Example #1
0
    def put(self, story_id, story):
        """Modify this story.

        :param story_id: An ID of the story.
        :param story: A story within the request body.
        """

        # Reject private story types while ACL is not created.
        if (story.story_type_id and
                (story.story_type_id == 3 or story.story_type_id == 4)):
            abort(400, _("Now you can't change story type to %s.") %
                  story.story_type_id)

        original_story = stories_api.story_get_simple(story_id)

        if not original_story:
            raise exc.NotFound(_("Story %s not found") % story_id)

        if story.creator_id and story.creator_id != original_story.creator_id:
            abort(400, _("You can't change author of story."))

        story_dict = story.as_dict(omit_unset=True)
        stories_api.story_check_story_type_id(story_dict)

        if not stories_api.story_can_mutate(original_story,
                                            story.story_type_id):
            abort(400, _("Can't change story type."))

        # This is not the place to update tags, including them in
        # story_dict causes the story/tag relationship to attempt to
        # update with a list of unicode strings rather than objects
        # from the database.
        if 'tags' in story_dict:
            story_dict.pop('tags')

        updated_story = stories_api.story_update(
            story_id,
            story_dict)

        user_id = request.current_user_id
        events_api.story_details_changed_event(story_id, user_id,
                                               updated_story.title)

        return create_story_wmodel(updated_story)
Example #2
0
    def put(self, story_id, story):
        """Modify this story.

        :param story_id: An ID of the story.
        :param story: A story within the request body.
        """

        # Reject private story types while ACL is not created.
        if (story.story_type_id and
                (story.story_type_id == 3 or story.story_type_id == 4)):
            abort(400, _("Now you can't change story type to %s.") %
                  story.story_type_id)

        original_story = stories_api.story_get_simple(story_id)

        if not original_story:
            raise exc.NotFound(_("Story %s not found") % story_id)

        if story.creator_id and story.creator_id != original_story.creator_id:
            abort(400, _("You can't change author of story."))

        story_dict = story.as_dict(omit_unset=True)
        stories_api.story_check_story_type_id(story_dict)

        if not stories_api.story_can_mutate(original_story,
                                            story.story_type_id):
            abort(400, _("Can't change story type."))

        updated_story = stories_api.story_update(
            story_id,
            story_dict)

        user_id = request.current_user_id
        events_api.story_details_changed_event(story_id, user_id,
                                               updated_story.title)

        return wmodels.Story.from_db_model(updated_story)
Example #3
0
    def put(self, story_id, story):
        """Modify this story.

        Example::

          curl 'https://my.example.org/api/v1/stories/19' -X PUT \\
          -H 'Authorization: Bearer MY_ACCESS_TOKEN' \\
          -H 'Content-Type: application/json;charset=UTF-8' \\
          --data-binary '{"title":"Modified","description":"New description."}'

        :param story_id: An ID of the story.
        :param story: A story within the request body.
        """
        user_id = request.current_user_id

        # Reject private story types while ACL is not created.
        if (story.story_type_id
                and (story.story_type_id == 3 or story.story_type_id == 4)):
            abort(
                400,
                _("Now you can't change story type to %s.") %
                story.story_type_id)

        original_story = stories_api.story_get_simple(story_id,
                                                      current_user=user_id)

        if not original_story:
            raise exc.NotFound(_("Story %s not found") % story_id)

        if story.creator_id and story.creator_id != original_story.creator_id:
            abort(400, _("You can't change author of story."))

        story_dict = story.as_dict(omit_unset=True)
        stories_api.story_check_story_type_id(story_dict)

        if not stories_api.story_can_mutate(original_story,
                                            story.story_type_id):
            abort(400, _("Can't change story type."))

        # This is not the place to update tags, including them in
        # story_dict causes the story/tag relationship to attempt to
        # update with a list of unicode strings rather than objects
        # from the database.
        if 'tags' in story_dict:
            story_dict.pop('tags')

        users = story_dict.get("users")
        teams = story_dict.get("teams")

        private = story_dict.get("private", original_story.private)
        if private:
            # If trying to make a story private with no permissions set, add
            # the user making the change to the permission so that at least
            # the story isn't lost to everyone.
            if not users and not teams and not original_story.permissions:
                users = [
                    wmodels.User.from_db_model(users_api.user_get(user_id))
                ]

            original_teams = None
            original_users = None
            if original_story.permissions:
                original_teams = original_story.permissions[0].teams
                original_users = original_story.permissions[0].users

            # Don't allow both permission lists to be deliberately emptied
            # on a private story, to make sure the story remains visible to
            # at least someone.
            valid = True
            if users == [] and teams == []:
                valid = False
            elif users == [] and (original_teams == [] and not teams):
                valid = False
            elif teams == [] and (original_users == [] and not users):
                valid = False
            if not valid and original_story.private:
                abort(400,
                      _("Can't make a private story have no users or teams"))

            # If the story doesn't already have permissions, create them.
            if not original_story.permissions:
                stories_api.create_permission(original_story, users, teams)

        updated_story = stories_api.story_update(story_id,
                                                 story_dict,
                                                 current_user=user_id)

        # If the story is private and already has some permissions, update
        # them as needed. This is done after updating the story in case the
        # request is trying to both update some story fields and also remove
        # the user making the change from the ACL.
        if private and original_story.permissions:
            stories_api.update_permission(updated_story, users, teams)

        events_api.story_details_changed_event(story_id, user_id,
                                               updated_story.title)

        return create_story_wmodel(updated_story)
Example #4
0
    def put(self, story_id, story):
        """Modify this story.

