def del_project_user(id): # Check if specified ID is an integer if not function.isInt(id): return jsonify({"error": "id is not an integer"}), 400 # Fetch form data projectDetails = request.get_json() user = projectDetails.get('user') if user is None: return jsonify({"error": "Projectuser id not specified"}), 400 # Check if project actually exists project = database.getProjectByID(id) if project is None: return jsonify({"error": "Specified project does not exist"}) # Retrieve projectrole of user userRole = function.getProjectUserRole(get_jwt_identity(), id) # Retrieve projectrole of target targetRole = function.getProjectUserRole(user, id) # Check if both users are part of the same project if userRole is None: return jsonify({"error": "Must be a project member to delete users"}), 403 elif targetRole is None: return jsonify( {"error": "Target user is not a member of specified project"}), 403 # User is trying to delete somebody else if not (str(get_jwt_identity()) == str(user)): if userRole not in ['ADMIN', 'OWNER']: return jsonify({ "error": "Cannot delete project users without ADMIN or OWNER status" }), 403 elif targetRole == 'OWNER': return jsonify({"error": "Cannot delete the owner of a project"}), 403 elif targetRole == 'ADMIN': if userRole != 'OWNER': return jsonify({ "error": "Cannot delete a project admin without OWNER permission" }), 403 # User is trying to deleting himself, check that he is not the owner of the project else: if userRole == 'OWNER': return jsonify( {"error": "Cannot delete yourself from your own project"}), 403 # Delete project user if database.deleteProjectUser(id, user): return jsonify({"Info": "Projectuser deleted successfully"}), 200 else: return jsonify( {"erorr": "Something went wrong deleting the projectuser"}), 500
def add_post(id): # Check if specified ID is an integer if not function.isInt(id): return jsonify({"error": "id is not an integer"}), 400 # Fetch form data projectDetails = request.get_json() title = projectDetails.get('title') content = projectDetails.get('content') owner = get_jwt_identity() # Check if all data is supplied if title is None: return jsonify({"error": "Post title not specified"}), 400 if content is None: return jsonify({"error": "Post content not specified"}), 400 if owner is None: return jsonify({"error": "Project owner not specified"}), 400 if not function.isInt(owner): return jsonify({"error": "ownerID should be string"}) # Check if project actually exists project = database.getProjectByID(id) if project is None: return jsonify({"error": "Specified project does not exist"}) # Check if you have permission to post on this project userRole = function.getProjectUserRole(get_jwt_identity(), id) if not function.isProjectMember(userRole): return jsonify({"error": "Must be a project member to add post"}), 403 # Add post to the database post = database.addProjectPost(title, content, owner, id) return jsonify(post), 201
def get_project_post(id): limit = request.args.get('limit') offset = request.args.get('offset') if limit is not None and not function.isInt(limit): return jsonify({"error": "limit is not an integer"}), 400 if offset is not None and not function.isInt(offset): return jsonify({"error": "offset is not an integer"}), 400 dataCount = database.getProjectPostsCount(id) data = database.getProjectPosts(id, limit, offset) if data is None: return jsonify({"error": "No results found"}), 404 else: project = database.getProjectByID(id) if (project['projectVisibility'] == 'PRIVATE'): userRole = function.getProjectUserRole(get_jwt_identity(), id) if not function.isProjectMember(userRole): return jsonify( {"error": "Must be project member to view project posts"}), 403 for projectpost in data: user = database.getUserInfo(str(projectpost['postUser'])) projectpost['user'] = user dataCount['data'] = data return jsonify(dataCount), 200
def delete_comment(id): # Check if specified ID is an integer if not function.isInt(id): return jsonify({"error": "id is not an integer"}), 400 # Check if comment actually exists comment = database.getCommentByID(id) if comment is None: return jsonify({"error": "Specified comment does not exist"}) # Check if the user trying to delete the post is the post owner post = database.getPostByID(str(comment['commentPost'])) userRole = function.getProjectUserRole(get_jwt_identity(), post['postProject']) if not function.isProjectAdmin(userRole): if comment['commentUser'] != get_jwt_identity(): return jsonify( {"error": "Must be admin to delete comment of other user"}), 400 # Delete comment commentDeleted = database.deleteComment(id) if commentDeleted is True: return jsonify({"Info": "Comment deleted successfully"}), 200 else: return jsonify({"error": "Something went wrong deleting the comment"}), 500
def put_project_user(id): # Check if specified ID is an integer if not function.isInt(id): return jsonify({"error": "id is not an integer"}), 400 # Fetch form data projectDetails = request.get_json() user = projectDetails.get('user') role = projectDetails.get('role') # Check if all data is supplied if user is None: return jsonify({"error": "Projectuser id not specified"}), 400 if role is None: return jsonify({"error": "Projectuser role not specified"}), 400 if role not in allowed_projectUser_states: return jsonify({"error": "Projectuser role not a legal value"}), 400 # Check if project actually exists project = database.getProjectByID(id) if project is None: return jsonify({"error": "Specified project does not exist"}) # Check that you are not trying to change project owner if role == 'OWNER': return jsonify({"error": "Cannot set or tranfer project ownership"}), 403 # Retrieve projectrole of user userRole = function.getProjectUserRole(get_jwt_identity(), id) # If user issuing the request is not changing his own data, check if user is admin if not (str(get_jwt_identity()) == user): if not function.isProjectAdmin(userRole): return jsonify( {"error": "Must be a project admin to update user roles"}), 403 # If user issuing the request is changing own data, he can only change himself from invited to user elif userRole == 'INVITED': if role != 'USER': return jsonify({ "error": "May only change your own role from pending to user" }), 403 else: return jsonify( {"error": "May only change your own role from pending to user"}), 403 data = database.updateProjectUser(id, user, role) if data is not None: return jsonify(data), 200 else: return jsonify({"error": "No results found"}), 404
