def delete(self, test_id): curr_user = self.get_secure_cookie(auth_const.OPENID) curr_user_role = self.get_secure_cookie(auth_const.ROLE) if curr_user is not None: query = {'_id': objectid.ObjectId(test_id)} test_data = yield dbapi.db_find_one(self.table, query) if not test_data: raises.NotFound(message.not_found(self.table, query)) if curr_user == test_data['owner'] or \ curr_user_role.find('administrator') != -1: yield dbapi.db_delete('applications', {'test_id': test_data['id']}) yield dbapi.db_delete('reviews', {'test_id': test_data['id']}) self._delete(query=query) else: raises.Forbidden(message.no_auth()) else: raises.Unauthorized(message.no_auth())
def delete(self, id): query = {'_id': objectid.ObjectId(id)} application = yield dbapi.db_find_one(self.table, query) test_id = application['test_id'] t_query = {'id': test_id} yield dbapi.db_delete('reviews', {'test_id': test_id}) yield dbapi.db_update('tests', t_query, {'$set': { 'status': 'private' }}) self._delete(query=query)
def _del(self): query = {'openid': self.json_args['reviewer_openid']} user = yield dbapi.db_find_one('users', query) if not user: raises.Forbidden(message.unauthorized()) role = self.get_secure_cookie(auth_const.ROLE) if 'reviewer' not in role.split(','): raises.Unauthorized(message.no_auth()) test = yield dbapi.db_find_one( 'tests', {'id': self.json_args['test_id']}) if test['owner'] == self.json_args['reviewer_openid']: self.finish_request({'code': 403, 'msg': 'No permision to review own results'}) return query = { 'reviewer_openid': self.json_args['reviewer_openid'], 'test_id': self.json_args['test_id'] } yield dbapi.db_delete(self.table, query) self.finish_request()
def _delete(self, data, query=None): yield dbapi.db_delete(self.table, query) self.finish_request()