def describe_file(file_id, auth_dict=None): file_id = int(file_id) file_model = File.query.filter(File.id == file_id).first() if file_model is None: return "file not found", 404 caption = request.form.get('caption') if caption is None or caption == "": return "please enter a caption", 400 if not (auth_dict['is_eboard'] or auth_dict['is_rtp'] or auth_dict['uuid'] == file_model.author): if len(file_model.caption) == 0: caption = '"%s" -%s' % (caption, ldap_convert_uuid_to_displayname(auth_dict['uuid'])) else: return "Permission denied", 403 File.query.filter(File.id == file_id).update({ 'caption': caption }) db.session.flush() db.session.commit() return "ok", 200
def wrapped_function(*args, **kwargs): uuid = str(session['userinfo'].get('sub', '')) uid = str(session['userinfo'].get('preferred_username', '')) name = ldap_convert_uuid_to_displayname(uuid) is_eboard = ldap_is_eboard(uid) is_rtp = ldap_is_rtp(uid) auth_dict = {} auth_dict['uuid'] = uuid auth_dict['uid'] = uid auth_dict['name'] = name auth_dict['is_eboard'] = is_eboard auth_dict['is_rtp'] = is_rtp kwargs['auth_dict'] = auth_dict return func(*args, **kwargs)
def describe_dir(dir_id, auth_dict=None): dir_id = int(dir_id) dir_model = Directory.query.filter(Directory.id == dir_id).first() if dir_model is None: return "dir not found", 404 desc = request.form.get('description') if not (auth_dict['is_eboard'] or auth_dict['is_rtp'] or auth_dict['uuid'] == dir_model.author): if len(dir_model.description) == 0: desc = '"%s" -%s' % ( desc, ldap_convert_uuid_to_displayname(auth_dict['uuid'])) else: return "Permission denied", 403 Directory.query.filter(Directory.id == dir_id).update( {'description': desc}) db.session.flush() db.session.commit() return "ok", 200