def delete(self, thread_id, invitation_id):
"""
@api {DELETE} /threads/<String:thread_id>/invitations/<String:invitation_id> Cancel sent thread invitation
@apiGroup Thread
@apiDescription Cancel sent thread invitation
@apiSuccessExample {JSON} Success-Response:
{
ThreadInvitationModel
}
"""
caller_user_id = auth.user_id
# Verifications
# Thread verifications
thread_verifications = ThreadVerifications(value=thread_id)
# Verify user is thread owner
thread_verifications.verify_user_is_owner(user_id=caller_user_id)
# Invitation verifications
invitation_verifications = InvitationVerifications(thread_id=thread_id,
value=invitation_id)
thread_invitation_model = invitation_verifications.thread_invitation_model
# Verify user is invitation owner
invitation_verifications.verify_user_is_owner(user_id=caller_user_id)
# Update invitation and mark as deleted
ThreadInvitationHandler().delete(
thread_invitation_model=thread_invitation_model)
return thread_invitation_model.jsonify()
def delete(self, thread_id, message_id):
"""
@api {DELETE} /threads/<String:thread_id>/messages/<String:message_id> Remove thread message
@apiGroup Thread
@apiDescription Remove thread message as message owner
@apiSuccessExample {JSON} Success-Response:
{
ThreadMessageModel
}
"""
caller_user_id = auth.user_id
# Verifications
thread_verifications = ThreadVerifications(value=thread_id)
message_verifications = MessageVerifications(thread_id=thread_id,
value=message_id)
thread_message_model = message_verifications.thread_message_model
# Verify user is thread member
thread_verifications.verify_user_is_member(user_id=caller_user_id)
# Verify user is message owner
message_verifications.verify_user_is_owner(user_id=caller_user_id)
# Mark message as deleted
thread_message_model = ThreadMessageHandler().delete(
thread_message_model=thread_message_model)
return thread_message_model.jsonify()
def post(self, owner_user_id, user_ids, thread_model):
# Exclude users who are already invited or members
thread_verifications = ThreadVerifications(model=thread_model)
user_ids = [
user_id for user_id in user_ids
if not thread_verifications.check_user_is_invited(user_id)
and not thread_verifications.check_user_is_member(user_id)
]
# Create ThreadInvitationModel objects
thread_invitation_models = [
ThreadInvitationModel(user=user_id,
thread_id=thread_model.id,
invited_by=owner_user_id,
users_in_thread=thread_model.users)
for user_id in user_ids
]
# Register invitations
for thread_invitation_model in thread_invitation_models:
# Register invitation for thread
threads_invitations[thread_model.id].insert(
0, thread_invitation_model)
# Register invitation for user
users_thread_invitations[thread_invitation_model.user].insert(
0, thread_invitation_model)
return ModelsList(list_of_models=thread_invitation_models)
def post(self, thread_id, application_id):
"""
@api {POST} /threads/<String:thread_id>/applications/<String:application_id> Accept or reject received thread application
@apiGroup Thread
@apiParam (JSON param) {Boolean} accept Accept or reject the application
@apiSuccessExample {JSON} Success-Response:
{
ThreadApplicationModel
}
"""
args = self.reqparse.parse_args()
caller_user_id = auth.user_id
# Verifications
# Thread verifications
thread_verifications = ThreadVerifications(value=thread_id)
# Verify user is thread owner
thread_verifications.verify_user_is_owner(user_id=caller_user_id)
# Application verifications
application_verifications = ApplicationVerifications(
thread_id=thread_id, value=application_id)
thread_application_model = application_verifications.thread_application_model
# Verify application exists
application_verifications.verify_application_exists()
# Add user to thread, mark application as accepted or rejected
ThreadApplicationHandler().post(
thread_application_model=thread_application_model,
accept=args.accept)
return thread_application_model.jsonify()
def get(self, thread_id, invitation_id):
"""
@api {GET} /threads/<String:thread_id>/invitations/<String:invitation_id> Get sent thread invitation
@apiGroup Thread
@apiDescription Get sent thread invitation
@apiSuccessExample {JSON} Success-Response:
{
ThreadInvitationModel
}
"""
caller_user_id = auth.user_id
# Verifications
# Thread verifications
thread_verifications = ThreadVerifications(value=thread_id)
# Verify user is thread owner
thread_verifications.verify_user_is_owner(user_id=caller_user_id)
# Invitation verifications
invitation_verifications = InvitationVerifications(thread_id=thread_id,
value=invitation_id)
# Verify user is invitation owner
invitation_verifications.verify_user_is_owner(user_id=caller_user_id)
# Get thread invitation
thread_invitation_model = ThreadInvitationHandler().get(
thread_id=thread_id, invitation_id=invitation_id)
return thread_invitation_model.jsonify()
def get(self, thread_id, application_id):
"""
@api {GET} /threads/<String:thread_id>/applications/<String:application_id> Get received thread application
@apiGroup Thread
@apiDescription Get received thread application by id
