def task_create(request):
"""Create a new task for this user."""
response = get_json_response(request)
profile = get_profile(request, request.matchdict['username'])
if profile:
if security.is_user(request):
due_date = request.POST['due_date']
try:
task = Task(
name=request.POST['name'],
note=request.POST['note'],
creation_date=datetime.now(),
due_date=datetime.strptime(due_date, '%d/%m/%Y %H:%M:%S')
if due_date else None,
completed=request.POST['completed'],
profile_id=profile.id,
profile=profile)
request.dbsession.add(task)
response.status_code = 201
return {'msg': 'posted'}
except KeyError:
response.status_code = 400
return {'error': 'Some fields are missing'}
response.status_code = 403
return {'error': 'You do not have permission to access this data.'}
response.status_code = 404
return {'error': 'The profile does not exist'}
def task_update(request):
"""Update task information for one user's task."""
response = get_json_response(request)
if security.is_user(request):
username = request.matchdict['username']
profile = get_profile(request, username)
task = request.dbsession.query(Task).get(request.matchdict['id'])
if task in profile.tasks:
if 'name' in request.POST and request.POST['name']:
task.name = request.POST['name']
if 'note' in request.POST:
task.note = request.POST['note']
if 'due_date' in request.POST:
due_date = request.POST['due_date']
task.due_date = datetime.strptime(
due_date, '%d/%m/%Y %H:%M:%S') if due_date else None
if 'completed' in request.POST:
task.due_date = request.POST['completed']
request.dbsession.add(task)
request.dbsession.flush()
return {'username': username, 'task': task.to_dict()}
response.status_code = 404
return {'username': username, 'task': None}
response.status_code = 403
return {'error': 'You do not have permission to access this data.'}
def profile_detail(request):
"""Get detail for one profile."""
response = get_json_response(request)
if security.is_user(request):
profile = get_profile(request, request.matchdict['username'])
return profile.to_dict()
response.status_code = 403
return {'error': 'You do not have permission to access this profile.'}
def profile_delete(request):
"""Delete an existing profile."""
response = get_json_response(request)
if security.is_user(request):
profile = get_profile(request, request.matchdict['username'])
request.dbsession.delete(profile)
response.status_code = 204
response.headers = forget(request)
return
response.status_code = 403
return {'error': 'You do not have permission to access this profile.'}
def task_delete(request):
"""Delete a task."""
response = get_json_response(request)
if security.is_user(request):
username = request.matchdict['username']
profile = get_profile(request, username)
task = request.dbsession.query(Task).get(request.matchdict['id'])
if task in profile.tasks:
request.dbsession.delete(task)
return {'username': username, 'msg': 'Deleted.'}
response.status_code = 403
return {'error': 'You do not have permission to access this profile.'}
def task_detail(request):
"""Get task detail for one user given a task ID."""
response = get_json_response(request)
if security.is_user(request):
username = request.matchdict['username']
profile = get_profile(request, username)
task = request.dbsession.query(Task).get(request.matchdict['id'])
if task in profile.tasks:
return {'username': username, 'task': task.to_dict()}
response.status_code = 404
return {'username': username, 'task': None}
response.status_code = 403
return {'error': 'You do not have permission to access this data.'}
def tasks_list(request):
"""List tasks for one user."""
response = get_json_response(request)
profile = get_profile(request, request.matchdict['username'])
if profile:
if security.is_user(request):
username = request.matchdict['username']
tasks = request.dbsession.query(Task).filter(
Task.profile == profile).all()
return {
'username': username,
'tasks': [task.to_dict() for task in tasks],
}
response.status_code = 403
return {'error': 'You do not have permission to access this data.'}
response.status_code = 404
return {'error': 'The profile does not exist'}
def profile_update(request):
"""Update an existing profile."""
response = get_json_response(request)
if security.is_user(request):
profile = get_profile(request, request.matchdict['username'])
if 'username' in request.POST and request.POST['username'] != '':
profile.username = request.POST['username']
if 'email' in request.POST and request.POST['email'] != '':
profile.email = request.POST['email']
if 'password' in request.POST and 'password2' in request.POST and request.POST[
'password'] == request.POST[
'password2'] and request.POST['password'] != '':
profile.password = hasher.hash(request.POST['password'])
request.dbsession.add(profile)
request.dbsession.flush()
response.status_code = 202
return {
'msg': 'Profile updated.',
'profile': profile.to_dict(),
'username': profile.username
}
response.status_code = 403
return {'error': 'You do not have permission to access this profile.'}