def delete_user(cls, request_user_id, user_delete): user = DBUser.get_by_id(request_user_id) dl_user = DBUser.get_by_id(user_delete) # if not user: # raise UserNotFoundError("user with id = %d does not exist", request_user_id) if not dl_user: raise UserNotFoundError("user with id = %d does not exist", user_delete) if user.role != "manager": raise AccessDeniedError("Not manager user cannot delete account") else: dl_user.delete()
def delete_comment(cls, user_id, comment_id): # not necessary to check user_id # if not is_id_valid(user_id): # raise InvalidFieldError("user id is invalid", ["user_id"]) if not is_id_valid(comment_id): raise InvalidFieldError("comment id is invalid", ["comment_id"]) user = DBUser.get_by_id(user_id) if not user: raise UserNotFoundError("User with id = %d does not exist" % user_id) comment = DBComment.get_by_id(comment_id) if not comment: raise CommentNotFoundError(comment_id=comment_id) # only allow commenter/post author to delete comment if comment.user_id != user_id and comment.post.author.id != user_id: raise AccessDeniedError("You cannot delete others comment") try: comment.delete() return comment except: raise
def update_comment(cls, user_id, comment_id, content): # not necessary to check user_id # if not is_id_valid(user_id): # raise InvalidFieldError("user id is invalid", ["user_id"]) if not is_id_valid(comment_id): raise InvalidFieldError("comment id is invalid", ["comment_id"]) commenter = DBUser.get_by_id(user_id) if not commenter: raise UserNotFoundError("User with id = %d does not exist" % user_id) comment = DBComment.get_by_id(comment_id) if not comment: raise CommentNotFoundError(comment_id=comment_id) if len(content) < 10: raise InvalidFieldError("comment is too short", ["content"]) # only allow commenter to update comment if comment.user_id != user_id: raise AccessDeniedError("You cannot edit others comment") comment.content = content try: comment.update() return comment except: raise
def find_post_by_author_pagination(cls, author_id, page=1, per_page=10): """ Find all post publish by specific author :param author_id: id of author to find post by :param page: page index begin at 1 :param per_page: :return: """ # valid user if if not is_id_valid(author_id): raise InvalidFieldError("author id does not valid.", ["author_id"]) # confirm user existent author = DBUser.get_by_id(author_id) if not author: raise UserNotFoundError("User with id = %d does not exist") args = {"user_id": author_id} # validate pagination info if not is_id_valid(page): page = 1 if int(per_page) <= 0 or int(per_page) >= 50: per_page = 10 pagination = DBPost.pagination_get(filter_dict=args, page=page, per_page=per_page, order_by="time desc") return pagination, author
def delete_post(cls, user_id, post_id): user = DBUser.get_by_id(user_id) if not user: raise UserNotFoundError("User with id = %d does not exist" % user_id) if not is_id_valid(post_id): raise InvalidFieldError("Post id is invalid", ["post_id"]) post = DBPost.get_by_id(post_id) if not post: raise PostNotFoundError(post_id=post_id) # only allow author and manager to delete post if post.author.id != user_id and user.role != "manager": raise AccessDeniedError("You don't have permission to delete this post.") post.delete()
def update_user(cls, user_id, email=None, password=None, confirm_password=None, first_name=None, last_name=None, brief=None, avatar=None): try: user = DBUser.get_by_id(user_id) if user is None: raise UserNotFoundError("User with id = %d does not exist" %user_id) # validate email if email and not is_email_address_valid(email): raise InvalidFieldError("Email address is not valid", ["email"]) elif email: user.email = email if password and confirm_password: # check matched password if password != confirm_password: raise InvalidFieldError("Password and confirm password does not match", ["password", "confirm_password"]) elif len(password) < 6: raise InvalidFieldError("Password length must be at least 6 characters", ["password"]) else: user.password = hashlib.md5(password).hexdigest() # validate name if first_name is not None and len(first_name) == 0: raise InvalidFieldError("First name is in valid", ["first_name"]) elif first_name: user.first_name = first_name if last_name is not None and len(last_name) == 0: raise InvalidFieldError("Last name is in valid", ["last_name"]) elif last_name: user.last_name = last_name if brief: user.brief = brief if avatar: user.avatar = avatar # persistent user object user.update() return user except: raise
def test_update_no_info(self): args = { "email": "*****@*****.**", "password": "******", "confirm_password": "******", "first_name": "Editor2", "last_name": "Nguyen", "brief": "Hello world" } User.update_user(self.user_id[1]) user = DBUser.get_by_id(self.user_id[1]) self.assertEqual(user.id, self.user_id[1]) self.assertEqual(user.email, args["email"]) self.assertEqual(user.password, hashlib.md5(args["password"]).hexdigest()) self.assertEqual(user.first_name, args["first_name"]) self.assertEqual(user.last_name, args["last_name"]) self.assertEqual(user.brief, args["brief"])
def test_update_user_all_valid_field(self): args = { "email": "*****@*****.**", "password": "******", "confirm_password": "******", "first_name": "Dzung", "last_name": "Nguyen Tien", "brief": "Hello world Again" } User.update_user(self.user_id[0], **args) user = DBUser.get_by_id(self.user_id[0]) self.assertEqual(user.id, self.user_id[0]) self.assertEqual(user.email, args["email"]) self.assertEqual(user.password, hashlib.md5(args["password"]).hexdigest()) self.assertEqual(user.first_name, args["first_name"]) self.assertEqual(user.last_name, args["last_name"]) self.assertEqual(user.brief, args["brief"])
def update_post(cls, user_id, post_id, title=None, content=None, feature_image=None, tags=None, categories=None, draft=False): # only allow author or manager to edit post user = DBUser.get_by_id(user_id) if not user: raise UserNotFoundError("User with id = %d does not exist" % user_id) if not is_id_valid(post_id): raise InvalidFieldError("Post id is invalid", ["post_id"]) post = DBPost.get_by_id(post_id) if not post: raise PostNotFoundError(post_id=post_id) if post.author.id != user_id and user.role != "manager": raise AccessDeniedError("You cannot edit post not published by you.") if title: post.title = title if content: post.content = content elif content is not None and len(content) == 0: raise InvalidFieldError("Post's content cannot be empty", ["content"]) if feature_image: post.feature_image = feature_image if tags: post.tags = tags if categories: post.categories = ",".join("`%s`"%cat for cat in categories) post.update() return post