class UserFollowingUpdate(Resource):
@api.login_required(oauth_scopes=['users:write'])
@api.permission_required(permissions.OwnerRolePermission())
@api.permission_required(permissions.WriteAccessPermission())
@api.response(schemas.UserSchema())
def patch(self, uid):
"""Follow a new user
"""
# TODO: do not follow himself
with api.commit_or_abort(
db.session,
default_error_message="Failed to update following relationships"
):
user = User.query.get_or_404(current_user.id)
user.follows(uid)
return user
@api.login_required(oauth_scopes=['users:write'])
@api.permission_required(permissions.OwnerRolePermission())
@api.permission_required(permissions.WriteAccessPermission())
@api.response(schemas.UserSchema())
def delete(self, uid):
"""Un-follow a user
"""
# TODO: do not follow himself
with api.commit_or_abort(
db.session,
default_error_message="Failed to update following relationships"
):
user = User.query.get_or_404(current_user.id)
user.unfollows(uid)
return user
def test_WriteAccessPermission_authenticated_user(authenticated_user_instance):
authenticated_user_instance.is_regular_user = True
with permissions.WriteAccessPermission():
pass
authenticated_user_instance.is_regular_user = False
with pytest.raises(HTTPException):
with permissions.WriteAccessPermission():
pass
class SingleStory(Resource):
@api.response(StorySchema())
def get(self, story_id):
""" Get details of a story"""
return Story.get(story_id=story_id)
@api.login_required(oauth_scopes=['stories:write'])
@api.permission_required(
permissions.OwnerRolePermission,
kwargs_on_request=lambda kwargs: {'obj': kwargs['story']})
@api.parameters(UpdateStoryParameters())
@api.response(StorySchema())
def patch(self, args, story_id):
""" Update a story"""
with api.commit_or_abort(
db.session, default_error_message="Failed to patch a story."):
Story.query.filter_by(id=story_id).update(dict(args))
return Story.get(story_id=story_id)
@api.login_required(oauth_scopes=['stories:write'])
@api.permission_required(
permissions.OwnerRolePermission,
kwargs_on_request=lambda kwargs: {'obj': kwargs['story']})
@api.permission_required(permissions.WriteAccessPermission())
def delete(self, story_id):
""" Delete a specifici story (TODO)"""
pass
class UserByID(Resource):
"""
Manipulations with a specific user.
"""
@api.permission_required(
permissions.OwnerRolePermission,
kwargs_on_request=lambda kwargs: {'obj': kwargs['user']}
)
@api.response(schemas.UserSchema())
def get(self, user):
"""
Get user details by ID.
"""
return user
@api.login_required(oauth_scopes=['users:write'])
@api.permission_required(
permissions.OwnerRolePermission,
kwargs_on_request=lambda kwargs: {'obj': kwargs['user']}
)
@api.permission_required(permissions.WriteAccessPermission())
@api.parameters(parameters.PatchUserDetailsParameters())
@api.response(schemas.UserSchema())
def patch(self, args, user):
"""
Patch user details by ID.
"""
with api.commit_or_abort(
db.session,
default_error_message="Failed to update user details."
):
parameters.PatchUserDetailsParameters.perform_patch(args, user)
db.session.merge(user)
return user
class DatasetStoryLinkAction(Resource):
"""
Manipulations with a dataset-story link.
"""
@api.login_required(oauth_scopes=['stories:write'])
@api.response(DatasetSchema(only=['id', 'story_count']))
def patch(self, story_id, dataset_id):
"""Create a new link between a story and a dataset
"""
with api.commit_or_abort(
db.session,
default_error_message="Failed to link a story and dataset."
):
user = current_user
# Check existence of dataset and story
dataset = Dataset.get(id=dataset_id)
story = Story.get(story_id=story_id)
sd = StoryDatasetAssociation(
story_id=story.id, dataset_id=dataset.id,
linker_id=user.id
)
db.session.add(sd)
return dataset
@api.login_required(oauth_scopes=['stories:write'])
@api.permission_required(permissions.WriteAccessPermission())
@api.response(DatasetSchema(only=['id', 'story_count']))
def delete(self, story_id, dataset_id):
"""Remove the link between a dataset and a story
"""
with api.commit_or_abort(
db.session,
default_error_message="Failed to unlink a story and dataset."
