def getNodeByID_api(NoteID):
sessionUser = checkCookiesSessionUser();
errorNote = { "NoteID" : NoteID, "valid": "false", "status": "notExist"}
note = db.getNotebyNoteID(NoteID);
response.content_type = 'application/json';
if (note != None):
if note['Private'] == 0 or (note['Private'] == 1 and sessionUser['UserID'] == note['UserID']):
# Is a public note or session user is the owner.
note['valid'] = "true";
note['status'] = "OK";
return json.dumps(note); # return a not empty note.
else:
errorNote['valid'] = "false";
errorNote['status'] = "You don't permissions to see this content. Sorry.";
else:
errorNote['valid'] = "false";
errorNote['status'] = "The note you're trying to read doesn't exist or was removed.";
return json.dumps(errorNote); # return error note.
if (sessionUser['UserID'] != note['UserID']):
errorNote['status'] = "You don't permissions to see this content. Sorry.";
return json.dumps(errorNote);
elif (note == None):
errorNote['status'] = "The note you're trying to read doesn't exist or was removed.";
return json.dumps(errorNote);
else:
# At this point the user is the correct one and the note is not None
note['valid'] = "true";
errorNote['status'] = "OK";
response.content_type = 'application/json'
return json.dumps(note);
def deleteNoteID(NoteID):
sessionUser = checkCookiesSessionUser();
response.content_type = 'application/json';
returnedMessage = {
"NoteID" : NoteID,
"valid" : "false",
"deleted": "false",
"status" : "You're not allowed to do this action"
}
if (sessionUser == None):
return json.dumps(returnedMessage);
note = db.getNotebyNoteID(NoteID);
if (note == None):
returnedMessage["deleted"] = "false";
returnedMessage["status"] = "This note doesn't exist on our system or has changed location";
return json.dumps(returnedMessage); # The note doesn't exist on our database
userID_note = note['UserID'];
userID_session = sessionUser['UserID'];
if (userID_note == userID_session):
if (db.deleteNote(NoteID)):
returnedMessage['valid'] = 'true';
returnedMessage['deleted'] = "true";
returnedMessage['status'] = "We have deleted your note!";
else:
returnedMessage['deleted'] = "false";
returnedMessage['status'] = "You're not allowed to delete this note.";
return json.dumps(returnedMessage);
def updateNotebyID(NoteID):
sessionUser = checkCookiesSessionUser();
if (sessionUser == None):
return redirectHome();
newTitle = request.forms.get('titleNote');
newContent = request.forms.get('contentNote');
updatedTime = datetime.now().strftime('%Y-%m-%d %H:%M:%S');
#Update fields for the note before inserting into database..
note = db.getNotebyNoteID(NoteID); #get note object from the previous note.
note['Title'] = newTitle;
note['Content'] = newContent;
note['EditedAt'] = updatedTime;
note['Color'] = request.forms.get('colorNote');
note['Private'] = request.forms.get('privateNote');
note['Published']= int(request.forms.get('publishedNote'));
if db.updateNote(note): #update the note into the database.
response.status = 303
user = db.getUserbyID(note['UserID'])
response.set_header('Location', '/'+user['Username']+'/'+note['Permalink']);
return template('singleNote', note=note, user=user); #Show login screen
return template('singleNote', note=note, user=user);
else:
#problems updating note.
return template('error', user=sessionUser)
def deleteNoteID(NoteID):
sessionUser = checkCookiesSessionUser();
if (sessionUser == None):
return template('login')
note = db.getNotebyNoteID(NoteID);
if (note == None):
return redirectHome(); # The note doesn't exist on our database
userID_note = note['UserID'];
userID_session = sessionUser['UserID'];
if (userID_note == userID_session):
if (db.deleteNote(NoteID)):
return template('note-deleted', user=sessionUser);
else:
return "Problems deleting that note<a href='/'>Go to your profile</a>"
return template('error')
else:
return redirectPrivateZone(); # Private note. Guest can't read this note