def delete_scratchpad(scratchpad_id):
"""Mark a pre-existing Scratchpad as deleted.
An empty request body is expected."""
if not gandalf.bridge.gandalf("scratchpads"):
return api_forbidden_response(
"Forbidden: You don't have permission to do this")
user = UserData.current()
scratchpad = scratchpad_models.Scratchpad.get_by_id(scratchpad_id)
if not scratchpad or scratchpad.deleted:
return api_not_found_response(
"No scratchpad with id %s" % scratchpad_id)
# Users can only delete scratchpad they created
# EXCEPTION: Developres can delete any scratchpad
if not user.developer and scratchpad.user_id != user.user_id:
return api_forbidden_response(
"Forbidden: Scratchpad owned by different user")
scratchpad.deleted = True
scratchpad.put()
return api_success_no_content_response()
def create_scratchpad():
"""Create a new Scratchpad and associated ScratchpadRevision.
The POST data should be a JSON-encoded dict, which is passed verbatim to
Scratchpad.create as keyword arguments.
"""
if not gandalf.bridge.gandalf("scratchpads"):
return api_forbidden_response(
"Forbidden: You don't have permission to do this")
if not request.json:
return api_invalid_param_response("Bad data supplied: Not JSON")
# TODO(jlfwong): Support phantom users
user = UserData.current()
if not (user and user.developer):
# Certain fields are only modifiable by developers
for field in scratchpad_models.Scratchpad._developer_only_fields:
if request.json.get(field):
return api_forbidden_response(
"Forbidden: Only developers can change the %s" % field)
try:
# Convert unicode encoded JSON keys to strings
create_args = dict_keys_to_strings(request.json)
if user:
create_args['user_id'] = user.user_id
return scratchpad_models.Scratchpad.create(**create_args)
except (db.BadValueError, db.BadKeyError), e:
return api_invalid_param_response("Bad data supplied: " + e.message)
def create_scratchpad():
"""Create a new Scratchpad and associated ScratchpadRevision.
The POST data should be a JSON-encoded dict, which is passed verbatim to
Scratchpad.create as keyword arguments.
"""
if not gandalf.bridge.gandalf("scratchpads"):
return api_forbidden_response(
"Forbidden: You don't have permission to do this")
if not request.json:
return api_invalid_param_response("Bad data supplied: Not JSON")
# TODO(jlfwong): Support phantom users
user = UserData.current()
if not (user and user.developer):
# Certain fields are only modifiable by developers
for field in scratchpad_models.Scratchpad._developer_only_fields:
if request.json.get(field):
return api_forbidden_response(
"Forbidden: Only developers can change the %s" % field)
try:
# Convert unicode encoded JSON keys to strings
create_args = dict_keys_to_strings(request.json)
if user:
create_args['user_id'] = user.user_id
return scratchpad_models.Scratchpad.create(**create_args)
except (db.BadValueError, db.BadKeyError), e:
return api_invalid_param_response("Bad data supplied: " + e.message)
def delete_scratchpad(scratchpad_id):
"""Mark a pre-existing Scratchpad as deleted.
An empty request body is expected."""
if not gandalf.bridge.gandalf("scratchpads"):
return api_forbidden_response(
"Forbidden: You don't have permission to do this")
user = UserData.current()
scratchpad = scratchpad_models.Scratchpad.get_by_id(scratchpad_id)
if not scratchpad or scratchpad.deleted:
return api_not_found_response("No scratchpad with id %s" %
scratchpad_id)
# Users can only delete scratchpad they created
# EXCEPTION: Developres can delete any scratchpad
if not user.developer and scratchpad.user_id != user.user_id:
return api_forbidden_response(
"Forbidden: Scratchpad owned by different user")
scratchpad.deleted = True
scratchpad.put()
return api_success_no_content_response()
def update_scratchpad(scratchpad_id):
"""Update a pre-existing Scratchpad and create a new ScratchpadRevision.
