def put_group(group_id):
old_group = Group.query.get(group_id)
if old_group is None: # 그룹이 존재 하지 않을 경우
return not_found('group does not exist')
if request.json is None: # 요청이 올바르지 않은 경우
return bad_request('JSON request is invaild')
if g.current_user.id != old_group.create_user:
return forbidden('User cannot modify group')
name = request.json.get('name')
description = request.json.get('description')
users = request.json.get('users')
if users is None or users == []:
old_group.users = [g.current_user]
user_list = list(users)
old_group.name = name
old_group.description = description
if type(user_list
) == list and user_list is not None and len(user_list) >= 1:
old_group.users = [ User.query.filter_by(username=user_name).first() for user_name in user_list\
if User.query.filter_by(username=user_name).count() != 0 ]
db.session.commit()
return jsonify(old_group.to_json())
def edit_post(id):
post=Post.query.get_or_404(id)
if g.current_user != post.author and not g.current_user.can(Permission.ADMINISTER):
return forbidden('Insufficient permissions')
post.body = request.json.get('body',post.body)
db.session.add(post)
return jsonify(post.to_json())
def get_group(group_id):
group = Group.query.get(group_id)
if group is None:
return not_found('group does not exist')
if g.current_user.id != group.create_user:
return forbidden('User does not create this group')
return jsonify(group.to_json())
def get_page(page_id):
conn = g.mysql.connection
cursor = conn.cursor()
if not page_id:
return bad_request('Page ID is not provided')
try:
cursor.execute("""
SELECT
p.id,
p.address,
p.title,
p.description,
p.is_private,
p.created,
p.user_id
FROM pages p
WHERE id='{page_id}'
""".format(
page_id=page_id
))
page = cursor.fetchone()
is_private, user_id = page[4], page[6]
if is_private and not authorized(user_id):
return forbidden()
except Exception, error:
print 'ERROR: ', error
return bad_request(error)
def delete_notice_news(news_id):
news = News.query.filter_by(id=news_id).first()
if news is None:
return not_found('News does not exist')
if g.current_user.id != news.author_id:
return forbidden('Cannot chang other user\'s news')
news.notice = False
return jsonify(news.to_json())
def get_news(id):
news = News.query.get(id)
if news is None:
return not_found('News does not exist')
# 전체 공개, 그룹 내 유저, 그룹 생성자만 신송 열람 허용
if news.group is not None and g.current_user not in news.house.users\
and g.current_user.id != news.house.create_user:
return forbidden('User does not in this group')
return jsonify(news.to_json())
def delete_group(group_id):
group = Group.query.get(group_id)
if group is None:
return not_found('Group does not exist')
if g.current_user.id != group.create_user:
return forbidden('User does not in this group')
db.session.delete(group)
db.session.commit()
return '', 204
def get_users_in_group(group_id):
group = Group.query.get(group_id)
if group is None:
return not_found('Group does not exist')
if g.current_user.id != group.create_user:
return forbidden('User does not create this group')
users = group.users.all()
if users is None:
return not_found('User in group is not exist')
return jsonify({'users': [user.to_json() for user in users]})
def delete_user_picture(id):
user = User.query.filter_by(username=user_id).first()
if user is None:
return not_found('User does not exist')
if g.current_user is not user:
return forbidden('Cannot modify other user')
os.remove(os.path.join(UPLOAD_FOLDER, user.pictureLocate))
user.pictureName = None
user.pictureLocate = None
db.session.commit()
return '', 204
def get_news_file(id):
news = News.query.get(id)
if news is None:
return not_found('News does not exist')
if news.group is not None and g.current_user not in news.house.users\
and g.current_user.id != news.house.create_user:
return forbidden('User does not in this group')
filelocate = news.filelocate
if filelocate is None:
return not_found('File does not exist')
return send_from_directory(UPLOAD_FOLDER, filelocate)
def delete_comment_file(comment_id):
