def post(self, story):
"""Create a new story.
Example::
curl 'https://my.example.org/api/v1/stories' \\
-H 'Authorization: Bearer MY_ACCESS_TOKEN' \\
-H 'Content-Type: application/json;charset=UTF-8' \\
--data-binary '{"title":"Test Story","description":"A test story."}'
:param story: A story within the request body.
"""
# Reject private story types while ACL is not created.
if (story.story_type_id and
(story.story_type_id == 3 or story.story_type_id == 4)):
abort(400, _("Now you can't add story with type %s.") %
story.story_type_id)
story_dict = story.as_dict()
user_id = request.current_user_id
if story.creator_id and story.creator_id != user_id:
abort(400, _("You can't select author of story."))
story_dict.update({"creator_id": user_id})
if not stories_api.story_can_create_story(story.story_type_id):
abort(400, _("Can't create story of this type."))
if "tags" not in story_dict or not story_dict["tags"]:
story_dict["tags"] = []
# We can't set due dates when creating stories at the moment.
if "due_dates" in story_dict:
del story_dict['due_dates']
users = None
teams = None
# We make sure that a user cannot remove all users and teams
# from the permissions list for a story
# This should be reworked so that users can be removed if there
# are teams, and vice versa
if "teams" in story_dict:
teams = story_dict.pop("teams")
if teams is None:
teams = []
if "users" in story_dict:
users = story_dict.pop("users")
if users is None or (users == [] and teams == []):
users = [wmodels.User.from_db_model(users_api.user_get(user_id))]
created_story = stories_api.story_create(story_dict)
events_api.story_created_event(created_story.id, user_id, story.title)
if story.private:
stories_api.create_permission(created_story, users, teams)
return wmodels.Story.from_db_model(created_story)
def post(self, story):
"""Create a new story.
:param story: A story within the request body.
"""
# Reject private story types while ACL is not created.
if (story.story_type_id
and (story.story_type_id == 3 or story.story_type_id == 4)):
abort(
400,
_("Now you can't add story with type %s.") %
story.story_type_id)
story_dict = story.as_dict()
user_id = request.current_user_id
if story.creator_id and story.creator_id != user_id:
abort(400, _("You can't select author of story."))
story_dict.update({"creator_id": user_id})
if not stories_api.story_can_create_story(story.story_type_id):
abort(400, _("Can't create story of this type."))
if not "tags" in story_dict or not story_dict["tags"]:
story_dict["tags"] = []
# We can't set due dates when creating stories at the moment.
if "due_dates" in story_dict:
del story_dict['due_dates']
users = []
if "users" in story_dict:
users = story_dict.pop("users")
if users is None:
users = [wmodels.User.from_db_model(users_api.user_get(user_id))]
created_story = stories_api.story_create(story_dict)
events_api.story_created_event(created_story.id, user_id, story.title)
if story.private:
stories_api.create_permission(created_story, users)
return wmodels.Story.from_db_model(created_story)
def post(self, story):
"""Create a new story.
:param story: A story within the request body.
"""
# Reject private story types while ACL is not created.
if (story.story_type_id and
(story.story_type_id == 3 or story.story_type_id == 4)):
abort(400, _("Now you can't add story with type %s.") %
story.story_type_id)
story_dict = story.as_dict()
user_id = request.current_user_id
if story.creator_id and story.creator_id != user_id:
abort(400, _("You can't select author of story."))
story_dict.update({"creator_id": user_id})
if not stories_api.story_can_create_story(story.story_type_id):
abort(400, _("Can't create story of this type."))
if not "tags" in story_dict or not story_dict["tags"]:
story_dict["tags"] = []
# We can't set due dates when creating stories at the moment.
if "due_dates" in story_dict:
del story_dict['due_dates']
users = []
if "users" in story_dict:
users = story_dict.pop("users")
if users is None:
users = [wmodels.User.from_db_model(users_api.user_get(user_id))]
created_story = stories_api.story_create(story_dict)
events_api.story_created_event(created_story.id, user_id, story.title)
if story.private:
stories_api.create_permission(created_story, users)
return wmodels.Story.from_db_model(created_story)
def put(self, story_id, story):
"""Modify this story.
Example::
curl 'https://my.example.org/api/v1/stories/19' -X PUT \\
-H 'Authorization: Bearer MY_ACCESS_TOKEN' \\
-H 'Content-Type: application/json;charset=UTF-8' \\
--data-binary '{"title":"Modified","description":"New description."}'
:param story_id: An ID of the story.
:param story: A story within the request body.
"""
user_id = request.current_user_id
# Reject private story types while ACL is not created.
if (story.story_type_id
and (story.story_type_id == 3 or story.story_type_id == 4)):
abort(
400,
_("Now you can't change story type to %s.") %
story.story_type_id)
original_story = stories_api.story_get_simple(story_id,
current_user=user_id)
if not original_story:
raise exc.NotFound(_("Story %s not found") % story_id)
if story.creator_id and story.creator_id != original_story.creator_id:
abort(400, _("You can't change author of story."))
story_dict = story.as_dict(omit_unset=True)
stories_api.story_check_story_type_id(story_dict)
if not stories_api.story_can_mutate(original_story,
story.story_type_id):
abort(400, _("Can't change story type."))
