def votes_collection_add_json(request): ctx = request.context user_id = authenticated_userid(request) permissions = get_permissions( user_id, ctx.get_discussion_id()) check_permissions(ctx, user_id, permissions, CrudPermissions.CREATE) typename = ctx.collection_class.external_typename() typename = request.json_body.get( '@type', ctx.collection_class.external_typename()) json = request.json_body json['voter'] = User.uri_generic(user_id) try: instances = ctx.create_object(typename, json, user_id) except Exception as e: raise HTTPBadRequest(e) if instances: first = instances[0] db = first.db() for instance in instances: db.add(instance) db.flush() view = request.GET.get('view', None) or 'default' return Response( dumps(first.generic_json(view, user_id, permissions)), location=first.uri_generic(first.id), status_code=201)
def set_local_role(request): # Do not use check_permissions, this is a special case ctx = request.context instance = ctx._instance user_id = authenticated_userid(request) if not user_id: raise HTTPUnauthorized() discussion_id = ctx.get_discussion_id() user_uri = User.uri_generic(user_id) if discussion_id is None: raise HTTPBadRequest() permissions = get_permissions(user_id, discussion_id) json = request.json_body requested_user = json.get('user', None) if not requested_user: json['user'] = requested_user = user_uri elif requested_user != user_uri and P_ADMIN_DISC not in permissions: raise HTTPUnauthorized() if P_ADMIN_DISC not in permissions: if P_SELF_REGISTER in permissions: json['requested'] = False json['role'] = R_PARTICIPANT elif P_SELF_REGISTER_REQUEST in permissions: json['requested'] = True else: raise HTTPUnauthorized() updated = instance.update_from_json(json, user_id, ctx) view = request.GET.get('view', None) or 'default' if view == 'id_only': return [updated.uri()] else: return updated.generic_json(view, user_id, permissions)
def post_put_json(request): json_data = request.json_body if has_moderation(json_data): raise_if_cannot_moderate(request) json_data['moderated_on'] = datetime.utcnow().isoformat()+"Z" json_data['moderator'] = User.uri_generic( authenticated_userid(request)) return instance_put_json(request, json_data)
def post_put(request): form_data = request.params if has_moderation(form_data): raise_if_cannot_moderate(request) form_data = dict(form_data) form_data['moderated_on'] = datetime.utcnow().isoformat()+"Z" form_data['moderator'] = User.uri_generic( authenticated_userid(request)) return instance_put_form(request, form_data)
def add_local_role(request): # Do not use check_permissions, this is a special case ctx = request.context user_id = request.authenticated_userid if not user_id: raise HTTPUnauthorized() discussion_id = ctx.get_discussion_id() discussion = Discussion.get(discussion_id) user_uri = User.uri_generic(user_id) if discussion_id is None: raise HTTPBadRequest() permissions = get_permissions(user_id, discussion_id) json = request.json_body if "discussion" not in json: json["discussion"] = Discussion.uri_generic(discussion_id) requested_user = json.get('user', None) if not requested_user: json['user'] = requested_user = user_uri elif requested_user != user_uri and P_ADMIN_DISC not in permissions: raise HTTPUnauthorized() if P_ADMIN_DISC not in permissions: if P_SELF_REGISTER in permissions: json['requested'] = False json['role'] = R_PARTICIPANT req_user = User.get_instance(requested_user) if not discussion.check_authorized_email(req_user): raise HTTPForbidden() elif P_SELF_REGISTER_REQUEST in permissions: json['requested'] = True else: raise HTTPUnauthorized() try: instances = ctx.create_object("LocalUserRole", json, user_id) except HTTPClientError as e: raise e except Exception as e: raise HTTPBadRequest(e) if instances: first = instances[0] db = first.db for instance in instances: db.add(instance) db.flush() # Side effect: materialize subscriptions. if not first.requested: # relationship may not be initialized user = first.user or User.get(first.user_id) user.get_notification_subscriptions(discussion_id, True) # Update the user's AgentStatusInDiscussion user.update_agent_status_subscribe(discussion) view = request.GET.get('view', None) or 'default' permissions = get_permissions( user_id, ctx.get_discussion_id()) return CreationResponse(first, user_id, permissions, view)
