def get_project_post(id): limit = request.args.get('limit') offset = request.args.get('offset') if limit is not None and not function.isInt(limit): return jsonify({"error": "limit is not an integer"}), 400 if offset is not None and not function.isInt(offset): return jsonify({"error": "offset is not an integer"}), 400 dataCount = database.getProjectPostsCount(id) data = database.getProjectPosts(id, limit, offset) if data is None: return jsonify({"error": "No results found"}), 404 else: project = database.getProjectByID(id) if (project['projectVisibility'] == 'PRIVATE'): userRole = function.getProjectUserRole(get_jwt_identity(), id) if not function.isProjectMember(userRole): return jsonify( {"error": "Must be project member to view project posts"}), 403 for projectpost in data: user = database.getUserInfo(str(projectpost['postUser'])) projectpost['user'] = user dataCount['data'] = data return jsonify(dataCount), 200
def add_post(id): # Check if specified ID is an integer if not function.isInt(id): return jsonify({"error": "id is not an integer"}), 400 # Fetch form data projectDetails = request.get_json() title = projectDetails.get('title') content = projectDetails.get('content') owner = get_jwt_identity() # Check if all data is supplied if title is None: return jsonify({"error": "Post title not specified"}), 400 if content is None: return jsonify({"error": "Post content not specified"}), 400 if owner is None: return jsonify({"error": "Project owner not specified"}), 400 if not function.isInt(owner): return jsonify({"error": "ownerID should be string"}) # Check if project actually exists project = database.getProjectByID(id) if project is None: return jsonify({"error": "Specified project does not exist"}) # Check if you have permission to post on this project userRole = function.getProjectUserRole(get_jwt_identity(), id) if not function.isProjectMember(userRole): return jsonify({"error": "Must be a project member to add post"}), 403 # Add post to the database post = database.addProjectPost(title, content, owner, id) return jsonify(post), 201
def get_user_name(): name = request.args.get('name') limit = request.args.get('limit') offset = request.args.get('offset') if limit is not None and not function.isInt(limit): return jsonify({"error": "limit is not an integer"}), 400 if offset is not None and not function.isInt(offset): return jsonify({"error": "offset is not an integer"}), 400 data = database.getUser(name, limit, offset) if data is not None: return jsonify(data), 200 else: return jsonify({"error": "No results found"}), 404
def put_post(id): # Check if specified ID is an integer if not function.isInt(id): return jsonify({"error": "id is not an integer"}), 400 # Fetch form data postDetails = request.get_json() content = postDetails.get('content') if content is None: return jsonify({"error": "Post content not specified"}), 400 # Check if post actually exists post = database.getPostByID(id) if post is None: return jsonify({"error": "Specified post does not exist"}) # Check if the user trying to update the post is the post owner if post['postUser'] != get_jwt_identity(): return jsonify({"error": "Only post owner can update post"}), 400 # Update post data = database.updatePost(id, content) if data is not None: return jsonify(data), 200 else: return jsonify({"error": "No results found"}), 404
def add_project(): # Fetch form data projectDetails = request.get_json() name = projectDetails.get('name') description = projectDetails.get('description') visibility = projectDetails.get('visibility') owner = get_jwt_identity() # Check if all data is supplied correctly if name is None: return jsonify({"error": "Project name not specified"}), 400 if description is None: return jsonify({"error": "Project description not specified"}), 400 if visibility is None: return jsonify({"error": "Project visibility not specified"}), 400 if visibility not in allowed_project_visibilities: return jsonify({"error": "Project visibility not a legal value"}), 400 if owner is None: return jsonify({"error": "Project owner not specified"}), 400 if not function.isInt(owner): return jsonify({"error": "ownerID should be string"}) # Add project to the database project = database.addProject(name, description, visibility, owner) # Add owner of project to projectusers user = database.addProjectUser(owner, project['projectID'], 'OWNER') return jsonify(project), 201
