Esempio n. 1
0
  def post(self):
    start = time.time()
    clean = XssCleaner()
    api_key = self.request.get('apikey')
    account_id = self.request.get('accountid')
    new_user_id = self.request.get('userid')
    # Anything that can possibly be rended should be cleaned 
    profile_link = self.request.get('profile_link')
  
    # We can't clean it because it will not render if embedded into a site
    # Be wary of doing any queries with this data
    #profile_link = clean.strip(profile_link)
    profile_img = self.request.get('profile_img') 
    #profile_img = clean.strip(profile_img)
    profile_name = self.request.get('profile_name')
    profile_name = clean.strip(profile_name)
    logdiction = {'event':'loginuser', 
                  'api': 'update_user',
                  'is_api':'yes',
                  'ip':self.request.remote_addr,
                  'user':new_user_id,
                  'account':account_id,
                  'success':'true'}
    if not account_id or not new_user_id or not api_key:
      self.response.out.write(bad_args())
      logdiction['success'] = 'false'
      logdiction['details'] = bad_args()
      logs.create(logdiction)
      return

    acc = accounts_dao.authorize_api(account_id, api_key)
    if not acc:
      self.response.out.write(auth_error())
      logdiction['success'] = 'false'
      logdiction['details'] = auth_error()
      logs.create(logdiction)
      return 

    # Create a new user
    user_key = users_dao.get_user_key(account_id, new_user_id)

    #Update
    user_ref = users_dao.get_user_with_key(user_key)
    if user_ref:
      dict = {}
      update = False
      if profile_link and profile_link != user_ref.profileLink: 
        dict["profileLink"] = profile_link
        update = True
      if profile_img and profile_img != user_ref.profileImg: 
        dict["profileImg"] = profile_img
        update = True
      if profile_name and profile_name != user_ref.profileName: 
        dict["profileName"] = profile_name
        update = True
      if update: 
        logdiction['event'] = 'updateuser'
        try:
          users_dao.update_user(user_key, dict, None)
        except:
          logdiction['success'] = 'false'
          logdiction['details'] = db_error()
          logs.create(logdiction)
          self.response.out.write(db_error())
          error("Error updating user with id %s"%new_user_id)
          return  

      logs.create(logdiction)

      self.response.out.write(success_ret())
      timing(start)
      return  

    if not profile_img:   
      profile_img = constants.IMAGE_PARAMS.USER_AVATAR

    new_user = Users(key_name=user_key,
                     userid=new_user_id,
                     isEnabled="yes",
                     accountRef=acc,
                     profileName=profile_name,
                     profileLink=profile_link,
                     profileImg=profile_img)
    logdiction['event'] = 'createuser'
    try:
      users_dao.save_user(new_user, user_key)
    except:
      logdiction['success'] = 'false'
      logdiction['details'] = db_error()
      logs.create(logdiction)
      self.response.out.write(db_error())
      error("Error getting user with key %s"%key)
      return  

    logs.create(logdiction)
    self.response.out.write(success_ret())
    timing(start)
    return 
Esempio n. 2
0
  def post(self):
    start = time.time()
    api_key = self.request.get('apikey')
    account_id = self.request.get('accountid')
    user_id = self.request.get('userid')
    newpoints = self.request.get('pointsawarded')
    reason = self.request.get('reason')
    logdiction = {'event':'awardpoints', 
                  'api':'award_points',
                  'points':newpoints,
                  'is_api':'yes',
                  'ip':self.request.remote_addr,
                  'user':user_id,
                  'account':account_id,
                  'success':'true'}

    clean = XssCleaner()
    if reason:
      reason = clean.strip(reason)
    else:
      reason = ""

    # Get the account 
    acc = accounts_dao.authorize_api(account_id, api_key)
    if not acc:
      logdiction['success'] = 'false'
      logdiction['details'] = auth_error()
      logs.create(logdiction)
      self.response.out.write(auth_error())
      return 

    try:
      newpoints = int(newpoints)
    except:
      logdiction['success'] = 'false'
      logdiction['details'] = "Points given was not a number"
      logs.create(logdiction)
      self.response.out.write(bad_args())
      error("Points given was not an integer")
      return  

    # Create the user if it doesnt exist
    user_ref = users_dao.get_or_create_user(account_id, user_id, acc)
    if not user_ref:
      logdiction['success'] = 'false'
      logdiction['details'] = db_error()
      logs.create(logdiction)
      self.response.out.write(db_error())
      return 

    incrArgs = {"points":newpoints}
    user_key = users_dao.get_user_key(account_id, user_id)
    dbret = users_dao.update_user(user_key, None, incrArgs)
    if not dbret:
      logdiction['success'] = 'false'
      logdiction['details'] = db_error()
      logs.create(logdiction)
      self.response.out.write(db_error())
      error("Unable to update points field account %s, user %s, key: %s"%\
            (account_id,user_id, user_key))
      return  
    if not reason:
      try:
        reason = acc.notifierWidget.title
      except:
        reason = "Points Awarded"
    notifier.user_points(user_ref, newpoints, reason, acc)
      
    logs.create(logdiction)
    self.response.out.write(success_ret())
    timing(start)
    return