def _get_post(post):
if post is None:
return errors.not_found()
if post.is_draft:
user = get_user_from_request()
if user is None:
return errors.no_access()
if post.creator != user:
return errors.no_access()
user = get_user_from_request()
if post.blog is not None:
# workaround, delete later. Sometime in the past you can save post
# without blog, so this check will fail.
has_access = Blog.has_access(post.blog, user)
if not has_access:
return errors.no_access()
post_dict = post.to_json()
post_dict = Vote.add_votes_info(post_dict, 3, user)
entries = JamEntry.get_entries_for_post(post)
post_dict["jam_entries"] = [e.to_json() for e in entries]
return jsonify({"success": 1, "post": post_dict})
def _delete_post(post):
if post is None:
return errors.not_found()
user = get_user_from_request()
if post.creator == user or user.is_admin:
Comment.delete().where((Comment.object_type == "post")
& (Comment.object_id == post.id)).execute()
TagMark.delete().where(TagMark.post == post).execute()
post.delete_instance()
return jsonify({"success": 1})
if post.blog is None:
return errors.no_access()
role = Blog.get_user_role(post.blog, user)
# only blog owner can delete posts
if role != 1:
return errors.no_access()
Comment.delete().where((Comment.object_type == "post")
& (Comment.object_id == post.id)).execute()
TagMark.delete().where(TagMark.post == post).execute()
post.delete_instance()
return jsonify({"success": 1})
def invites(url):
"""Пригласить пользователя или принять инвайт"""
blog = Blog.get_or_none(Blog.url == url)
if blog is None:
return errors.not_found()
user = get_user_from_request()
json = request.get_json()
if "invite" in json:
invite = BlogInvite.get_or_none(BlogInvite.id == json["invite"])
if invite is None:
return errors.invite_not_found()
if invite.user_to.id != user.id:
return errors.no_access()
invite.is_accepted = True
invite.save()
BlogParticipiation.create(blog=invite.blog, user=user, role=invite.role)
return jsonify({"success": 1})
elif "user" in json and "role" in json:
user_to = User.get_or_none(User.id == json["user"])
if user_to is None:
return errors.not_found()
role = Blog.get_user_role(blog, user)
if role is None:
return errors.no_access()
role_to = json["role"]
roles = {"owner": 1, "writer": 2, "reader": 3}
if role_to not in roles:
return errors.invite_wrong_role()
role_to = roles[role_to]
if role > role_to:
return errors.no_access()
invite = BlogInvite.create(
blog=blog, user_from=user, user_to=user_to, role=role_to
)
Notification.create(
user=user,
created_date=datetime.datetime.now(),
text='Вас пригласили в блог "{0}"'.format(blog.title),
object_type="invite",
object_id=invite.id,
)
return jsonify({"success": 1, "invite": invite.id})
def unassign_achievement():
user = get_user_from_request()
if not user.is_admin:
return errors.no_access()
json = request.get_json()
if "users" not in json or "achievement" not in json:
return errors.wrong_payload("users", "achievement")
if len(json["users"]) == 0:
return errors.wrong_payload("users")
achievement = Achievement.get_or_none(
Achievement.id == json["achievement"])
if achievement is None:
return errors.wrong_payload("achievement")
assign_errors = []
for u in json["users"]:
user_to_unassign = User.get_or_none(User.id == u)
if user_to_unassign is None:
assign_errors.append(f"Cannot unassign achievement from user {u}")
else:
assign = AchievementUser.get_or_none(achievement=achievement,
user=user_to_unassign)
assign.delete_instance()
return jsonify({"success": 1, "errors": assign_errors})
def posts(url):
"""Получить список постов для блога"""
blog = Blog.get_or_none(Blog.url == url)
if blog is None:
return errors.not_found()
user = get_user_from_request()
has_access = Blog.has_access(blog, user)
if not has_access:
return errors.no_access()
query = Post.get_posts_for_blog(blog)
limit = max(1, min(int(request.args.get("limit") or 20), 100))
paginated_query = PaginatedQuery(query, paginate_by=limit)
posts = [p.to_json() for p in paginated_query.get_object_list()]
posts = [Vote.add_votes_info(p, 3, user) for p in posts]
return jsonify(
{
"success": 1,
"posts": posts,
"meta": {"page_count": paginated_query.get_page_count()},
}
)
def _edit_post(post):
if post is None:
return errors.not_found()