# This is not the place to update tags, including them in
# story_dict causes the story/tag relationship to attempt to
# update with a list of unicode strings rather than objects
# from the database.
if 'tags' in story_dict:
story_dict.pop('tags')
users = story_dict.get("users")
teams = story_dict.get("teams")
private = story_dict.get("private", original_story.private)
if private:
# If trying to make a story private with no permissions set, add
# the user making the change to the permission so that at least
# the story isn't lost to everyone.
if not users and not teams and not original_story.permissions:
users = [
wmodels.User.from_db_model(users_api.user_get(user_id))
]
original_teams = None
original_users = None
if original_story.permissions:
original_teams = original_story.permissions[0].teams
original_users = original_story.permissions[0].users
# Don't allow both permission lists to be deliberately emptied
# on a private story, to make sure the story remains visible to
# at least someone.
valid = True
if users == [] and teams == []:
valid = False
elif users == [] and (original_teams == [] and not teams):
valid = False
elif teams == [] and (original_users == [] and not users):
valid = False
if not valid and original_story.private:
abort(400,
_("Can't make a private story have no users or teams"))
# If the story doesn't already have permissions, create them.
if not original_story.permissions:
stories_api.create_permission(original_story, users, teams)
updated_story = stories_api.story_update(story_id,
story_dict,
current_user=user_id)
# If the story is private and already has some permissions, update
# them as needed. This is done after updating the story in case the
# request is trying to both update some story fields and also remove
# the user making the change from the ACL.
if private and original_story.permissions:
stories_api.update_permission(updated_story, users, teams)
events_api.story_details_changed_event(story_id, user_id,
updated_story.title)
return create_story_wmodel(updated_story)
def post(self, story):
"""Create a new story.
Example::
curl 'https://my.example.org/api/v1/stories' \\
-H 'Authorization: Bearer MY_ACCESS_TOKEN' \\
-H 'Content-Type: application/json;charset=UTF-8' \\
--data-binary '{"title":"Test Story","description":"A test story."}'
:param story: A story within the request body.
"""
# Reject private story types while ACL is not created.
if (story.story_type_id
and (story.story_type_id == 3 or story.story_type_id == 4)):
abort(
400,
_("Now you can't add story with type %s.") %
story.story_type_id)
story_dict = story.as_dict()
user_id = request.current_user_id
if story.creator_id and story.creator_id != user_id:
abort(400, _("You can't select author of story."))
story_dict.update({"creator_id": user_id})
if not stories_api.story_can_create_story(story.story_type_id):
abort(400, _("Can't create story of this type."))
if "tags" not in story_dict or not story_dict["tags"]:
story_dict["tags"] = []
# We can't set due dates when creating stories at the moment.
if "due_dates" in story_dict:
del story_dict['due_dates']
users = None
teams = None
# We make sure that a user cannot remove all users and teams
# from the permissions list for a story
# This should be reworked so that users can be removed if there
# are teams, and vice versa
if "teams" in story_dict:
teams = story_dict.pop("teams")
if teams is None:
teams = []
if "users" in story_dict:
users = story_dict.pop("users")
if users is None or (users == [] and teams == []):
users = [wmodels.User.from_db_model(users_api.user_get(user_id))]
created_story = stories_api.story_create(story_dict)
events_api.story_created_event(created_story.id, user_id, story.title)
if story.private:
stories_api.create_permission(created_story, users, teams)
return wmodels.Story.from_db_model(created_story)
def put(self, story_id, story):
"""Modify this story.
:param story_id: An ID of the story.
:param story: A story within the request body.
"""
# Reject private story types while ACL is not created.
if (story.story_type_id and
(story.story_type_id == 3 or story.story_type_id == 4)):
abort(400, _("Now you can't change story type to %s.") %
story.story_type_id)
original_story = stories_api.story_get_simple(
story_id, current_user=request.current_user_id)
if not original_story:
raise exc.NotFound(_("Story %s not found") % story_id)
if story.creator_id and story.creator_id != original_story.creator_id:
abort(400, _("You can't change author of story."))
story_dict = story.as_dict(omit_unset=True)
stories_api.story_check_story_type_id(story_dict)
if not stories_api.story_can_mutate(original_story,
story.story_type_id):
abort(400, _("Can't change story type."))
