def cancel_friend_request(user_id):
friend_request_sent = g.me.friend_requests_sent.filter(
friend_requests.c.friended_id == user_id).first_or_404()
if friend_request_sent is not None:
g.me.friend_requests_sent.remove(friend_request_sent)
db.session.commit()
return succ('Succesfully cancelled friend request.')
def end_event(event_id):
event = Event.query.get_or_404(event_id)
if not (g.me.admin or event.is_hosted_by(g.me)):
abort(403)
event.ended = True
db.session.commit()
return succ('Event ended successfully.')
def unblock_user(user_id):
user = User.query.get(user_id)
if g.me.unblock(user):
db.session.commit()
return succ('Succesfully unblocked user.')
else:
return fail('You haven\'t blocked this person.')
def block_user(user_id):
user = User.query.get(user_id)
if g.me.block(user):
db.session.commit()
return succ('Succesfully blocked user.')
else:
return fail('You\'ve already blocked this person.')
def delete_key(key_id):
key = Key.query.get(key_id)
if key.user_id != g.user.id:
return fail('You may not delete this key.', 403)
key.deleted = True
db.session.commit()
return succ('Key deleted.')
def create_friend_request(user_id):
user = User.query.get_or_404(user_id)
if g.me.friend_request(user):
db.session.commit()
notifier.friend_request(g.me, user)
return succ('Succesfully sent friend request!')
else:
return fail('You\'re already friends with this person.')
def delete_event(event_id):
event = Event.query.get_or_404(event_id)
if not (g.me.admin or event.is_hosted_by(g.me)):
abort(403)
# FIXME: this fails because we haven't gotten rid of the hostships
db.session.delete(event)
db.session.commit()
return succ('Event deleted successfully.')
def accept_friend_request(friender_id):
req = g.me.friend_requests_received.filter(
friend_requests.c.friender_id == friender_id).first_or_404()
friend = User.query.get(friender_id)
friend.friended.append(g.me)
g.me.friend_requests_received.remove(req)
db.session.commit()
notifier.accept_friend_request(g.me, friend)
return succ('Accepted the request!')
def update_location():
lat = g.json['lat']
lng = g.json['lng']
# In order to save some processing, first check if the user is still at their current event
# (which they probably will be a decent percentage of the time).
if g.me.current_event_id is not None:
event = Event.query.get(g.me.current_event_id)
if attending(lat, lng, event.lat, event.lng):
return succ('Location received, no event change.')
g.me.current_event_id = None
for event in g.me.feed():
if (event.lat is not None and event.lng is not None) and attending(
lat, lng, event.lat, event.lng):
g.me.current_event_id = event.id
break
db.session.commit()
return succ('Location received!')
def reject_friend_request(user_id):
"""
Decline a friend request.
"""
req = g.me.friend_requests_received.filter(
friend_requests.c.friender_id == user_id).first_or_404()
g.me.friend_requests_received.remove(req)
db.session.commit()
return succ('Successfully rejected request.')
def create_review(event_id):
# TODO: check that I have access to this event
event = Event.query.get(event_id)
if g.json['positive'] and g.json['negative']:
fail('You can\'t review positively and negatively at the same time.')
g.me.review_on(event, g.json['positive'], g.json['negative'],
g.json['body'])
db.session.commit()
return succ('Reviewed successfully.')
def update_password():
old_password = g.json.get('old_password')
new_password = g.json.get('new_password')
if not old_password or not new_password:
return fail('Improper parameters.')
if g.me.is_password_correct(old_password):
g.me.set_password(new_password)
db.session.commit()
return succ('Successfully updated password!')
return fail('Incorrect password.', 403)
def delete_update(event_id, update_id):
event = Event.query.get_or_404(event_id)
update = Update.query.get_or_404(update_id)
if event.is_hosted_by(g.me):
event.updates.remove(update)
db.session.delete(update)
db.session.commit()
return succ('Deleted update.', 200)
else:
abort(403)
def delete_invite(event_id, user_id):
event = Event.query.get_or_404(event_id)
user = User.query.get_or_404(user_id)
# TODO: allow non-host users when transitive_invites is on to remove their own invitations but nobody elses
if event.is_hosted_by(g.me):
event.invites.remove(user)
db.session.commit()
return succ('Cancelled invite.', 200)
else:
abort(403)
def delete_host(event_id, user_id):
event = Event.query.get_or_404(event_id)
user = User.query.get_or_404(user_id)
if (g.me.admin or event.is_hosted_by(g.me)) and user != g.me:
# TODO: Add remove_host function on event
event.hosts.remove(user)
db.session.commit()
return succ('Removed host.', 200)
else:
abort(403)
def add_host(event_id, user_id):
event = Event.query.get_or_404(event_id)
user = User.query.get_or_404(user_id)
if g.me.admin or event.is_hosted_by(g.me):
if event.add_host(user):
db.session.commit()
return succ('Added host.')
