def patch(self, pet_id, data): """Update a pet""" if pet_id > len(pets) - 1: abort(404) for attr, value in data.items(): pets[pet_id][attr] = value return pets[pet_id]
def post(self, data): comment = Comment(author=g.current_user) for attr, value in data.items(): if attr == "reply_id": comment.replied = Comment.query.get_or_404(value) elif attr == "post_id": post = Post.query.get_or_404(value) if post.private: abort(400, "the post is private") comment.post = post if data.get("reply_id"): comment.replied = Comment.query.get_or_404( data["reply_id"]) if comment.replied not in comment.post.comments: abort( 400, "the comment you want to reply does not belongs to the post", ) elif attr == "body": comment.body = clean_html(value) else: comment.__setattr__(attr, value) db.session.add(comment) db.session.commit() return comment
def login(data): user = User.query.filter_by(username=data["username"]).one_or_none() if user and user.password == data["password"]: session.clear() session["user_id"] = user.id return {'msg': 'logged in'} else: abort(403)
def post(self, data): """Verify an input token""" user = User.verify_auth_token_api(data["token"]) if user is None: abort(401) schema = VerifyTokenOutSchema() schema.valid = True schema.username = user.username return schema
def get(self, post_id: int): post = Post.query.get_or_404(post_id) if post.private: user = get_current_user() if user: if user.is_administrator() or post in user.posts: return post abort(403, "the post is private") return post
def post(self): image = request.files.get("upload") data = get_image_path_and_url(image, g.current_user) if data.get("error") is not None: abort(400, data["error"]) return { "id": data["image_id"], "filename": data["filename"], "url": data["image_url"], }
def decorated_function(*args, **kwargs): permitted = False if g.current_user is not None: if args[1] is not None: permitted = check_permission(permission_type, args[1]) if g.current_user.is_administrator(): permitted = True if not permitted: abort(403) return f(*args, **kwargs)
def crea_alumno(cuenta, data): if Alumno.query.filter_by(cuenta=cuenta).first(): abort(409) else: data["cuenta"] = cuenta try: alumno = Alumno(**AlumnoSchema().load(data)) except ValidationError: return abort(400) db.session.add(alumno) db.session.commit() return alumno
def put(self, column_id, data): column = Column.query.get(column_id) for attr, value in data.items(): if attr == "post_ids": for post_id in data[attr]: post = Post.query.get(post_id) if post is None: abort(404, f"post {post_id} not found") column.posts.append(post) else: column.__setattr__(attr, value) db.session.commit() return column
def put(self, comment_id: int, data): comment = Comment.query.get(comment_id) for attr, value in data.items(): if attr == "reply_id": comment.replied = Comment.query.get_or_404(value) elif attr == "post_id": post = Post.query.get_or_404(value) if post.private: abort(400, "the post is private") comment.post = post elif attr == "body": comment.body = clean_html(value) db.session.commit() return comment
def post(self, data): """Return the access token""" user = User.query.filter_by(username=data["username"]).first() if user is None or not user.verify_password(data["password"]): abort(400, message="Either the username or the password is invalid.") token = user.gen_api_auth_token() response = jsonify({ "access_token": token, "expires_in": "exactly a year", "token_type": "Bearer", }) response.headers["Cache-Control"] = "no-store" response.headers["Pragma"] = "no-cache" return response
def delete_pet(pet_id): if pet_id > len(pets) - 1: abort(404) pets.pop(pet_id) return ''
def partial_update_pet(pet_id, data): if pet_id > len(pets) - 1: abort(404) for attr, value in data.items(): pets[pet_id][attr] = value return pets[pet_id]
def update_pet(pet_id, data): if pet_id > len(pets) - 1: abort(404) data['id'] = pet_id pets[pet_id] = data return pets[pet_id]
def get_pet(pet_id): if pet_id > len(pets) - 1: abort(404) return pets[pet_id]
def decorated_function(*args, **kwargs): if (g.get("current_user") is None) or g.current_user.locked: abort(403) return f(*args, **kwargs)
def delete(self, pet_id): """Delete a pet""" if pet_id > len(pets) - 1: abort(404) pets.pop(pet_id) return ''
def get(self, group_id: int): group = Group.query.get_or_404(group_id) if group.private and get_current_user() not in group.members: abort(403) return group
def delete(self, notification_id): notification = Notification.query.get_or_404(notification_id) if notification.receiver != g.current_user: abort(403) db.session.delete(notification) db.session.commit()
def get(self, notification_id): notification = Notification.query.get_or_404(notification_id) if notification.receiver != g.current_user: abort(403) return notification
def get(self, pet_id): """Get a pet""" if pet_id > len(pets) - 1: abort(404) return pets[pet_id]
def post(self, post_id, data): post = Post.query.get_or_404(post_id) message = post.add_coin(data["amount"], g.current_user) if message: abort(400, message) return post