Example #1
0
 def put(self, id, **kwargs):
     parsed_args = boulder_parser.parse_args()
     boulder = dbs.query(Boulder).filter(Boulder.id == id).first()
     if not boulder:
         abort(404, message="(Code 071) Boulder {} doesn't exist".format(id))
     if parsed_args['confirmed'] and not (kwargs['user'].administrator or kwargs['user'].moderator):
         abort(401, message="(Code 054) Unauthorized!")
     elif parsed_args['confirmed']:
         boulder.confirmed = True
     if not (parsed_args['grade'] == "leicht" or parsed_args['grade'] == "mittel" or parsed_args[
         'grade'] == "schwer"):
         parsed_args['grade'] = parsed_args['grade'].upper()
     if parsed_args['grade'] not in grades:
         abort(400, message="(Code 060) Field 'grade' has to be a valid Vermin, Fontainebleau or "
                            "NB scale (leicht, mittel, schwer) grade!")
     boulder.name = parsed_args['name']
     boulder.block_id = parsed_args['block_id']
     boulder.grade = parsed_args['grade']
     boulder.rock_type = parsed_args['rock_type']
     boulder.rock_texture = parsed_args['rock_texture']
     boulder.height = parsed_args['height']
     boulder.beta = parsed_args['beta']
     boulder.landing_area = parsed_args['landing_area']
     boulder.first_ascent_athlete = parsed_args['first_ascent_athlete']
     boulder.first_ascent_date = parsed_args['first_ascent_date']
     dbs.add(boulder)
     dbs.commit()
     return boulder, 201
Example #2
0
 def put(self, id, **kwargs):
     parsed_args = promotion_parser.parse_args()
     user = dbs.query(User).filter(User.id == id).first()
     if not user:
         abort(404, message="(Code 037) User {} doesn't exist".format(id))
     if parsed_args['promoteToAdmin']:
         if user.administrator:
             abort(404, message="(Code 040) User is already an administrator!")
         else:
             if kwargs['user'].administrator:
                 user.administrator = True
                 user.moderator = True
             else:
                 abort(401, message="(Code 038) Unauthorized!")
     if parsed_args['promoteToMod']:
         if user.administrator:
             abort(404, message="(Code 041) User is already an administrator!")
         elif user.moderator:
             abort(404, message="(Code 042) User is already a moderator!")
         else:
             if kwargs['user'].moderator or kwargs['user'].administrator:
                 user.moderator = True
             else:
                 abort(401, message="(Code 039) Unauthorized!")
     dbs.add(user)
     dbs.commit()
     return user, 201
Example #3
0
 def post(self, **kwargs):
     parsed_args = boulder_parser.parse_args()
     if parsed_args['confirmed'] and not (kwargs['user'].administrator or kwargs['user'].moderator):
         abort(401, message="(Code 058) Unauthorized!")
     if not (parsed_args['grade'] == "leicht" or parsed_args['grade'] == "mittel" or parsed_args[
         'grade'] == "schwer"):
         parsed_args['grade'] = parsed_args['grade'].upper()
     if parsed_args['grade'] not in grades:
         abort(400, message="(Code 059) Field 'grade' has to be a valid Vermin, Fontainebleau or "
                            "NB scale (leicht, mittel, schwer) grade!")
     boulder = Boulder(name=parsed_args['name'],
                       grade=parsed_args['grade'],
                       block_id=parsed_args['block_id'],
                       rock_type=parsed_args['rock_type'],
                       rock_texture=parsed_args['rock_texture'],
                       height=parsed_args['height'],
                       beta=parsed_args['beta'],
                       landing_area=parsed_args['landing_area'],
                       first_ascent_date=parsed_args['first_ascent_date'],
                       first_ascent_athlete=parsed_args['first_ascent_athlete'],
                       original_author_id=kwargs['user'].id,
                       confirmed=parsed_args['confirmed'])
     dbs.add(boulder)
     dbs.commit()
     return boulder, 201
Example #4
0
 def post(self, **kwargs):
     parsed_args = entity_photo_parser.parse_args()
     entityphoto = request.files.get('entityphoto')
     if not entityphoto:
         abort(400, message="(Code XXX) No picture provided!")
     else:
         try:
             filename = entityphotos.save(entityphoto)
         except UploadNotAllowed:
             abort(400, message="(Code XXX) The upload was not allowed!")
         else:
             try:
                 image_set = create_image_set(entityphotos.path(filename))
             except resizeimage.ImageSizeError as e:
                 abort(400, message="(Code XXX) %s" % e.message)
             finally:
                 os.remove(entityphotos.path(filename))
     basename = os.path.split(image_set['original'])[1]
     entityphotoset = EntityPhotoSet(
         text=parsed_args['text'],
         uploader_id=kwargs['user'].id,
         entity_id=parsed_args['entity_id'],
         basename=basename
     )
     dbs.add(entityphotoset)
     dbs.commit()
     return entityphotoset, 201
Example #5
0
 def delete(self, id, **kwargs):
     comment = dbs.query(Comment).filter(Comment.id == id).first()
     if not comment:
         abort(404, message="(Code 066) Comment {} doesn't exist".format(id))
     if not (comment.author_id == kwargs["user"].id or kwargs["user"].administrator):
         abort(401, message="(Code 067) Unauthorized".format(id))
     dbs.delete(comment)
     dbs.commit()
     return {}, 204
Example #6
0
 def delete(self, id, **kwargs):
     if kwargs['protected_action_permission'] != 'delete':
         abort(401, message='(Code 025) Wrong permissions!')
     user = dbs.query(User).filter(User.id == id).first()