else:
return fail('User is already a host.')
else:
abort(403)
def remove_tag(event_id, tag_name):
event = Event.query.get_or_404(event_id)
if not (g.me.admin or event.is_hosted_by(g.me)):
abort(403)
if not event.has_tag(tag_name):
return fail('Event does not have this tag.')
if event.remove_tag(tag_name):
db.session.commit()
return succ('Removed tag.')
# Should not be reached, but just in case.
return fail('Tag not removed.')
def send_invite(event_id, user_id):
event = Event.query.get_or_404(event_id)
user = User.query.get_or_404(user_id)
# TODO: store who created an invitation, and allow users who aren't hosts to only remove their invitations
if event.transitive_invites or event.is_hosted_by(g.me):
if event.invite(user):
db.session.commit()
notifier.send_invite(event, user_from=g.me, user_to=user)
return succ('Invited user.')
else:
return fail('User already invited.')
else:
abort(403)
def add_tag(event_id, tag_name):
event = Event.query.get_or_404(event_id)
tag_name = tag_name.lower()
if not (g.me.admin or event.is_hosted_by(g.me)):
abort(403)
# First, check if the event already has this tag.
if event.has_tag(tag_name):
return fail('Event already has this tag.')
if event.add_tag(tag_name):
db.session.commit()
return succ('Added tag!')
# If the tag is blacklisted or there was another problem
return fail('Tag not added.')
def reset_password_request():
# get the post data
payload = request.get_json()
email = payload.get('email').lower().strip()
# check if user already exists
user = User.query.filter_by(email=email).first()
if user:
send_reset_password_email(user)
return succ(
'If this email has an associated account, a message has been sent to reset your password!',
201)
def friend_remove(user_id):
"""
Remove friendship.
"""
friendship_sent = g.me.friended.filter(
friendships.c.friended_id == user_id).first()
friendship_received = g.me.frienders.filter(
friendships.c.friender_id == user_id).first()
if friendship_sent is None and friendship_received is None:
return fail('Couldn\'t find a friendship with this person.')
if friendship_sent is not None:
g.me.friended.remove(friendship_sent)
if friendship_received is not None:
g.me.frienders.remove(friendship_received)
db.session.commit()
return succ('Succesfully removed friend.')
def register():
# get the post data
payload = request.get_json()
email = payload.get('email').lower().strip()
# check if user already exists
user = User.query.filter_by(email=email).first()
if not user:
try:
with open('resources/email_blacklist.txt') as f:
# TODO: should we just keep this in memory continuously rather than reading it every time?
email_blacklist = f.read().split('\n')
if email in email_blacklist:
return fail(
'Sorry, a student email address is required to register.',
401)
school = School.from_email(email)
if school is None:
# TODO: use non-Yale-specific message.
return fail(
'You must use a valid .edu email address from a supported school.',
401)
user = User(
name=payload['name'].strip(),
email=email,
year=payload['year'],
password=payload['password'],
confirmed=False,
school_id=school.id,
)
# Insert the user
db.session.add(user)
db.session.commit()
send_confirmation_email(user)
return succ(
'Check your inbox at ' + email +
' to confirm! (The email may take a few moments to deliver.)',
201)
except Exception as e:
return fail(
'Some error occurred. Please try again. Contact the developers if this continues to happen.',
500)
else:
return fail('User already exists. Please log in.', 202)
def update_me():
# TODO: make method of User
g.me.name = g.json['name']
db.session.commit()
return succ('Updated profile.')
def facebook_connect():
g.me.facebook_connect(g.json['id'], g.json['name'])
db.session.commit()
return succ('Successfully connected!')
def facebook_disconnect():
g.me.facebook_disconnect()
db.session.commit()
return succ('Successfully disconnected!')
def delete_review(event_id):
# TODO: check that I have access to this event
event = Event.query.get_or_404(event_id)
g.me.unreview_on(event)
db.session.commit()
return succ('Successfully unreviewd.')
