Python api_forbidden_response Exemples

Exemple #1

Fichier : handlers.py Projet : Hao-Hsuan/KhanLatest

def delete_scratchpad(scratchpad_id):
    """Mark a pre-existing Scratchpad as deleted.

    An empty request body is expected."""

    if not gandalf.bridge.gandalf("scratchpads"):
        return api_forbidden_response(
            "Forbidden: You don't have permission to do this")

    user = UserData.current()
    scratchpad = scratchpad_models.Scratchpad.get_by_id(scratchpad_id)

    if not scratchpad or scratchpad.deleted:
        return api_not_found_response(
            "No scratchpad with id %s" % scratchpad_id)

    # Users can only delete scratchpad they created
    # EXCEPTION: Developres can delete any scratchpad
    if not user.developer and scratchpad.user_id != user.user_id:
        return api_forbidden_response(
            "Forbidden: Scratchpad owned by different user")

    scratchpad.deleted = True
    scratchpad.put()

    return api_success_no_content_response()

Exemple #2

Fichier : handlers.py Projet : Hao-Hsuan/KhanLatest

def create_scratchpad():
    """Create a new Scratchpad and associated ScratchpadRevision.

    The POST data should be a JSON-encoded dict, which is passed verbatim to
    Scratchpad.create as keyword arguments.
    """
    if not gandalf.bridge.gandalf("scratchpads"):
        return api_forbidden_response(
            "Forbidden: You don't have permission to do this")

    if not request.json:
        return api_invalid_param_response("Bad data supplied: Not JSON")

    # TODO(jlfwong): Support phantom users
    user = UserData.current()

    if not (user and user.developer):
        # Certain fields are only modifiable by developers
        for field in scratchpad_models.Scratchpad._developer_only_fields:
            if request.json.get(field):
                return api_forbidden_response(
                    "Forbidden: Only developers can change the %s" % field)

    try:
        # Convert unicode encoded JSON keys to strings
        create_args = dict_keys_to_strings(request.json)
        if user:
            create_args['user_id'] = user.user_id
        return scratchpad_models.Scratchpad.create(**create_args)
    except (db.BadValueError, db.BadKeyError), e:
        return api_invalid_param_response("Bad data supplied: " + e.message)

Exemple #3

def create_scratchpad():
    """Create a new Scratchpad and associated ScratchpadRevision.

    The POST data should be a JSON-encoded dict, which is passed verbatim to
    Scratchpad.create as keyword arguments.
    """
    if not gandalf.bridge.gandalf("scratchpads"):
        return api_forbidden_response(
            "Forbidden: You don't have permission to do this")

    if not request.json:
        return api_invalid_param_response("Bad data supplied: Not JSON")

    # TODO(jlfwong): Support phantom users
    user = UserData.current()

    if not (user and user.developer):
        # Certain fields are only modifiable by developers
        for field in scratchpad_models.Scratchpad._developer_only_fields:
            if request.json.get(field):
                return api_forbidden_response(
                    "Forbidden: Only developers can change the %s" % field)

    try:
        # Convert unicode encoded JSON keys to strings
        create_args = dict_keys_to_strings(request.json)
        if user:
            create_args['user_id'] = user.user_id
        return scratchpad_models.Scratchpad.create(**create_args)
    except (db.BadValueError, db.BadKeyError), e:
        return api_invalid_param_response("Bad data supplied: " + e.message)

Exemple #4

def delete_scratchpad(scratchpad_id):
    """Mark a pre-existing Scratchpad as deleted.

    An empty request body is expected."""

    if not gandalf.bridge.gandalf("scratchpads"):
        return api_forbidden_response(
            "Forbidden: You don't have permission to do this")

    user = UserData.current()
    scratchpad = scratchpad_models.Scratchpad.get_by_id(scratchpad_id)

    if not scratchpad or scratchpad.deleted:
        return api_not_found_response("No scratchpad with id %s" %
                                      scratchpad_id)

    # Users can only delete scratchpad they created
    # EXCEPTION: Developres can delete any scratchpad
    if not user.developer and scratchpad.user_id != user.user_id:
        return api_forbidden_response(
            "Forbidden: Scratchpad owned by different user")

    scratchpad.deleted = True
    scratchpad.put()

    return api_success_no_content_response()

Exemple #5

Fichier : handlers.py Projet : Hao-Hsuan/KhanLatest

def update_scratchpad(scratchpad_id):
    """Update a pre-existing Scratchpad and create a new ScratchpadRevision.

