def obj_create(self, bundle, **kwargs):
data = bundle.data
LOG.info("Creating draw with data: {}".format(data))
for attr in self.FORBIDDEN_ATTRIBUTES:
if attr in data:
raise exceptions.ImmediateHttpResponse(
response=http.HttpBadRequest("{0} is forbidden".format(
attr)))
try:
type_ = data.pop('type')
draw = draw_factory.create_draw(type_, data)
draw.validate()
except KeyError:
raise exceptions.ImmediateHttpResponse(
response=http.HttpBadRequest("Missing draw type"))
except draw_factory.DrawNotRegistered:
raise exceptions.ImmediateHttpResponse(
response=http.HttpBadRequest("Invalid draw type"))
except bom.InvalidDraw as e:
raise exceptions.ImmediateHttpResponse(
response=http.HttpBadRequest(e.serialize()))
draw.owner = bundle.request.user.pk
if not draw.is_shared:
draw.toss()
self._client.save_draw(draw)
bundle.obj = draw
return bundle
def obj_update(self, bundle, **kwargs):
draw_id = kwargs['pk']
try:
draw = self._client.retrieve_draw(draw_id)
except mongodb.MongoDriver.NotFoundError:
raise exceptions.ImmediateHttpResponse(
response=http.HttpBadRequest("Draw not found"))
if not draw.check_write_access(bundle.request.user):
raise exceptions.ImmediateHttpResponse(
response=http.HttpUnauthorized("Only the owner can update"))
for name, value in bundle.data.items():
if not hasattr(draw, name):
continue
elif name in self.FROZEN_ATTRIBUTES + self.FORBIDDEN_ATTRIBUTES:
if getattr(draw, name) != value:
raise exceptions.ImmediateHttpResponse(
response=http.HttpBadRequest("{0} is forbidden".format(
name)))
else:
setattr(draw, name, value)
try:
draw.validate()
except bom.InvalidDraw as e:
raise exceptions.ImmediateHttpResponse(
response=http.HttpBadRequest(e.serialize()))
draw.add_audit("DRAW_PARAMETERS")
self._client.save_draw(draw)
bundle.obj = draw
return bundle
def try_draw(self, request, **_):
self.method_check(request, allowed=['post'])
self.throttle_check(request)
try:
data = json.loads(request.body)
except TypeError:
data = json.loads(request.body.decode('utf-8'))
try:
type_ = data.pop('type')
draw = draw_factory.create_draw(type_, data)
draw.validate()
except KeyError:
raise exceptions.ImmediateHttpResponse(
response=http.HttpBadRequest("Missing draw type"))
except draw_factory.DrawNotRegistered:
raise exceptions.ImmediateHttpResponse(
response=http.HttpBadRequest("Invalid draw type"))
except bom.InvalidDraw as e:
raise exceptions.ImmediateHttpResponse(
response=http.HttpBadRequest(e.serialize()))
self._client.save_draw(draw)
result = draw.toss()
self.log_throttled_access(request)
return self.create_response(request, result)
def _safe_get(self, bundle, **kwargs):
filters = self.remove_api_resource_names(kwargs)
try:
return self.parent.cached_obj_get(bundle=bundle, **filters)
except (queryset.DoesNotExist, exceptions.ObjectDoesNotExist):
raise tastypie_exceptions.ImmediateHttpResponse(response=http.HttpNotFound())
def obj_get(self, bundle, **kwargs):
try:
user = self._client.retrieve_user(kwargs['pk'])
except mongodb.MongoDriver.NotFoundError:
raise exceptions.ImmediateHttpResponse(
response=http.HttpNotFound())
else:
return user
def apply_filters(self, request, applicable_filters):
qs = super(OwnedResource, self).apply_filters(request,
applicable_filters)
try:
qs = qs.for_user(request.user)
except NotAuthenticatedError as e:
raise exceptions.ImmediateHttpResponse(http.HttpUnauthorized(e))
return qs
def unauthorized_result(self, exception=None, bundle=None):
kwargs = {}
if bundle:
kwargs['content'] = json.dumps({
'one_time_salt': bundle.request.session['one_time_salt'],
})
kwargs['content_type'] = 'application/json'
raise exceptions.ImmediateHttpResponse(http.HttpUnauthorized(**kwargs))
def obj_create(self, bundle, **kwargs):
bundle.obj = bom.User(_id=bundle.data["email"])
bundle.obj.set_password(bundle.data["password"])
try:
self._client.create_user(bundle.obj)
except mongodb.MongoDriver.UserExistsError as e:
raise exceptions.ImmediateHttpResponse(
response=http.HttpConflict(e))
return bundle
def toss(self, request, **kwargs):
self.method_check(request, allowed=['post'])
self.throttle_check(request)
draw_id = kwargs['pk']
