def update(self, request, cell_id): cell = Cell.objects.get(pk=cell_id) cell_revision = CellRevision(cell=cell) form = CellUpdateForm(request.user, request.POST, instance=cell_revision) if not form.is_valid(): raise APIBadRequest(form.errors) # check for conflicts if form.instance.number > cell.revisions + 1: raise APIBadRequest({'error': 'Wrong revision number'}) elif form.instance.number < cell.revisions + 1: # lower revision number, just ignore pass else: # cell is root of shared and user is not owner then, change # values in share if cell.owner != request.user and cell.share_set.count(): # TODO # maybe we can do that with a form, instead of using # CellUpdateForm. Just to be clean and safe share = cell.share_set.get(user=request.user) share.name = form.instance.name or share.name share.parent = form.instance.parent or share.parent share.save() # change cell.name and cell.parent according to share # used only to return values, do NOT save cell.name = share.name cell.parent = share.parent return cell else: form.save() if form.instance.parent: # set all parents updated cell.get_ancestors().update(updated=datetime.now()) # find if any parent is shared, and if yes set all shares # updated time Share.objects.filter(cell__in=cell.get_ancestors()).update( updated=datetime.now()) # # if the new parent tree is shared with others then: # _recursive_update_shares(cell, request.user) return cell
def delete(self, request, cell_id, username=None): cell = Cell.objects.get(pk=cell_id) try: share_root = Share.objects.filter( Q(cell__in = cell.get_ancestors()) |\ Q(cell = cell) )[0].cell except IndexError: # cell is not shared, nothing to delete raise APIBadRequest("Cell or Tree not shared") if username: user = User.objects.get(username=username) # user if not owner and tries to delete another user from # share if request.user != share_root.owner and user != request.user: raise APIForbidden("You don't have permission to delete " "user '%s'" % user) else: # delete own share share_root.share_set.filter(user=user).delete() else: # only owner can delete everything if request.user == share_root.owner: share_root.share_set.all().delete() else: raise APIForbidden("You don't have permission to delete " "shares of cell %s" % share_root) return rc.DELETED
def read(self, request, timestamp=None): # note that the default timestamp is 24hours if not timestamp: timestamp = datetime.now() - timedelta(days=1) else: # parse timestamp try: timestamp = datetime.fromtimestamp(float(timestamp)) except (ValueError, TypeError), error_message: raise APIBadRequest({'timestamp': 'Bad timestamp format'})
def delete(self, request, droplet_id, revision_number): droplet = Droplet.objects.get(pk=droplet_id) revision = droplet.dropletrevision_set.filter(number=revision_number) if droplet.dropletrevision_set.count() == 1: # cannot delete the last revision raise APIBadRequest("Cannot delete the last revision " "of droplet %s" % droplet.id) revision.delete() return rc.DELETED
def create(self, request): if not getattr(settings, 'MELISSI_REGISTRATIONS_OPEN', False): raise APIForbidden({'register': 'Registrations are closed'}) form = UserCreateForm(request.POST) if not form.is_valid(): raise APIBadRequest(form.errors) if User.objects.filter(Q(username=form.cleaned_data['username']) |\ Q(email=form.cleaned_data['email'])).count(): raise APIBadRequest( {'error': 'email and / or username already exists'}) user = User.objects.create_user(form.cleaned_data['username'], form.cleaned_data['email'], form.cleaned_data['password']) user.first_name = form.cleaned_data['first_name'] user.last_name = form.cleaned_data['last_name'] user.save() return user
def create(self, request): cell = Cell(owner=request.user) form = CellCreateForm(request.user, request.POST, instance=cell) if not form.is_valid(): raise APIBadRequest(form.errors) form.save() rev = form.instance.cellrevision_set.all()[0] rev.resource = form.cleaned_data['resource'] rev.save() return form.instance
def create(self, request): if request.user.is_staff or request.user.is_superuser: form = UserCreateForm(request.POST) if not form.is_valid(): raise APIBadRequest(form.errors) if User.objects.filter(Q(username=form.cleaned_data['username']) |\ Q(email=form.cleaned_data['email'])).count(): raise APIBadRequest( {'error': 'email and / or username already exists'}) user = User.objects.create_user(form.cleaned_data['username'], form.cleaned_data['email'], form.cleaned_data['password']) user.first_name = form.cleaned_data['first_name'] user.last_name = form.cleaned_data['last_name'] user.save() return user else: raise APIForbidden( {'user': "******"})
def create(self, request): droplet = Droplet(owner=request.user) form = DropletCreateForm(request.user, request.POST, request.FILES, instance=droplet) if not form.is_valid(): raise APIBadRequest(form.errors) form.save() rev = form.instance.dropletrevision_set.all()[0] rev.resource = form.cleaned_data['resource'] rev.save() return form.instance
def update(self, request, user_id): """ User update call. Currently used only for password changing """ user = User.objects.get(pk=user_id) if request.user.is_staff or request.user.is_superuser or user == request.user: form = UserUpdateForm(request.POST) if not form.is_valid(): raise APIBadRequest(form.errors) user.set_password(form.cleaned_data['password']) user.save() return user else: raise APIForbidden( {'user': "******"})
def create(self, request, cell_id, username): """ If user not in shared_with add him. If user in shared_with update entry """ cell = Cell.objects.get(pk=cell_id) user = User.objects.get(username=username) cell_share, created = Share.objects.get_or_create(cell=cell, user=user) form = CellShareCreateForm(request.POST, instance=cell_share) if not form.is_valid(): raise APIBadRequest(form.errors) form.save() # _recursive_update_shares(cell, request.user) return rc.CREATED
def create(self, request, droplet_id): droplet = Droplet.objects.get(pk=droplet_id) resource, created = UserResource.objects.get_or_create( user=request.user, name=request.POST.get('resource', 'melissi')) if created: resource.save() revision = DropletRevision( resource=resource, droplet=droplet, ) form = DropletRevisionCreateForm(request.user, request.POST, request.FILES, instance=revision) if not form.is_valid(): raise APIBadRequest(form.errors) # check for conflicts if form.instance.number > droplet.revisions + 1: raise APIBadRequest({'error': 'Wrong revision number'}) elif form.instance.number < droplet.revisions + 1: # houston we have a conflict # create a new droplet new_droplet = Droplet(name=droplet.name, owner=droplet.owner, created=droplet.created, cell=droplet.cell, content=droplet.content, patch=droplet.patch, content_sha256=droplet.content_sha256, patch_sha256=droplet.patch_sha256, deleted=droplet.deleted) new_droplet.save() # delete autogenerated revisions try: new_droplet.dropletrevision_set.all().delete() except ObjectDoesNotExist: # _update_droplet will raise DoesNotExist that we # can safetly ignore, since we will create manually # the revisions pass # copy revisions for rev in droplet.dropletrevision_set.all().order_by("number"): if rev.number == form.instance.number: # don't copy conflicting revision # break since its the last to copy break new_rev = DropletRevision(droplet=new_droplet, resource=rev.resource, name=rev.name, number=rev.number, cell=rev.cell, content=rev.content, patch=rev.patch, content_sha256=rev.content_sha256, patch_sha256=rev.patch_sha256) new_rev.save() # set new_droplet droplet = new_droplet form.instance.droplet = new_droplet form.save() return droplet