def toggle_favourite(key):
"""
'Like' a dataset
Marks the dataset as being liked by the currently active user, which can be
used for organisation in the front-end.
:param str key: Key of the dataset to mark as favourite.
:return: A JSON object with the status of the request
:return-schema: {type=object,properties={success={type=boolean},favourite_status={type=boolean}}}
:return-error 404: If the dataset key was not found
"""
try:
dataset = DataSet(key=key, db=db)
except TypeError:
return error(404, error="Dataset does not exist.")
current_status = db.fetchone("SELECT * FROM users_favourites WHERE name = %s AND key = %s",
(current_user.get_id(), dataset.key))
if not current_status:
db.insert("users_favourites", data={"name": current_user.get_id(), "key": dataset.key})
return jsonify({"success": True, "favourite_status": True})
else:
db.delete("users_favourites", where={"name": current_user.get_id(), "key": dataset.key})
return jsonify({"success": True, "favourite_status": False})
def request_token():
"""
Request an access token
Requires that the user is currently logged in to 4CAT.
:return: An object with one item `token`
:return-schema={type=object,properties={token={type=string}}}
:return-error 403: If the user is logged in with an anonymous account.
"""
if current_user.get_id() == "autologin":
# access tokens are only for 'real' users so we can keep track of who
# (ab)uses them
return error(403,
error="Anonymous users may not request access tokens.")
token = db.fetchone(
"SELECT * FROM access_tokens WHERE name = %s AND (expires = 0 OR expires > %s)",
(current_user.get_id(), int(time.time())))
if token:
token = token["token"]
else:
token = current_user.get_id() + str(time.time())
token = hashlib.sha256(token.encode("utf8")).hexdigest()
token = {
"name": current_user.get_id(),
"token": token,
"expires": int(time.time()) + (365 * 86400)
}
# delete any expired tokens
db.delete("access_tokens", where={"name": current_user.get_id()})
# save new token
db.insert("access_tokens", token)
if request.args.get("forward"):
# show HTML page
return redirect(url_for("show_access_tokens"))
else:
# show JSON response (by default)
return jsonify(token)