def post(self): # Load response template template = JINJA_ENVIRONMENT.get_template("static/templates/api.json") self.response.headers["Content-Type"] = "application/json" # Session request handler current_session = Session(self) # Retrieve uploaded info upload_files = self.get_uploads("file") blob_info = upload_files[0] # Check if user can upload the photo if current_session.get_role_level() < 2: self.response.headers["Content-Type"] = "application/json" data = '{"error": "Permission denied"}' result = "FAIL" self.response.write(template.render(feature="photo", data=data, query=self.request.url, result=result)) # Remove photo from blob store blobstore.delete(blob_info.key) return None # Save photo to database photo_id = database.PhotosManager.createPhoto("", current_session.get_user_key(), 2, blob_info.key()) # Prompt response to user data = '{"photo_id": ' + str(photo_id) + "}" result = "OK" self.response.write(template.render(feature="photo", data=data, query=self.request.url, result=result))
def post(self, photo_id): # Session current_session = Session(self) # Load response template template = JINJA_ENVIRONMENT.get_template("static/templates/api.json") self.response.headers["Content-Type"] = "application/json" photo = database.PhotosManager.get_photo_by_id(int(photo_id)) if photo is None: data = '{"error": "Photo does not exist."}' result = "FAIL" else: # Check permission for this petition (only owner or admin can modify) if (photo.owner == current_session.get_user_key()) or (current_session.get_role_level() > 2): name = self.request.get("name") privacy = int(self.request.get("privacy")) database.PhotosManager.modify_photo(photo.key, name, privacy) data = '{"message": "Changes done"}' result = "OK" else: data = '{"error": "No permission to change."}' result = "FAIL" # Response result json self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
def post(self): # Load response template template = JINJA_ENVIRONMENT.get_template('static/templates/api.json') self.response.headers['Content-Type'] = 'application/json' # Session request handler current_session = Session(self) # Retrieve uploaded info upload_files = self.get_uploads("file") blob_info = upload_files[0] # Check if user can upload the photo if current_session.get_role_level() < 2: self.response.headers['Content-Type'] = 'application/json' data = '{"error": "Permission denied"}' result = "FAIL" self.response.write(template.render(feature="photo", data=data, query=self.request.url, result=result)) # Remove photo from blob store blobstore.delete(blob_info.key) return None # Save photo to database photo_id = database.PhotosManager.createPhoto("", current_session.get_user_key(), 2, blob_info.key()) # Prompt response to user data = '{"photo_id": ' + str(photo_id) + '}' result = "OK" self.response.write(template.render(feature="photo", data=data, query=self.request.url, result=result))
def post(self, photo_id): # Session current_session = Session(self) # Load response template template = JINJA_ENVIRONMENT.get_template('static/templates/api.json') self.response.headers['Content-Type'] = 'application/json' photo = database.PhotosManager.get_photo_by_id(int(photo_id)) if photo is None: data = '{"error": "Photo does not exist."}' result = "FAIL" else: # Check permission for this petition (only owner or admin can modify) if(photo.owner == current_session.get_user_key()) or (current_session.get_role_level() > 2): name = self.request.get('name') privacy = int(self.request.get('privacy')) database.PhotosManager.modify_photo(photo.key, name, privacy) data = '{"message": "Changes done"}' result = "OK" else: data = '{"error": "No permission to change."}' result = "FAIL" # Response result json self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
def get(self): # Session request handler current_session = Session(self) JINJA_ENVIRONMENT.globals['session'] = current_session # Language request handler Language.language(self) # Check if user is admin if (current_session.get_role_level() < 3): self.redirect("/") return None # Retrieve users users = database.UserManager.select() # Render template template = JINJA_ENVIRONMENT.get_template('static/templates/users.html') self.response.write(template.render(users=users))
def get(self, user_id, photo_id, option): # Session current_session = Session(self) # Load response template template = JINJA_ENVIRONMENT.get_template("static/templates/api.json") self.response.headers["Content-Type"] = "application/json" # Check if user and photo exists photo = database.PhotosManager.get_photo_by_id(int(photo_id)) user = database.UserManager.select_by_id(int(user_id)) if photo is None: data = '{"error": "Photo does not exist."}' result = "FAIL" elif user is None: data = '{"error": "User does not exist."}' result = "FAIL" else: # Check permission for this petition (only owner or admin can modify) if (photo.owner == current_session.get_user_key()) or (current_session.get_role_level() > 2): if option == "give": result = database.PhotoUserPermissionManager.give_permission(photo, user) if result is None: data = '{"error": "Permission already set."}' result = "FAIL" else: data = '{"message": "Permission allowed."}' result = "OK" elif option == "restrict": result = database.PhotoUserPermissionManager.restrict_permission(photo, user) if result is True: data = '{"message": "Permission restricted."}' result = "OK" else: data = '{"error": "Permission is not set. Cannot restrict"}' result = "FAIL" else: data = '{"error": "Permission denied. Operation cannot do."}' result = "FAIL" # Response result json self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
