def cancel_friend_request(user_id): friend_request_sent = g.me.friend_requests_sent.filter( friend_requests.c.friended_id == user_id).first_or_404() if friend_request_sent is not None: g.me.friend_requests_sent.remove(friend_request_sent) db.session.commit() return succ('Succesfully cancelled friend request.')
def end_event(event_id): event = Event.query.get_or_404(event_id) if not (g.me.admin or event.is_hosted_by(g.me)): abort(403) event.ended = True db.session.commit() return succ('Event ended successfully.')
def unblock_user(user_id): user = User.query.get(user_id) if g.me.unblock(user): db.session.commit() return succ('Succesfully unblocked user.') else: return fail('You haven\'t blocked this person.')
def block_user(user_id): user = User.query.get(user_id) if g.me.block(user): db.session.commit() return succ('Succesfully blocked user.') else: return fail('You\'ve already blocked this person.')
def delete_key(key_id): key = Key.query.get(key_id) if key.user_id != g.user.id: return fail('You may not delete this key.', 403) key.deleted = True db.session.commit() return succ('Key deleted.')
def create_friend_request(user_id): user = User.query.get_or_404(user_id) if g.me.friend_request(user): db.session.commit() notifier.friend_request(g.me, user) return succ('Succesfully sent friend request!') else: return fail('You\'re already friends with this person.')
def delete_event(event_id): event = Event.query.get_or_404(event_id) if not (g.me.admin or event.is_hosted_by(g.me)): abort(403) # FIXME: this fails because we haven't gotten rid of the hostships db.session.delete(event) db.session.commit() return succ('Event deleted successfully.')
def accept_friend_request(friender_id): req = g.me.friend_requests_received.filter( friend_requests.c.friender_id == friender_id).first_or_404() friend = User.query.get(friender_id) friend.friended.append(g.me) g.me.friend_requests_received.remove(req) db.session.commit() notifier.accept_friend_request(g.me, friend) return succ('Accepted the request!')
def update_location(): lat = g.json['lat'] lng = g.json['lng'] # In order to save some processing, first check if the user is still at their current event # (which they probably will be a decent percentage of the time). if g.me.current_event_id is not None: event = Event.query.get(g.me.current_event_id) if attending(lat, lng, event.lat, event.lng): return succ('Location received, no event change.') g.me.current_event_id = None for event in g.me.feed(): if (event.lat is not None and event.lng is not None) and attending( lat, lng, event.lat, event.lng): g.me.current_event_id = event.id break db.session.commit() return succ('Location received!')
def reject_friend_request(user_id): """ Decline a friend request. """ req = g.me.friend_requests_received.filter( friend_requests.c.friender_id == user_id).first_or_404() g.me.friend_requests_received.remove(req) db.session.commit() return succ('Successfully rejected request.')
def create_review(event_id): # TODO: check that I have access to this event event = Event.query.get(event_id) if g.json['positive'] and g.json['negative']: fail('You can\'t review positively and negatively at the same time.') g.me.review_on(event, g.json['positive'], g.json['negative'], g.json['body']) db.session.commit() return succ('Reviewed successfully.')
def update_password(): old_password = g.json.get('old_password') new_password = g.json.get('new_password') if not old_password or not new_password: return fail('Improper parameters.') if g.me.is_password_correct(old_password): g.me.set_password(new_password) db.session.commit() return succ('Successfully updated password!') return fail('Incorrect password.', 403)
def delete_update(event_id, update_id): event = Event.query.get_or_404(event_id) update = Update.query.get_or_404(update_id) if event.is_hosted_by(g.me): event.updates.remove(update) db.session.delete(update) db.session.commit() return succ('Deleted update.', 200) else: abort(403)
def delete_invite(event_id, user_id): event = Event.query.get_or_404(event_id) user = User.query.get_or_404(user_id) # TODO: allow non-host users when transitive_invites is on to remove their own invitations but nobody elses if event.is_hosted_by(g.me): event.invites.remove(user) db.session.commit() return succ('Cancelled invite.', 200) else: abort(403)
def delete_host(event_id, user_id): event = Event.query.get_or_404(event_id) user = User.query.get_or_404(user_id) if (g.me.admin or event.is_hosted_by(g.me)) and user != g.me: # TODO: Add remove_host function on event event.hosts.remove(user) db.session.commit() return succ('Removed host.', 200) else: abort(403)
def add_host(event_id, user_id): event = Event.query.get_or_404(event_id) user = User.query.get_or_404(user_id) if g.me.admin or event.is_hosted_by(g.me): if event.add_host(user): db.session.commit() return succ('Added host.') else: return fail('User is already a host.') else: abort(403)
def remove_tag(event_id, tag_name): event = Event.query.get_or_404(event_id) if not (g.me.admin or event.is_hosted_by(g.me)): abort(403) if not event.has_tag(tag_name): return fail('Event does not have this tag.') if event.remove_tag(tag_name): db.session.commit() return succ('Removed tag.') # Should not be reached, but just in case. return fail('Tag not removed.')
