def add(cls, email, password, confirm_password, first_name, last_name, brief=None):
# validate email
if not is_email_address_valid(email):
raise InvalidFieldError("Email address is not valid", ["email"])
# check matched password
if password != confirm_password:
raise InvalidFieldError("Password and confirm password does not match", ["password", "confirm_password"])
elif len(password) < 6:
raise InvalidFieldError("Password length must be at least 6 characters", ["password"])
# validate name
if not first_name or not last_name:
raise InvalidFieldError("First name and/or last name are in valid", ["first_name", "last_name"])
args = {
"email": email.lower(),
"password": hashlib.md5(password).hexdigest(),
"first_name": first_name,
"last_name": last_name
}
if brief:
args["brief"] = brief
# create activate id
user = DBUser(**args)
user.activation_id = hashlib.md5(email + password).hexdigest()
# persistent user object
try:
user.save()
return user
except:
raise
def delete_user(cls, request_user_id, user_delete):
user = DBUser.get_by_id(request_user_id)
dl_user = DBUser.get_by_id(user_delete)
# if not user:
# raise UserNotFoundError("user with id = %d does not exist", request_user_id)
if not dl_user:
raise UserNotFoundError("user with id = %d does not exist", user_delete)
if user.role != "manager":
raise AccessDeniedError("Not manager user cannot delete account")
else:
dl_user.delete()
def delete_comment(cls, user_id, comment_id):
# not necessary to check user_id
# if not is_id_valid(user_id):
# raise InvalidFieldError("user id is invalid", ["user_id"])
if not is_id_valid(comment_id):
raise InvalidFieldError("comment id is invalid", ["comment_id"])
user = DBUser.get_by_id(user_id)
if not user:
raise UserNotFoundError("User with id = %d does not exist" % user_id)
comment = DBComment.get_by_id(comment_id)
if not comment:
raise CommentNotFoundError(comment_id=comment_id)
# only allow commenter/post author to delete comment
if comment.user_id != user_id and comment.post.author.id != user_id:
raise AccessDeniedError("You cannot delete others comment")
try:
comment.delete()
return comment
except:
raise
def update_comment(cls, user_id, comment_id, content):
# not necessary to check user_id
# if not is_id_valid(user_id):
# raise InvalidFieldError("user id is invalid", ["user_id"])
if not is_id_valid(comment_id):
raise InvalidFieldError("comment id is invalid", ["comment_id"])
commenter = DBUser.get_by_id(user_id)
if not commenter:
raise UserNotFoundError("User with id = %d does not exist" % user_id)
comment = DBComment.get_by_id(comment_id)
if not comment:
raise CommentNotFoundError(comment_id=comment_id)
if len(content) < 10:
raise InvalidFieldError("comment is too short", ["content"])
# only allow commenter to update comment
if comment.user_id != user_id:
raise AccessDeniedError("You cannot edit others comment")
comment.content = content
try:
comment.update()
return comment
except:
raise
def find_post_by_author_pagination(cls, author_id, page=1, per_page=10):
"""
Find all post publish by specific author
:param author_id: id of author to find post by
:param page: page index begin at 1
:param per_page:
:return:
"""
# valid user if
if not is_id_valid(author_id):
raise InvalidFieldError("author id does not valid.", ["author_id"])
# confirm user existent
author = DBUser.get_by_id(author_id)
if not author:
raise UserNotFoundError("User with id = %d does not exist")
args = {"user_id": author_id}
# validate pagination info
if not is_id_valid(page):
page = 1
if int(per_page) <= 0 or int(per_page) >= 50:
per_page = 10
pagination = DBPost.pagination_get(filter_dict=args, page=page, per_page=per_page, order_by="time desc")
return pagination, author
def delete_post(cls, user_id, post_id):
user = DBUser.get_by_id(user_id)
if not user:
raise UserNotFoundError("User with id = %d does not exist" % user_id)
if not is_id_valid(post_id):
raise InvalidFieldError("Post id is invalid", ["post_id"])
post = DBPost.get_by_id(post_id)
if not post:
raise PostNotFoundError(post_id=post_id)
# only allow author and manager to delete post
if post.author.id != user_id and user.role != "manager":
raise AccessDeniedError("You don't have permission to delete this post.")