def delete_comment(id): # Check if specified ID is an integer if not function.isInt(id): return jsonify({"error": "id is not an integer"}), 400 # Check if comment actually exists comment = database.getCommentByID(id) if comment is None: return jsonify({"error": "Specified comment does not exist"}) # Check if the user trying to delete the post is the post owner post = database.getPostByID(str(comment['commentPost'])) userRole = function.getProjectUserRole(get_jwt_identity(), post['postProject']) if not function.isProjectAdmin(userRole): if comment['commentUser'] != get_jwt_identity(): return jsonify( {"error": "Must be admin to delete comment of other user"}), 400 # Delete comment commentDeleted = database.deleteComment(id) if commentDeleted is True: return jsonify({"Info": "Comment deleted successfully"}), 200 else: return jsonify({"error": "Something went wrong deleting the comment"}), 500
def del_project_user(id): # Check if specified ID is an integer if not function.isInt(id): return jsonify({"error": "id is not an integer"}), 400 # Fetch form data projectDetails = request.get_json() user = projectDetails.get('user') if user is None: return jsonify({"error": "Projectuser id not specified"}), 400 # Check if project actually exists project = database.getProjectByID(id) if project is None: return jsonify({"error": "Specified project does not exist"}) # Retrieve projectrole of user userRole = function.getProjectUserRole(get_jwt_identity(), id) # Retrieve projectrole of target targetRole = function.getProjectUserRole(user, id) # Check if both users are part of the same project if userRole is None: return jsonify({"error": "Must be a project member to delete users"}), 403 elif targetRole is None: return jsonify( {"error": "Target user is not a member of specified project"}), 403 # User is trying to delete somebody else if not (str(get_jwt_identity()) == str(user)): if userRole not in ['ADMIN', 'OWNER']: return jsonify({ "error": "Cannot delete project users without ADMIN or OWNER status" }), 403 elif targetRole == 'OWNER': return jsonify({"error": "Cannot delete the owner of a project"}), 403 elif targetRole == 'ADMIN': if userRole != 'OWNER': return jsonify({ "error": "Cannot delete a project admin without OWNER permission" }), 403 # User is trying to deleting himself, check that he is not the owner of the project else: if userRole == 'OWNER': return jsonify( {"error": "Cannot delete yourself from your own project"}), 403 # Delete project user if database.deleteProjectUser(id, user): return jsonify({"Info": "Projectuser deleted successfully"}), 200 else: return jsonify( {"erorr": "Something went wrong deleting the projectuser"}), 500
def get_user(id): # Check if specified ID is an integer if not function.isInt(id): return jsonify({"error": "id is not an integer"}), 400 data = database.getUserByID(id) if data is not None: return jsonify(data), 200 else: return jsonify({"error": "No results found"}), 404
def get_project(): name = request.args.get('name') limit = request.args.get('limit') offset = request.args.get('offset') if limit is not None and not function.isInt(limit): return jsonify({"error": "limit is not an integer"}), 400 if offset is not None and not function.isInt(offset): return jsonify({"error": "offset is not an integer"}), 400 dataCount = database.getProjectsCount(name) data = database.getProjects(name, limit, offset) if data is None: return jsonify({"error": "No results found"}), 404 else: for project in data: user = database.getUserInfo(str(project['projectOwner'])) project['owner'] = user dataCount['data'] = data return jsonify(dataCount), 200
def get_post(id): # Check if specified ID is an integer if not function.isInt(id): return jsonify({"error": "id is not an integer"}), 400 data = database.getPostByID(id) if data is None: return jsonify({"error": "No results found"}), 404 else: user = database.getUserInfo(str(data['postUser'])) data['user'] = user return jsonify(data), 200
