def select_coder(mentor_id):
if not has_scope('add:coder'):
abort(403)
body = request.get_json()
coder_id = body.get('coderId', None)
if not coder_id:
abort(400)
coder = Coder.query.get(coder_id)
if not coder:
abort(404)
mentor = Mentor.query.get(mentor_id)
if not mentor:
abort(404)
try:
mentor.coders.append(coder)
mentor.update()
return jsonify({
"success":
True,
"message":
"A new coder has been added to your list of coders."
})
except:
abort(500)
def get_user_info(username):
# check permissions:
if not has_scope("get:userinfo"):
abort(403)
# First, check to see if user is a Coder
# If so, return relevant information for profile on front end
coder = Coder.get_by_name(username)
if coder:
if coder.mentor:
mentor = coder.mentor.username
else:
mentor = None
if coder.snippets:
snippets = [snippet.to_dict() for snippet in coder.snippets]
else:
snippets = []
return jsonify({
"success": True,
"user_id": coder.id,
"usertype": "Coder",
"mentor": mentor,
"snippets": snippets
})
# If not a coder, then check to see if user is a Mentor
# If so, return relevant information for profile on front end
mentor = Mentor.get_by_name(username)
if mentor:
coders = []
if mentor.coders:
coder_objs = mentor.coders
for coder in coder_objs:
coders.append({
"username":
coder.username,
"id":
coder.id,
"snippets": [
snippet.to_dict() for snippet in coder.snippets
if snippet.needs_review
]
})
else:
coders = []
return jsonify({
"success": True,
"user_id": mentor.id,
"usertype": "Mentor",
"coders": coders
})
# If neither a coder nor a mentor is found, return 404 error
abort(404)
def post_revised_snippet(snippet_id):
if not has_scope('edit:snippet'):
abort(403)
body = request.get_json()
# check to be sure required fields (body and code) are in snippet,
# if not, return a 400 error
if not body.get('name') or not body.get('code'):
abort(400)
# get basic information for next authorization tests
coder_id = body.get('coderId', None)
usertype = body.get('usertype', None)
user_id = body.get('userId', None)
# Internal authorization checks -
# check specific id of user:
# - if posted by a coder, make sure it is the snippet's owner
if usertype == 'Coder':
if user_id != coder_id:
abort(403)
# - if posted by a mentor, make sure it is the mentor of the
# snippet's owner
elif usertype == 'Mentor':
coder = Coder.query.get(coder_id)
if not coder:
abort(400)
if (coder.mentor_id != user_id):
abort(403)
# - if usertype something other than Coder or Mentor, abort with 400 error
else:
abort(400)
# Get the snippet (if not found, return 404 error)
snippet = Snippet.query.get(snippet_id)
if not snippet:
abort(404)
try:
snippet.snippet_name = body.get('name')
snippet.code = body.get('code')
snippet.needs_review = body.get('needsReview', False)
snippet.comments = body.get('comments', '')
snippet.update()
return jsonify({
"success":
True,
"message":
"Snippet has been successfully updated in database"
})
except:
abort(500)
def get_mentors():
if not has_scope("get:mentors"):
abort(403)
try:
mentors = [mentor.to_dict() for mentor in Mentor.query.all()]
return jsonify({"success": True, "mentors": mentors})
except:
abort(500)
def get_all_coders():
if not has_scope('get:coders'):
abort(403)
try:
coders = [coder.to_dict() for coder in Coder.query.all()]
return jsonify({"success": True, "coders": coders})
except:
abort(500)
def get_snippet(snippet_id):
if not has_scope('edit:snippet'):
abort(403)
snippet = Snippet.query.get(snippet_id)
if not snippet:
abort(404)
snippet = snippet.to_dict()
snippet['success'] = True
return jsonify(snippet)
def get_available_coders():
if not has_scope('get:coders'):
abort(403)
try:
available_coders = [
coder.to_dict() for coder in Coder.need_mentor()
]
return jsonify({"success": True, "coders": available_coders})
except:
abort(500)
def select_mentor(coder_id):
if not has_scope('add:mentor'):
abort(403)
body = request.get_json()
mentor_id = body.get('mentorId', None)
if not mentor_id:
abort(400)
mentor = Mentor.query.get(mentor_id)
if not mentor:
abort(404)
coder = Coder.query.get(coder_id)
if not coder:
abort(404)
try:
# check to see if the coder already has a mentor:
if coder.mentor_id:
# if the coder is already associated with the mentor from the call
# then no more need be done
if (coder.mentor_id == mentor_id):
return jsonify({
"success":
True,
"message":
"This mentor was already the mentor for this coder."
})
# if the coder is associated with a different mentor, then remove the coder
# from that mentor's list of coders
else:
current_mentor = Mentor.query.get(coder.mentor_id)
current_mentor.coders.remove(coder)
current_mentor.update()
# then, add the coder to the new mentor's list of coders
mentor.coders.append(coder)
mentor.update()
return jsonify({
"success":
True,
"message":
"A new mentor has been selected for this coder."
})
except:
abort(500)
def post_new_snippet():
if not has_scope("post:snippet"):
abort(403)
body = request.get_json()
coderId = body.get('coderId', None)
coder = Coder.query.get(coderId)
if not coder:
abort(404)
attrs = {}
attrs['snippet_name'] = body.get('name', None)
attrs['code'] = body.get('code', None)
attrs['needs_review'] = body.get('needsReview', False)
attrs['comments'] = body.get('comments', '')
if attrs['snippet_name'] and attrs['code']:
try:
snippet = Snippet(**attrs)
# insert snippet by appending as a child to its coder and
# updating coder
coder.snippets.append(snippet)
coder.update()
return jsonify({
"success":
True,
"message":
"Snippet has been successfully saved to database"
})
except:
abort(500)
else:
abort(400)
def delete_snippet(snippet_id):
# verify has permission to delete a snippet
if not has_scope('delete:snippet'):
abort(403)
body = request.get_json()
# check to make sure a coder_id was supplied, if not return 400
coder_id = body.get('coderId', None)
if not coder_id:
abort(400)
# get Snippet. If not found, return 404
snippet = Snippet.query.get(snippet_id)
if not snippet:
abort(404)
# verify that coder_id matches snippet's coder_id, if not, return 403
if coder_id != snippet.coder_id:
abort(403)
# get Coder. If not found, return 500
# note, if they've gotten this far (which means coder_id matches
# snippet.coder_id), then the coder should exist, so that is why returning
# a code 500 instead of 404 here
coder = Coder.query.get(coder_id)
if not coder:
abort(500)
try:
snippet.delete()
return jsonify({
"success": True,
"message": "Snippet has been deleted."
})
except:
abort(500)