def add_local_role(request): # Do not use check_permissions, this is a special case ctx = request.context user_id = request.authenticated_userid if not user_id: raise HTTPUnauthorized() discussion_id = ctx.get_discussion_id() discussion = Discussion.get(discussion_id) user_uri = User.uri_generic(user_id) if discussion_id is None: raise HTTPBadRequest() permissions = get_permissions(user_id, discussion_id) json = request.json_body if "discussion" not in json: json["discussion"] = Discussion.uri_generic(discussion_id) requested_user = json.get('user', None) if not requested_user: json['user'] = requested_user = user_uri elif requested_user != user_uri and P_ADMIN_DISC not in permissions: raise HTTPUnauthorized() if P_ADMIN_DISC not in permissions: if P_SELF_REGISTER in permissions: json['requested'] = False json['role'] = R_PARTICIPANT req_user = User.get_instance(requested_user) if not discussion.check_authorized_email(req_user): raise HTTPForbidden() elif P_SELF_REGISTER_REQUEST in permissions: json['requested'] = True else: raise HTTPUnauthorized() try: instances = ctx.create_object("LocalUserRole", json, user_id) except HTTPClientError as e: raise e except Exception as e: raise HTTPBadRequest(e) if instances: first = instances[0] db = first.db for instance in instances: db.add(instance) db.flush() # Side effect: materialize subscriptions. if not first.requested: # relationship may not be initialized user = first.user or User.get(first.user_id) user.get_notification_subscriptions(discussion_id, True) # Update the user's AgentStatusInDiscussion user.update_agent_status_subscribe(discussion) view = request.GET.get('view', None) or 'default' permissions = get_permissions(user_id, ctx.get_discussion_id()) return CreationResponse(first, user_id, permissions, view)
def votes_collection_add_json(request): ctx = request.context user_id = authenticated_userid(request) if not user_id: raise HTTPUnauthorized permissions = ctx.get_permissions() check_permissions(ctx, user_id, CrudPermissions.CREATE) spec = ctx.get_instance_of_class(AbstractVoteSpecification) if spec: required = spec.get_vote_class() else: required = ctx.collection_class widget = ctx.get_instance_of_class(VotingWidget) if not widget and spec: widget = spec.widget if not widget: raise HTTPBadRequest("Please provide a reference to a widget") if widget.activity_state != 'active': raise HTTPUnauthorized("Not in voting period") typename = request.json_body.get('@type', None) if typename: cls = get_named_class(typename) if not issubclass(cls, required): raise HTTPBadRequest("@type is %s, should be in %s" % ( typename, spec.get_vote_class().__name__)) else: typename = required.external_typename() json = request.json_body json['voter'] = User.uri_generic(user_id) if "@type" not in json: json["@type"] = typename else: pass # TODO: Check subclass try: instances = ctx.create_object(typename, json) except Exception as e: raise HTTPBadRequest(e) if instances: first = instances[0] db = first.db for instance in instances: db.add(instance) db.flush() # validate after flush so we can check validity with DB constraints if not first.is_valid(): raise HTTPBadRequest("Invalid vote") view = request.GET.get('view', None) or 'default' return Response( dumps(first.generic_json(view, user_id, permissions)), location=first.uri_generic(first.id), status_code=201)
def add_local_role(request): # Do not use check_permissions, this is a special case ctx = request.context user_id = authenticated_userid(request) if user_id == Everyone: raise HTTPUnauthorized() discussion_id = ctx.get_discussion_id() user_uri = User.uri_generic(user_id) if discussion_id is None: raise HTTPBadRequest() permissions = get_permissions(user_id, discussion_id) json = request.json_body if "discussion" not in json: json["discussion"] = Discussion.uri_generic(discussion_id) requested_user = json.get('user', None) if not requested_user: json['user'] = requested_user = user_uri elif requested_user != user_uri and P_ADMIN_DISC not in permissions: raise HTTPUnauthorized() if P_ADMIN_DISC not in permissions: if P_SELF_REGISTER in permissions: json['requested'] = False json['role'] = R_PARTICIPANT elif P_SELF_REGISTER_REQUEST in