def post(self, photo_id): # Session current_session = Session(self) # Load response template template = JINJA_ENVIRONMENT.get_template("static/templates/api.json") self.response.headers["Content-Type"] = "application/json" photo = database.PhotosManager.get_photo_by_id(int(photo_id)) if photo is None: data = '{"error": "Photo does not exist."}' result = "FAIL" else: # Check permission for this petition (only owner or admin can modify) if (photo.owner == current_session.get_user_key()) or (current_session.get_role_level() > 2): name = self.request.get("name") privacy = int(self.request.get("privacy")) database.PhotosManager.modify_photo(photo.key, name, privacy) data = '{"message": "Changes done"}' result = "OK" else: data = '{"error": "No permission to change."}' result = "FAIL" # Response result json self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
def post(self): # Load response template template = JINJA_ENVIRONMENT.get_template("static/templates/api.json") self.response.headers["Content-Type"] = "application/json" # Session request handler current_session = Session(self) # Retrieve uploaded info upload_files = self.get_uploads("file") blob_info = upload_files[0] # Check if user can upload the photo if current_session.get_role_level() < 2: self.response.headers["Content-Type"] = "application/json" data = '{"error": "Permission denied"}' result = "FAIL" self.response.write(template.render(feature="photo", data=data, query=self.request.url, result=result)) # Remove photo from blob store blobstore.delete(blob_info.key) return None # Save photo to database photo_id = database.PhotosManager.createPhoto("", current_session.get_user_key(), 2, blob_info.key()) # Prompt response to user data = '{"photo_id": ' + str(photo_id) + "}" result = "OK" self.response.write(template.render(feature="photo", data=data, query=self.request.url, result=result))
def post(self): # Load response template template = JINJA_ENVIRONMENT.get_template('static/templates/api.json') self.response.headers['Content-Type'] = 'application/json' # Session request handler current_session = Session(self) # Retrieve uploaded info upload_files = self.get_uploads("file") blob_info = upload_files[0] # Check if user can upload the photo if current_session.get_role_level() < 2: self.response.headers['Content-Type'] = 'application/json' data = '{"error": "Permission denied"}' result = "FAIL" self.response.write(template.render(feature="photo", data=data, query=self.request.url, result=result)) # Remove photo from blob store blobstore.delete(blob_info.key) return None # Save photo to database photo_id = database.PhotosManager.createPhoto("", current_session.get_user_key(), 2, blob_info.key()) # Prompt response to user data = '{"photo_id": ' + str(photo_id) + '}' result = "OK" self.response.write(template.render(feature="photo", data=data, query=self.request.url, result=result))
def post(self, photo_id): # Session current_session = Session(self) # Load response template template = JINJA_ENVIRONMENT.get_template('static/templates/api.json') self.response.headers['Content-Type'] = 'application/json' photo = database.PhotosManager.get_photo_by_id(int(photo_id)) if photo is None: data = '{"error": "Photo does not exist."}' result = "FAIL" else: # Check permission for this petition (only owner or admin can modify) if(photo.owner == current_session.get_user_key()) or (current_session.get_role_level() > 2): name = self.request.get('name') privacy = int(self.request.get('privacy')) database.PhotosManager.modify_photo(photo.key, name, privacy) data = '{"message": "Changes done"}' result = "OK" else: data = '{"error": "No permission to change."}' result = "FAIL" # Response result json self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