try:
bom_draw = self._client.retrieve_draw(draw_id)
except mongodb.MongoDriver.NotFoundError:
raise exceptions.ImmediateHttpResponse(
response=http.HttpNotFound())
if not bom_draw.check_write_access(request.user):
raise exceptions.ImmediateHttpResponse(
response=http.HttpUnauthorized("Only the owner can toss"))
result = bom_draw.toss()
if bom_draw.is_shared:
mail_toss(bom_draw)
self._client.save_draw(bom_draw)
self.log_throttled_access(request)
return self.create_response(request, result)
def obj_update(self, bundle, **kwargs):
if bundle.obj.pk != bundle.request.user.pk:
raise exceptions.ImmediateHttpResponse(
response=http.HttpUnauthorized("An user can only update "
"his own details"))
for key, value in bundle.data.items():
if key in self.FROZEN_ATTRIBUTES:
if getattr(bundle.obj, key, value) != value:
raise exceptions.ImmediateHttpResponse(
response=http.HttpBadRequest(
"Invalid attribute {0}".format(key)))
elif key == 'password':
bundle.obj.set_password(bundle.data['password'])
else:
setattr(bundle.obj, key, value)
self._client.save_user(bundle.obj)
return bundle
def method_check(self, request, allowed=None):
if allowed is None:
allowed = []
request_method = request.method.lower()
allows = ','.join([meth.upper() for meth in allowed])
if request_method == "options":
response = http.HttpResponse(allows)
response['Allow'] = allows
self.add_cors_headers(response)
raise exceptions.ImmediateHttpResponse(response=response)
if request_method not in allowed:
response = tastypie_http.HttpMethodNotAllowed(allows)
response['Allow'] = allows
raise exceptions.ImmediateHttpResponse(response=response)
return request_method
def post_detail(self, request, **kwargs):
draw_id = kwargs['pk']
try:
draw = self._client.retrieve_draw(draw_id)
except mongodb.MongoDriver.NotFoundError:
return http.HttpBadRequest("Draw not found")
try:
data = json.loads(request.body)
except TypeError:
data = json.loads(request.body.decode('utf-8'))
if 'add_user' in data:
if not draw.check_write_access(request.user):
raise exceptions.ImmediateHttpResponse(
response=http.HttpUnauthorized(
"Only the owner can add users"))
new_users = {
str(user)
for user in data['add_user'] if '@' in str(user)
}
new_users = [user for user in new_users if user not in draw.users]
draw.users.extend(new_users)
self._client.save_draw(draw)
invite_user(new_users, draw)
if 'remove_user' in data:
if not draw.check_write_access(request.user):
raise exceptions.ImmediateHttpResponse(
response=http.HttpUnauthorized(
"Only the owner can remove users"))
try:
draw.users.remove(str(data['remove_user']))
self._client.save_draw(draw)
except ValueError:
pass
if request.user.is_authenticated(
) and request.user.pk not in draw.users:
draw.users.append(request.user.pk)
self._client.save_draw(draw)
return http.HttpCreated()
def register_in_raffle(self, request, **kwargs):
from server.bom.raffle import Participant
self.method_check(request, allowed=['post'])
self.throttle_check(request)
draw_id = kwargs['pk']
try:
data = json.loads(request.body)
except TypeError:
data = json.loads(request.body.decode('utf-8'))
try:
participant_id = data['participant_id']
participant_name = data['participant_name']
except KeyError:
raise exceptions.ImmediateHttpResponse(
response=http.HttpBadRequest(
"Missing participant_id or participant_name"))
participant = Participant(id=participant_id, name=participant_name)
try:
bom_draw = self._client.retrieve_draw(draw_id)
except mongodb.MongoDriver.NotFoundError:
raise exceptions.ImmediateHttpResponse(
response=http.HttpNotFound("the draw does not exists"))
if not isinstance(bom_draw, bom.RaffleDraw):
raise exceptions.ImmediateHttpResponse(
response=http.HttpBadRequest(
"Registration is only available in Raffles"))
try:
bom_draw.register_participant(participant)
except bom.RaffleDraw.RegistrationError as e:
raise exceptions.ImmediateHttpResponse(
response=http.HttpBadRequest(e))
except bom.RaffleDraw.AlreadyRegisteredError:
raise exceptions.ImmediateHttpResponse(
response=http.HttpNotModified())
self._client.save_draw(bom_draw)
self.log_throttled_access(request)
return http.HttpResponse()
