def post(self): start = time.time() clean = XssCleaner() api_key = self.request.get('apikey') account_id = self.request.get('accountid') new_user_id = self.request.get('userid') # Anything that can possibly be rended should be cleaned profile_link = self.request.get('profile_link') # We can't clean it because it will not render if embedded into a site # Be wary of doing any queries with this data #profile_link = clean.strip(profile_link) profile_img = self.request.get('profile_img') #profile_img = clean.strip(profile_img) profile_name = self.request.get('profile_name') profile_name = clean.strip(profile_name) logdiction = {'event':'loginuser', 'api': 'update_user', 'is_api':'yes', 'ip':self.request.remote_addr, 'user':new_user_id, 'account':account_id, 'success':'true'} if not account_id or not new_user_id or not api_key: self.response.out.write(bad_args()) logdiction['success'] = 'false' logdiction['details'] = bad_args() logs.create(logdiction) return acc = accounts_dao.authorize_api(account_id, api_key) if not acc: self.response.out.write(auth_error()) logdiction['success'] = 'false' logdiction['details'] = auth_error() logs.create(logdiction) return # Create a new user user_key = users_dao.get_user_key(account_id, new_user_id) #Update user_ref = users_dao.get_user_with_key(user_key) if user_ref: dict = {} update = False if profile_link and profile_link != user_ref.profileLink: dict["profileLink"] = profile_link update = True if profile_img and profile_img != user_ref.profileImg: dict["profileImg"] = profile_img update = True if profile_name and profile_name != user_ref.profileName: dict["profileName"] = profile_name update = True if update: logdiction['event'] = 'updateuser' try: users_dao.update_user(user_key, dict, None) except: logdiction['success'] = 'false' logdiction['details'] = db_error() logs.create(logdiction) self.response.out.write(db_error()) error("Error updating user with id %s"%new_user_id) return logs.create(logdiction) self.response.out.write(success_ret()) timing(start) return if not profile_img: profile_img = constants.IMAGE_PARAMS.USER_AVATAR new_user = Users(key_name=user_key, userid=new_user_id, isEnabled="yes", accountRef=acc, profileName=profile_name, profileLink=profile_link, profileImg=profile_img) logdiction['event'] = 'createuser' try: users_dao.save_user(new_user, user_key) except: logdiction['success'] = 'false' logdiction['details'] = db_error() logs.create(logdiction) self.response.out.write(db_error()) error("Error getting user with key %s"%key) return logs.create(logdiction) self.response.out.write(success_ret()) timing(start) return
def post(self): start = time.time() api_key = self.request.get('apikey') account_id = self.request.get('accountid') user_id = self.request.get('userid') newpoints = self.request.get('pointsawarded') reason = self.request.get('reason') logdiction = {'event':'awardpoints', 'api':'award_points', 'points':newpoints, 'is_api':'yes', 'ip':self.request.remote_addr, 'user':user_id, 'account':account_id, 'success':'true'} clean = XssCleaner() if reason: reason = clean.strip(reason) else: reason = "" # Get the account acc = accounts_dao.authorize_api(account_id, api_key) if not acc: logdiction['success'] = 'false' logdiction['details'] = auth_error() logs.create(logdiction) self.response.out.write(auth_error()) return try: newpoints = int(newpoints) except: logdiction['success'] = 'false' logdiction['details'] = "Points given was not a number" logs.create(logdiction) self.response.out.write(bad_args()) error("Points given was not an integer") return # Create the user if it doesnt exist user_ref = users_dao.get_or_create_user(account_id, user_id, acc) if not user_ref: logdiction['success'] = 'false' logdiction['details'] = db_error() logs.create(logdiction) self.response.out.write(db_error()) return incrArgs = {"points":newpoints} user_key = users_dao.get_user_key(account_id, user_id) dbret = users_dao.update_user(user_key, None, incrArgs) if not dbret: logdiction['success'] = 'false' logdiction['details'] = db_error() logs.create(logdiction) self.response.out.write(db_error()) error("Unable to update points field account %s, user %s, key: %s"%\ (account_id,user_id, user_key)) return if not reason: try: reason = acc.notifierWidget.title except: reason = "Points Awarded" notifier.user_points(user_ref, newpoints, reason, acc) logs.create(logdiction) self.response.out.write(success_ret()) timing(start) return