def get(self, user_id, photo_id, option): # Session current_session = Session(self) # Load response template template = JINJA_ENVIRONMENT.get_template('static/templates/api.json') self.response.headers['Content-Type'] = 'application/json' # Check if user and photo exists photo = database.PhotosManager.get_photo_by_id(int(photo_id)) user = database.UserManager.select_by_id(int(user_id)) if photo is None: data = '{"error": "Photo does not exist."}' result = "FAIL" elif user is None: data = '{"error": "User does not exist."}' result = "FAIL" else: # Check permission for this petition (only owner or admin can modify) if(photo.owner == current_session.get_user_key()) or (current_session.get_role_level() > 2): if option == "give": result = database.PhotoUserPermissionManager.give_permission(photo, user) if result is None: data = '{"error": "Permission already set."}' result = "FAIL" else: data = '{"message": "Permission allowed."}' result = "OK" elif option == "restrict": result = database.PhotoUserPermissionManager.restrict_permission(photo, user) if result is True: data = '{"message": "Permission restricted."}' result = "OK" else: data = '{"error": "Permission is not set. Cannot restrict"}' result = "FAIL" else: data = '{"error": "Permission denied. Operation cannot do."}' result = "FAIL" # Response result json self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
def get(self, user_id, option): # Session current_session = Session(self) # Load response template template = JINJA_ENVIRONMENT.get_template("static/templates/api.json") self.response.headers["Content-Type"] = "application/json" user_id = int(user_id) # If user is not admin and not himself, not allow to query anything if current_session.get_role_level() < 3 and current_session.get_id() != user_id: role_level = str(current_session.get_role_level()) data = '{"error": "Permission denied' + role_level + '"}' result = "FAIL" self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result)) return None # Check if user exists user = database.UserManager.select_by_id(int(user_id)) # If user not exists if user is None: data = '{"error": "User not exists."}' result = "FAIL" self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result)) return None # Options if option == "activateAccountByAdmin": # Only admin is allowed to change permissions if current_session.get_role_level() < 3: data = '{"error": "You cannot change your permission level."}' result = "FAIL" self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result)) return None # If user has not his account activated, admin cannot active it if user.role_level != 1: data = '{"error": "User has not his account activated yet."}' result = "FAIL" self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result)) return None # Activate account by admin database.UserManager.modify_user(user.key, role_level=2) data = '{"message": "Account activated by admin."}' result = "OK" elif option == "deactivateAccountByAdmin": # Only admin is allowed to change permissions if current_session.get_role_level() < 3: data = '{"error": "You cannot change your permission level."}' result = "FAIL" self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result)) return None # If user has not his account activated, admin cannot active it if user.role_level != 2: data = '{"error": "User account can not deactivated."}' result = "FAIL" self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result)) return None # Activate account by admin database.UserManager.modify_user(user.key, role_level=1) data = '{"message": "Account deactivated by admin."}' result = "OK" elif option == "blockAccount": # Only admin is allowed to block account if current_session.get_role_level() < 3: data = '{"error": "You cannot change your block status."}' result = "FAIL" self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result)) return None # No anyone is allowed to block an admin if user.role_level == 3: data = '{"error": "You cannot block an admin account."}' result = "FAIL" self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result)) return None database.UserManager.modify_user(user.key, attempts=3) # Account is blocked with 3 attempts data = '{"message": "Account blocked by admin."}' result = "OK" elif option == "unblockAccount": # Only admin is allowed to unblock account if current_session.get_role_level() < 3: data = '{"error": "You cannot change your permission level."}' result = "FAIL" self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result)) return None database.UserManager.modify_user(user.key, attempts=0) # Account is unblocked with 0 attempts data = '{"message": "Account unblock by admin."}' result = "OK" elif option == "profileChangeRequest": # Only user himself is allowed to change profile if current_session.get_id() == user_id: token = database.TokenManager.create_token(user.key) email_handler.Email.send_change_profile(user.name, token.id(), user.email) data = '{"message": "Change profile email send"}' result = "OK" else: data = '{"error": "Method not allowed"}' result = "FAIL" self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