comment = Comment.query.get(comment_id)
if comment is None:
return not_found('Comment does not exist')
if g.current_user.id != comment.author_id:
return forbidden('Cannot Delete File')
os.remove(os.path.join(UPLOAD_FOLDER, comment.filelocate))
comment.filename = None
comment.filelocate = None
db.session.commit()
return '', 204
def delete_news_file(id):
news = News.query.get(id)
if news is None:
return not_found('News does not exist')
if g.current_user.id != news.author_id:
return forbidden('Cannot Delete File')
os.remove(os.path.join(UPLOAD_FOLDER, news.filelocate))
news.filename = None
news.filelocate = None
db.session.commit()
return '', 204
def get_files(address):
conn = g.mysql.connection
cursor = conn.cursor()
if not address:
return bad_request('Page address is not provided')
else:
cursor.execute("""
SELECT
id,
address,
title,
description,
is_private,
created,
user_id
FROM pages
WHERE address='{address}'
""".format(address=address))
page = cursor.fetchone()
is_private, user_id = page[4], page[6]
if not page:
return bad_request('Can\'t find page by provided address')
if is_private and not authorized(user_id):
return forbidden()
try:
cursor.execute("""
SELECT
f.id,
f.name,
f.size,
f.type,
f.ipfs_hash,
f.tx_id,
f.title,
f.description,
UNIX_TIMESTAMP(f.created),
p.user_id
FROM files f, pages p
WHERE p.id=f.page_id
AND p.address='{address}'
ORDER BY f.created DESC
""".format(address=address))
files = cursor.fetchall()
except Exception, error:
print 'ERROR: ', error
return bad_request(error)
def put_comment(comment_id):
if request.json is None: # 요청이 올바르지 않은 경우 - 덧글의 내용이 없다던가
return bad_request('JSON Request is invaild')
old_comment = Comment.query.filter_by(id=comment_id).first()
if old_comment is None: # 덧글이 존재 하지 않을 경우
return not_found('Comment does not exist')
if g.current_user.id != old_comment.author_id: # 다른 유저의 덧글을 수정하려고 하는 경우
return forbidden('Cannot modify other user\'s comment')
comment = Comment.from_json(request.json)
old_comment.context = comment.context
old_comment.parsed_context = comment.parsed_context
old_comment.author_name = g.current_user.realname
return jsonify(old_comment.to_json())
def delete_comment(comment_id):
comment = Comment.query.filter_by(id=comment_id).first()
if comment is None:
return not_found('Comment does not exist')
if g.current_user.id != comment.author_id: # 다른 유저의 덧글을 삭제하려고 하는 경우
return forbidden('Cannot delete other user\'s comment')
if comment.filename is not None:
os.remove(
os.path.join(api.root_path, '../../file/', comment.filelocate))
Comment.query.filter(Comment.parent_id == comment.id).delete()
db.session.delete(comment)
db.session.commit()
return '', 204
def modify_user(user_id):
user = User.query.filter_by(username=user_id).first()
if user is None: # 유저가 존재 하지 않을 경우
return not_found('User does not exist')
if g.current_user.username is not user.username: # 다른 유저를 수정하려고 하는 경우
return forbidden('Cannot modify other user')
if request.json is None: # 요청이 올바르지 않은 경우
return bad_request('JSON Request is invaild')
if request.json.get('pw') is not None: # pw 를 수정하는 경우
user.password = request.json.get('pw')
user.realname = request.json.get('name', user.realname)
db.session.add(user)
return jsonify(user.to_json())
def delete_particle(particle_id):
particle = Particle.query.filter_by(id=particle_id).first()
if request.json is None:
return bad_request('JSON Request is invaild')
if request.json.get('author_id') is None:
return bad_request('author`s ID is invaild')
if int(request.json.get('author_id')) != particle.author_id:
return forbidden('Cannot delete other user\'s particle')
Like.query.filter(Like.particle_id == particle.id).delete()
db.session.delete(particle)
db.session.commit()
return '', 204
def get_news_comments(news_id):
news = News.query.get(news_id)
if news is None:
return not_found('News does not exist')
if news.group is not None and g.current_user not in news.house.users\
and g.current_user.id != news.house.create_user:
return forbidden('User does not in this group')
return jsonify({
'comments': [
comment.to_json() for comment in news.comments
if comment.parent_id is None
]
})
def delete_news(news_id):
news = News.query.filter_by(id=news_id).first()
if news is None:
return not_found('News does not exist')
if g.current_user.id != news.author_id: # 다른 유저의 신송을 삭제하려고 하는 경우
return forbidden('Cannot delete other user\'s news')
if news.filename is not None:
os.remove(
os.path.join(os.path.join(api.root_path, '../../file/'),
news.filelocate))
Comment.query.filter(Comment.news_id == news.id).delete()
db.session.delete(news)
db.session.commit()
return '', 204
def put_news(news_id):
if request.json is None: # 요청이 올바르지 않은 경우
return bad_request('JSON Request is invaild')
old_news = News.query.filter_by(id=news_id).first()
if old_news is None: # 신송이 존재 하지 않을 경우
return not_found('News does not exist')
if g.current_user.id != old_news.author_id: # 다른 유저의 신송을 수정하려고 하는 경우
return forbidden('Cannot modify other user\'s news')
news = News.from_json(request.json)
old_news.context = news.context
old_news.parsed_context = news.parsed_context
old_news.modified_at = datetime.utcnow()
old_news.group = news.group
return jsonify(old_news.to_json())
def get_news_in_group(group_id):
group = Group.query.get(group_id)
if group is None:
return not_found('Group does not exist')
if g.current_user not in group.users:
return forbidden('User does not in this group')
page = request.args.get('page', 1, type=int)
per_page = request.args.get('per_page', 20, type=int)
pagination = group.news.order_by(News.created_at.desc()).paginate(
page, per_page, error_out=False)
pag_news = pagination.items
if pagination.total < 1:
return not_found('News is not exist')
return jsonify({'news': [news.to_json() for news in pag_news]})
def get_notice_group(group_id):
group = Group.query.get(group_id)
if group is None:
return not_found('Group does not exist')
if g.current_user not in group.users:
return forbidden('User does not in this group')
notice = group.news.filter_by(notice=True).order_by(
News.created_at.desc()).all()
return jsonify({
'notice': [
news.to_json() for news in notice
if news.group is None or g.current_user in news.house.users
]
})
def post_user_picture(user_id):
user = User.query.filter_by(username=user_id).first()
if user is None:
return not_found('User does not exist')
if g.current_user is not user:
return forbidden('Cannot modify other user')
if request.files['file'] is None:
return bad_request('File Request in invaild')
file = request.files['file']
if file and allowed_picture(file.filename.lower()):
pictureName = file.filename
pictureLocate = addTimestamp(pictureName)
file.save(os.path.join(UPLOAD_FOLDER, pictureLocate))
user.pictureName = pictureName
user.pictureLocate = pictureLocate
db.session.commit()
return jsonify(user.to_json()), 200
def put_particle(particle_id):
old_particle = Particle.query.filter_by(id=particle_id).first()
if request.json is None:
return bad_request('JSON Request is invaild')
if request.json.get('author_id') is None:
return bad_request('author`s ID is invaild')
if int(request.json.get('author_id')) != old_particle.author_id:
return forbidden('Cannot delete other user\'s particle')
if old_particle is None:
return not_found('Particle does not exist')
particle = Particle.from_json(request.json)
old_particle.anonymous = particle.anonymous
old_particle.context = particle.context
old_particle.parsed_context = particle.parsed_context
db.session.commit()
return jsonify(old_particle.to_json())
def get_file(file_id):
conn = g.mysql.connection
cursor = conn.cursor()
if not file_id:
return bad_request('File ID is not provided')
try:
cursor.execute("""
SELECT
f.id,
f.name,
f.size,
f.type,
f.title,
f.description,
f.ipfs_hash,
f.tx_id,
UNIX_TIMESTAMP(f.created),
p.id,
p.address,
p.title,
p.description,
UNIX_TIMESTAMP(p.created),
p.is_private,
u.id,
UNIX_TIMESTAMP(u.created)
FROM files f, pages p, users u
WHERE f.id='{file_id}'
AND f.page_id = p.id
AND p.user_id = u.id
