def delete_user(cls, request_user_id, user_delete):
user = DBUser.get_by_id(request_user_id)
dl_user = DBUser.get_by_id(user_delete)
# if not user:
# raise UserNotFoundError("user with id = %d does not exist", request_user_id)
if not dl_user:
raise UserNotFoundError("user with id = %d does not exist", user_delete)
if user.role != "manager":
raise AccessDeniedError("Not manager user cannot delete account")
else:
dl_user.delete()
def delete_comment(cls, user_id, comment_id):
# not necessary to check user_id
# if not is_id_valid(user_id):
# raise InvalidFieldError("user id is invalid", ["user_id"])
if not is_id_valid(comment_id):
raise InvalidFieldError("comment id is invalid", ["comment_id"])
user = DBUser.get_by_id(user_id)
if not user:
raise UserNotFoundError("User with id = %d does not exist" % user_id)
comment = DBComment.get_by_id(comment_id)
if not comment:
raise CommentNotFoundError(comment_id=comment_id)
# only allow commenter/post author to delete comment
if comment.user_id != user_id and comment.post.author.id != user_id:
raise AccessDeniedError("You cannot delete others comment")
try:
comment.delete()
return comment
except:
raise
def update_comment(cls, user_id, comment_id, content):
# not necessary to check user_id
# if not is_id_valid(user_id):
# raise InvalidFieldError("user id is invalid", ["user_id"])
if not is_id_valid(comment_id):
raise InvalidFieldError("comment id is invalid", ["comment_id"])
commenter = DBUser.get_by_id(user_id)
if not commenter:
raise UserNotFoundError("User with id = %d does not exist" % user_id)
comment = DBComment.get_by_id(comment_id)
if not comment:
raise CommentNotFoundError(comment_id=comment_id)
if len(content) < 10:
raise InvalidFieldError("comment is too short", ["content"])
# only allow commenter to update comment
if comment.user_id != user_id:
raise AccessDeniedError("You cannot edit others comment")
comment.content = content
try:
comment.update()
return comment
except:
raise
def find_post_by_author_pagination(cls, author_id, page=1, per_page=10):
"""
Find all post publish by specific author
:param author_id: id of author to find post by
:param page: page index begin at 1
:param per_page:
:return:
"""
# valid user if
if not is_id_valid(author_id):
raise InvalidFieldError("author id does not valid.", ["author_id"])
# confirm user existent
author = DBUser.get_by_id(author_id)
if not author:
raise UserNotFoundError("User with id = %d does not exist")
args = {"user_id": author_id}
# validate pagination info
if not is_id_valid(page):
page = 1
if int(per_page) <= 0 or int(per_page) >= 50:
per_page = 10
pagination = DBPost.pagination_get(filter_dict=args, page=page, per_page=per_page, order_by="time desc")
return pagination, author
def delete_post(cls, user_id, post_id):
user = DBUser.get_by_id(user_id)
if not user:
raise UserNotFoundError("User with id = %d does not exist" % user_id)
if not is_id_valid(post_id):
raise InvalidFieldError("Post id is invalid", ["post_id"])
post = DBPost.get_by_id(post_id)
if not post:
raise PostNotFoundError(post_id=post_id)
# only allow author and manager to delete post
if post.author.id != user_id and user.role != "manager":
raise AccessDeniedError("You don't have permission to delete this post.")
post.delete()
def update_user(cls, user_id, email=None, password=None, confirm_password=None, first_name=None, last_name=None,
brief=None, avatar=None):
try:
user = DBUser.get_by_id(user_id)
if user is None:
raise UserNotFoundError("User with id = %d does not exist" %user_id)
# validate email
if email and not is_email_address_valid(email):
raise InvalidFieldError("Email address is not valid", ["email"])
elif email:
user.email = email
if password and confirm_password:
# check matched password
if password != confirm_password:
raise InvalidFieldError("Password and confirm password does not match", ["password", "confirm_password"])
elif len(password) < 6:
raise InvalidFieldError("Password length must be at least 6 characters", ["password"])
else:
user.password = hashlib.md5(password).hexdigest()
# validate name
if first_name is not None and len(first_name) == 0:
raise InvalidFieldError("First name is in valid", ["first_name"])
elif first_name:
user.first_name = first_name
if last_name is not None and len(last_name) == 0:
raise InvalidFieldError("Last name is in valid", ["last_name"])
elif last_name:
user.last_name = last_name
if brief:
user.brief = brief
if avatar:
user.avatar = avatar
# persistent user object
user.update()
return user
except:
raise
def test_update_no_info(self):
args = {
"email": "*****@*****.**",
"password": "******",
"confirm_password": "******",
"first_name": "Editor2",
"last_name": "Nguyen",
"brief": "Hello world"
}
User.update_user(self.user_id[1])
user = DBUser.get_by_id(self.user_id[1])
self.assertEqual(user.id, self.user_id[1])
self.assertEqual(user.email, args["email"])
self.assertEqual(user.password, hashlib.md5(args["password"]).hexdigest())
self.assertEqual(user.first_name, args["first_name"])
self.assertEqual(user.last_name, args["last_name"])
self.assertEqual(user.brief, args["brief"])
def test_update_user_all_valid_field(self):
args = {
"email": "*****@*****.**",
"password": "******",
"confirm_password": "******",
"first_name": "Dzung",
"last_name": "Nguyen Tien",
"brief": "Hello world Again"
}
User.update_user(self.user_id[0], **args)
user = DBUser.get_by_id(self.user_id[0])
self.assertEqual(user.id, self.user_id[0])
self.assertEqual(user.email, args["email"])
self.assertEqual(user.password, hashlib.md5(args["password"]).hexdigest())
self.assertEqual(user.first_name, args["first_name"])
self.assertEqual(user.last_name, args["last_name"])
self.assertEqual(user.brief, args["brief"])
def update_post(cls, user_id, post_id, title=None, content=None, feature_image=None, tags=None, categories=None,
draft=False):
# only allow author or manager to edit post
user = DBUser.get_by_id(user_id)
if not user:
raise UserNotFoundError("User with id = %d does not exist" % user_id)
if not is_id_valid(post_id):
raise InvalidFieldError("Post id is invalid", ["post_id"])
post = DBPost.get_by_id(post_id)
if not post:
raise PostNotFoundError(post_id=post_id)
if post.author.id != user_id and user.role != "manager":
raise AccessDeniedError("You cannot edit post not published by you.")
if title:
post.title = title
if content:
post.content = content
elif content is not None and len(content) == 0:
raise InvalidFieldError("Post's content cannot be empty", ["content"])
if feature_image:
post.feature_image = feature_image
if tags:
post.tags = tags
if categories:
post.categories = ",".join("`%s`"%cat for cat in categories)
post.update()
return post
