def get_user_images(user_id, current_user=None):
if user_id == None:
user_id = current_user.id
application = Application.get_for_user(user_id)
user = User.get(user_id)
if application is None:
raise ForbiddenException('User {} does not have access.'.format(
current_user.id))
elif not has_applicant_access(current_user, user, self_access=True):
raise ForbiddenException('User {} does not have access.'.format(
current_user.id))
return {
'info': [{
'url': image.url,
'id': image.filename
} for image in application.images]
}
def get_user_characters(user_id, current_user=None):
user = User.get(user_id)
if not has_applicant_access(current_user, user, self_access=True):
raise ForbiddenException(
'User {} does not have access.'.format(current_user))
if not db.session.query(db.exists().where(User.id == user_id)).scalar():
raise BadRequestException(
'User with id={} does not exist.'.format(user_id))
character_dict = {}
for character in db.session.query(Character).filter(
Character.user_id == user_id):
character_dict[character.id] = {
'name': character.name,
'corporation_id': character.corporation_id,
'corporation_name': character.corporation.name,
}
return {'info': character_dict}
def delete_s3(image_id, current_user=None):
image = Image.query.get(image_id)
application = Application.get_for_user(current_user.id)
if application is not None:
self_access = not application.is_submitted
has_access = has_applicant_access(current_user,
application.user,
self_access=self_access)
else:
has_access = False
if (not has_access or image is None or application is None
or application.is_submitted
or application.id != image.application_id):
raise ForbiddenException(
'User {} does not have access to image {}.'.format(
current_user.id, image_id))
else:
Image.delete(image_id, image.filename)
return {'status': 'ok'}
def release_applicant(applicant_user_id, current_user=current_user):
if not is_recruiter(current_user):
raise ForbiddenException(
'User {} is not a recruiter'.format(current_user.id))
application = Application.get_submitted_for_user(applicant_user_id)
if application is None:
raise BadRequestException(
'User {} is not in an open application.'.format(
applicant_user_id
)
)
elif not has_applicant_access(current_user, User.get(applicant_user_id)):
raise ForbiddenException('User {} does not have access to user {}'.format(
current_user.id, applicant_user_id
))
else:
application.recruiter_id = None
db.session.commit()
add_status_note(
application, 'Application released by {}.'.format(current_user.name))
return {'status': 'ok'}
def get_answers(user_id, current_user=None):
if not db.session.query(db.exists().where(User.id == user_id)).scalar():
raise BadRequestException(
'User with id={} does not exist.'.format(user_id))
user = User.get(user_id)
current_user = current_user or user
if not has_applicant_access(current_user, user, self_access=True):
raise ForbiddenException(
'User {} does not have access to user {}'.format(
current_user, user_id))
application = Application.get_for_user(user_id)
if not application:
raise BadRequestException(
'User with id={} has no application.'.format(user_id))
questions = get_questions()
response = {'questions': {}, 'has_application': False}
if application:
response['has_application'] = True
# get a dict keyed by question id of questions & answers
answers = {a.question_id: a.text for a in application.answers}
for question_id in questions:
answer = answers[question_id] if question_id in answers else ""
response['questions'][question_id] = {
'question': questions[question_id],
'user_id': user_id,
'answer': answer,
}
else:
# no application yet, create empty answers
for question_id in questions:
response['questions'][question_id] = {
'question': questions[question_id],
'user_id': user_id,
'answer': '',
}
return response
def test_has_applicant_self_access(self):
self.assertFalse(
has_applicant_access(self.user, self.applicant, self_access=True))
def test_has_applicant_access(self):
self.assertFalse(has_applicant_access(self.user, self.applicant))