post.delete()
def update_user(cls, user_id, email=None, password=None, confirm_password=None, first_name=None, last_name=None,
brief=None, avatar=None):
try:
user = DBUser.get_by_id(user_id)
if user is None:
raise UserNotFoundError("User with id = %d does not exist" %user_id)
# validate email
if email and not is_email_address_valid(email):
raise InvalidFieldError("Email address is not valid", ["email"])
elif email:
user.email = email
if password and confirm_password:
# check matched password
if password != confirm_password:
raise InvalidFieldError("Password and confirm password does not match", ["password", "confirm_password"])
elif len(password) < 6:
raise InvalidFieldError("Password length must be at least 6 characters", ["password"])
else:
user.password = hashlib.md5(password).hexdigest()
# validate name
if first_name is not None and len(first_name) == 0:
raise InvalidFieldError("First name is in valid", ["first_name"])
elif first_name:
user.first_name = first_name
if last_name is not None and len(last_name) == 0:
raise InvalidFieldError("Last name is in valid", ["last_name"])
elif last_name:
user.last_name = last_name
if brief:
user.brief = brief
if avatar:
user.avatar = avatar
# persistent user object
user.update()
return user
except:
raise
def test_update_no_info(self):
args = {
"email": "*****@*****.**",
"password": "******",
"confirm_password": "******",
"first_name": "Editor2",
"last_name": "Nguyen",
"brief": "Hello world"
}
User.update_user(self.user_id[1])
user = DBUser.get_by_id(self.user_id[1])
self.assertEqual(user.id, self.user_id[1])
self.assertEqual(user.email, args["email"])
self.assertEqual(user.password, hashlib.md5(args["password"]).hexdigest())
self.assertEqual(user.first_name, args["first_name"])
self.assertEqual(user.last_name, args["last_name"])
self.assertEqual(user.brief, args["brief"])
def test_update_user_all_valid_field(self):
args = {
"email": "*****@*****.**",
"password": "******",
"confirm_password": "******",
"first_name": "Dzung",
"last_name": "Nguyen Tien",
"brief": "Hello world Again"
}
User.update_user(self.user_id[0], **args)
user = DBUser.get_by_id(self.user_id[0])
self.assertEqual(user.id, self.user_id[0])
self.assertEqual(user.email, args["email"])
self.assertEqual(user.password, hashlib.md5(args["password"]).hexdigest())
self.assertEqual(user.first_name, args["first_name"])
self.assertEqual(user.last_name, args["last_name"])
self.assertEqual(user.brief, args["brief"])
def activate_user(cls, email, activation_id):
# validate input
if not is_email_address_valid(email):
return None
arg = {
"email": email.lower(),
}
user = DBUser.get_one(arg)
if user :
if user.activation_id == activation_id:
# only return some basic info
user.activation_id = ""
user.activated = True
user.update()
return user
else:
return None
else:
return None
def verify_user(cls, email, password):
# validate input
if not is_email_address_valid(email) or len(password) < 6:
return None
arg = {
"email": email.lower(),
}
password_hashed = hashlib.md5(password).hexdigest()
user = DBUser.get_one(arg)
if user :
if user.activated:
if user.password == password_hashed:
# only return some basic info
return user
else:
return None
else:
raise UserNotActivatedError()
else:
return None
def update_post(cls, user_id, post_id, title=None, content=None, feature_image=None, tags=None, categories=None,
draft=False):
# only allow author or manager to edit post
user = DBUser.get_by_id(user_id)
if not user:
raise UserNotFoundError("User with id = %d does not exist" % user_id)
if not is_id_valid(post_id):
raise InvalidFieldError("Post id is invalid", ["post_id"])
post = DBPost.get_by_id(post_id)
if not post:
raise PostNotFoundError(post_id=post_id)
if post.author.id != user_id and user.role != "manager":
raise AccessDeniedError("You cannot edit post not published by you.")
if title:
post.title = title
if content:
post.content = content
elif content is not None and len(content) == 0:
raise InvalidFieldError("Post's content cannot be empty", ["content"])
if feature_image:
post.feature_image = feature_image
if tags:
post.tags = tags
if categories:
post.categories = ",".join("`%s`"%cat for cat in categories)
post.update()
return post
def set_up_db():
args = {
"email": "*****@*****.**",
"password": hashlib.md5("123456").hexdigest(),
"first_name": "Admin",
"last_name": "Nguyen",
"brief": "Hello world",
"role": "manager"
}
user = User(**args)
user.save()
args["email"] = "*****@*****.**"
args["first_name"] = "Editor2"
args["role"] = 'editor'