     if not user:
         abort(404, message="(Code 002) User {} doesn't exist".format(id))
     dbs.delete(user)
     dbs.commit()
     return {}, 204
Example #7
0
 def put(self, id, **kwargs):
     parsed_args = parser.parse_args()
     comment = dbs.query(Comment).filter(Comment.id == id).first()
     if not comment:
         abort(404, message="(Code 068) Comment {} doesn't exist".format(id))
     if not (comment.author_id == kwargs["user"].id):
         abort(401, message="(Code 069) Unauthorized".format(id))
     comment.text = parsed_args["text"]
     dbs.add(comment)
     dbs.commit()
     return comment, 201
Example #8
0
 def delete(self, id, **kwargs):
     crag = dbs.query(Crag).filter(Crag.id == id).first()
     if not crag:
         abort(404, message="(Code 035) Crag {} doesn't exist".format(id))
     if crag.confirmed and not (kwargs['user'].administrator or kwargs['user'].moderator):
         abort(401, message="(Code 046) Unauthorized!")
     if not crag.confirmed and not (kwargs['user'].id == crag.original_author_id or
                                        kwargs['user'].administrator or kwargs['user'].moderator):
         abort(401, message="(Code 047) Unauthorized!")
     dbs.delete(crag)
     dbs.commit()
     return {}, 204
Example #9
0
 def delete(self, id, **kwargs):
     block = dbs.query(Block).filter(Block.id == id).first()
     if not block:
         abort(404, message="(Code 031) Block {} doesn't exist".format(id))
     if block.confirmed and not (kwargs['user'].administrator or kwargs['user'].moderator):
         abort(401, message="(Code 049) Unauthorized!")
     if not block.confirmed and not (kwargs['user'].id == block.original_author_id or
                                         kwargs['user'].administrator or kwargs['user'].moderator):
         abort(401, message="(Code 050) Unauthorized!")
     dbs.delete(block)
     dbs.commit()
     return {}, 204
Example #10
0
 def delete(self, id, **kwargs):
     boulder = dbs.query(Boulder).filter(Boulder.id == id).first()
     if not boulder:
         abort(404, message="(Code 033) Boulder {} doesn't exist".format(id))
     if boulder.confirmed and not (kwargs['user'].administrator or kwargs['user'].moderator):
         abort(401, message="(Code 052) Unauthorized!")
     if not boulder.confirmed and not (kwargs['user'].id == boulder.original_author_id or
                                           kwargs['user'].administrator or kwargs['user'].moderator):
         abort(401, message="(Code 053) Unauthorized!")
     dbs.delete(boulder)
     dbs.commit()
     return {}, 204
Example #11
0
 def post(self, **kwargs):
     parsed_args = area_parser.parse_args()
     if parsed_args["confirmed"] and not (kwargs["user"].administrator or kwargs["user"].moderator):
         abort(401, message="(Code 055) Unauthorized!")
     area = Area(
         name=parsed_args["name"],
         description=parsed_args["description"],
         original_author_id=kwargs["user"].id,
         confirmed=parsed_args["confirmed"],
     )
     dbs.add(area)
     dbs.commit()
     return area, 201
Example #12
0
 def delete(self, id, **kwargs):
     area = dbs.query(Area).filter(Area.id == id).first()
     if not area:
         abort(404, message="(Code 029) Area {} doesn't exist".format(id))
     if area.confirmed and not (kwargs["user"].administrator or kwargs["user"].moderator):
         abort(401, message="(Code 043) Unauthorized!")
     if not area.confirmed and not (
         kwargs["user"].id == area.original_author_id or kwargs["user"].administrator or kwargs["user"].moderator
     ):
         abort(401, message="(Code 044) Unauthorized!")
     dbs.delete(area)
     dbs.commit()
     return {}, 204
Example #13
0
 def post(self, **kwargs):
     parsed_args = crag_parser.parse_args()
     if parsed_args['confirmed'] and not (kwargs['user'].administrator or kwargs['user'].moderator):
         abort(401, message="(Code 056) Unauthorized!")
     crag = Crag(name=parsed_args['name'],
                 area_id=parsed_args['area_id'],
                 description=parsed_args['description'],
                 longitude=parsed_args['longitude'],
                 latitude=parsed_args['latitude'],
                 original_author_id=kwargs['user'].id,
                 confirmed=parsed_args['confirmed'])
     dbs.add(crag)
     dbs.commit()
     return crag, 201
Example #14
0
 def post(self, **kwargs):
     parsed_args = block_parser.parse_args()
     if parsed_args['confirmed'] and not (kwargs['user'].administrator or kwargs['user'].moderator):
         abort(401, message="(Code 057) Unauthorized!")
     block = Block(name=parsed_args['name'],
                   crag_id=parsed_args['crag_id'],
                   description=parsed_args['description'],
                   longitude=parsed_args['longitude'],
                   latitude=parsed_args['latitude'],
                   original_author_id=kwargs['user'].id,
                   confirmed=parsed_args['confirmed'])
     dbs.add(block)
     dbs.commit()
     return block, 201
Example #15
0
 def put(self, id, **kwargs):
     parsed_args = area_parser.parse_args()
     area = dbs.query(Area).filter(Area.id == id).first()
     if not area:
         abort(404, message="(Code 079) Area {} doesn't exist".format(id))
     if parsed_args["confirmed"] and not (kwargs["user"].administrator or kwargs["user"].moderator):
         abort(401, message="(Code 045) Unauthorized!")
     elif parsed_args["confirmed"]:
         area.confirmed = True
     area.name = parsed_args["name"]
     area.description = parsed_args["description"]
     dbs.add(area)
     dbs.commit()
     return area, 201
Example #16
0
    def put(self, id, **kwargs):
        parsed_args = parser.parse_args()

