent_comment: abort(400, message="(Code 063) Parent comment doesn't exist!") if parent_comment.parent_id: abort(400, message="(Code 064) Maximal discussion depth is one!") comment = Comment( entity_id=parsed_args["entity_id"], author_id=kwargs["user"].id, parent_id=parsed_args["parent_id"], text=parsed_args["text"], ) dbs.add(comment) dbs.commit() return comment, 201
def post(self): parsed_args = parser.parse_args() # If there is not admin in the system yet, an admin can be created this way. This will only work for the first # admin in the system! is_admin = False if parsed_args['installAdmin']: if not dbs.query(User).filter(User.administrator).all(): is_admin = True else: abort(401, message="(Code 036) Falsely attempted to create initial administrator!") if not (parsed_args['nickname'] or (parsed_args['firstname'] and parsed_args['lastname'])): abort(400, message="(Code 008) Either a nickname or a firstname and lastname need to be given!") if not re.match(r"[^@]+@[^@]+\.[^@]+", parsed_args['email']): abort(400, message="(Code 009) Email field is invalid!") if not parsed_args['password']: abort(400, message="(Code 010) Password cannot be blank!") if not parsed_args['sex'] in sexes: abort(400, message="(Code 026) Invalid sex!") birthday = datetime.strptime(parsed_args['birthday'], '%Y-%m-%d') if parsed_args[ 'birthday'] else None user = User(firstname=parsed_args['firstname'], lastname=parsed_args['lastname'], nickname=parsed_args['nickname'], birthday=birthday, size=parsed_args['size'], sex=parsed_args['sex'], email=parsed_args['email'], password=parsed_args['password'], administrator=is_admin, moderator=is_admin) dbs.add(user) dbs.commit() if user.birthday: user.birthday = datetime.combine(user.birthday, datetime.min.time()) # Can't marshall date, only datetime return user, 201