@apiSuccessExample {JSON} Success-Response:
{
ThreadApplicationModel
}
"""
caller_user_id = auth.user_id
# Verifications
# Thread verifications
thread_verifications = ThreadVerifications(value=thread_id)
# Verify user is thread owner
thread_verifications.verify_user_is_owner(user_id=caller_user_id)
# Application verifications
application_verifications = ApplicationVerifications(
thread_id=thread_id, value=application_id)
# Verify application exists
application_verifications.verify_application_exists()
# Get thread application
thread_application_model = ThreadApplicationHandler().get(
thread_id=thread_id, application_id=application_id)
return thread_application_model.jsonify()
def post(self, thread_id):
"""
@api {POST} /threads/<String:thread_id>/apply Apply to thread
@apiGroup Thread
@apiSuccessExample {JSON} Success-Response:
{
ThreadApplicationModel
}
"""
caller_user_id = auth.user_id
# Verifications
thread_verifications = ThreadVerifications(value=thread_id)
thread_model = thread_verifications.thread_model
# Verify if thread exists
thread_verifications.verify_thread_exists()
# Verify it is not thread owner applying
thread_verifications.verify_user_is_not_owner(user_id=caller_user_id)
# Verify thread is not private
thread_verifications.verify_thread_is_not_private()
# Verify user did not already apply
thread_verifications.verify_user_not_applied(user_id=caller_user_id)
# Create and register application
thread_application_model = ThreadApplyHandler().post(
user_id=caller_user_id, thread_model=thread_model)
return thread_application_model.jsonify()
def post(self, thread_id, message_id):
"""
@api {POST} /threads/<String:thread_id>/messages/<String:message_id> Edit thread message
@apiGroup Thread
@apiDescription Edit thread message as message owner
@apiParam (JSON param) {String} message New message. Length 1-300
@apiSuccessExample {JSON} Success-Response:
{
ThreadMessageModel
}
"""
args = self.reqparse.parse_args()
caller_user_id = auth.user_id
# Verifications
thread_verifications = ThreadVerifications(value=thread_id)
message_verifications = MessageVerifications(thread_id=thread_id,
value=message_id)
thread_message_model = message_verifications.thread_message_model
# Verify user is thread member
thread_verifications.verify_user_is_member(user_id=caller_user_id)
# Verify user is message owner
message_verifications.verify_user_is_owner(user_id=caller_user_id)
# Verify new message length
TextVerifications(text=args.message).verify_text_length(min_l=1,
max_l=300)
# Update thread message
thread_message_model = ThreadMessageHandler().post(
thread_message_model=thread_message_model, message=args.message)
return thread_message_model.jsonify()
def get(self, thread_id, message_id):
"""
@api {GET} /threads/<String:thread_id>/messages/<String:message_id> Get thread message
@apiGroup Thread
@apiDescription Get thread message as member of thread
@apiSuccessExample {JSON} Success-Response:
{
ThreadMessageModel
}
"""
caller_user_id = auth.user_id
# Verifications
thread_verifications = ThreadVerifications(value=thread_id)
# Verify user is thread member
thread_verifications.verify_user_is_member(user_id=caller_user_id)
# Verify message exists
MessageVerifications(thread_id=thread_id,
value=message_id).verify_message_exists()
# Get thread message
thread_message_model = ThreadMessageHandler().get(
thread_id=thread_id, message_id=message_id)
return thread_message_model.jsonify()
def post(self, thread_id):
"""
@api {POST} /threads/<String:thread_id>/invite Invite users to thread
@apiGroup Thread
@apiParam (JSON param) {String[]} users List of user ids
@apiSuccessExample {JSON} Success-Response:
{
"items": ThreadInvitationModel[]
}
"""
args = self.reqparse.parse_args()
caller_user_id = auth.user_id
# Verifications
thread_verifications = ThreadVerifications(value=thread_id)
thread_model = thread_verifications.thread_model
# Verify user is owner of thread
thread_verifications.verify_user_is_owner(user_id=caller_user_id)
# Verify that owner is not inviting himself
thread_verifications.verify_excludes_owner(user_ids=args.users)
# Verify users to be invited exist and are not already invited
for user_id in args.users:
UserVerifications(value=user_id).verify_user_exists()
thread_verifications.verify_user_not_invited(user_id=user_id)
# Create and register invitations
thread_invitation_models = ThreadInviteHandler().post(
owner_user_id=caller_user_id,
user_ids=args.users,
thread_model=thread_model)
return thread_invitation_models.jsonify()
def post(self):
"""
@api {POST} /threads Create thread
@apiGroup Thread
@apiParam (JSON param) {String} name Name of the thread. Has to be unique, must not be a number, length 2-50
@apiParam (JSON param) {Boolean} private Whether the thread is to be private or not
@apiSuccessExample {JSON} Success-Response:
{
ThreadModel
}
"""
args = self.reqparse.parse_args()
user_id = auth.user_id
# Validate thread name
if ThreadVerifications(by="name",
value=args.name).check_thread_exists():