def obj_delete(self, bundle, **kwargs):
if not bundle.request.user.is_authenticated():
self.unauthorized_result(None)
draw_id = kwargs['pk']
try:
draw = self._client.retrieve_draw(draw_id)
except mongodb.MongoDriver.NotFoundError:
raise exceptions.ImmediateHttpResponse(
response=http.HttpNotFound())
if bundle.request.user.pk in draw.users:
draw.users.remove(bundle.request.user.pk)
self._client.save_draw(draw)
elif bundle.request.user.pk == draw.owner:
draw.owner = None
self._client.save_draw(draw)
def schedule_toss(self, request, **kwargs):
self.method_check(request, allowed=['post'])
self.throttle_check(request)
draw_id = kwargs['pk']
try:
schedule = kwargs['schedule']
schedule = dateutil.parser.parse(schedule).astimezone(pytz.utc)
bom_draw = self._client.retrieve_draw(draw_id)
except (ValueError, KeyError):
raise exceptions.ImmediateHttpResponse(
response=http.HttpBadRequest("Invalid 'schedule'"))
except mongodb.MongoDriver.NotFoundError:
raise exceptions.ImmediateHttpResponse(
response=http.HttpNotFound())
if not bom_draw.check_write_access(request.user):
raise exceptions.ImmediateHttpResponse(
response=http.HttpUnauthorized(
"Only the owner can schedule a toss"))
result = bom_draw.timed_toss(schedule)
self._client.save_draw(bom_draw)
if bom_draw.is_shared:
mail_toss(bom_draw)
self.log_throttled_access(request)
return self.create_response(request, result)
def user_login(self, request, **_):
self.method_check(request, allowed=['post'])
self.throttle_check(request)
try:
data = json.loads(request.body)
except TypeError:
data = json.loads(request.body.decode('utf-8'))
email = data.pop('email')
password = data.pop('password')
user = authenticate(username=email, password=password)
if user:
if user.is_active:
if 'keep-logged' in request.POST:
request.session.set_expiry(31556926) # 1 year
login(request, user)
user = self._client.retrieve_user(user.pk)
user.last_login = datetime.datetime.utcnow().replace(
tzinfo=pytz.utc)
self._client.save_user(user)
return self.create_response(request, "User authenticated")
else:
raise exceptions.ImmediateHttpResponse(
response=http.HttpUnauthorized(
"The user is not activated"))
else:
try:
self._client.retrieve_user(email)
except mongodb.MongoDriver.NotFoundError:
raise exceptions.ImmediateHttpResponse(
response=http.HttpNotFound(
"The email {0} is not registered".format(email)))
else:
raise exceptions.ImmediateHttpResponse(
response=http.HttpUnauthorized("Incorrect password"))
def chat(self, request, **kwargs):
self.method_check(request, allowed=['post', 'get'])
self.throttle_check(request)
draw_id = kwargs['pk']
try:
draw = self._client.retrieve_draw(draw_id) # check exists
except mongodb.MongoDriver.NotFoundError:
raise exceptions.ImmediateHttpResponse(
response=http.HttpNotFound())
if request.method == 'POST':
try:
data = json.loads(request.body)
except TypeError:
data = json.loads(request.body.decode('utf-8'))
try:
message = data['message']
if request.user.is_authenticated():
self._client.add_chat_message(draw_id,
message,
user_id=request.user.pk)
else:
self._client.add_chat_message(
draw_id,
message,
anonymous_alias=data['anonymous_alias'])
except KeyError:
raise exceptions.ImmediateHttpResponse(
response=http.HttpBadRequest("Missing message or alias"))
return self.create_response(request, {})
elif request.method == 'GET':
# TODO: return only the list of messages
def get_user_details(username):
"""function to get either the user avatar or an empty string"""
try:
user = self._client.retrieve_user(username)
except Exception:
return {}
else:
return {
"user_alias": user.alias,
"avatar": user.user_image
}
try:
messages = self._client.retrieve_chat_messages(draw_id)
except mongodb.MongoDriver.NotFoundError:
messages = []
users = {
message["user"]
for message in messages if 'user' in message
}
users_map = {name: get_user_details(name) for name in users}
for message in messages:
if 'user' in message:
message.update(users_map[message["user"]])
return self.create_response(
request, {
"messages": messages,
"enable_chat": draw.enable_chat,
"last_updated_time": draw.last_updated_time
})
