def get_project_post(id):
limit = request.args.get('limit')
offset = request.args.get('offset')
if limit is not None and not function.isInt(limit):
return jsonify({"error": "limit is not an integer"}), 400
if offset is not None and not function.isInt(offset):
return jsonify({"error": "offset is not an integer"}), 400
dataCount = database.getProjectPostsCount(id)
data = database.getProjectPosts(id, limit, offset)
if data is None:
return jsonify({"error": "No results found"}), 404
else:
project = database.getProjectByID(id)
if (project['projectVisibility'] == 'PRIVATE'):
userRole = function.getProjectUserRole(get_jwt_identity(), id)
if not function.isProjectMember(userRole):
return jsonify(
{"error":
"Must be project member to view project posts"}), 403
for projectpost in data:
user = database.getUserInfo(str(projectpost['postUser']))
projectpost['user'] = user
dataCount['data'] = data
return jsonify(dataCount), 200
def add_post(id):
# Check if specified ID is an integer
if not function.isInt(id):
return jsonify({"error": "id is not an integer"}), 400
# Fetch form data
projectDetails = request.get_json()
title = projectDetails.get('title')
content = projectDetails.get('content')
owner = get_jwt_identity()
# Check if all data is supplied
if title is None:
return jsonify({"error": "Post title not specified"}), 400
if content is None:
return jsonify({"error": "Post content not specified"}), 400
if owner is None:
return jsonify({"error": "Project owner not specified"}), 400
if not function.isInt(owner):
return jsonify({"error": "ownerID should be string"})
# Check if project actually exists
project = database.getProjectByID(id)
if project is None:
return jsonify({"error": "Specified project does not exist"})
# Check if you have permission to post on this project
userRole = function.getProjectUserRole(get_jwt_identity(), id)
if not function.isProjectMember(userRole):
return jsonify({"error": "Must be a project member to add post"}), 403
# Add post to the database
post = database.addProjectPost(title, content, owner, id)
return jsonify(post), 201
def get_user_name():
name = request.args.get('name')
limit = request.args.get('limit')
offset = request.args.get('offset')
if limit is not None and not function.isInt(limit):
return jsonify({"error": "limit is not an integer"}), 400
if offset is not None and not function.isInt(offset):
return jsonify({"error": "offset is not an integer"}), 400
data = database.getUser(name, limit, offset)
if data is not None:
return jsonify(data), 200
else:
return jsonify({"error": "No results found"}), 404
def put_post(id):
# Check if specified ID is an integer
if not function.isInt(id):
return jsonify({"error": "id is not an integer"}), 400
# Fetch form data
postDetails = request.get_json()
content = postDetails.get('content')
if content is None:
return jsonify({"error": "Post content not specified"}), 400
# Check if post actually exists
post = database.getPostByID(id)
if post is None:
return jsonify({"error": "Specified post does not exist"})
# Check if the user trying to update the post is the post owner
if post['postUser'] != get_jwt_identity():
return jsonify({"error": "Only post owner can update post"}), 400
# Update post
data = database.updatePost(id, content)
if data is not None:
return jsonify(data), 200
else:
return jsonify({"error": "No results found"}), 404
def add_project():
# Fetch form data
projectDetails = request.get_json()
name = projectDetails.get('name')
description = projectDetails.get('description')
visibility = projectDetails.get('visibility')
owner = get_jwt_identity()
# Check if all data is supplied correctly
if name is None:
return jsonify({"error": "Project name not specified"}), 400
if description is None:
return jsonify({"error": "Project description not specified"}), 400
if visibility is None:
return jsonify({"error": "Project visibility not specified"}), 400
if visibility not in allowed_project_visibilities:
return jsonify({"error": "Project visibility not a legal value"}), 400
if owner is None:
return jsonify({"error": "Project owner not specified"}), 400
if not function.isInt(owner):
return jsonify({"error": "ownerID should be string"})
# Add project to the database
project = database.addProject(name, description, visibility, owner)
# Add owner of project to projectusers
user = database.addProjectUser(owner, project['projectID'], 'OWNER')
return jsonify(project), 201
def delete_comment(id):
# Check if specified ID is an integer
if not function.isInt(id):
