def verify_user_is_invitee_or_inviter(self, user_id):
self.verify_invitation_exists()
if self.check_user_is_owner(
user_id=user_id) or self.check_user_is_invitee(
user_id=user_id):
return True
HttpException.throw_403("You must be the inviter or invitee")
def verify_user_is_member(self, user_id):
self.verify_thread_exists()
if self.check_user_is_member(user_id=user_id):
return True
HttpException.throw_403(
"User with id '{user_id}' is not a member of the thread".format(
user_id=user_id))
def get(self, user_id):
"""
@api {GET} /users/id/<String:user_id> Get user by id
@apiGroup User
@apiDescription Get user details by id
@apiSuccessExample {JSON} Success-Response:
{
UserModel
}
"""
user_model = UserHandler().get(value=user_id)
if user_model:
return user_model.jsonify()
HttpException.throw_404("User with id '{user_id}' not found".format(user_id=user_id))
def get(self, username):
"""
@api {GET} /users/name/<String:username> Get user by username
@apiGroup User
@apiDescription Get user details by username
@apiSuccessExample {JSON} Success-Response:
{
UserModel
}
"""
user_model = UserHandler().get(value=username, by="username")
if user_model:
# Intentional bug that returns UserModel without firstname attribute
user_model = copy.deepcopy(user_model)
del user_model.firstname
return user_model.jsonify()
HttpException.throw_404(
"User with username '{username}' not found".format(
username=username))
def post(self):
"""
@api {POST} /threads Create thread
@apiGroup Thread
@apiParam (JSON param) {String} name Name of the thread. Has to be unique, must not be a number, length 2-50
@apiParam (JSON param) {Boolean} private Whether the thread is to be private or not
@apiSuccessExample {JSON} Success-Response:
{
ThreadModel
}
"""
args = self.reqparse.parse_args()
user_id = auth.user_id
# Validate thread name
if ThreadVerifications(by="name",
value=args.name).check_thread_exists():
HttpException.throw_409("Thread name already taken")
elif args.name.isdigit():
HttpException.throw_422("Thread name must not be a number")
# Intentional bug with validation between 2 and 60 characters for workshop purposes
elif not validate_length(2, 60, args.name):
HttpException.throw_422(
"Thread name length must be between 2 and 50 characters")
# Create thread
thread_model = ThreadsHandler().post(user_id=user_id,
name=args.name,
private=args.private)
# Return thread
return thread_model.jsonify()
def verify_invitation_exists(self):
if self.check_invitation_exists():
return True
HttpException.throw_404(
"Invitation with {by} '{value}' not found".format(
by=self.by, value=self.value))
def verify_user_is_owner(self, user_id):
self.verify_application_exists()
if self.check_user_is_owner(user_id=user_id):
return True
HttpException.throw_403("You must be the application owner")
def verify_user_is_owner(self, user_id):
self.verify_message_exists()
if self.check_user_is_owner(user_id=user_id):
return True
HttpException.throw_403("You must be the message owner")
def verify_message_exists(self):
if self.check_message_exists():
return True
HttpException.throw_404("Message with {by} '{value}' not found".format(
by=self.by, value=self.value))
def post(self):
"""
@api {POST} /signup Signup
@apiGroup User
@apiParam (JSON param) {String} username Username. Has to be unique, cannot be a number, length 2-20
@apiParam (JSON param) {String} password Password. Length 4-20
@apiParam (JSON param) {String} firstname First name. Length 2-20
@apiParam (JSON param) {String} lastname Last name. Length 2-50
@apiSuccessExample {JSON} Success-Response:
{
UserModel
}
"""
args = self.reqparse.parse_args()
# Verify username
if UserVerifications(by="username",
value=args.username).check_user_exists():
HttpException.throw_409("Username already taken")
elif args.username.isdigit():
HttpException.throw_422("Username must not be a number")
elif not validate_length(2, 20, args.username):
HttpException.throw_422(
"Username length must be between 2 and 20 characters")
# Verify password
elif not validate_length(4, 20, args.password):
HttpException.throw_422(
"password length must be between 4 and 20 characters")
# Verify firstname
elif not validate_length(2, 20, args.firstname):
HttpException.throw_422(
"First name length must be between 2 and 20 characters")
# Verify lastname
elif not validate_length(2, 50, args.lastname):
HttpException.throw_422(
"Last name length must be between 2 and 50 characters")
# Register user
user_model = SignupHandler().post(username=args.username,
password=args.password,
firstname=args.firstname,
lastname=args.lastname)
return user_model.jsonify()
def verify_text_length(self, min_l, max_l):
if self.check_text_length(min_l=min_l, max_l=max_l):
return True
HttpException.throw_422(
"Text has to be between {min_l} and {max_l} characters".format(min_l=min_l, max_l=max_l)
)
def verify_user_not_invited(self, user_id):
self.verify_thread_exists()
if self.check_user_not_invited(user_id=user_id):
return True
HttpException.throw_409(
"User with id '{user_id}' already invited".format(user_id=user_id))
def verify_user_not_applied(self, user_id):
self.verify_thread_exists()
if self.check_user_not_applied(user_id=user_id):
return True
HttpException.throw_409("You have already applied to this thread")
def verify_thread_is_not_private(self):
self.verify_thread_exists()
if self.check_thread_is_not_private():
return True
HttpException.throw_403("The thread is private")
def verify_excludes_owner(self, user_ids):
self.verify_thread_exists()
if self.check_excludes_owner(user_ids=user_ids):
return True
HttpException.throw_422(
"You may not perform this action on thread owner")
def verify_user_is_not_owner(self, user_id):
self.verify_thread_exists()
if self.check_user_is_not_owner(user_id=user_id):
return True
HttpException.throw_422("You must not be the thread owner")