user = User(**args)
user.save()
args["email"] = "*****@*****.**"
args["first_name"] = "Editor3"
user = User(**args)
user.save()
args["email"] = "*****@*****.**"
args["first_name"] = "Editor4"
user = User(**args)
user.save()
args = {
"title": "Post 1 title",
"content": """<p>Lorem ipsum dolor sit amet, consectetur adipisicing elit. Eveniet doloribus qui, adipisci inventore sequi fugiat dolores ullam, provident a, accusantium, necessitatibus ab nisi aliquam. Ipsam voluptas dolores magni necessitatibus provident.</p>
<p>Sunt quo placeat fugiat nesciunt vel assumenda dolorem incidunt provident eligendi ipsa, quam autem optio id nostrum beatae corporis a. Tempore saepe quod nemo hic magni in veritatis illum natus.</p>
<p>Et beatae ipsam repellat officiis similique cupiditate distinctio expedita rem at, aut aspernatur, voluptate quibusdam! Voluptatum aut quos porro eos nulla officiis adipisci magnam perferendis, dicta minima quis eligendi enim.</p>
<p>Sed itaque dignissimos eligendi reprehenderit, nesciunt ducimus voluptates dolores suscipit fugit ipsam aperiam praesentium laborum odit qui libero ipsum tempora, eos quis hic, sapiente perspiciatis amet labore voluptatibus alias. Vitae.</p>""",
"user_id": 1,
"categories": ["c++","python"]
}
post = Post(**args)
post.save()
args["title"] = "Post 2 title"
args["user_id"] = 2
post = Post(**args)
post.save()
args["title"] = "Post 3 title"
args["user_id"] = 3
post = Post(**args)
post.save()
args["title"] = "Post 4 title"
args["user_id"] = 4
post = Post(**args)
post.save()
args["title"] = "Post Hello title"
args["user_id"] = 1
args["categories"] = ["non-it"]
post = Post(**args)
post.save()
args["title"] = "Good morning"
args["user_id"] = 2
post = Post(**args)
post.save()
args["title"] = "First day at Moscow"
args["user_id"] = 2
args["categories"] = ["journey","non-it"]
post = Post(**args)
post.save()
args["title"] = "Surprising"
args["user_id"] = 3
post = Post(**args)
post.save()
args["title"] = "So awesome lake"
args["user_id"] = 3
post = Post(**args)
post.save()
args["title"] = "My new Phone"
args["user_id"] = 3
args["categories"] = ["photo","non-it"]
post = Post(**args)
post.save()
args["title"] = "Photo with new phone"
args["user_id"] = 3
post = Post(**args)
post.save()
args["title"] = "List of useful app for Blackberry"
args["user_id"] = 3
args["categories"] = ["uncategorized"]
post = Post(**args)
post.save()
cmt_args={
"content":"<p>Lorem ipsum dolor sit amet, consectetur adipisicing elit. Ut ipsum ad, mollitia repellendus harum dignissimos rem beatae, dolore minus. Sapiente saepe mollitia magnam molestiae natus officiis corrupti voluptatibus, qui repudiandae.</p>",
"post_id":1,
"user_id":2,
}
cmt = Comment(**cmt_args)
cmt.save()
cmt_args["post_id"] = 1
cmt_args["user_id"] = 3
cmt = Comment(**cmt_args)
cmt.save()
cmt_args["post_id"] = 1
cmt_args["user_id"] = 4
cmt = Comment(**cmt_args)
cmt.save()
cmt_args["post_id"] = 3
cmt_args["user_id"] = 4
cmt = Comment(**cmt_args)
cmt.save()
cmt_args["post_id"] = 3
cmt_args["user_id"] = 2
cmt = Comment(**cmt_args)
cmt.save()
cmt_args["post_id"] = 4
cmt_args["user_id"] = 1
cmt = Comment(**cmt_args)
cmt.save()
cmt_args["post_id"] = 7
cmt_args["user_id"] = 1
cmt = Comment(**cmt_args)
cmt.save()
cmt_args["post_id"] = 4
cmt_args["user_id"] = 2
cmt = Comment(**cmt_args)
cmt.save()
cmt_args["post_id"] = 3
cmt_args["user_id"] = 3
cmt = Comment(**cmt_args)
cmt.save()
cmt_args["post_id"] = 2
cmt_args["user_id"] = 4
cmt = Comment(**cmt_args)
cmt.save()
cmt_args["post_id"] = 2
cmt_args["user_id"] = 1
cmt = Comment(**cmt_args)
cmt.save()
cmt_args["post_id"] = 2
cmt_args["user_id"] = 3
cmt = Comment(**cmt_args)
cmt.save()
cmt_args["post_id"] = 2
cmt_args["user_id"] = 4
cmt = Comment(**cmt_args)
cmt.save()
cmt_args["post_id"] = 5
cmt_args["user_id"] = 3
cmt = Comment(**cmt_args)
cmt.save()
cmt_args["post_id"] = 5
cmt_args["user_id"] = 2
cmt = Comment(**cmt_args)
cmt.save()
cmt_args["post_id"] = 5
cmt_args["user_id"] = 3
cmt = Comment(**cmt_args)
cmt.save()
cmt_args["post_id"] = 5
cmt_args["user_id"] = 4
cmt = Comment(**cmt_args)
cmt.save()
cmt_args["post_id"] = 6
cmt_args["user_id"] = 4
cmt = Comment(**cmt_args)
cmt.save()
cmt_args["post_id"] = 6
cmt_args["user_id"] = 1
cmt = Comment(**cmt_args)
cmt.save()
cmt_args["post_id"] = 9
cmt_args["user_id"] = 1
cmt = Comment(**cmt_args)
cmt.save()
cmt_args["post_id"] = 9
cmt_args["user_id"] = 1
cmt = Comment(**cmt_args)
cmt.save()
cmt_args["post_id"] = 9
cmt_args["user_id"] = 3
cmt = Comment(**cmt_args)
cmt.save()