    The POST data should be a JSON-encoded dict, which is passsed verbatim to
    Scratchpad.update as keyword arguments.
    """
    if not gandalf.bridge.gandalf("scratchpads"):
        return api_forbidden_response(
            "Forbidden: You don't have permission to do this")

    if not request.json:
        return api_invalid_param_response("Bad data supplied: Not JSON")

    user = UserData.current()
    scratchpad = scratchpad_models.Scratchpad.get_by_id(scratchpad_id)

    if not scratchpad or scratchpad.deleted:
        return api_not_found_response(
            "No scratchpad with id %s" % scratchpad_id)

    if not user.developer:
        # Certain fields are only modifiable by developers
        for field in scratchpad_models.Scratchpad._developer_only_fields:
            if request.json.get(field):
                return api_forbidden_response(
                    "Forbidden: Only developers can change the %s" % field)

    # The user can update the scratchpad if any of the following are true:
    #  1. The scratchpad is tutorial/official and the user is a developer
    #  2. The scratchpad was created by the user
    if scratchpad.category in ("tutorial", "official") and user.developer:
        pass
    elif scratchpad.user_id != user.user_id:
        # Only the creator of a scratchpad can update it
        return api_forbidden_response(
            "Forbidden: Scratchpad owned by different user")

    try:
        # Convert unicode encoded JSON keys to strings
        update_args = dict_keys_to_strings(request.json)
        if 'id' in update_args:
            # Backbone passes the id in update calls - ignore it
            del update_args['id']
        return scratchpad.update(**update_args)
    except (db.BadValueError, db.BadKeyError), e:
        return api_invalid_param_response("Bad data supplied: " + e.message)

Exemple #6

def update_scratchpad(scratchpad_id):
    """Update a pre-existing Scratchpad and create a new ScratchpadRevision.

    The POST data should be a JSON-encoded dict, which is passsed verbatim to
    Scratchpad.update as keyword arguments.
    """
    if not gandalf.bridge.gandalf("scratchpads"):
        return api_forbidden_response(
            "Forbidden: You don't have permission to do this")

    if not request.json:
        return api_invalid_param_response("Bad data supplied: Not JSON")

    user = UserData.current()
    scratchpad = scratchpad_models.Scratchpad.get_by_id(scratchpad_id)

    if not scratchpad or scratchpad.deleted:
        return api_not_found_response("No scratchpad with id %s" %
                                      scratchpad_id)

    if not user.developer:
        # Certain fields are only modifiable by developers
        for field in scratchpad_models.Scratchpad._developer_only_fields:
            if request.json.get(field):
                return api_forbidden_response(
                    "Forbidden: Only developers can change the %s" % field)

    # The user can update the scratchpad if any of the following are true:
    #  1. The scratchpad is tutorial/official and the user is a developer
    #  2. The scratchpad was created by the user
    if scratchpad.category in ("tutorial", "official") and user.developer:
        pass
    elif scratchpad.user_id != user.user_id:
        # Only the creator of a scratchpad can update it
        return api_forbidden_response(
            "Forbidden: Scratchpad owned by different user")

    try:
        # Convert unicode encoded JSON keys to strings
        update_args = dict_keys_to_strings(request.json)
        if 'id' in update_args:
            # Backbone passes the id in update calls - ignore it
            del update_args['id']
        return scratchpad.update(**update_args)
    except (db.BadValueError, db.BadKeyError), e:
        return api_invalid_param_response("Bad data supplied: " + e.message)

Exemple #7

Fichier : handlers.py Projet : Hao-Hsuan/KhanLatest

def get_user_scratchpads():
    if not gandalf.bridge.gandalf("scratchpads"):
        return api_forbidden_response(
            "Forbidden: You don't have permission to do this")

    user_data = (get_visible_user_data_from_request() or
                 UserData.pre_phantom())
    return list(scratchpad_models.Scratchpad
        .get_for_user_data(user_data)
        .run(batch_size=1000))

Exemple #8

def get_user_scratchpads():
    if not gandalf.bridge.gandalf("scratchpads"):
        return api_forbidden_response(
            "Forbidden: You don't have permission to do this")

    user_data = (get_visible_user_data_from_request()
                 or UserData.pre_phantom())
    return list(
        scratchpad_models.Scratchpad.get_for_user_data(user_data).run(
            batch_size=1000))