user = get_user_from_request()
role = Blog.get_user_role(post.blog, user)
if post.creator == user or role == 1 or user.is_admin:
json = request.get_json()
error = set_blog(post, json, user)
if error is not None:
error_response = {
BlogError.NoBlog: errors.blog_not_found(),
BlogError.NoAccess: errors.blog_no_access(),
}[error]
return error_response
fill_post_from_json(post, json)
if not validate_url(post):
return errors.post_url_already_taken()
post.save()
set_tags_for_post(post, json)
manage_jam_entries(post, json)
return jsonify({"success": 1, "post": post.to_json()})
else:
return errors.no_access()
def get_feedback():
"""Получить список отзывов"""
user = get_user_from_request()
if user.is_admin:
return jsonify(
{"success": 1, "feedback": [f.to_json() for f in Feedback.select()]}
)
else:
return errors.no_access()
def _edit_comment(comment_id, user, text):
comment = Comment.get_or_none(Comment.id == comment_id)
if comment is None:
return errors.not_found()
is_accessible = user.is_admin or comment.creator == user
if not is_accessible:
return errors.no_access()
comment.text = sanitize(text)
comment.save()
return comment
def resolve(id):
"""Пометить отзыв как решенный"""
user = get_user_from_request()
if user.is_admin:
f = Feedback.get_or_none(Feedback.id == id)
if f is None:
return errors.not_found()
f.is_resolved = True
f.save()
return jsonify({"success": 1})
else:
return errors.no_access()
def get_single_blog(url):
"""Получить блог по указанному url"""
blog = Blog.get_or_none(Blog.url == url)
if blog is None:
return errors.not_found()
user = get_user_from_request()
has_access = Blog.has_access(blog, user)
if not has_access:
return errors.no_access()
blog_dict = blog.to_json()
blog_dict = Vote.add_votes_info(blog_dict, 2, user)
return jsonify({"success": 1, "blog": blog_dict})
def delete_blog(url):
"""Удалить блог"""
blog = Blog.get_or_none(Blog.url == url)
if blog is None:
return errors.not_found()
user = get_user_from_request()
role = Blog.get_user_role(blog, user)
if role != 1:
return errors.no_access()
blog.delete_instance()
return jsonify({"success": 1})
def finish(url):
"""Закончить джем"""
user = get_user_from_request()
jam = Jam.get_or_none(Jam.url == url)
if jam is None:
return errors.not_found()
if jam.creator != user:
return errors.no_access()
jam.status = 2
jam.save()
return jsonify({"success": 1})
def join(url):
"""Присоеденится к блогу. Работает только с открытми блогами"""
blog = Blog.get_or_none(Blog.url == url)
if blog is None:
return errors.not_found()
if blog.blog_type != 1:
return errors.no_access()
user = get_user_from_request()
if user is None:
return errors.not_authorized()
if BlogParticipiation.get_or_none(blog=blog, user=user) is None:
BlogParticipiation.create(blog=blog, user=user, role=3)
return jsonify({"success": 1})
def dashboard():
"""Получить статистику по сайту"""
user = get_user_from_request()
if not user.is_admin:
return errors.no_access()
users = User.select().count()
d = datetime.datetime.now() - datetime.timedelta(days=7)
active_users = User.select().where(User.last_active_date > d).count()
return jsonify({
"success": 1,
"users": users,
"active_users_7_days": active_users
})
def edit_jam(url):
"""Редактировать джем"""
user = get_user_from_request()
jam = Jam.get_or_none(Jam.url == url)
if jam is None:
return errors.not_found()
if jam.creator != user:
return errors.no_access()
json = request.json
title = json.get("title", jam.title)
# url = json.get("url", jam.url)
description = json.get("description", jam.description)
short_description = json.get("short_description", jam.short_description)
start_date = json.get("start_date", jam.start_date)
end_date = json.get("end_date", jam.end_date)
criterias = json.get("criterias", [])
image = None
if "image" in json:
image = json["image"]
edit_blog_for_jam(jam.blog, title, url, image)
jam.title = title
# jam.url = url
jam.description = sanitize(description)
jam.short_description = sanitize(short_description)
jam.start_date = start_date
jam.end_date = end_date
if image:
jam.logo = Content.get_or_none(Content.id == image)
jam.updated_date = datetime.datetime.now()
jam.save()
JamCriteria.delete().where(JamCriteria.jam == jam).execute()
for criteria in criterias:
JamCriteria.create(jam=jam,