def get(self, user_id, photo_id, option): # Session current_session = Session(self) # Load response template template = JINJA_ENVIRONMENT.get_template("static/templates/api.json") self.response.headers["Content-Type"] = "application/json" # Check if user and photo exists photo = database.PhotosManager.get_photo_by_id(int(photo_id)) user = database.UserManager.select_by_id(int(user_id)) if photo is None: data = '{"error": "Photo does not exist."}' result = "FAIL" elif user is None: data = '{"error": "User does not exist."}' result = "FAIL" else: # Check permission for this petition (only owner or admin can modify) if (photo.owner == current_session.get_user_key()) or (current_session.get_role_level() > 2): if option == "give": result = database.PhotoUserPermissionManager.give_permission(photo, user) if result is None: data = '{"error": "Permission already set."}' result = "FAIL" else: data = '{"message": "Permission allowed."}' result = "OK" elif option == "restrict": result = database.PhotoUserPermissionManager.restrict_permission(photo, user) if result is True: data = '{"message": "Permission restricted."}' result = "OK" else: data = '{"error": "Permission is not set. Cannot restrict"}' result = "FAIL" else: data = '{"error": "Permission denied. Operation cannot do."}' result = "FAIL" # Response result json self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
def get(self, user_id, photo_id, option): # Session current_session = Session(self) # Load response template template = JINJA_ENVIRONMENT.get_template('static/templates/api.json') self.response.headers['Content-Type'] = 'application/json' # Check if user and photo exists photo = database.PhotosManager.get_photo_by_id(int(photo_id)) user = database.UserManager.select_by_id(int(user_id)) if photo is None: data = '{"error": "Photo does not exist."}' result = "FAIL" elif user is None: data = '{"error": "User does not exist."}' result = "FAIL" else: # Check permission for this petition (only owner or admin can modify) if(photo.owner == current_session.get_user_key()) or (current_session.get_role_level() > 2): if option == "give": result = database.PhotoUserPermissionManager.give_permission(photo, user) if result is None: data = '{"error": "Permission already set."}' result = "FAIL" else: data = '{"message": "Permission allowed."}' result = "OK" elif option == "restrict": result = database.PhotoUserPermissionManager.restrict_permission(photo, user) if result is True: data = '{"message": "Permission restricted."}' result = "OK" else: data = '{"error": "Permission is not set. Cannot restrict"}' result = "FAIL" else: data = '{"error": "Permission denied. Operation cannot do."}' result = "FAIL" # Response result json self.response.write(template.render(feature="user", data=data, query=self.request.url, result=result))
def get(self, photo_id): # Session request handler current_session = Session(self) JINJA_ENVIRONMENT.globals['session'] = current_session # Language request handler Language.language(self) # Load jinja template template = JINJA_ENVIRONMENT.get_template('static/templates/photo.html') # Check permission photo = database.PhotosManager.get_photo_by_id(int(photo_id)) if current_session.get_id() is None: request_user = None else: request_user = database.UserManager.select_by_id(current_session.get_id()) if not security.PhotoSecurity.user_is_allowed_to_watch_photo(photo, request_user): self.redirect("/") # Get photo info to display user = photo.owner.get() privacy = photo.privacy date = photo.date # Check if user can edit photo attributes edition_permission = (current_session.get_role_level() is 3) or (photo.owner == current_session.get_user_key()) # Get user allowed to watch photo if privacy == 1: allowed_users = database.PhotoUserPermissionManager.get_allowed_users_by_photo(photo) else: allowed_users = None # Count photo visited by user if current_session.get_id() is None: database.PhotoViewManager.newView(photo, None) else: database.PhotoViewManager.newView(photo, current_session.user) # Photo visualization count photo_views = database.PhotoViewManager.select_users_by_photo(photo) views_counter = {} for photo_view in photo_views: if photo_view.user is None: if "Anonymous" in views_counter: views_counter["Anonymous"]['count'] += 1 else: views_counter["Anonymous"] = {'count':1, 'name':"Anonymous", 'id': None} else: photo_view_user = photo_view.user if photo_view_user.get().name in views_counter: views_counter[photo_view_user.get().name]['count'] += 1 else: views_counter[photo_view_user.get().name] = {'count':1, 'name':photo_view_user.get().name, 'id': photo_view_user.id()} # Response page self.response.write(template.render( photo_id=photo_id, owner=user, name=photo.name, edition_permission= edition_permission, date= date, privacy=privacy, views=views_counter, every_user_list=database.UserManager.select(), allowed_users=allowed_users ))