def put_project_user(id): # Check if specified ID is an integer if not function.isInt(id): return jsonify({"error": "id is not an integer"}), 400 # Fetch form data projectDetails = request.get_json() user = projectDetails.get('user') role = projectDetails.get('role') # Check if all data is supplied if user is None: return jsonify({"error": "Projectuser id not specified"}), 400 if role is None: return jsonify({"error": "Projectuser role not specified"}), 400 if role not in allowed_projectUser_states: return jsonify({"error": "Projectuser role not a legal value"}), 400 # Check if project actually exists project = database.getProjectByID(id) if project is None: return jsonify({"error": "Specified project does not exist"}) # Check that you are not trying to change project owner if role == 'OWNER': return jsonify({"error": "Cannot set or tranfer project ownership"}), 403 # Retrieve projectrole of user userRole = function.getProjectUserRole(get_jwt_identity(), id) # If user issuing the request is not changing his own data, check if user is admin if not (str(get_jwt_identity()) == user): if not function.isProjectAdmin(userRole): return jsonify( {"error": "Must be a project admin to update user roles"}), 403 # If user issuing the request is changing own data, he can only change himself from invited to user elif userRole == 'INVITED': if role != 'USER': return jsonify({ "error": "May only change your own role from pending to user" }), 403 else: return jsonify( {"error": "May only change your own role from pending to user"}), 403 data = database.updateProjectUser(id, user, role) if data is not None: return jsonify(data), 200 else: return jsonify({"error": "No results found"}), 404
def get_post_comments(id): # Check if specified ID is an integer if not function.isInt(id): return jsonify({"error": "id is not an integer"}), 400 data = database.getPostComments(id) if data is None: return jsonify({"error": "No results found"}), 404 else: for comment in data: user = database.getUserInfo(str(comment['commentUser'])) comment['user'] = user data = function.nest_comments(data) return jsonify(data), 200
def get_project_id(id): # Check if specified ID is an integer if not function.isInt(id): return jsonify({"error": "id is not an integer"}), 400 data = database.getProjectByID(id) if data is None: return jsonify({"error": "No results found"}), 404 else: if (data['projectVisibility'] == 'PRIVATE'): userRole = function.getProjectUserRole(get_jwt_identity(), id) if not function.isProjectMember(userRole): return jsonify( {"error": "Must be project member to view project"}), 403 user = database.getUserInfo(str(data['projectOwner'])) data['owner'] = user return jsonify(data), 200
def get_project_users(id): # Check if specified ID is an integer if not function.isInt(id): return jsonify({"error": "id is not an integer"}), 400 # Check if project actually exists project = database.getProjectByID(id) if project is None: return jsonify({"error": "Specified project does not exist"}) data = database.getProjectUsers(id) if data is None: return jsonify({"error": "No results found"}), 404 else: for projectuser in data: user = database.getUserInfo(str(projectuser['User_userID'])) projectuser['user'] = user return jsonify(data), 200
def get_user_projects(id): # Check if specified ID is an integer if not function.isInt(id): return jsonify({"error": "id is not an integer"}), 400 # Check if user actually exists user = database.getUserByID(id) if user is None: return jsonify({"error": "Specified user does not exist"}) data = database.getUserProjects(id) if data is None: return jsonify({"error": "No results found"}), 404 else: for projectuser in data: project = database.getProjectByID( str(projectuser['Project_projectID'])) projectuser['project'] = project return jsonify(data), 200
def del_user(id): # Check if specified ID is an integer if not function.isInt(id): return jsonify({"error": "id is not an integer"}), 400 # Check if token identity corresponds to the user being deleted if not (int(id) == get_jwt_identity()): return jsonify({"error": "Not allowed to delete this user"}), 403 # Check if user actually exists user = database.getUserByID(id) if user is None: return jsonify({"error": "Specified user does not exist"}) # Delete user if database.deleteUser(id): return jsonify({"Info": "User deleted successfully"}), 200 else: return jsonify({"erorr": "Something went wrong deleting user"}), 500
def put_user(id): # Check if specified ID is an integer if not function.isInt(id): return jsonify({"error": "id is not an integer"}), 400 # Check if token identity corresponds to the user being updated if not (int(id) == get_jwt_identity()): return jsonify( {"error": "Not allowed to update this users information"}), 403 # Fetch form data userDetails = request.get_json() name = userDetails.get('name') password = userDetails.get('password') # Check if all data is supplied if name is None: return jsonify({"error": "Username not specified"}), 400 if password is None: return jsonify({"error": "Password not specified"}), 400 # Check if user actually exists user = database.getUserByID(id) if user is None: return jsonify({"error": "Specified user does not exist"}) # Check is username and password comply to the requirements username_message = function.check_username(name) password_message = function.check_password(password) if (username_message is not "ok"): return jsonify({"error": username_message}), 400 elif (password_message is not "ok"): return jsonify({"error": password_message}), 400 # Hash the userpassword for secure storage hashedpass = function.hash_password(password) data = database.updateUser(id, name, hashedpass) if data is not None: return jsonify(data), 200 else: return jsonify({"error": "No results found"}), 404