# This is not the place to update tags, including them in
# story_dict causes the story/tag relationship to attempt to
# update with a list of unicode strings rather than objects
# from the database.
if 'tags' in story_dict:
story_dict.pop('tags')
users = story_dict.get("users", [])
ids = [user.id for user in users]
if story.private:
if request.current_user_id not in ids \
and not original_story.permissions:
users.append(wmodels.User.from_db_model(
users_api.user_get(request.current_user_id)))
if not original_story.permissions:
stories_api.create_permission(original_story, users)
updated_story = stories_api.story_update(
story_id,
story_dict,
current_user=request.current_user_id)
if users == [] and updated_story.private:
abort(400, _("Can't make a private story with no users"))
if story.private:
stories_api.update_permission(updated_story, users)
user_id = request.current_user_id
events_api.story_details_changed_event(story_id, user_id,
updated_story.title)
return create_story_wmodel(updated_story)
def put(self, story_id, story):
"""Modify this story.
Example::
curl 'https://my.example.org/api/v1/stories/19' -X PUT \\
-H 'Authorization: Bearer MY_ACCESS_TOKEN' \\
-H 'Content-Type: application/json;charset=UTF-8' \\
--data-binary '{"title":"Modified","description":"New description."}'
:param story_id: An ID of the story.
:param story: A story within the request body.
"""
user_id = request.current_user_id
# Reject private story types while ACL is not created.
if (story.story_type_id and
(story.story_type_id == 3 or story.story_type_id == 4)):
abort(400, _("Now you can't change story type to %s.") %
story.story_type_id)
original_story = stories_api.story_get_simple(
story_id, current_user=user_id)
if not original_story:
raise exc.NotFound(_("Story %s not found") % story_id)
if story.creator_id and story.creator_id != original_story.creator_id:
abort(400, _("You can't change author of story."))
story_dict = story.as_dict(omit_unset=True)
stories_api.story_check_story_type_id(story_dict)
if not stories_api.story_can_mutate(original_story,
story.story_type_id):
abort(400, _("Can't change story type."))
# This is not the place to update tags, including them in
# story_dict causes the story/tag relationship to attempt to
# update with a list of unicode strings rather than objects
# from the database.
if 'tags' in story_dict:
story_dict.pop('tags')
users = story_dict.get("users")
teams = story_dict.get("teams")
private = story_dict.get("private", original_story.private)
if private:
# If trying to make a story private with no permissions set, add
# the user making the change to the permission so that at least
# the story isn't lost to everyone.
if not users and not teams and not original_story.permissions:
users = [wmodels.User.from_db_model(
users_api.user_get(user_id))]
original_teams = None
original_users = None
if original_story.permissions:
original_teams = original_story.permissions[0].teams
original_users = original_story.permissions[0].users
# Don't allow both permission lists to be deliberately emptied
# on a private story, to make sure the story remains visible to
# at least someone.
valid = True
if users == [] and teams == []:
valid = False
elif users == [] and (original_teams == [] and not teams):
valid = False
elif teams == [] and (original_users == [] and not users):
valid = False
if not valid and original_story.private:
abort(400,
_("Can't make a private story have no users or teams"))
# If the story doesn't already have permissions, create them.
if not original_story.permissions:
stories_api.create_permission(original_story, users, teams)
updated_story = stories_api.story_update(
story_id,
story_dict,
current_user=user_id)
# If the story is private and already has some permissions, update
# them as needed. This is done after updating the story in case the
# request is trying to both update some story fields and also remove
# the user making the change from the ACL.
if private and original_story.permissions:
stories_api.update_permission(updated_story, users, teams)
events_api.story_details_changed_event(story_id, user_id,
updated_story.title)
return create_story_wmodel(updated_story)
def put(self, story_id, story):
"""Modify this story.
:param story_id: An ID of the story.
:param story: A story within the request body.
"""
# Reject private story types while ACL is not created.
if (story.story_type_id
and (story.story_type_id == 3 or story.story_type_id == 4)):
abort(
400,
_("Now you can't change story type to %s.") %
story.story_type_id)
original_story = stories_api.story_get_simple(
story_id, current_user=request.current_user_id)
if not original_story:
raise exc.NotFound(_("Story %s not found") % story_id)
if story.creator_id and story.creator_id != original_story.creator_id:
abort(400, _("You can't change author of story."))
story_dict = story.as_dict(omit_unset=True)
stories_api.story_check_story_type_id(story_dict)
if not stories_api.story_can_mutate(original_story,
story.story_type_id):
abort(400, _("Can't change story type."))
# This is not the place to update tags, including them in
# story_dict causes the story/tag relationship to attempt to
# update with a list of unicode strings rather than objects
# from the database.
if 'tags' in story_dict:
story_dict.pop('tags')
users = story_dict.get("users", [])
ids = [user.id for user in users]
if story.private:
if request.current_user_id not in ids \
and not original_story.permissions:
users.append(
wmodels.User.from_db_model(
users_api.user_get(request.current_user_id)))
if not original_story.permissions:
stories_api.create_permission(original_story, users)
updated_story = stories_api.story_update(
story_id, story_dict, current_user=request.current_user_id)
if users == [] and updated_story.private:
abort(400, _("Can't make a private story with no users"))
if story.private:
stories_api.update_permission(updated_story, users)
user_id = request.current_user_id
events_api.story_details_changed_event(story_id, user_id,
updated_story.title)
return create_story_wmodel(updated_story)