def post(self, user_id, option): # Session current_session = Session(self) # Load response template template = JINJA_ENVIRONMENT.get_template("static/templates/api.json") self.response.headers["Content-Type"] = "application/json" # Check if request is done by admin or himself user_id = int(user_id) if current_session.get_role_level() < 3 and current_session.get_id() != user_id: role_level = str(current_session.get_role_level()) data = '{"error": "Permission denied"}' result = "FAIL" self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result)) return None # Check if user exists user = database.UserManager.select_by_id(int(user_id)) # If user not exists if user is None: data = '{"error": "User not exists."}' result = "FAIL" self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result)) return None # Options if option == "changeUserData": # update email and user email = self.request.get("email", None) username = self.request.get("username", None) background = self.request.get("background", None) photo_id = self.request.get("photo", None) if email is not None: userbyemail = database.UserManager.select_by_email(email) if userbyemail is None: database.UserManager.modify_user(user.key, email=email) else: data = '{"error": "Field exists", "field": "email"}' result = "FAIL" self.response.write( template.render(feature="user", data=data, query=self.request.url, result=result) ) if username is not None: userbyname = database.UserManager.select_by_username(username) if userbyname is None: database.UserManager.modify_user(user.key, username=username) else: data = '{"error": "Field exists", "field": "username"}' result = "FAIL" self.response.write( template.render(feature="user", data=data, query=self.request.url, result=result) ) if background is not None: # Check if photo exists background_photo = database.PhotosManager.get_photo_by_id(int(background)) if background_photo is not None: # Change user background image database.UserManager.modify_user(user.key, background=background_photo.key.id()) else: data = '{"error": "Field not exists", "field": "background"}' result = "FAIL" self.response.write( template.render(feature="user", data=data, query=self.request.url, result=result) ) if photo_id is not None: # Check if photo exists photo = database.PhotosManager.get_photo_by_id(int(photo_id)) if photo is not None: # Change user background image database.UserManager.modify_user(user.key, photo=photo.key.id()) else: data = '{"error": "Field not exists", "field": "background"}' result = "FAIL" self.response.write( template.render(feature="user", data=data, query=self.request.url, result=result) ) data = '{"message": "User updated"}' result = "OK" self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
def get(self, photo_id): # Session request handler current_session = Session(self) JINJA_ENVIRONMENT.globals['session'] = current_session # Language request handler Language.language(self) # Load jinja template template = JINJA_ENVIRONMENT.get_template('static/templates/photo.html') # Check permission photo = database.PhotosManager.get_photo_by_id(int(photo_id)) if current_session.get_id() is None: request_user = None else: request_user = database.UserManager.select_by_id(current_session.get_id()) if not security.PhotoSecurity.user_is_allowed_to_watch_photo(photo, request_user): self.redirect("/") # Get photo info to display user = photo.owner.get() privacy = photo.privacy date = photo.date # Check if user can edit photo attributes edition_permission = (current_session.get_role_level() is 3) or (photo.owner == current_session.get_user_key()) # Get user allowed to watch photo if privacy == 1: allowed_users = database.PhotoUserPermissionManager.get_allowed_users_by_photo(photo) else: allowed_users = None # Count photo visited by user if current_session.get_id() is None: database.PhotoViewManager.newView(photo, None) else: database.PhotoViewManager.newView(photo, current_session.user) # Photo visualization count photo_views = database.PhotoViewManager.select_users_by_photo(photo) views_counter = {} for photo_view in photo_views: if photo_view.user is None: if "Anonymous" in views_counter: views_counter["Anonymous"]['count'] += 1 else: views_counter["Anonymous"] = {'count':1, 'name':"Anonymous", 'id': None} else: photo_view_user = photo_view.user if photo_view_user.get().name in views_counter: views_counter[photo_view_user.get().name]['count'] += 1 else: views_counter[photo_view_user.get().name] = {'count':1, 'name':photo_view_user.get().name, 'id': photo_view_user.id()} # Response page self.response.write(template.render( photo_id=photo_id, owner=user, name=photo.name, edition_permission= edition_permission, date= date, privacy=privacy, views=views_counter, every_user_list=database.UserManager.select(), allowed_users=allowed_users ))
def get(self, user_id, option): # Session current_session = Session(self) # Load response template template = JINJA_ENVIRONMENT.get_template('static/templates/api.json') self.response.headers['Content-Type'] = 'application/json' user_id = int(user_id) # If user is not admin and not himself, not allow to query anything if current_session.get_role_level() < 3 and current_session.get_id() != user_id: role_level = str(current_session.get_role_level()) data = '{"error": "Permission denied' + role_level + '"}' result = "FAIL" self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result)) return None # Check if user exists user = database.UserManager.select_by_id(int(user_id)) # If user not exists if user is None: data = '{"error": "User not exists."