def vote(cls, question_id, user_email, score, **__):
assert -1 <= score <= 1, "vote must be -1, 0 or 1"
question = Question.get(question_id, user_email)
assert question, "no question found that user has permission to access"
vote = Question._update_vote(question_id, user_email, score)
new_score = question['score'] + vote['delta']
new_upvotes = question['upvotes']
new_downvotes = question['downvotes']
if vote['delta'] == -2:
new_upvotes -= 1
new_downvotes += 1
elif vote['delta'] == -1:
new_downvotes += 1
elif vote['delta'] == 1:
new_upvotes += 1
elif vote['delta'] == 2:
new_upvotes += 1
new_downvotes -= 1
question_command = DB.questions.update(
).where(
DB.questions.columns.id == question_id
).values(
score=new_score,
upvotes=new_upvotes,
downvotes=new_downvotes
).returning(*DB.questions.columns)
return r2d(
DB.ex(
question_command
).fetchone()
)
def _update_vote(cls, question_id, user_email, score):
vote_clause = (
(DB.question_votes.columns.q_id == question_id) &
(DB.question_votes.columns.user_email == user_email)
)
vote = r2d(DB.ex(DB.question_votes.select(vote_clause)).fetchone())
if vote:
prev_score = vote.get("score", 0)
vote_command = DB.question_votes.update(
).where(
vote_clause
).values(
score=score
)
else:
prev_score = 0
vote_command = DB.question_votes.insert(dict(
q_id=question_id,
user_email=user_email,
score=score,
))
DB.ex(vote_command)
return {
"prev_vote_score": prev_score,
"new_vote_score": score,
"delta": score - prev_score,
}
def get(cls, question_id, user_email, **__):
question = r2d(DB.ex(DB.questions.select(
DB.questions.columns.id == question_id
)).fetchone())
event = Event.get(question['e_id'], user_email)
assert event, "this should be unreachable since Event.get throws a PermissionError"
return Question._flag_filter(question)
def flag(cls, question_id, comment_id, user_email, comment, **__):
comment = Comment.get(question_id, comment_id, user_email)
comment_command = DB.comments.update().where(
(DB.comments.columns.q_id == question_id)
& (DB.comments.columns.id == comment_id)).values(
flagged=True,
flag_note=[comment]).returning(*DB.comments.columns)
return r2d(DB.ex(comment_command).fetchone())
def get(cls, user_email, **__):
assert "@" in user_email, "%s is not a valid email" % (user_email, )
get_query = DB.users.select(DB.users.columns.u_email == user_email)
user = DB.ex(get_query).fetchone()
user_domain = user.domain if user else user_email.split("@")[-1]
user_domain = _DOMAIN_MAPS.get(user_domain, user_domain)
if user:
to_ret = r2d(user)
to_ret['domain'] = user_domain
return to_ret
insert_command = DB.users.insert({
"u_email": user_email,
"domain": user_domain,
"info": {},
})
DB.ex(insert_command)
to_ret = r2d(DB.ex(get_query).fetchone())
return to_ret
def lookup(cls, event_lookup_id, user_email=None, override_auth=False):
query = DB.events.select(
DB.events.columns.lookup_id==event_lookup_id
)
event = DB.ex(query).fetchone()
if not override_auth:
if event.domain != User.get(user_email)['domain']:
raise PermissionError("No event found in the set of events user has access to")
return r2d(event)
def vote(cls, question_id, comment_id, user_email, score, **__):
assert -1 <= score <= 1, "vote must be -1, 0 or 1"
comment = Comment.get(question_id, comment_id, user_email)
vote = Comment._update_vote(question_id, comment_id, user_email, score)
new_score = comment['score'] + vote['delta']
comment_command = DB.comments.update().where(
(DB.comments.columns.q_id == question_id)
& (DB.comments.columns.id == comment_id)).values(
score=new_score).returning(*DB.comments.columns)
return r2d(DB.ex(comment_command).fetchone())
def get(cls, event_id, user_email, **__):
user = User.get(user_email)
query = DB.events.select(
(DB.events.columns.id==event_id) &
(DB.events.columns.domain==user['domain'])
)
event = DB.ex(query).fetchone()
if not event:
raise PermissionError("No event found in the set of events user has access to")
return r2d(event)
def get(cls, domain, user_email, **__):
user = User.get(user_email)
user_domain = _DOMAIN_MAPS.get(user['domain'], user['domain'])
if user_domain != domain:
raise PermissionError("%s does not have a %s email" %
(user_email, domain))
org = DB.ex(
DB.orgs.select(DB.orgs.columns.domain == domain)).fetchone()
assert org, "There is no org for the @" + user[
'domain'] + " domain yet! Are you signed in with your work account?"
return r2d(org)
def create(cls, event_lookup_id, content, **__):
event = Event.lookup(event_lookup_id, override_auth=True)
command = DB.questions.insert(dict(
e_id=event['id'],
flagged=False,
flag_note=[],
content=content,
score=0,
upvotes=0,
downvotes=0,
comment_count=0,
)).returning(*DB.questions.columns)
return r2d(DB.ex(command).fetchone())
def create(cls, title, user_email, description=None, **__):
title = title
user = User.get(user_email)
org = Org.get(user['domain'], user_email)
unique_hash = "".join("%02x"%ord(b) for b in secrets.token_bytes(16))
new_event = dict(
owner_email=user_email,
domain=user['domain'],
lookup_id=unique_hash,
moderators=list(set(org['moderators'] + [user_email])),
title=title,
description=description or title,
)
command = DB.events.insert(new_event).returning(*DB.events.columns)
return r2d(DB.ex(command).fetchone())
def _flag_filter(cls, comment):
comment = r2d(comment) or {}
if comment.get("flagged", False):
comment[
"content"] = "(this comment has been flagged as inappropriate and is being reviewed)"
return comment
def get(cls, question_id, comment_id, user_email, **__):
Question.get(question_id, user_email) # forces a permission check
comment_command = DB.comments.select(
(DB.comments.columns.id == comment_id)
& (DB.comments.columns.q_id == question_id))
return r2d(DB.ex(comment_command).fetchone())
def _flag_filter(cls, question):
question = r2d(question) or {}
if question.get("flagged", False):
question["content"] = "(this question has been flagged as inappropriate and is being reviewed)"
return question