title=criteria["title"],
order=criteria["order"])
return jsonify({"success": 1, "jam": jam.to_json()})
def edit_blog(url):
"""Изменить блог"""
blog = Blog.get_or_none(Blog.url == url)
if blog is None:
return errors.not_found()
user = get_user_from_request()
role = Blog.get_user_role(blog, user)
if role != 1:
return errors.no_access()
fill_blog_from_json(blog, request.get_json())
if not validate_url(blog):
return errors.blog_url_already_taken()
blog.save()
return jsonify({"success": 1, "blog": blog.to_json()})
def readers(url):
"""Получить список читателей блога"""
blog = Blog.get_or_none(Blog.url == url)
if blog is None:
return errors.not_foun
user = get_user_from_request()
has_access = Blog.has_access(blog, user)
if not has_access:
return errors.no_access()
query = Blog.get_readers(blog)
limit = max(1, min(int(request.args.get("limit") or 20), 100))
paginated_query = PaginatedQuery(query, paginate_by=limit)
return jsonify(
{
"success": 1,
"readers": [u.to_json() for u in paginated_query.get_object_list()],
"meta": {"page_count": paginated_query.get_page_count()},
}
)
def assign_achievement():
user = get_user_from_request()
if not user.is_admin:
return errors.no_access()
json = request.get_json()
if "users" not in json or "achievement" not in json:
return errors.wrong_payload("users", "achievement")
if len(json["users"]) == 0:
return errors.wrong_payload("users")
achievement = Achievement.get_or_none(
Achievement.id == json["achievement"])
if achievement is None:
return errors.wrong_payload("achievement")
assign_errors = []
for u in json["users"]:
user_to_assign = User.get_or_none(User.id == u)
if user_to_assign is None:
assign_errors.append(f"Cannot assign achievement to user {u}")
else:
AchievementUser.create(
achievement=achievement,
user=user_to_assign,
comment=json.get("comment", None),
)
Notification.create(
user=user_to_assign,
created_date=datetime.datetime.now(),
text=f"Новая награда: {achievement.title}",
object_type="achievement",
object_id=achievement.id,
)
return jsonify({"success": 1, "errors": assign_errors})
def add_achievement():
user = get_user_from_request()
if not user.is_admin:
return errors.no_access()
json = request.get_json()
if "title" not in json or "image" not in json:
return errors.wrong_payload("title", "image")
if len(json["title"]) == 0:
return errors.wrong_payload("title")
content = Content.get_or_none(Content.id == json["image"])
if content:
if not content.is_image:
return errors.achievement_is_not_image()
elif not content.is_small_image:
return errors.achievement_too_large()
achievement = Achievement.create(title=json["title"], image=content)
return jsonify({"success": 1, "achievement": achievement.to_json()})
def comments(url):
"""Получить список комментариев для поста или добавить новый комментарий"""
post = Post.get_or_none(Post.url == url)
if post is None:
return errors.not_found()
if request.method == "GET":
user = get_user_from_request()
if post.is_draft:
if user is None:
return errors.no_access()
if post.creator != user:
return errors.no_access()
return _get_comments("post", post.id, user)
elif request.method == "POST":
user = get_user_from_request()
if user is None:
return errors.not_authorized()
json = request.get_json()
if "text" in json:
text = sanitize(json.get("text"))
else:
return errors.wrong_payload("text")
parent_id = None
if "parent" in json:
parent_id = json["parent"]
parent = None
if parent_id:
parent = Comment.get_or_none(Comment.id == parent_id)
comment = _add_comment("post", post.id, user, text, parent_id)
if user.id != post.creator.id:
t = "Пользователь {0} оставил комментарий к вашему посту {1}: {2}"
notification_text = t.format(user.visible_name, post.title, text)
Notification.create(
user=post.creator,
created_date=datetime.datetime.now(),
text=notification_text,
object_type="comment",
object_id=comment.id,
)
if parent is not None:
if user.id != parent.creator.id:
t = "Пользователь {0} ответил на ваш комментарий {1}: {2}"
notification_text = t.format(user.visible_name, parent.text,
text)
Notification.create(
user=parent.creator,
created_date=datetime.datetime.now(),
text=notification_text,
object_type="comment",
object_id=comment.id,
)
return jsonify({"success": 1, "comment": comment.to_json()})