def send_invite(event_id, user_id): event = Event.query.get_or_404(event_id) user = User.query.get_or_404(user_id) # TODO: store who created an invitation, and allow users who aren't hosts to only remove their invitations if event.transitive_invites or event.is_hosted_by(g.me): if event.invite(user): db.session.commit() notifier.send_invite(event, user_from=g.me, user_to=user) return succ('Invited user.') else: return fail('User already invited.') else: abort(403)
def add_tag(event_id, tag_name): event = Event.query.get_or_404(event_id) tag_name = tag_name.lower() if not (g.me.admin or event.is_hosted_by(g.me)): abort(403) # First, check if the event already has this tag. if event.has_tag(tag_name): return fail('Event already has this tag.') if event.add_tag(tag_name): db.session.commit() return succ('Added tag!') # If the tag is blacklisted or there was another problem return fail('Tag not added.')
def reset_password_request(): # get the post data payload = request.get_json() email = payload.get('email').lower().strip() # check if user already exists user = User.query.filter_by(email=email).first() if user: send_reset_password_email(user) return succ( 'If this email has an associated account, a message has been sent to reset your password!', 201)
def friend_remove(user_id): """ Remove friendship. """ friendship_sent = g.me.friended.filter( friendships.c.friended_id == user_id).first() friendship_received = g.me.frienders.filter( friendships.c.friender_id == user_id).first() if friendship_sent is None and friendship_received is None: return fail('Couldn\'t find a friendship with this person.') if friendship_sent is not None: g.me.friended.remove(friendship_sent) if friendship_received is not None: g.me.frienders.remove(friendship_received) db.session.commit() return succ('Succesfully removed friend.')
def register(): # get the post data payload = request.get_json() email = payload.get('email').lower().strip() # check if user already exists user = User.query.filter_by(email=email).first() if not user: try: with open('resources/email_blacklist.txt') as f: # TODO: should we just keep this in memory continuously rather than reading it every time? email_blacklist = f.read().split('\n') if email in email_blacklist: return fail( 'Sorry, a student email address is required to register.', 401) school = School.from_email(email) if school is None: # TODO: use non-Yale-specific message. return fail( 'You must use a valid .edu email address from a supported school.', 401) user = User( name=payload['name'].strip(), email=email, year=payload['year'], password=payload['password'], confirmed=False, school_id=school.id, ) # Insert the user db.session.add(user) db.session.commit() send_confirmation_email(user) return succ( 'Check your inbox at ' + email + ' to confirm! (The email may take a few moments to deliver.)', 201) except Exception as e: return fail( 'Some error occurred. Please try again. Contact the developers if this continues to happen.', 500) else: return fail('User already exists. Please log in.', 202)
def update_me(): # TODO: make method of User g.me.name = g.json['name'] db.session.commit() return succ('Updated profile.')
def facebook_connect(): g.me.facebook_connect(g.json['id'], g.json['name']) db.session.commit() return succ('Successfully connected!')
def facebook_disconnect(): g.me.facebook_disconnect() db.session.commit() return succ('Successfully disconnected!')
def delete_review(event_id): # TODO: check that I have access to this event event = Event.query.get_or_404(event_id) g.me.unreview_on(event) db.session.commit() return succ('Successfully unreviewd.')