return jsonify({"error": "id is not an integer"}), 400
# Check if comment actually exists
comment = database.getCommentByID(id)
if comment is None:
return jsonify({"error": "Specified comment does not exist"})
# Check if the user trying to delete the post is the post owner
post = database.getPostByID(str(comment['commentPost']))
userRole = function.getProjectUserRole(get_jwt_identity(),
post['postProject'])
if not function.isProjectAdmin(userRole):
if comment['commentUser'] != get_jwt_identity():
return jsonify(
{"error":
"Must be admin to delete comment of other user"}), 400
# Delete comment
commentDeleted = database.deleteComment(id)
if commentDeleted is True:
return jsonify({"Info": "Comment deleted successfully"}), 200
else:
return jsonify({"error":
"Something went wrong deleting the comment"}), 500
def del_project_user(id):
# Check if specified ID is an integer
if not function.isInt(id):
return jsonify({"error": "id is not an integer"}), 400
# Fetch form data
projectDetails = request.get_json()
user = projectDetails.get('user')
if user is None:
return jsonify({"error": "Projectuser id not specified"}), 400
# Check if project actually exists
project = database.getProjectByID(id)
if project is None:
return jsonify({"error": "Specified project does not exist"})
# Retrieve projectrole of user
userRole = function.getProjectUserRole(get_jwt_identity(), id)
# Retrieve projectrole of target
targetRole = function.getProjectUserRole(user, id)
# Check if both users are part of the same project
if userRole is None:
return jsonify({"error":
"Must be a project member to delete users"}), 403
elif targetRole is None:
return jsonify(
{"error": "Target user is not a member of specified project"}), 403
# User is trying to delete somebody else
if not (str(get_jwt_identity()) == str(user)):
if userRole not in ['ADMIN', 'OWNER']:
return jsonify({
"error":
"Cannot delete project users without ADMIN or OWNER status"
}), 403
elif targetRole == 'OWNER':
return jsonify({"error":
"Cannot delete the owner of a project"}), 403
elif targetRole == 'ADMIN':
if userRole != 'OWNER':
return jsonify({
"error":
"Cannot delete a project admin without OWNER permission"
}), 403
# User is trying to deleting himself, check that he is not the owner of the project
else:
if userRole == 'OWNER':
return jsonify(
{"error": "Cannot delete yourself from your own project"}), 403
# Delete project user
if database.deleteProjectUser(id, user):
return jsonify({"Info": "Projectuser deleted successfully"}), 200
else:
return jsonify(
{"erorr": "Something went wrong deleting the projectuser"}), 500
def get_user(id):
# Check if specified ID is an integer
if not function.isInt(id):
return jsonify({"error": "id is not an integer"}), 400
data = database.getUserByID(id)
if data is not None:
return jsonify(data), 200
else:
return jsonify({"error": "No results found"}), 404
def get_project():
name = request.args.get('name')
limit = request.args.get('limit')
offset = request.args.get('offset')
if limit is not None and not function.isInt(limit):
return jsonify({"error": "limit is not an integer"}), 400
if offset is not None and not function.isInt(offset):
return jsonify({"error": "offset is not an integer"}), 400
dataCount = database.getProjectsCount(name)
data = database.getProjects(name, limit, offset)
if data is None:
return jsonify({"error": "No results found"}), 404
else:
for project in data:
user = database.getUserInfo(str(project['projectOwner']))
project['owner'] = user
dataCount['data'] = data
return jsonify(dataCount), 200
def get_post(id):
# Check if specified ID is an integer
if not function.isInt(id):
return jsonify({"error": "id is not an integer"}), 400
data = database.getPostByID(id)
if data is None:
return jsonify({"error": "No results found"}), 404
else:
user = database.getUserInfo(str(data['postUser']))
data['user'] = user
return jsonify(data), 200
def put_project_user(id):
# Check if specified ID is an integer
if not function.isInt(id):
return jsonify({"error": "id is not an integer"}), 400
# Fetch form data
projectDetails = request.get_json()
user = projectDetails.get('user')
role = projectDetails.get('role')
# Check if all data is supplied
if user is None:
return jsonify({"error": "Projectuser id not specified"}), 400
if role is None:
return jsonify({"error": "Projectuser role not specified"}), 400
if role not in allowed_projectUser_states:
return jsonify({"error": "Projectuser role not a legal value"}), 400
# Check if project actually exists
project = database.getProjectByID(id)