        if not (parsed_args['nickname'] or (parsed_args['firstname'] and parsed_args['lastname'])):
            abort(400, message="(Code 003) Either a nickname or a firstname and lastname need to be given!")

        if not re.match(r"[^@]+@[^@]+\.[^@]+", parsed_args['email']):
            abort(400, message="(Code 004) Email field is invalid!")

        if not parsed_args['sex'] in sexes:
            abort(400, message="(Code 027) Invalid sex!")

        user = dbs.query(User).filter(User.id == id).first()

        if not user:
            abort(404, message="(Code 080) User {} doesn't exist".format(id))

        if kwargs['user'].email != user.email:
            abort(401, message="(Code 005) Unauthorized!")

        user.firstname = parsed_args['firstname']
        user.lastname = parsed_args['lastname']
        user.nickname = parsed_args['nickname']
        user.size = parsed_args['size']
        user.sex = parsed_args['sex']
        user.birthday = datetime.strptime(parsed_args['birthday'], '%Y-%m-%d') if parsed_args[
            'birthday'] else None
        if user.email != parsed_args['email']:  # Changing the email address needs special permissions
            if kwargs['protected_action_permission'] != 'put':
                abort(401, message='(Code 006) Unauthorized!')
            else:
                user.email = parsed_args['email']
                generate_refreshed_jwt = True
        else:
            generate_refreshed_jwt = False
        if parsed_args['password']:  # So does changing the password
            if kwargs['protected_action_permission'] != 'put':
                abort(401, message='(Code 007) Unauthorized!')
            else:
                user.password = parsed_args['password']
        dbs.add(user)
        dbs.commit()
        if user.birthday:
            user.birthday = datetime.combine(user.birthday, datetime.min.time())  # Can't marshall date, only datetime
        marshalled_response = marshal(user, user_fields, envelope='data')
        # When email changed, the login JWT is now invalid and a new one has to be sent
        if generate_refreshed_jwt:
            marshalled_response['refreshedJWT'] = get_login_jwt(user.email)
        return marshalled_response, 201
Example #17
0
 def put(self, id, **kwargs):
     parsed_args = crag_parser.parse_args()
     crag = dbs.query(Crag).filter(Crag.id == id).first()
     if not crag:
         abort(404, message="(Code 070) Crag {} doesn't exist".format(id))
     if parsed_args['confirmed'] and not (kwargs['user'].administrator or kwargs['user'].moderator):
         abort(401, message="(Code 048) Unauthorized!")
     elif parsed_args['confirmed']:
         crag.confirmed = True
     crag.name = parsed_args['name']
     crag.area_id = parsed_args['area_id']
     crag.description = parsed_args['description']
     crag.description = parsed_args['latitude']
     crag.description = parsed_args['longitude']
     dbs.add(crag)
     dbs.commit()
     return crag, 201
Example #18
0
 def put(self, id, **kwargs):
     parsed_args = block_parser.parse_args()
     block = dbs.query(Block).filter(Block.id == id).first()
     if not block:
         abort(404, message="(Code 072) Block {} doesn't exist".format(id))
     if parsed_args['confirmed'] and not (kwargs['user'].administrator or kwargs['user'].moderator):
         abort(401, message="(Code 051) Unauthorized!")
     elif parsed_args['confirmed']:
         block.confirmed = True
     block.name = parsed_args['name']
     block.crag_id = parsed_args['crag_id']
     block.description = parsed_args['description']
     block.latitude = parsed_args['latitude']
     block.longitude = parsed_args['longitude']
     dbs.add(block)
     dbs.commit()
     return block, 201
Example #19
0
 def post(self, **kwargs):
     parsed_args = boulder_grading_parser.parse_args()
