Example #1
0
 def get_documents_to_validate(session, *args):
     """
     This method si used to get documents to validate
     """
     attributes = args[0]
     if Document.is_allowed(attributes):
         query = session.query(Document).join(ValidationStatus).filter(
             ValidationStatus.status == Status.InValidation)
         return query.all()
     else:
         documents = session.query(Document).join(ValidationStatus).filter(
             ValidationStatus.status == Status.InValidation).all()
         return [doc for doc in documents if doc.owner_id() == attributes['user_id']]
Example #2
0
 def check_authorization(session, auth_info, doc_id):
     """
     Checks if the authenticated user has rights on the document identified
     by the `doc_ic`. The function returns `True` only if the user is the
     owner of the document or an admin
     :param session: The sqlalchemy session
     :param auth_info: The authenticated use info
     :param doc_id: The document id
     :return: True if the user has rights on the document, False otherwise
     """
     document = session.query(Document) \
         .filter(Document.id == doc_id).one()
     return Document.is_allowed(auth_info) \
            or document.is_owner(auth_info)
Example #3
0
 def update_document(session, auth_info, doc_id, attributes):
     document = session.query(Document) \
         .filter(Document.id == doc_id).one()
     # To change not supposed to be done in Controller
     documents = session.query(Document).join(ValidationStatus).filter(
         and_(Document.id == doc_id,
              ValidationStatus.status == Status.InValidation)).all()
     doc_count = len([doc for doc in documents
                      if doc.owner_id() == auth_info['user_id']])
     if Document.is_allowed(auth_info) or doc_count > 0:
         ArchiveController.create_archive(document.serialize())
         document.update(attributes)
         session.add(document)
         return document
     else:
         raise AuthError
Example #4
0
 def delete_document_file(session, auth_info, doc_id):
     document = session.query(Document) \
         .filter(Document.id == doc_id).one()
     if document:
         if document.is_owner(auth_info) or \
            Document.is_allowed(auth_info):
             filename = document.file
             if filename:
                 ArchiveController.create_archive(document.serialize())
                 document.update({
                     'file': None
                 })
                 session.add(document)
                 return document
             else:
                 raise NotFound
         else:
             raise AuthError
     else:
         raise NotFound
Example #5
0
 def delete_documents(session, *args):
     an_id = args[0]
     attributes = args[1]
     documents = session.query(Document).filter(
         Document.id == an_id).all()
     doc_count = len([doc for doc in documents
                      if doc.owner_id() == attributes['user_id']])
     if Document.is_allowed(attributes) or doc_count > 0:
         # we also remove the associated image
         # located in 'UPLOAD_FOLDER' directory
         a_doc = session.query(Document).filter(
             Document.id == an_id).one()
         if a_doc:
             ArchiveController.create_archive(a_doc.serialize())
             session.delete(a_doc)
         try:
             os.remove(UPLOAD_FOLDER + '/' + a_doc.file)
             return a_doc
         except Exception as e:
             print(e)
             info_logger.error(e)
     else:
         raise AuthError