def select_coder(mentor_id): if not has_scope('add:coder'): abort(403) body = request.get_json() coder_id = body.get('coderId', None) if not coder_id: abort(400) coder = Coder.query.get(coder_id) if not coder: abort(404) mentor = Mentor.query.get(mentor_id) if not mentor: abort(404) try: mentor.coders.append(coder) mentor.update() return jsonify({ "success": True, "message": "A new coder has been added to your list of coders." }) except: abort(500)
def get_user_info(username): # check permissions: if not has_scope("get:userinfo"): abort(403) # First, check to see if user is a Coder # If so, return relevant information for profile on front end coder = Coder.get_by_name(username) if coder: if coder.mentor: mentor = coder.mentor.username else: mentor = None if coder.snippets: snippets = [snippet.to_dict() for snippet in coder.snippets] else: snippets = [] return jsonify({ "success": True, "user_id": coder.id, "usertype": "Coder", "mentor": mentor, "snippets": snippets }) # If not a coder, then check to see if user is a Mentor # If so, return relevant information for profile on front end mentor = Mentor.get_by_name(username) if mentor: coders = [] if mentor.coders: coder_objs = mentor.coders for coder in coder_objs: coders.append({ "username": coder.username, "id": coder.id, "snippets": [ snippet.to_dict() for snippet in coder.snippets if snippet.needs_review ] }) else: coders = [] return jsonify({ "success": True, "user_id": mentor.id, "usertype": "Mentor", "coders": coders }) # If neither a coder nor a mentor is found, return 404 error abort(404)
def post_revised_snippet(snippet_id): if not has_scope('edit:snippet'): abort(403) body = request.get_json() # check to be sure required fields (body and code) are in snippet, # if not, return a 400 error if not body.get('name') or not body.get('code'): abort(400) # get basic information for next authorization tests coder_id = body.get('coderId', None) usertype = body.get('usertype', None) user_id = body.get('userId', None) # Internal authorization checks - # check specific id of user: # - if posted by a coder, make sure it is the snippet's owner if usertype == 'Coder': if user_id != coder_id: abort(403) # - if posted by a mentor, make sure it is the mentor of the # snippet's owner elif usertype == 'Mentor': coder = Coder.query.get(coder_id) if not coder: abort(400) if (coder.mentor_id != user_id): abort(403) # - if usertype something other than Coder or Mentor, abort with 400 error else: abort(400) # Get the snippet (if not found, return 404 error) snippet = Snippet.query.get(snippet_id) if not snippet: abort(404) try: snippet.snippet_name = body.get('name') snippet.code = body.get('code') snippet.needs_review = body.get('needsReview', False) snippet.comments = body.get('comments', '') snippet.update() return jsonify({ "success": True, "message": "Snippet has been successfully updated in database" }) except: abort(500)
def get_mentors(): if not has_scope("get:mentors"): abort(403) try: mentors = [mentor.to_dict() for mentor in Mentor.query.all()] return jsonify({"success": True, "mentors": mentors}) except: abort(500)
def get_all_coders(): if not has_scope('get:coders'): abort(403) try: coders = [coder.to_dict() for coder in Coder.query.all()] return jsonify({"success": True, "coders": coders}) except: abort(500)
def get_snippet(snippet_id): if not has_scope('edit:snippet'): abort(403) snippet = Snippet.query.get(snippet_id) if not snippet: abort(404) snippet = snippet.to_dict() snippet['success'] = True return jsonify(snippet)
def get_available_coders(): if not has_scope('get:coders'): abort(403) try: available_coders = [ coder.to_dict() for coder in Coder.need_mentor() ] return jsonify({"success": True, "coders": available_coders}) except: abort(500)
def select_mentor(coder_id): if not has_scope('add:mentor'): abort(403) body = request.get_json() mentor_id = body.get('mentorId', None) if not mentor_id: abort(400) mentor = Mentor.query.get(mentor_id) if not mentor: abort(404) coder = Coder.query.get(coder_id) if not coder: abort(404) try: # check to see if the coder already has a mentor: if coder.mentor_id: # if the coder is already associated with the mentor from the call # then no more need be done if (coder.mentor_id == mentor_id): return jsonify({ "success": True, "message": "This mentor was already the mentor for this coder." }) # if the coder is associated with a different mentor, then remove the coder # from that mentor's list of coders else: current_mentor = Mentor.query.get(coder.mentor_id) current_mentor.coders.remove(coder) current_mentor.update() # then, add the coder to the new mentor's list of coders mentor.coders.append(coder) mentor.update() return jsonify({ "success": True, "message": "A new mentor has been selected for this coder." }) except: abort(500)
def post_new_snippet(): if not has_scope("post:snippet"): abort(403) body = request.get_json() coderId = body.get('coderId', None) coder = Coder.query.get(coderId) if not coder: abort(404) attrs = {} attrs['snippet_name'] = body.get('name', None) attrs['code'] = body.get('code', None) attrs['needs_review'] = body.get('needsReview', False) attrs['comments'] = body.get('comments', '') if attrs['snippet_name'] and attrs['code']: try: snippet = Snippet(**attrs) # insert snippet by appending as a child to its coder and # updating coder coder.snippets.append(snippet) coder.update() return jsonify({ "success": True, "message": "Snippet has been successfully saved to database" }) except: abort(500) else: abort(400)
def delete_snippet(snippet_id): # verify has permission to delete a snippet if not has_scope('delete:snippet'): abort(403) body = request.get_json() # check to make sure a coder_id was supplied, if not return 400 coder_id = body.get('coderId', None) if not coder_id: abort(400) # get Snippet. If not found, return 404 snippet = Snippet.query.get(snippet_id) if not snippet: abort(404) # verify that coder_id matches snippet's coder_id, if not, return 403 if coder_id != snippet.coder_id: abort(403) # get Coder. If not found, return 500 # note, if they've gotten this far (which means coder_id matches # snippet.coder_id), then the coder should exist, so that is why returning # a code 500 instead of 404 here coder = Coder.query.get(coder_id) if not coder: abort(500) try: snippet.delete() return jsonify({ "success": True, "message": "Snippet has been deleted." }) except: abort(500)