def get_user_posts(id): # Check if specified ID is an integer if not function.isInt(id): return jsonify({"error": "id is not an integer"}), 400 # Check if user actually exists user = database.getUserByID(id) if user is None: return jsonify({"error": "Specified user does not exist"}) data = database.getUserPosts(id) if data is None: return jsonify({"error": "No results found"}), 404 else: userPosts = [] for post in data: project = database.getProjectByID(str(post['postProject'])) post['project'] = project if project is not None: userPosts.append(post) return jsonify(userPosts), 200
def del_project(id): # Check if specified ID is an integer if not function.isInt(id): return jsonify({"error": "id is not an integer"}), 400 # Check if project actually exists project = database.getProjectByID(id) if project is None: return jsonify({"error": "Specified project does not exist"}) # Check if you are the owner of the project you are trying to delete userRole = function.getProjectUserRole(get_jwt_identity(), id) if not function.isProjectOwner(userRole): return jsonify({"error": "Must be project owner to delete a project"}), 403 # Delete project if database.deleteProject(id): return jsonify({"Info": "Project deleted successfully"}), 200 else: return jsonify({"erorr": "Something went wrong deleting the project"}), 500
def add_comment(id): # Check if specified ID is an integer if not function.isInt(id): return jsonify({"error": "id is not an integer"}), 400 # Fetch form data postDetails = request.get_json() content = postDetails.get('content') parent = postDetails.get('parent') # Swap userID for JWT id userID = get_jwt_identity() if content is None: return jsonify({"error": "Comment content not specified"}), 400 if userID is None: return jsonify({"error": "Comment user id not specified"}), 400 # Check if post actually exists post = database.getPostByID(id) if post is None: return jsonify({"error": "Specified post does not exist"}), 400 # Check if you have permission to comment on this post userRole = function.getProjectUserRole(get_jwt_identity(), post['postProject']) if not function.isProjectMember(userRole): return jsonify({"error": "Must be a project member to comment on this post"}), 403 # Check if parent actually exists if parent is not None: comment = database.getCommentByID(str(parent)) if comment is None: return jsonify({"error": "Parent comment does not exist"}), 400 # Add comment comment = database.addPostComment(content, parent, userID, id) user = database.getUserByID(str(comment['commentUser'])) comment['user'] = user return jsonify(comment), 201
def put_project(id): # Check if specified ID is an integer if not function.isInt(id): return jsonify({"error": "id is not an integer"}), 400 # Fetch form data projectDetails = request.get_json() title = projectDetails.get('title') content = projectDetails.get('content') visibility = projectDetails.get('visibility') # Check if all data is supplied if title is None: return jsonify({"error": "Project title not specified"}), 400 if content is None: return jsonify({"error": "Project content not specified"}), 400 if visibility is None: return jsonify({"error": "Project visibility not specified"}), 400 if visibility not in allowed_project_visibilities: return jsonify({"error": "Project visibility not a legal value"}), 400 # Check if project actually exists project = database.getProjectByID(id) if project is None: return jsonify({"error": "Specified project does not exist"}) # Check if you have permission to update the project userRole = function.getProjectUserRole(get_jwt_identity(), id) if not function.isProjectAdmin(userRole): return jsonify( {"error": "Must be a project admin to update the project"}), 403 data = database.updateProject(id, title, content, visibility) if data is not None: return jsonify(data), 200 else: return jsonify({"error": "No results found"}), 404