def _post(self):
query = {'openid': self.json_args['reviewer_openid']}
user = yield dbapi.db_find_one('users', query)
if not user:
raises.Forbidden(message.unauthorized())
role = self.get_secure_cookie(auth_const.ROLE)
if 'reviewer' not in role.split(','):
self.finish_request({'code': 403,
'msg': 'You do not have the reviewer '
'permision / role!'})
return
test = yield dbapi.db_find_one(
'tests', {'id': self.json_args['test_id']})
if test['owner'] == self.json_args['reviewer_openid']:
self.finish_request({'code': 403,
'msg': 'No permision to review own results'})
return
query = {
'reviewer_openid': self.json_args['reviewer_openid'],
'test_id': self.json_args['test_id']
}
review = yield dbapi.db_find_one(self.table, query)
if review:
if review['outcome'] != self.json_args['outcome']:
yield dbapi.db_update(self.table, query,
{'$set': {
'outcome': self.json_args['outcome'],
'creation_date': datetime.now()}})
self.finish_request()
else:
self.json_args['reviewer_name'] = user['fullname']
self.json_args['reviewer_email'] = user['email']
self._create(miss_fields=[], carriers=[])
def _update(self, data, query=None, **kwargs):
logging.debug("_update")
data = self.table_cls.from_dict(data)
update_req = self._update_requests(data)
yield dbapi.db_update(self.table, query, update_req)
update_req['_id'] = str(data._id)
self.finish_request(update_req)
def delete(self, id):
query = {'_id': objectid.ObjectId(id)}
application = yield dbapi.db_find_one(self.table, query)
test_id = application['test_id']
t_query = {'id': test_id}
yield dbapi.db_delete('reviews', {'test_id': test_id})
yield dbapi.db_update('tests', t_query,
{'$set': {
'status': 'private'
}})
self._delete(query=query)
def get(self):
ticket = self.get_query_argument('ticket', default=None)
if ticket:
(user, attrs, _) = self.cas_client.verify_ticket(ticket=ticket)
login_user = {
'user': user,
'email': attrs.get('mail'),
'fullname': attrs.get('field_lf_full_name'),
'groups': constants.TESTAPI_USERS + attrs.get('group', [])
}
q_user = {'user': user}
db_user = yield dbapi.db_find_one(self.table, q_user)
if not db_user:
dbapi.db_save(self.table, login_user)
else:
dbapi.db_update(self.table, q_user, login_user)
self.clear_cookie(constants.TESTAPI_ID)
self.set_secure_cookie(constants.TESTAPI_ID, user)
self.redirect(url=CONF.ui_url)
def update(self, application_id, item, value, owner):
self.json_args = {}
self.json_args[item] = value
query = {'_id': objectid.ObjectId(application_id), 'owner': owner}
db_keys = ['_id', 'owner']
if item == 'approved':
if value == 'true':
status = 'verified'
self.json_args['approve_date'] = str(datetime.now())
else:
status = 'review'
self.json_args['approve_date'] = ''
application = yield dbapi.db_find_one(self.table, query)
test_id = application['test_id']
t_query = {'id': test_id}
yield dbapi.db_update('tests', t_query,
{'$set': {
'status': status
}})
self._update(query=query, db_keys=db_keys)
def pure_update(self, data, query=None, **kwargs):
data = self.table_cls.from_dict(data)
update_req = self._update_requests(data)
yield dbapi.db_update(self.table, query, update_req)
self.finish_request()