def mutate_and_get_payload(root, info, **input): user = info.context.user or None if user.is_anonymous: raise GraphQLError('User not authenticated.') new_post = Post(**input, posted_by=user) new_post.save() return CreatePost(post=new_post, author=new_post.posted_by)
def create_post(user_id, community_id, post_title, post_body): # This function can only be called when user is logged in # So the user id must be a valid one because it's derived from the session handler # input: (int, int, str, str) # Create a new post community = Community.query.filter(Community.id == community_id).first() user_obj = User.query.filter(User.id == user_id).first() if user_obj is None: raise ValueError("user doesn't exist") if community is None: raise ValueError("community doesn't exist") if user_obj in community.banned_users: raise PermissionError("user {} is banned on {}".format( user_obj, community)) if community.is_private and user_obj not in community.users: raise PermissionError("community {} is private".format(community)) # Create it now post_obj = Post(user_id=user_id, community_id=community_id, title=post_title, body=post_body) db.session.add(post_obj) try: db.session.commit() except (exc.IntegrityError, exc.InterfaceError): # if the title or body is None, IntegrityError db.session.rollback() raise
def createPost(): if not request.is_json: return jsonify({"msg": "Missing JSON in request"}), 400 dog_id = request.json.get('dogId', None) image_url = request.json.get('imageUrl', None) body = request.json.get('body', None) if not dog_id: return {"msg": "Dog not found"}, 400 if not image_url: return {"msg": "Please upload a photo"}, 400 post = Post(dog_id=dog_id, image_url=image_url, body=body) db.session.add(post) db.session.commit() return post.to_dict(), 200
def new_post(): form = PostForm() if form.validate_on_submit(): post = Post(title=form.title.data, content=form.content.data, author=current_user) db.session.add(post) db.session.commit() flash('Your post has been created!', 'success') return redirect(url_for('main.home')) return render_template('create_post.html', title='New Post', form=form, legend='New Post')
def delete_post(event_id, post_id): user_id = auth.check_token(request.headers.get('session')) if not user_id: return "Unauthorized request: Bad session token", 401 user = Organizer.find_id(user_id) if not user: return "Unauthorized request: User doesn't have permission", 401 event = Event.find_event(event_id) if not event: return "Event not found", 404 post = Post.find_id(post_id) if not post: return "Post not found", 404 post.delete() return 'Post deleted'
def get_post(event_id, post_id): user_id = auth.check_token(request.headers.get('session')) if not user_id: return "Unauthorized request: Bad session token", 401 user = User.find_id(user_id) if not user: return "User not found", 404 event = Event.find_event(event_id) if not event: return "Event not found", 404 attended_ids = [evt.id for evt in user.events] if not (event.id in attended_ids or user.type == "organizer"): return "Unauthorized request: User doesn't have permission" post = Post.find_id(post_id) if not post: return "Post not found", 404 return post.to_json()
def all_posts(event_id): user_id = auth.check_token(request.headers.get('session')) if not user_id: return "Unauthorized request: Bad session token", 401 user = User.find_id(user_id) if not user: return "User not found", 404 event = Event.find_event(event_id) if not event: return "Event not found", 404 attended_ids = [evt.id for evt in user.events] if not (event.id in attended_ids or user.type == "organizer"): return "Unauthorized request: User doesn't have permission" posts = [] for p in Post.objects(event=event): posts.append(p.to_dict()) return json.dumps(posts), 200, jsonType
def update_post(event_id, post_id): user_id = auth.check_token(request.headers.get('session')) if not user_id: return "Unauthorized request: Bad session token", 401 user = Organizer.find_id(user_id) if not user: return "Unauthorized request: User doesn't have permission", 401 event = Event.find_event(event_id) if not event: return "Event not found", 404 post = Post.find_id(post_id) if not post: return "Post not found", 404 for key, value in request.get_json().items(): if not key.startswith('_'): # Some security setattr(post, key, value) post.save() return post.to_json()
def new_post(): form = PostForm() # If the form is filled in correctly populate the post data # and commit the new data to the database if form.validate_on_submit(): post = Post( title=form.title.data, content=form.content.data, author=current_user, percentage=form.percentage.data, price=form.price.data, place=form.place.data, turnover=form.turnover.data, field=form.field.data, ) db.session.add(post) db.session.commit() flash("Post has been created!", "success") return redirect(url_for('company_list')) return render_template("create_post.html", title="Add Post", form=form, legend="New Post")
def create_post(event_id): user_id = auth.check_token(request.headers.get('session')) if not user_id: return "Unauthorized request: Bad session token", 401 organizer = Organizer.find_id(user_id) if not organizer: return "Unauthorized request: User doesn't have permission", 401 event = Event.find_event(event_id) if not event: return "Event not found", 404 body = request.get_json() post = Post() post.event = event post.author = organizer post.time = datetime.utcnow() post.image = body.get('image') post.title = body.get('title') post.body = body.get('body') post.notif = body.get('notif') post.save() if not post.id: return "Error creating post", 500 # If post.notif, send text message to all attendees return post.to_json()