""".format(file_id=file_id))
file_data = cursor.fetchone()
is_private = file_data[14]
if is_private and not authorized(file_data[15]):
return forbidden()
except Exception, error:
print 'ERROR: ', error
return bad_request(error)
def post_news():
if request.json is None:
return bad_request('JSON Request is invaild')
news = News.from_json(request.json)
if news.group is not None and g.current_user.id != Group.query.filter_by(
id=news.group).first().create_user:
return forbidden('User does not in this group')
news.author_id = g.current_user.id
news.author_name = g.current_user.realname
author = User.query.filter_by(id=g.current_user.id).first()
author.recent_group = news.group
db.session.add(news)
db.session.commit()
resp = make_response()
resp.headers['Location'] = url_for('api.get_news',
id=news.id) # 만들어진 신송 URI 제공
resp.status_code = 201
return resp
def post_news_comment(news_id):
if request.json is None:
return bad_request('JSON Request is invaild')
news = News.query.get(news_id)
if news is None:
return not_found('news does not exist')
if news.group is not None and g.current_user not in news.house.users\
and g.current_user.id != news.house.create_user:
return forbidden('User does not in this group')
comment = Comment.from_json(request.json)
comment.news_id = news.id
comment.author_id = g.current_user.id
comment.author_name = g.current_user.realname
db.session.add(comment)
db.session.commit()
resp = make_response()
resp.headers['Location'] = url_for('api.get_comment',
comment_id=comment.id)
resp.status_code = 201
return resp
def post_news_file(id):
news = News.query.get(id)
if news is None:
return not_found('News does not exist')
if g.current_user.id != news.author_id:
return forbidden('Cannot Upload File')
if request.files['file'] is None:
return bad_request('File Request in invaild')
file = request.files['file']
if file and allowed_file(file.filename.lower()):
filename = file.filename
filelocate = addTimestamp(filename)
if len(filename.rsplit('.')) is not 2:
return bad_request('File have abnormal extension')
file.save(os.path.join(UPLOAD_FOLDER, filelocate))
news.filename = filename
news.filelocate = filelocate
db.session.commit()
return jsonify(news.to_json())
def put_comment_file(comment_id):
comment = Comment.query.gt(comment_id)
if comment is None:
return not_found('Comment does not exist')
if g.current_user.id != comment.author_id:
return forbidden('Cannot Upload File')
if request.files['file'] is None:
return bad_request('File Request in invaild')
os.remove(os.path.join(UPLOAD_FOLDER, comment.filelocate))
file = request.files['file']
if file and allowed_file(file.filename.lower()):
filename = file.filename
filelocate = addTimestamp(filename)
if len(filename.rsplit('.')) is not 2:
return bad_request('File have abnormal extension')
file.save(os.path.join(UPLOAD_FOLDER, filelocate))
comment.filename = filename
comment.filelocate = filelocate
db.session.commit()
return jsonify(comment.to_json())
def decorated_function(*args, **kw):
if not verify_request(request):
return forbidden('Invalid Request Signature')
return f(*args, **kw)
def decorator_function(*args, **kwargs):
if not g.current_user.can(permission):
return forbidden('Insufficient permissions')
return f(*args, **kwargs)
def before_request():
if not g.current_user.is_anonymous and not g.current_user.confirmed:
return errors.forbidden('not confirmed')
def decorated_function(*args, **kwargs):
if not g.current_user.can(permission):
return forbidden('Insufficient permissions')
return f(*args, **kwargs)
def before_request():
if g.current_user.is_anonymous():
return forbidden('Unconfirmed account')
def get_token():
if g.current_user.is_anonymous() or g.token_used:
return forbidden('Unconfirmed account')
return jsonify({'token': g.current_user.generate_auth_token(
expiration=360000), 'expiration': 360000})
def before_request():
if not g.current_user.is_anonymous and \
not g.current_user.confirmed:
return forbidden('Unconfirmed account.')
