def describe_file(file_id, auth_dict=None):
file_id = int(file_id)
file_model = File.query.filter(File.id == file_id).first()
if file_model is None:
return "file not found", 404
caption = request.form.get('caption')
if caption is None or caption == "":
return "please enter a caption", 400
if not (auth_dict['is_eboard']
or auth_dict['is_rtp']
or auth_dict['uuid'] == file_model.author):
if len(file_model.caption) == 0:
caption = '"%s" -%s' % (caption, ldap_convert_uuid_to_displayname(auth_dict['uuid']))
else:
return "Permission denied", 403
File.query.filter(File.id == file_id).update({
'caption': caption
})
db.session.flush()
db.session.commit()
return "ok", 200
def wrapped_function(*args, **kwargs):
uuid = str(session['userinfo'].get('sub', ''))
uid = str(session['userinfo'].get('preferred_username', ''))
name = ldap_convert_uuid_to_displayname(uuid)
is_eboard = ldap_is_eboard(uid)
is_rtp = ldap_is_rtp(uid)
auth_dict = {}
auth_dict['uuid'] = uuid
auth_dict['uid'] = uid
auth_dict['name'] = name
auth_dict['is_eboard'] = is_eboard
auth_dict['is_rtp'] = is_rtp
kwargs['auth_dict'] = auth_dict
return func(*args, **kwargs)
def describe_dir(dir_id, auth_dict=None):
dir_id = int(dir_id)
dir_model = Directory.query.filter(Directory.id == dir_id).first()
if dir_model is None:
return "dir not found", 404
desc = request.form.get('description')
if not (auth_dict['is_eboard'] or auth_dict['is_rtp']
or auth_dict['uuid'] == dir_model.author):
if len(dir_model.description) == 0:
desc = '"%s" -%s' % (
desc, ldap_convert_uuid_to_displayname(auth_dict['uuid']))
else:
return "Permission denied", 403
Directory.query.filter(Directory.id == dir_id).update(
{'description': desc})
db.session.flush()
db.session.commit()
return "ok", 200