def comment(): act = request.args.get('act') or request.json.get('act') if request.method == 'POST': file_id = int(request.json.get('fileId', 0)) else: # it's a GET file_id = int(request.args.get('fileId', 0)) file = SolutionFile.get_or_none(file_id) if file is None: return fail(404, f'No such file {file_id}.') solver_id = file.solution.solver.id if solver_id != current_user.id and not current_user.role.is_manager: return fail(403, "You aren't allowed to access this page.") if act == 'fetch': return jsonify(Comment.by_file(file_id)) if ( not webapp.config.get('USERS_COMMENTS', False) and not current_user.role.is_manager ): return fail(403, "You aren't allowed to access this page.") if act == 'delete': comment_id = int(request.args.get('commentId')) comment_ = Comment.get_or_none(Comment.id == comment_id) if ( comment_.commenter.id != current_user.id and not current_user.role.is_manager ): return fail(403, "You aren't allowed to access this page.") if comment_ is not None: comment_.delete_instance() return jsonify({'success': 'true'}) if act == 'create': kind = request.json.get('kind', '') comment_id, comment_text = None, None try: line_number = int(request.json.get('line', 0)) except ValueError: line_number = 0 if kind.lower() == 'id': comment_id = int(request.json.get('comment', 0)) if kind.lower() == 'text': comment_text = request.json.get('comment', '') return comments._create_comment( current_user.id, file, kind, line_number, comment_text, comment_id, ) return fail(400, f'Unknown or unset act value "{act}".')
def comment(): act = request.args.get('act') or request.json.get('act') if request.method == 'POST': file_id = int(request.json.get('fileId', 0)) else: # it's a GET file_id = int(request.args.get('fileId', 0)) file = SolutionFile.get_or_none(file_id) if file is None: return fail(404, f'No such file {file_id}.') solver_id = file.solution.solver.id if solver_id != current_user.id and not current_user.role.is_manager: return fail(403, "You aren't allowed to access this page.") if act == 'fetch': return jsonify(Comment.by_file(file_id)) if (not webapp.config.get('USERS_COMMENTS', False) and not current_user.role.is_manager): return fail(403, "You aren't allowed to access this page.") if act == 'delete': return try_or_fail(comments.delete) if act == 'create': user = User.get_or_none(User.id == current_user.id) try: comment_ = comments.create(file=file, user=user) except LmsError as e: error_message, status_code = e.args return fail(status_code, error_message) return jsonify({ 'success': 'true', 'text': comment_.comment.text, 'is_auto': False, 'author_name': user.fullname, 'author_role': user.role.id, 'id': comment_.id, 'line_number': comment_.line_number, }) return fail(400, f'Unknown or unset act value "{act}".')