if project is None:
return jsonify({"error": "Specified project does not exist"})
# Check that you are not trying to change project owner
if role == 'OWNER':
return jsonify({"error":
"Cannot set or tranfer project ownership"}), 403
# Retrieve projectrole of user
userRole = function.getProjectUserRole(get_jwt_identity(), id)
# If user issuing the request is not changing his own data, check if user is admin
if not (str(get_jwt_identity()) == user):
if not function.isProjectAdmin(userRole):
return jsonify(
{"error": "Must be a project admin to update user roles"}), 403
# If user issuing the request is changing own data, he can only change himself from invited to user
elif userRole == 'INVITED':
if role != 'USER':
return jsonify({
"error":
"May only change your own role from pending to user"
}), 403
else:
return jsonify(
{"error":
"May only change your own role from pending to user"}), 403
data = database.updateProjectUser(id, user, role)
if data is not None:
return jsonify(data), 200
else:
return jsonify({"error": "No results found"}), 404
def get_post_comments(id):
# Check if specified ID is an integer
if not function.isInt(id):
return jsonify({"error": "id is not an integer"}), 400
data = database.getPostComments(id)
if data is None:
return jsonify({"error": "No results found"}), 404
else:
for comment in data:
user = database.getUserInfo(str(comment['commentUser']))
comment['user'] = user
data = function.nest_comments(data)
return jsonify(data), 200
def get_project_id(id):
# Check if specified ID is an integer
if not function.isInt(id):
return jsonify({"error": "id is not an integer"}), 400
data = database.getProjectByID(id)
if data is None:
return jsonify({"error": "No results found"}), 404
else:
if (data['projectVisibility'] == 'PRIVATE'):
userRole = function.getProjectUserRole(get_jwt_identity(), id)
if not function.isProjectMember(userRole):
return jsonify(
{"error": "Must be project member to view project"}), 403
user = database.getUserInfo(str(data['projectOwner']))
data['owner'] = user
return jsonify(data), 200
def get_project_users(id):
# Check if specified ID is an integer
if not function.isInt(id):
return jsonify({"error": "id is not an integer"}), 400
# Check if project actually exists
project = database.getProjectByID(id)
if project is None:
return jsonify({"error": "Specified project does not exist"})
data = database.getProjectUsers(id)
if data is None:
return jsonify({"error": "No results found"}), 404
else:
for projectuser in data:
user = database.getUserInfo(str(projectuser['User_userID']))
projectuser['user'] = user
return jsonify(data), 200
def get_user_projects(id):
# Check if specified ID is an integer
if not function.isInt(id):
return jsonify({"error": "id is not an integer"}), 400
# Check if user actually exists
user = database.getUserByID(id)
if user is None:
return jsonify({"error": "Specified user does not exist"})
data = database.getUserProjects(id)
if data is None:
return jsonify({"error": "No results found"}), 404
else:
for projectuser in data:
project = database.getProjectByID(
str(projectuser['Project_projectID']))
projectuser['project'] = project
return jsonify(data), 200
def del_user(id):
# Check if specified ID is an integer
if not function.isInt(id):
return jsonify({"error": "id is not an integer"}), 400
# Check if token identity corresponds to the user being deleted
if not (int(id) == get_jwt_identity()):
return jsonify({"error": "Not allowed to delete this user"}), 403
# Check if user actually exists
user = database.getUserByID(id)
if user is None:
return jsonify({"error": "Specified user does not exist"})
# Delete user
if database.deleteUser(id):
return jsonify({"Info": "User deleted successfully"}), 200
else:
return jsonify({"erorr": "Something went wrong deleting user"}), 500
def put_user(id):
# Check if specified ID is an integer
if not function.isInt(id):
return jsonify({"error": "id is not an integer"}), 400
# Check if token identity corresponds to the user being updated
if not (int(id) == get_jwt_identity()):
return jsonify(
{"error": "Not allowed to update this users information"}), 403
# Fetch form data
userDetails = request.get_json()
name = userDetails.get('name')
password = userDetails.get('password')
# Check if all data is supplied
if name is None:
return jsonify({"error": "Username not specified"}), 400
if password is None:
return jsonify({"error": "Password not specified"}), 400
# Check if user actually exists
user = database.getUserByID(id)
if user is None:
return jsonify({"error": "Specified user does not exist"})
# Check is username and password comply to the requirements
username_message = function.check_username(name)
password_message = function.check_password(password)
if (username_message is not "ok"):
return jsonify({"error": username_message}), 400
elif (password_message is not "ok"):
return jsonify({"error": password_message}), 400
# Hash the userpassword for secure storage
hashedpass = function.hash_password(password)
data = database.updateUser(id, name, hashedpass)
if data is not None:
return jsonify(data), 200
else:
return jsonify({"error": "No results found"}), 404
def get_user_posts(id):
# Check if specified ID is an integer
if not function.isInt(id):
return jsonify({"error": "id is not an integer"}), 400
# Check if user actually exists
user = database.getUserByID(id)
if user is None:
return jsonify({"error": "Specified user does not exist"})
data = database.getUserPosts(id)
if data is None:
return jsonify({"error": "No results found"}), 404
else:
userPosts = []
for post in data:
project = database.getProjectByID(str(post['postProject']))
post['project'] = project
if project is not None:
userPosts.append(post)
return jsonify(userPosts), 200
def del_project(id):
# Check if specified ID is an integer
if not function.isInt(id):
return jsonify({"error": "id is not an integer"}), 400
# Check if project actually exists
project = database.getProjectByID(id)
if project is None:
return jsonify({"error": "Specified project does not exist"})
# Check if you are the owner of the project you are trying to delete
userRole = function.getProjectUserRole(get_jwt_identity(), id)
if not function.isProjectOwner(userRole):
return jsonify({"error":
"Must be project owner to delete a project"}), 403
# Delete project
if database.deleteProject(id):
return jsonify({"Info": "Project deleted successfully"}), 200
else:
return jsonify({"erorr":
"Something went wrong deleting the project"}), 500
def add_comment(id):
# Check if specified ID is an integer
if not function.isInt(id):
return jsonify({"error": "id is not an integer"}), 400
# Fetch form data
postDetails = request.get_json()
content = postDetails.get('content')
parent = postDetails.get('parent')
# Swap userID for JWT id
userID = get_jwt_identity()
if content is None:
return jsonify({"error": "Comment content not specified"}), 400
if userID is None:
return jsonify({"error": "Comment user id not specified"}), 400
# Check if post actually exists
post = database.getPostByID(id)
if post is None:
return jsonify({"error": "Specified post does not exist"}), 400
# Check if you have permission to comment on this post
userRole = function.getProjectUserRole(get_jwt_identity(), post['postProject'])
if not function.isProjectMember(userRole):
return jsonify({"error": "Must be a project member to comment on this post"}), 403
# Check if parent actually exists
if parent is not None:
comment = database.getCommentByID(str(parent))
if comment is None:
return jsonify({"error": "Parent comment does not exist"}), 400
# Add comment
comment = database.addPostComment(content, parent, userID, id)
user = database.getUserByID(str(comment['commentUser']))
comment['user'] = user
return jsonify(comment), 201
def put_project(id):
# Check if specified ID is an integer
if not function.isInt(id):
return jsonify({"error": "id is not an integer"}), 400
# Fetch form data
projectDetails = request.get_json()
title = projectDetails.get('title')
content = projectDetails.get('content')
visibility = projectDetails.get('visibility')
# Check if all data is supplied
if title is None:
return jsonify({"error": "Project title not specified"}), 400
if content is None:
return jsonify({"error": "Project content not specified"}), 400
if visibility is None:
return jsonify({"error": "Project visibility not specified"}), 400
if visibility not in allowed_project_visibilities:
return jsonify({"error": "Project visibility not a legal value"}), 400
# Check if project actually exists
project = database.getProjectByID(id)
if project is None:
return jsonify({"error": "Specified project does not exist"})
# Check if you have permission to update the project
userRole = function.getProjectUserRole(get_jwt_identity(), id)
if not function.isProjectAdmin(userRole):
return jsonify(
{"error": "Must be a project admin to update the project"}), 403
data = database.updateProject(id, title, content, visibility)
if data is not None:
return jsonify(data), 200
else:
return jsonify({"error": "No results found"}), 404