}' result = "FAIL" self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result)) return None # Options if option == "activateAccountByAdmin": # Only admin is allowed to change permissions if current_session.get_role_level() < 3: data = '{"error": "You cannot change your permission level."}' result = "FAIL" self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result)) return None # If user has not his account activated, admin cannot active it if user.role_level != 1: data = '{"error": "User has not his account activated yet."}' result = "FAIL" self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result)) return None # Activate account by admin database.UserManager.modify_user(user.key, role_level=2) data = '{"message": "Account activated by admin."}' result = "OK" elif option == "deactivateAccountByAdmin": # Only admin is allowed to change permissions if current_session.get_role_level() < 3: data = '{"error": "You cannot change your permission level."}' result = "FAIL" self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result)) return None # If user has not his account activated, admin cannot active it if user.role_level != 2: data = '{"error": "User account can not deactivated."}' result = "FAIL" self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result)) return None # Activate account by admin database.UserManager.modify_user(user.key, role_level=1) data = '{"message": "Account deactivated by admin."}' result = "OK" elif option == "blockAccount": # Only admin is allowed to block account if current_session.get_role_level() < 3: data = '{"error": "You cannot change your block status."}' result = "FAIL" self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result)) return None # No anyone is allowed to block an admin if user.role_level == 3: data = '{"error": "You cannot block an admin account."}' result = "FAIL" self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result)) return None database.UserManager.modify_user(user.key, attempts=3) # Account is blocked with 3 attempts data = '{"message": "Account blocked by admin."}' result = "OK" elif option == "unblockAccount": # Only admin is allowed to unblock account if current_session.get_role_level() < 3: data = '{"error": "You cannot change your permission level."}' result = "FAIL" self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result)) return None database.UserManager.modify_user(user.key, attempts=0) # Account is unblocked with 0 attempts data = '{"message": "Account unblock by admin."}' result = "OK" elif option == "profileChangeRequest": # Only user himself is allowed to change profile if current_session.get_id() == user_id: token = database.TokenManager.create_token(user.key) email_handler.Email.send_change_profile(user.name, token.id(), user.email) data = '{"message": "Change profile email send"}' result = "OK" else: data = '{"error": "Method not allowed"}' result = "FAIL" self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
def post(self, user_id, option): # Session current_session = Session(self) # Load response template template = JINJA_ENVIRONMENT.get_template('static/templates/api.json') self.response.headers['Content-Type'] = 'application/json' # Check if request is done by admin or himself user_id = int(user_id) if current_session.get_role_level() < 3 and current_session.get_id() != user_id: role_level = str(current_session.get_role_level()) data = '{"error": "Permission denied"}' result = "FAIL" self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result)) return None # Check if user exists user = database.UserManager.select_by_id(int(user_id)) # If user not exists if user is None: data = '{"error": "User not exists."}' result = "FAIL" self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result)) return None # Options if option == "changeUserData": # update email and user email = self.request.get("email", None) username = self.request.get("username", None) background = self.request.get("background", None) photo_id = self.request.get("photo", None) if email is not None: userbyemail = database.UserManager.select_by_email(email) if userbyemail is None: database.UserManager.modify_user(user.key, email=email) else: data = '{"error": "Field exists", "field": "email"}' result = "FAIL" self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result)) if username is not None: userbyname = database.UserManager.select_by_username(username) if userbyname is None: database.UserManager.modify_user(user.key, username=username) else: data = '{"error": "Field exists", "field": "username"}' result = "FAIL" self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result)) if background is not None: # Check if photo exists background_photo = database.PhotosManager.get_photo_by_id(int(background)) if background_photo is not None: # Change user background image database.UserManager.modify_user(user.key, background=background_photo.key.id()) else: data = '{"error": "Field not exists", "field": "background"}' result = "FAIL" self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result)) if photo_id is not None: # Check if photo exists photo = database.PhotosManager.get_photo_by_id(int(photo_id)) if photo is not None: # Change user background image database.UserManager.modify_user(user.key, photo=photo.key.id()) else: data = '{"error": "Field not exists", "field": "background"}' result = "FAIL" self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result)) data = '{"message": "User updated"}' result = "OK" self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))