HttpException.throw_409("Thread name already taken")
elif args.name.isdigit():
HttpException.throw_422("Thread name must not be a number")
# Intentional bug with validation between 2 and 60 characters for workshop purposes
elif not validate_length(2, 60, args.name):
HttpException.throw_422(
"Thread name length must be between 2 and 50 characters")
# Create thread
thread_model = ThreadsHandler().post(user_id=user_id,
name=args.name,
private=args.private)
# Return thread
return thread_model.jsonify()
def get(self, thread_id):
"""
@api {GET} /threads/<String:thread_id> Get thread
@apiGroup Thread
@apiDescription Get thread by id
@apiSuccessExample {JSON} Success-Response:
{
ThreadModel
}
"""
# Verifications
thread_verifications = ThreadVerifications(value=thread_id)
# Verify thread exists
thread_verifications.verify_thread_exists()
thread_model = ThreadHandler().get(thread_id=thread_id)
return thread_model.jsonify()
def post(self, thread_id):
"""
@api {POST} /threads/<String:thread_id>/kick Kick users from thread
@apiGroup Thread
@apiParam (JSON param) {String[]} users List of user ids
@apiSuccessExample {JSON} Success-Response:
{
ThreadModel
}
"""
args = self.reqparse.parse_args()
caller_user_id = auth.user_id
# Verifications
thread_verifications = ThreadVerifications(value=thread_id)
thread_model = thread_verifications.thread_model
# Verify if user is owner of thread
# Intentional bug to allow non thread owners to kick people for workshop purposes
# thread_verifications.verify_user_is_owner(user_id=caller_user_id)
# Verify user is not trying to kick himself
thread_verifications.verify_excludes_owner(user_ids=args.users)
# Verify users to be kicked are members of the thread
for user_id in args.users:
thread_verifications.verify_user_is_member(user_id=user_id)
# Kick users from thread
thread_model = ThreadKickHandler().post(thread_model=thread_model,
user_ids=args.users)
return thread_model.jsonify()
def post(self, thread_id):
"""
@api {POST} /threads/<String:thread_id>/messages Send message in thread
@apiGroup Thread
@apiDescription Send message in thread as thread owner
@apiParam (JSON param) {String} message Message to send. Length 1-300
@apiSuccessExample {JSON} Success-Response:
{
ThreadMessageModel
}
"""
args = self.reqparse.parse_args()
caller_user_id = auth.user_id
# Verifications
thread_verifications = ThreadVerifications(value=thread_id)
thread_model = thread_verifications.thread_model
# Verify thread exists
thread_verifications.verify_thread_exists()
# Verify user is thread member
thread_verifications.verify_user_is_member(user_id=caller_user_id)
# Verify message length
TextVerifications(text=args.message).verify_text_length(min_l=1, max_l=300)
# Create thread message
thread_message_model = ThreadMessagesHandler().post(
thread_model=thread_model,
user_id=caller_user_id,
message=args.message
)
return thread_message_model.jsonify()
def get(self, thread_id):
"""
@api {GET} /threads/<String:thread_id>/messages Get thread messages
@apiGroup Thread
@apiDescription Get last 100 thread messages as member of thread
@apiSuccessExample {JSON} Success-Response:
{
"items": ThreadMessageModel[]
}
"""
args = self.reqparse.parse_args()
caller_user_id = auth.user_id
# Verifications
thread_verifications = ThreadVerifications(value=thread_id)
# Verify thread exists
thread_verifications.verify_thread_exists()
# Verify user is thread member
thread_verifications.verify_user_is_member(user_id=caller_user_id)
# Get thread messages
thread_message_models = ThreadMessagesHandler().get(
thread_id=thread_id,
start=args.start,
limit=args.limit
)
return thread_message_models.jsonify()
def get(self, thread_id):
"""
@api {GET} /threads/<String:thread_id>/applications Get received thread applications
@apiGroup Thread
@apiDescription Get received thread applications as thread owner
@apiSuccessExample {JSON} Success-Response:
{
"items": ThreadApplicationModel[]
}
"""
args = self.reqparse.parse_args()
caller_user_id = auth.user_id
# Verifications
thread_verifications = ThreadVerifications(value=thread_id)
# Verify thread exists
thread_verifications.verify_thread_exists()
# Verify user is thread owner
thread_verifications.verify_user_is_owner(user_id=caller_user_id)
# Get thread applications
thread_application_models = ThreadApplicationsHandler().get(
thread_id=thread_id, start=args.start, limit=args.limit)
return thread_application_models.jsonify()
def delete(self, thread_id):
"""
@api {DELETE} /threads/<String:thread_id> Delete thread
@apiGroup Thread
@apiDescription Delete thread by id as thread owner
@apiSuccessExample {JSON} Success-Response:
{
ThreadModel
}
"""
# Verifications
thread_verifications = ThreadVerifications(value=thread_id)
thread_model = thread_verifications.thread_model
# Verify if user is thread owner
thread_verifications.verify_user_is_owner(user_id=auth.user_id)
# Delete thread
thread_model = ThreadHandler().delete(thread_model=thread_model)
# Intentional bug that returns empty json instead of ThreadModel for workshop purposes
return dict()