     former_grading = dbs.query(BoulderGrading).filter(BoulderGrading.user_id == kwargs['user'].id,
                                                       BoulderGrading.boulder_id == parsed_args[
                                                           'boulder_id']).first()
     if former_grading:
         dbs.delete(former_grading)
     boulder = dbs.query(Boulder).filter(Boulder.id == parsed_args['boulder_id']).first()
     if not boulder:
         abort(404, message="(Code 073) Boulder doesn't exist!")
     if not boulder.confirmed:
         abort(400, message="(Code 074) Cannot suggest a grade for an unconfirmed boulder!")
     if parsed_args['grade'] not in fb_scale + v_scale:
         abort(400, message="(Code 075) Field 'grade' has to be a valid Vermin or Fontainebleau grade!")
     grading = BoulderGrading(boulder_id=parsed_args['boulder_id'],
                              grade=parsed_args['grade'],
                              user_id=kwargs['user'].id)
     dbs.add(grading)
     dbs.commit()
     return None, 201
Example #20
0
 def post(self, **kwargs):
     parsed_args = parser.parse_args()
     entity = dbs.query(Entity).filter(Entity.id == parsed_args["entity_id"]).first()
     if not entity:
         abort(404, message="(Code 061) Entity doesn't exist!")
     if not entity.confirmed:
         abort(400, message="(Code 062) Cannot comment on an unconfirmed entity!")
     if parsed_args["parent_id"]:
         parent_comment = dbs.query(Comment).filter(Comment.id == parsed_args["parent_id"]).first()
         if not parent_comment:
             abort(400, message="(Code 063) Parent comment doesn't exist!")
         if parent_comment.parent_id:
             abort(400, message="(Code 064) Maximal discussion depth is one!")
     comment = Comment(
         entity_id=parsed_args["entity_id"],
         author_id=kwargs["user"].id,
         parent_id=parsed_args["parent_id"],
         text=parsed_args["text"],
     )
     dbs.add(comment)
     dbs.commit()
     return comment, 201
Example #21
0
    def post(self):
        parsed_args = parser.parse_args()

        # If there is not admin in the system yet, an admin can be created this way. This will only work for the first
        # admin in the system!
        is_admin = False
        if parsed_args['installAdmin']:
            if not dbs.query(User).filter(User.administrator).all():
                is_admin = True
            else:
                abort(401, message="(Code 036) Falsely attempted to create initial administrator!")

        if not (parsed_args['nickname'] or (parsed_args['firstname'] and parsed_args['lastname'])):
            abort(400, message="(Code 008) Either a nickname or a firstname and lastname need to be given!")
        if not re.match(r"[^@]+@[^@]+\.[^@]+", parsed_args['email']):
            abort(400, message="(Code 009) Email field is invalid!")
        if not parsed_args['password']:
            abort(400, message="(Code 010) Password cannot be blank!")
        if not parsed_args['sex'] in sexes:
            abort(400, message="(Code 026) Invalid sex!")

        birthday = datetime.strptime(parsed_args['birthday'], '%Y-%m-%d') if parsed_args[
            'birthday'] else None
        user = User(firstname=parsed_args['firstname'],
                    lastname=parsed_args['lastname'],
                    nickname=parsed_args['nickname'],
                    birthday=birthday,
                    size=parsed_args['size'],
                    sex=parsed_args['sex'],
                    email=parsed_args['email'],
                    password=parsed_args['password'],
                    administrator=is_admin,
                    moderator=is_admin)
        dbs.add(user)
        dbs.commit()
        if user.birthday:
            user.birthday = datetime.combine(user.birthday, datetime.min.time())  # Can't marshall date, only datetime
        return user, 201