def post(self, project_id=None):
self.get_channel_token()
if not project_id and not Project.valid_id(project_id):
raise HttpErrorException.bad_request('no project id')
self.project = Project.get_by_id(project_id)
if not self.project:
raise HttpErrorException.bad_request('invalid project id')
self.get_analytic_session()
if self.json_request.get('permission'):
self._add_perm()
if not self.json_request.get('permission') and self.json_request.get(
'group_id'):
self._rm_perm()
if self.json_request.get('remove_group'):
self._remove_group()
if self.json_request.get('add_attribute'):
self._add_attribute()
if self.json_request.get('title'):
self._set_title()
if self.json_request.get('up_vote'):
self._up_vote()
if self.json_request.get('down_vote'):
self._down_vote()
if self.json_request.get('shared'):
self._shared()
self.project.pw_modified_ts = datetime.datetime.now()
self.project.put()
self.user.put()
self.write_json_response(self.project.to_dict(self.user))
def delete(self, project_id=None):
if self.request.get('token_id') is None:
raise HttpErrorException.bad_request('no token id')
self.user.current_token_id = self.request.get('token_id')
if not project_id and not Project.valid_id(project_id):
raise HttpErrorException.bad_request('no project id')
project = Project.get_by_id(project_id)
if not project:
raise HttpErrorException.bad_request('invaild project id')
if not project.has_permission_delete(self.user):
raise HttpErrorException.forbidden()
trans = Transaction(action='pro_del',
user=self.user.key,
artifact=project.key,
project=project.key)
trans.put()
self.get_channel_token()
channel_tokens = ChannelToken.get_by_project_key(
project.key, self.user_channel_token)
channel_tokens = ChannelToken.remove_unauthorized_users(
channel_tokens, [project])
message = {
'user': self.get_user_channel_data(),
'transaction': trans.to_dict(self.user)
}
ChannelToken.broadcast_message(channel_tokens, message)
project.delete(self.user)
def get(self, project_id=None):
if project_id:
if not Project.valid_id(project_id):
raise HttpErrorException.bad_request('invalid project id')
self.project = Project.get_by_id(project_id)
if not self.project:
raise HttpErrorException.bad_request('invalid project id')
if not self.project.has_permission_read(self.user):
lr = tt_logging.construct_log(
msg_short=
'User does not have permission to access this project',
log_type=tt_logging.SECURITY,
request=self.request,
artifact=self.project,
request_user=self.user)
log.info(lr['dict_msg']['msg'], extra=lr)
self.redirect('/', abort=True)
self._serve_page()
elif self.request.get('type') == 'json':
self._serve_json()
def put(self, document_id=None):
if not self.json_request.get('project') and not Project.valid_id(
self.json_request.get('project')):
raise HttpErrorException.bad_request('invalid project id')
pro = Project.get_by_id(self.json_request.get('project'))
if not pro:
raise HttpErrorException.bad_request('invalid project id')
if not pro.has_permission_read(self.user):
raise HttpErrorException.forbidden()
if not self.json_request.get('title'):
raise HttpErrorException.bad_request('invalid title')
doc = Document(key=Document.create_key())
doc.project = pro.key
doc.title = self.json_request.get('title')
doc.subtitle = self.json_request.get('subtitle')
doc.author = self.json_request.get('author')
doc.version = self.json_request.get('version')
doc.date = self.json_request.get('date')
doc.copyright_text = self.json_request.get('copyright')
doc.description = self.json_request.get('description')
doc.owner.append(self.user.key)
doc_perm = Permission(permissions=Permission.init_perm_struct(
Document.operations_list),
key=Permission.create_key(),
project=pro.key)
doc_perm.artifact = doc.key
doc_perm.put()
doc.permissions = doc_perm.key
if self.user.in_org():
doc.organization = self.user.organization
doc.parent_perms = [
pro.permissions,
pro.distilled_document.get().permissions
]
doc.put()
pro.documents.append(doc.key)
indexes = self.user.get_put_index()
doc.index(indexes)
pro.pw_modified_ts = datetime.datetime.now()
pro.put()
self.write_json_response(doc.to_dict(self.user))
action_data = {'document': doc.to_dict(self.user)}
trans = Transaction(action='doc_new',
user=self.user.key,
artifact=doc.key,
project=pro.key,
action_data=action_data)
trans.put()
self.get_channel_token()
channel_tokens = ChannelToken.get_by_project_key(
pro.key, self.user_channel_token)
channel_tokens = ChannelToken.remove_unauthorized_users(
channel_tokens, [doc])
for channel_token in channel_tokens:
trans.action_data['document'] = doc.to_dict(
channel_token.user.get())
message = {
'user': self.get_user_channel_data(),
'transaction': trans.to_dict(self.user)
}
ChannelToken.broadcast_message([channel_token], message)