def post(self):
start = time.time()
clean = XssCleaner()
api_key = self.request.get('apikey')
account_id = self.request.get('accountid')
new_user_id = self.request.get('userid')
# Anything that can possibly be rended should be cleaned
profile_link = self.request.get('profile_link')
# We can't clean it because it will not render if embedded into a site
# Be wary of doing any queries with this data
#profile_link = clean.strip(profile_link)
profile_img = self.request.get('profile_img')
#profile_img = clean.strip(profile_img)
profile_name = self.request.get('profile_name')
profile_name = clean.strip(profile_name)
logdiction = {'event':'loginuser',
'api': 'update_user',
'is_api':'yes',
'ip':self.request.remote_addr,
'user':new_user_id,
'account':account_id,
'success':'true'}
if not account_id or not new_user_id or not api_key:
self.response.out.write(bad_args())
logdiction['success'] = 'false'
logdiction['details'] = bad_args()
logs.create(logdiction)
return
acc = accounts_dao.authorize_api(account_id, api_key)
if not acc:
self.response.out.write(auth_error())
logdiction['success'] = 'false'
logdiction['details'] = auth_error()
logs.create(logdiction)
return
# Create a new user
user_key = users_dao.get_user_key(account_id, new_user_id)
#Update
user_ref = users_dao.get_user_with_key(user_key)
if user_ref:
dict = {}
update = False
if profile_link and profile_link != user_ref.profileLink:
dict["profileLink"] = profile_link
update = True
if profile_img and profile_img != user_ref.profileImg:
dict["profileImg"] = profile_img
update = True
if profile_name and profile_name != user_ref.profileName:
dict["profileName"] = profile_name
update = True
if update:
logdiction['event'] = 'updateuser'
try:
users_dao.update_user(user_key, dict, None)
except:
logdiction['success'] = 'false'
logdiction['details'] = db_error()
logs.create(logdiction)
self.response.out.write(db_error())
error("Error updating user with id %s"%new_user_id)
return
logs.create(logdiction)
self.response.out.write(success_ret())
timing(start)
return
if not profile_img:
profile_img = constants.IMAGE_PARAMS.USER_AVATAR
new_user = Users(key_name=user_key,
userid=new_user_id,
isEnabled="yes",
accountRef=acc,
profileName=profile_name,
profileLink=profile_link,
profileImg=profile_img)
logdiction['event'] = 'createuser'
try:
users_dao.save_user(new_user, user_key)
except:
logdiction['success'] = 'false'
logdiction['details'] = db_error()
logs.create(logdiction)
self.response.out.write(db_error())
error("Error getting user with key %s"%key)
return
logs.create(logdiction)
self.response.out.write(success_ret())
timing(start)
return
def post(self):
start = time.time()
api_key = self.request.get('apikey')
account_id = self.request.get('accountid')
user_id = self.request.get('userid')
newpoints = self.request.get('pointsawarded')
reason = self.request.get('reason')
logdiction = {'event':'awardpoints',
'api':'award_points',
'points':newpoints,
'is_api':'yes',
'ip':self.request.remote_addr,
'user':user_id,
'account':account_id,
'success':'true'}
clean = XssCleaner()
if reason:
reason = clean.strip(reason)
else:
reason = ""
# Get the account
acc = accounts_dao.authorize_api(account_id, api_key)
if not acc:
logdiction['success'] = 'false'
logdiction['details'] = auth_error()
logs.create(logdiction)
self.response.out.write(auth_error())
return
try:
newpoints = int(newpoints)
except:
logdiction['success'] = 'false'
logdiction['details'] = "Points given was not a number"
logs.create(logdiction)
self.response.out.write(bad_args())
error("Points given was not an integer")
return
# Create the user if it doesnt exist
user_ref = users_dao.get_or_create_user(account_id, user_id, acc)
if not user_ref:
logdiction['success'] = 'false'
logdiction['details'] = db_error()
logs.create(logdiction)
self.response.out.write(db_error())
return
incrArgs = {"points":newpoints}
user_key = users_dao.get_user_key(account_id, user_id)
dbret = users_dao.update_user(user_key, None, incrArgs)
if not dbret:
logdiction['success'] = 'false'
logdiction['details'] = db_error()
logs.create(logdiction)
self.response.out.write(db_error())
error("Unable to update points field account %s, user %s, key: %s"%\
(account_id,user_id, user_key))
return
if not reason:
try:
reason = acc.notifierWidget.title
except:
reason = "Points Awarded"
notifier.user_points(user_ref, newpoints, reason, acc)
logs.create(logdiction)
self.response.out.write(success_ret())
timing(start)
return