):
user = current_user
# Check existence of dataset and story
dataset = Dataset.get(id=dataset_id)
story = Story.get(story_id=story_id)
# TODO: unauthorized to unlink others' post.
sd = StoryDatasetAssociation.query.filter_by(
story_id=story.id, dataset_id=dataset.id,
linker_id=user.id
).first()
if sd is not None:
db.session.delete(sd)
else:
raise CatalogException('Unlinked already')
return dataset
class SingleDatasetResource(Resource):
"""
Manipulations with a specific dataset.
"""
@api.response(DatasetSchema())
def get(self, dataset):
""" Get a specific dataset
"""
return dataset
@api.login_required(oauth_scopes=['datasets:write'])
@api.permission_required(
permissions.OwnerRolePermission,
kwargs_on_request=lambda kwargs: {'obj': kwargs['dataset']}
)
@api.permission_required(permissions.WriteAccessPermission())
@api.parameters(PatchDatasetParameters())
@api.response(DatasetSchema())
def patch(self, args, dataset):
""" Update a dataset
"""
with api.commit_or_abort(
db.session,
default_error_message="Failed to patch a dataset."
):
PatchDatasetParameters.perform_patch(args, dataset)
db.session.merge(dataset)
return dataset
@api.login_required(oauth_scopes=['datasets:write'])
@api.permission_required(
permissions.OwnerRolePermission,
kwargs_on_request=lambda kwargs: {'obj': kwargs['dataset']}
)
@api.permission_required(permissions.WriteAccessPermission())
@api.response(code=HTTPStatus.CONFLICT)
def delete(self, dataset):
""" Delete a specific dataset (TODO)"""
with api.commit_or_abort(
db.session,
default_error_message="Failed to delete a dataset."
):
Dataset.delete(dataset=dataset)
class SinglePublisher(Resource):
@api.response(PublisherSchema())
def get(self, publisher_id):
return Publisher.get(publisher_id=publisher_id)
@api.parameters(UpdatePublisherParameters())
@api.response(PublisherSchema())
def patch(self, args, publisher_id):
with api.commit_or_abort(
db.session,
default_error_message="Failed to patch a publisher."):
Publisher.query.filter_by(id=publisher_id).update(dict(args))
return Publisher.get(publisher_id=publisher_id)
@api.login_required(oauth_scopes=['datasets:write'])
@api.permission_required(
permissions.OwnerRolePermission,
kwargs_on_request=lambda kwargs: {'obj': kwargs['publisher']})
@api.permission_required(permissions.WriteAccessPermission())
def delete(self, publisher_id):
pass
class SingleOrganization(Resource):
@api.response(OrganizationSchema())
def get(self, org_id):
return Organization.get(org_id=org_id)
@api.login_required(oauth_scopes=['datasets:write'])
@api.parameters(UpdateOrganizationParameters())
@api.response(OrganizationSchema())
def patch(self, args, org_id):
with api.commit_or_abort(
db.session,
default_error_message="Failed to patch a organization."):
Organization.query.filter_by(id=org_id).update(dict(args))
return Organization.get(org_id=org_id)
@api.login_required(oauth_scopes=['datasets:write'])
@api.permission_required(
permissions.OwnerRolePermission,
kwargs_on_request=lambda kwargs: {'obj': kwargs['organization']})
@api.permission_required(permissions.WriteAccessPermission())
def delete(self, org_id):
pass
class SingleComment(Resource):
@api.response(CommentSchema())
def get(self, comment):
""" Get a specific comment"""
return comment
@api.login_required(oauth_scopes=['comments:write'])
@api.permission_required(
permissions.OwnerRolePermission,
kwargs_on_request=lambda kwargs: {'obj': kwargs['comment']}
)
@api.parameters(UpdateCommentParameters())
@api.response(CommentSchema())
def patch(self, args, comment):
""" Update a comment posted by current user"""
with api.commit_or_abort(
db.session,
default_error_message="Failed to patch a comment."
):
UpdateCommentParameters.perform_patch(args, comment)
db.session.merge(comment)
return comment
@api.login_required(oauth_scopes=['comments:write'])
@api.permission_required(
permissions.OwnerRolePermission,
kwargs_on_request=lambda kwargs: {'obj': kwargs['comment']}
)
@api.permission_required(permissions.WriteAccessPermission())
def delete(self, comment):
""" Remove a comment posted by current user"""
with api.commit_or_abort(
db.session,
default_error_message="Failed to delete a comment."
):
Comment.delete(comment=comment)