def mutate_and_get_payload(root, info, **input):
user = info.context.user or None
if user.is_anonymous:
raise GraphQLError('User not authenticated.')
new_post = Post(**input, posted_by=user)
new_post.save()
return CreatePost(post=new_post, author=new_post.posted_by)
def create_post(user_id, community_id, post_title, post_body):
# This function can only be called when user is logged in
# So the user id must be a valid one because it's derived from the session handler
# input: (int, int, str, str)
# Create a new post
community = Community.query.filter(Community.id == community_id).first()
user_obj = User.query.filter(User.id == user_id).first()
if user_obj is None:
raise ValueError("user doesn't exist")
if community is None:
raise ValueError("community doesn't exist")
if user_obj in community.banned_users:
raise PermissionError("user {} is banned on {}".format(
user_obj, community))
if community.is_private and user_obj not in community.users:
raise PermissionError("community {} is private".format(community))
# Create it now
post_obj = Post(user_id=user_id,
community_id=community_id,
title=post_title,
body=post_body)
db.session.add(post_obj)
try:
db.session.commit()
except (exc.IntegrityError, exc.InterfaceError):
# if the title or body is None, IntegrityError
db.session.rollback()
raise
def createPost():
if not request.is_json:
return jsonify({"msg": "Missing JSON in request"}), 400
dog_id = request.json.get('dogId', None)
image_url = request.json.get('imageUrl', None)
body = request.json.get('body', None)
if not dog_id:
return {"msg": "Dog not found"}, 400
if not image_url:
return {"msg": "Please upload a photo"}, 400
post = Post(dog_id=dog_id, image_url=image_url, body=body)
db.session.add(post)
db.session.commit()
return post.to_dict(), 200
def new_post():
form = PostForm()
if form.validate_on_submit():
post = Post(title=form.title.data,
content=form.content.data,
author=current_user)
db.session.add(post)
db.session.commit()
flash('Your post has been created!', 'success')
return redirect(url_for('main.home'))
return render_template('create_post.html',
title='New Post',
form=form,
legend='New Post')
def delete_post(event_id, post_id):
user_id = auth.check_token(request.headers.get('session'))
if not user_id:
return "Unauthorized request: Bad session token", 401
user = Organizer.find_id(user_id)
if not user:
return "Unauthorized request: User doesn't have permission", 401
event = Event.find_event(event_id)
if not event:
return "Event not found", 404
post = Post.find_id(post_id)
if not post:
return "Post not found", 404
post.delete()
return 'Post deleted'
def get_post(event_id, post_id):
user_id = auth.check_token(request.headers.get('session'))
if not user_id:
return "Unauthorized request: Bad session token", 401
user = User.find_id(user_id)
if not user:
return "User not found", 404
event = Event.find_event(event_id)
if not event:
return "Event not found", 404
attended_ids = [evt.id for evt in user.events]
if not (event.id in attended_ids or user.type == "organizer"):
return "Unauthorized request: User doesn't have permission"
post = Post.find_id(post_id)
if not post:
return "Post not found", 404
return post.to_json()
def all_posts(event_id):
user_id = auth.check_token(request.headers.get('session'))
if not user_id:
return "Unauthorized request: Bad session token", 401
user = User.find_id(user_id)
if not user:
return "User not found", 404
event = Event.find_event(event_id)
if not event:
return "Event not found", 404
attended_ids = [evt.id for evt in user.events]
if not (event.id in attended_ids or user.type == "organizer"):
return "Unauthorized request: User doesn't have permission"
posts = []
for p in Post.objects(event=event):
posts.append(p.to_dict())
return json.dumps(posts), 200, jsonType
def update_post(event_id, post_id):
user_id = auth.check_token(request.headers.get('session'))
if not user_id:
return "Unauthorized request: Bad session token", 401
user = Organizer.find_id(user_id)
if not user:
return "Unauthorized request: User doesn't have permission", 401
event = Event.find_event(event_id)
if not event:
return "Event not found", 404
post = Post.find_id(post_id)
if not post:
return "Post not found", 404
for key, value in request.get_json().items():
if not key.startswith('_'): # Some security
setattr(post, key, value)
post.save()
return post.to_json()
def new_post():
form = PostForm()
# If the form is filled in correctly populate the post data
# and commit the new data to the database
if form.validate_on_submit():
post = Post(
title=form.title.data,
content=form.content.data,
author=current_user,
percentage=form.percentage.data,
price=form.price.data,
place=form.place.data,
turnover=form.turnover.data,
field=form.field.data,
)
db.session.add(post)
db.session.commit()
flash("Post has been created!", "success")
return redirect(url_for('company_list'))
return render_template("create_post.html",
title="Add Post",
form=form,
legend="New Post")
def create_post(event_id):
user_id = auth.check_token(request.headers.get('session'))
if not user_id:
return "Unauthorized request: Bad session token", 401
organizer = Organizer.find_id(user_id)
if not organizer:
return "Unauthorized request: User doesn't have permission", 401
event = Event.find_event(event_id)
if not event:
return "Event not found", 404
body = request.get_json()
post = Post()
post.event = event
post.author = organizer
post.time = datetime.utcnow()
post.image = body.get('image')
post.title = body.get('title')
post.body = body.get('body')
post.notif = body.get('notif')
post.save()
if not post.id:
return "Error creating post", 500
# If post.notif, send text message to all attendees
return post.to_json()