permissions: json['requested'] = True else: raise HTTPUnauthorized() try: instances = ctx.create_object("LocalUserRole", json, user_id) except HTTPClientError as e: raise e except Exception as e: raise HTTPBadRequest(e) if instances: first = instances[0] db = first.db() for instance in instances: db.add(instance) db.flush() # Side effect: materialize subscriptions. if not first.requested: # relationship may not be initialized user = first.user or User.get(first.user_id) user.get_notification_subscriptions(discussion_id, True) view = request.GET.get('view', None) or 'default' permissions = get_permissions( user_id, ctx.get_discussion_id()) return Response( dumps(first.generic_json(view, user_id, permissions)), location=first.uri_generic(first.id), status_code=201)
def votes_collection_add_json(request): ctx = request.context user_id = authenticated_userid(request) if not user_id: raise HTTPUnauthorized permissions = get_permissions( user_id, ctx.get_discussion_id()) check_permissions(ctx, user_id, permissions, CrudPermissions.CREATE) widget = ctx.get_instance_of_class(MultiCriterionVotingWidget) if widget.activity_state != 'active': raise HTTPUnauthorized("Not in voting period") spec = ctx.get_instance_of_class(AbstractVoteSpecification) if spec: required = spec.get_vote_class() else: required = ctx.collection_class typename = request.json_body.get('@type', None) if typename: cls = get_named_class(typename) if not issubclass(cls, required): raise HTTPBadRequest("@type is %s, should be in %s" % ( typename, spec.get_vote_class().__name__)) else: typename = required.external_typename() json = request.json_body json['voter'] = User.uri_generic(user_id) try: instances = ctx.create_object(typename, json, user_id) except Exception as e: raise HTTPBadRequest(e) if instances: first = instances[0] db = first.db for instance in instances: db.add(instance) db.flush() # validate after flush so we can check validity with DB constraints if not first.is_valid(): raise HTTPBadRequest("Invalid vote") view = request.GET.get('view', None) or 'default' return Response( dumps(first.generic_json(view, user_id, permissions)), location=first.uri_generic(first.id), status_code=201)
def votes_collection_add_json(request): ctx = request.context user_id = authenticated_userid(request) if not user_id: raise HTTPUnauthorized permissions = get_permissions( user_id, ctx.get_discussion_id()) check_permissions(ctx, user_id, permissions, CrudPermissions.CREATE) widget = ctx.get_instance_of_class(MultiCriterionVotingWidget) if widget.activity_state != 'active': raise HTTPUnauthorized("Not in voting period") spec = ctx.get_instance_of_class(AbstractVoteSpecification) if spec: required = spec.get_vote_class() else: required = ctx.collection_class typename = request.json_body.get('@type', None) if typename: cls = get_named_class(typename) if not issubclass(cls, required): raise HTTPBadRequest("@type is %s, should be in %s" % ( typename, spec.get_vote_class().__name__)) else: typename = required.external_typename() json = request.json_body json['voter'] = User.uri_generic(user_id) try: instances = ctx.create_object(typename, json, user_id) except Exception as e: raise HTTPBadRequest(e) if instances: first = instances[0] if not first.is_valid(): raise HTTPBadRequest("Invalid vote") db = first.db for instance in instances: db.add(instance) db.flush() view = request.GET.get('view', None) or 'default' return Response( dumps(first.generic_json(view, user_id, permissions)), location=first.uri_generic(first.id), status_code=201)
def post_put(request): form_data = request.params if has_moderation(form_data): raise_if_cannot_moderate(request) form_data = dict(form_data) form_data['moderated_on'] = datetime.utcnow().isoformat()+"Z" form_data['moderator'] = User.uri_generic( request.authenticated_userid) ctx = request.context user_id = request.authenticated_userid or Everyone permissions = get_permissions( user_id, ctx.get_discussion_id()) post = ctx._instance discussion = post.discussion if (post.publication_state == models.PublicationStates.PUBLISHED and P_MODERATE not in permissions and discussion.preferences['with_moderation']): raise HTTPUnauthorized() # TODO: apply guess_languages return instance_put_form(request, form_data)