def comment(): act = request.args.get('act') or request.json.get('act') if request.method == 'POST': file_id = int(request.json.get('fileId', 0)) else: # it's a GET file_id = int(request.args.get('fileId', 0)) file = SolutionFile.get_or_none(file_id) if file is None: return fail(404, f'No such file {file_id}.') solver_id = file.solution.solver.id if solver_id != current_user.id and not current_user.role.is_manager: return fail(403, "You aren't allowed to access this page.") if act == 'fetch': return jsonify(Comment.by_file(file_id)) if ( not webapp.config.get('USERS_COMMENTS', False) and not current_user.role.is_manager ): return fail(403, "You aren't allowed to access this page.") if act == 'delete': comment_id = int(request.args.get('commentId')) comment_ = Comment.get_or_none(Comment.id == comment_id) if ( comment_.commenter.id != current_user.id and not current_user.role.is_manager ): return fail(403, "You aren't allowed to access this page.") if comment_ is not None: comment_.delete_instance() return jsonify({'success': 'true'}) if act == 'create': kind = request.json.get('kind', '') comment_id, comment_text = None, None try: line_number = int(request.json.get('line', 0)) except ValueError: line_number = 0 if kind.lower() == 'id': comment_id = int(request.json.get('comment', 0)) if kind.lower() == 'text': comment_text = request.json.get('comment', '') return comments._create_comment( current_user.id, file, kind, line_number, comment_text, comment_id, ) return fail(400, f'Unknown or unset act value "{act}".')
def delete(): comment_id = int(request.args.get('commentId')) comment_ = Comment.get_or_none(Comment.id == comment_id) if (comment_.commenter.id != current_user.id and not current_user.role.is_manager): raise ForbiddenPermission( "You aren't allowed to access this page.", 403, ) if comment_ is not None: comment_.delete_instance()
def comment(): act = request.args.get('act') or request.json.get('act') if request.method == 'POST': solution_id = int(request.json.get('solutionId', 0)) else: # it's a GET solution_id = int(request.args.get('solutionId', 0)) solution = Solution.get_or_none(Solution.id == solution_id) if solution is None: return fail(404, f'No such solution {solution_id}') solver_id = solution.solver.id if solver_id != current_user.id and not current_user.role.is_manager: return fail(401, "You aren't allowed to watch this page.") if act == 'fetch': return jsonify(Comment.get_solutions(solution_id)) if act == 'delete': comment_id = int(request.args.get('commentId')) comment_ = Comment.get_or_none(Comment.id == comment_id) if comment_ is not None: comment_.delete_instance() return jsonify({'success': 'true'}) if act == 'create': kind = request.json.get('kind', '') comment_id, comment_text = None, None try: line_number = int(request.json.get('line', 0)) except ValueError: line_number = 0 if kind.lower() == 'id': comment_id = int(request.json.get('comment', 0)) if kind.lower() == 'text': comment_text = request.json.get('comment', '') return _create_comment( current_user.id, solution, kind, line_number, comment_text, comment_id, ) return fail(400, f'Unknown or unset act value "{act}"')