def set_blog(post, json, user):
if json is not None:
if "blog" in json:
blog = Blog.get_or_none(Blog.id == json["blog"])
if blog is not None:
# admin can save to any blog
if user.is_admin:
post.blog = blog
return
role = Blog.get_user_role(blog, user)
# if user not in blog - then he can't save post here
if role is None:
return BlogError.NoAccess
# if blog is open - anyone can post here
if blog.blog_type == 1:
post.blog = blog
# if blog is closed or hidden - only writers and admins can
# save posts here
elif blog.blog_type == 2 or blog.blog_type == 3:
if role < 3:
post.blog = blog
else:
return BlogError.NoAccess
else:
return BlogError.NoBlog
def _delete_post(post):
if post is None:
return errors.not_found()
user = get_user_from_request()
if post.creator == user or user.is_admin:
Comment.delete().where((Comment.object_type == "post")
& (Comment.object_id == post.id)).execute()
TagMark.delete().where(TagMark.post == post).execute()
post.delete_instance()
return jsonify({"success": 1})
if post.blog is None:
return errors.no_access()
role = Blog.get_user_role(post.blog, user)
# only blog owner can delete posts
if role != 1:
return errors.no_access()
Comment.delete().where((Comment.object_type == "post")
& (Comment.object_id == post.id)).execute()
TagMark.delete().where(TagMark.post == post).execute()
post.delete_instance()
return jsonify({"success": 1})
def _edit_post(post):
if post is None:
return errors.not_found()
user = get_user_from_request()
role = Blog.get_user_role(post.blog, user)
if post.creator == user or role == 1 or user.is_admin:
json = request.get_json()
error = set_blog(post, json, user)
if error is not None:
error_response = {
BlogError.NoBlog: errors.blog_not_found(),
BlogError.NoAccess: errors.blog_no_access(),
}[error]
return error_response
fill_post_from_json(post, json)
if not validate_url(post):
return errors.post_url_already_taken()
post.save()
set_tags_for_post(post, json)
manage_jam_entries(post, json)
return jsonify({"success": 1, "post": post.to_json()})
else:
return errors.no_access()
def invites(url):
"""Пригласить пользователя или принять инвайт"""
blog = Blog.get_or_none(Blog.url == url)
if blog is None:
return errors.not_found()
user = get_user_from_request()
json = request.get_json()
if "invite" in json:
invite = BlogInvite.get_or_none(BlogInvite.id == json["invite"])
if invite is None:
return errors.invite_not_found()
if invite.user_to.id != user.id:
return errors.no_access()
invite.is_accepted = True
invite.save()
BlogParticipiation.create(blog=invite.blog, user=user, role=invite.role)
return jsonify({"success": 1})
elif "user" in json and "role" in json:
user_to = User.get_or_none(User.id == json["user"])
if user_to is None:
return errors.not_found()
role = Blog.get_user_role(blog, user)
if role is None:
return errors.no_access()
role_to = json["role"]
roles = {"owner": 1, "writer": 2, "reader": 3}
if role_to not in roles:
return errors.invite_wrong_role()
role_to = roles[role_to]
if role > role_to:
return errors.no_access()
invite = BlogInvite.create(
blog=blog, user_from=user, user_to=user_to, role=role_to
)
Notification.create(
user=user,
created_date=datetime.datetime.now(),
text='Вас пригласили в блог "{0}"'.format(blog.title),
object_type="invite",
object_id=invite.id,
)
return jsonify({"success": 1, "invite": invite.id})
def delete_blog(url):
"""Удалить блог"""
blog = Blog.get_or_none(Blog.url == url)
if blog is None:
return errors.not_found()
user = get_user_from_request()
role = Blog.get_user_role(blog, user)
if role != 1:
return errors.no_access()
blog.delete_instance()
return jsonify({"success": 1})
def edit_blog(url):
"""Изменить блог"""
blog = Blog.get_or_none(Blog.url == url)
if blog is None:
return errors.not_found()
user = get_user_from_request()
role = Blog.get_user_role(blog, user)
if role != 1:
return errors.no_access()
fill_blog_from_json(blog, request.get_json())
if not validate_url(blog):
return errors.blog_url_already_taken()
blog.save()
return jsonify({"success": 1, "blog": blog.to_json()})