        Example::

          curl 'https://my.example.org/api/v1/stories/19' -X PUT \\
          -H 'Authorization: Bearer MY_ACCESS_TOKEN' \\
          -H 'Content-Type: application/json;charset=UTF-8' \\
          --data-binary '{"title":"Modified","description":"New description."}'

        :param story_id: An ID of the story.
        :param story: A story within the request body.
        """
        user_id = request.current_user_id

        # Reject private story types while ACL is not created.
        if (story.story_type_id and
                (story.story_type_id == 3 or story.story_type_id == 4)):
            abort(400, _("Now you can't change story type to %s.") %
                  story.story_type_id)

        original_story = stories_api.story_get_simple(
            story_id, current_user=user_id)

        if not original_story:
            raise exc.NotFound(_("Story %s not found") % story_id)

        if story.creator_id and story.creator_id != original_story.creator_id:
            abort(400, _("You can't change author of story."))

        story_dict = story.as_dict(omit_unset=True)
        stories_api.story_check_story_type_id(story_dict)

        if not stories_api.story_can_mutate(original_story,
                                            story.story_type_id):
            abort(400, _("Can't change story type."))

        # This is not the place to update tags, including them in
        # story_dict causes the story/tag relationship to attempt to
        # update with a list of unicode strings rather than objects
        # from the database.
        if 'tags' in story_dict:
            story_dict.pop('tags')

        users = story_dict.get("users")
        teams = story_dict.get("teams")

        private = story_dict.get("private", original_story.private)
        if private:
            # If trying to make a story private with no permissions set, add
            # the user making the change to the permission so that at least
            # the story isn't lost to everyone.
            if not users and not teams and not original_story.permissions:
                users = [wmodels.User.from_db_model(
                    users_api.user_get(user_id))]

            original_teams = None
            original_users = None
            if original_story.permissions:
                original_teams = original_story.permissions[0].teams
                original_users = original_story.permissions[0].users

            # Don't allow both permission lists to be deliberately emptied
            # on a private story, to make sure the story remains visible to
            # at least someone.
            valid = True
            if users == [] and teams == []:
                valid = False
            elif users == [] and (original_teams == [] and not teams):
                valid = False
            elif teams == [] and (original_users == [] and not users):
                valid = False
            if not valid and original_story.private:
                abort(400,
                      _("Can't make a private story have no users or teams"))

            # If the story doesn't already have permissions, create them.
            if not original_story.permissions:
                stories_api.create_permission(original_story, users, teams)

        updated_story = stories_api.story_update(
            story_id,
            story_dict,
            current_user=user_id)

        # If the story is private and already has some permissions, update
        # them as needed. This is done after updating the story in case the
        # request is trying to both update some story fields and also remove
        # the user making the change from the ACL.
        if private and original_story.permissions:
            stories_api.update_permission(updated_story, users, teams)

        events_api.story_details_changed_event(story_id, user_id,
                                               updated_story.title)

        return create_story_wmodel(updated_story)
Example #5
0
    def put(self, story_id, story):
        """Modify this story.

        :param story_id: An ID of the story.
        :param story: A story within the request body.
        """

        # Reject private story types while ACL is not created.
        if (story.story_type_id
                and (story.story_type_id == 3 or story.story_type_id == 4)):
            abort(
                400,
                _("Now you can't change story type to %s.") %
                story.story_type_id)

        original_story = stories_api.story_get_simple(
            story_id, current_user=request.current_user_id)

        if not original_story:
            raise exc.NotFound(_("Story %s not found") % story_id)

        if story.creator_id and story.creator_id != original_story.creator_id:
            abort(400, _("You can't change author of story."))

        story_dict = story.as_dict(omit_unset=True)
        stories_api.story_check_story_type_id(story_dict)

        if not stories_api.story_can_mutate(original_story,
                                            story.story_type_id):
            abort(400, _("Can't change story type."))

        # This is not the place to update tags, including them in
        # story_dict causes the story/tag relationship to attempt to
        # update with a list of unicode strings rather than objects
        # from the database.
        if 'tags' in story_dict:
            story_dict.pop('tags')

        users = story_dict.get("users", [])
        ids = [user.id for user in users]
        if story.private:
            if request.current_user_id not in ids \
                    and not original_story.permissions:
                users.append(
                    wmodels.User.from_db_model(
                        users_api.user_get(request.current_user_id)))
            if not original_story.permissions:
                stories_api.create_permission(original_story, users)

        updated_story = stories_api.story_update(
            story_id, story_dict, current_user=request.current_user_id)

        if users == [] and updated_story.private:
            abort(400, _("Can't make a private story with no users"))

        if story.private:
            stories_api.update_permission(updated_story, users)

        user_id = request.current_user_id
        events_api.story_details_changed_event(story_id, user_id,
                                               updated_story.title)

        return create_story_wmodel(updated_story)