The POST data should be a JSON-encoded dict, which is passsed verbatim to
Scratchpad.update as keyword arguments.
"""
if not gandalf.bridge.gandalf("scratchpads"):
return api_forbidden_response(
"Forbidden: You don't have permission to do this")
if not request.json:
return api_invalid_param_response("Bad data supplied: Not JSON")
user = UserData.current()
scratchpad = scratchpad_models.Scratchpad.get_by_id(scratchpad_id)
if not scratchpad or scratchpad.deleted:
return api_not_found_response(
"No scratchpad with id %s" % scratchpad_id)
if not user.developer:
# Certain fields are only modifiable by developers
for field in scratchpad_models.Scratchpad._developer_only_fields:
if request.json.get(field):
return api_forbidden_response(
"Forbidden: Only developers can change the %s" % field)
# The user can update the scratchpad if any of the following are true:
# 1. The scratchpad is tutorial/official and the user is a developer
# 2. The scratchpad was created by the user
if scratchpad.category in ("tutorial", "official") and user.developer:
pass
elif scratchpad.user_id != user.user_id:
# Only the creator of a scratchpad can update it
return api_forbidden_response(
"Forbidden: Scratchpad owned by different user")
try:
# Convert unicode encoded JSON keys to strings
update_args = dict_keys_to_strings(request.json)
if 'id' in update_args:
# Backbone passes the id in update calls - ignore it
del update_args['id']
return scratchpad.update(**update_args)
except (db.BadValueError, db.BadKeyError), e:
return api_invalid_param_response("Bad data supplied: " + e.message)
def update_scratchpad(scratchpad_id):
"""Update a pre-existing Scratchpad and create a new ScratchpadRevision.
The POST data should be a JSON-encoded dict, which is passsed verbatim to
Scratchpad.update as keyword arguments.
"""
if not gandalf.bridge.gandalf("scratchpads"):
return api_forbidden_response(
"Forbidden: You don't have permission to do this")
if not request.json:
return api_invalid_param_response("Bad data supplied: Not JSON")
user = UserData.current()
scratchpad = scratchpad_models.Scratchpad.get_by_id(scratchpad_id)
if not scratchpad or scratchpad.deleted:
return api_not_found_response("No scratchpad with id %s" %
scratchpad_id)
if not user.developer:
# Certain fields are only modifiable by developers
for field in scratchpad_models.Scratchpad._developer_only_fields:
if request.json.get(field):
return api_forbidden_response(
"Forbidden: Only developers can change the %s" % field)
# The user can update the scratchpad if any of the following are true:
# 1. The scratchpad is tutorial/official and the user is a developer
# 2. The scratchpad was created by the user
if scratchpad.category in ("tutorial", "official") and user.developer:
pass
elif scratchpad.user_id != user.user_id:
# Only the creator of a scratchpad can update it
return api_forbidden_response(
"Forbidden: Scratchpad owned by different user")
try:
# Convert unicode encoded JSON keys to strings
update_args = dict_keys_to_strings(request.json)
if 'id' in update_args:
# Backbone passes the id in update calls - ignore it
del update_args['id']
return scratchpad.update(**update_args)
except (db.BadValueError, db.BadKeyError), e:
return api_invalid_param_response("Bad data supplied: " + e.message)
def get_user_scratchpads():
if not gandalf.bridge.gandalf("scratchpads"):
return api_forbidden_response(
"Forbidden: You don't have permission to do this")
user_data = (get_visible_user_data_from_request() or
UserData.pre_phantom())
return list(scratchpad_models.Scratchpad
.get_for_user_data(user_data)
.run(batch_size=1000))
def get_user_scratchpads():
if not gandalf.bridge.gandalf("scratchpads"):
return api_forbidden_response(
"Forbidden: You don't have permission to do this")
user_data = (get_visible_user_data_from_request()
or UserData.pre_phantom())
return list(
scratchpad_models.Scratchpad.get_for_user_data(user_data).run(
batch_size=1000))
