def event(event_id, resource=None): # Fetch event. event = Event.match(graph, event_id).first() if not event: abort(404, description='Resource not found') # Fetch the person making the request req_user = auth_get_req_user(request) owner_req = req_user.__primaryvalue__ == event.owner_id guest_req = event_id in list( e.__primaryvalue__ for e in req_user.InvitedTo) if request.method == 'GET': if owner_req or guest_req: # access is authorized if not resource: # Request specific event. return jsonify(event.json_repr(graph)) # Request specific resource associated with the event if resource in [CIRCLE, CIRCLES]: return jsonify( list(event.circles_of(graph, event_id))[0].json_repr(graph)) elif resource == PEOPLE: return event.json_repr(graph)['People'] abort(404, description='Invalid resource specified') abort(403, description='Unauthorized event update') elif request.method == 'PUT': if owner_req or guest_req: # access is authorized try: req_json = request.get_json() e = Event.from_json(req_json, graph, push_updates=False) event.update_to(graph, e) return SUCCESS_JSON except KeyError as e: bad_request('Request JSON must include key %s' % e) except GraphError as e: bad_request(e) abort(403, description='Unauthorized event request') elif request.method == 'DELETE': if owner_req: event.delete(graph) return SUCCESS_JSON abort(403, description='Unauthorized event deletion request')
def post_event(): req_json = request.get_json() # Fetch the person making the request req_user = auth_get_req_user(request) # Fetch the circle that the request is associated with circle = Circle.match(graph, req_json.get('Circle')).first() if not circle: abort(404, description='Invalid Circle Specified') owner_req = req_user.__primaryvalue__ == circle.owner_id member_req = circle.__primaryvalue__ in list( c.__primaryvalue__ for c in req_user.IsMember) member_valid_ping = owner_req or (member_req and circle.members_can_ping) if owner_req or member_valid_ping: try: e = Event.from_json(req_json, graph, push_updates=True) notif_manager.send_event_notif( graph, circle, e, req_user.__primaryvalue__) return SUCCESS_JSON except KeyError as e: bad_request('Request JSON must include key %s' % e) except GraphError as e: bad_request(e) abort(403, description='Insufficient Permissions')