def get_project_id(id): # Check if specified ID is an integer if not function.isInt(id): return jsonify({"error": "id is not an integer"}), 400 data = database.getProjectByID(id) if data is None: return jsonify({"error": "No results found"}), 404 else: if (data['projectVisibility'] == 'PRIVATE'): userRole = function.getProjectUserRole(get_jwt_identity(), id) if not function.isProjectMember(userRole): return jsonify( {"error": "Must be project member to view project"}), 403 user = database.getUserInfo(str(data['projectOwner'])) data['owner'] = user return jsonify(data), 200
def del_project(id): # Check if specified ID is an integer if not function.isInt(id): return jsonify({"error": "id is not an integer"}), 400 # Check if project actually exists project = database.getProjectByID(id) if project is None: return jsonify({"error": "Specified project does not exist"}) # Check if you are the owner of the project you are trying to delete userRole = function.getProjectUserRole(get_jwt_identity(), id) if not function.isProjectOwner(userRole): return jsonify({"error": "Must be project owner to delete a project"}), 403 # Delete project if database.deleteProject(id): return jsonify({"Info": "Project deleted successfully"}), 200 else: return jsonify({"erorr": "Something went wrong deleting the project"}), 500
def add_comment(id): # Check if specified ID is an integer if not function.isInt(id): return jsonify({"error": "id is not an integer"}), 400 # Fetch form data postDetails = request.get_json() content = postDetails.get('content') parent = postDetails.get('parent') # Swap userID for JWT id userID = get_jwt_identity() if content is None: return jsonify({"error": "Comment content not specified"}), 400 if userID is None: return jsonify({"error": "Comment user id not specified"}), 400 # Check if post actually exists post = database.getPostByID(id) if post is None: return jsonify({"error": "Specified post does not exist"}), 400 # Check if you have permission to comment on this post userRole = function.getProjectUserRole(get_jwt_identity(), post['postProject']) if not function.isProjectMember(userRole): return jsonify({"error": "Must be a project member to comment on this post"}), 403 # Check if parent actually exists if parent is not None: comment = database.getCommentByID(str(parent)) if comment is None: return jsonify({"error": "Parent comment does not exist"}), 400 # Add comment comment = database.addPostComment(content, parent, userID, id) user = database.getUserByID(str(comment['commentUser'])) comment['user'] = user return jsonify(comment), 201
def put_project(id): # Check if specified ID is an integer if not function.isInt(id): return jsonify({"error": "id is not an integer"}), 400 # Fetch form data projectDetails = request.get_json() title = projectDetails.get('title') content = projectDetails.get('content') visibility = projectDetails.get('visibility') # Check if all data is supplied if title is None: return jsonify({"error": "Project title not specified"}), 400 if content is None: return jsonify({"error": "Project content not specified"}), 400 if visibility is None: return jsonify({"error": "Project visibility not specified"}), 400 if visibility not in allowed_project_visibilities: return jsonify({"error": "Project visibility not a legal value"}), 400 # Check if project actually exists project = database.getProjectByID(id) if project is None: return jsonify({"error": "Specified project does not exist"}) # Check if you have permission to update the project userRole = function.getProjectUserRole(get_jwt_identity(), id) if not function.isProjectAdmin(userRole): return jsonify( {"error": "Must be a project admin to update the project"}), 403 data = database.updateProject(id, title, content, visibility) if data is not None: return jsonify(data), 200 else: return jsonify({"error": "No results found"}), 404
def add_project_user(id): # Fetch form data projectDetails = request.get_json() user = projectDetails.get('user') role = projectDetails.get('role') # Check if all data is supplied if user is None: return jsonify({"error": "Project user not specified"}), 400 if role is None: return jsonify({"error": "Project user role not specified"}), 400 if role not in allowed_projectUser_states: return jsonify({"error": "Project user role not a legal value"}), 400 # Check if project actually exists project = database.getProjectByID(id) if project is None: return jsonify({"error": "Specified project does not exist"}) # Check if you have permission to add a user to this project projectVisibility = project['projectVisibility'] userRole = function.getProjectUserRole(get_jwt_identity(), id) validTarget = function.getProjectUserRole(role, id) print(type(user)) print(type(str(get_jwt_identity()))) print(user) print(get_jwt_identity()) if validTarget is None: if projectVisibility == 'PUBLIC': if role not in ['INVITED', 'USER']: return jsonify( {"error": "May only invite or add user on public project"}) elif projectVisibility == 'RESTRICTED': if role == 'INVITED': if not function.isProjectAdmin(userRole): return jsonify({ "error": "Only admins can invite users on restricted projects" }) elif role == 'PENDING': if user != str(get_jwt_identity()): return jsonify({ "error": "Only a user can request membership for himself" }) else: return jsonify({ "error": "May only invite or request user on restricted project" }) elif projectVisibility == 'PRIVATE': if role == 'INVITED': if not function.isProjectAdmin(userRole): return jsonify({ "error": "Only admins can invite users on private projects" }) else: return jsonify({ "error": "You may only invite users for private projects" }) else: return jsonify({"error": "User already has a project role"}) projectUser = database.addProjectUser(user, id, role) return jsonify(projectUser), 201