def getNodeByID_api(NoteID): sessionUser = checkCookiesSessionUser(); errorNote = { "NoteID" : NoteID, "valid": "false", "status": "notExist"} note = db.getNotebyNoteID(NoteID); response.content_type = 'application/json'; if (note != None): if note['Private'] == 0 or (note['Private'] == 1 and sessionUser['UserID'] == note['UserID']): # Is a public note or session user is the owner. note['valid'] = "true"; note['status'] = "OK"; return json.dumps(note); # return a not empty note. else: errorNote['valid'] = "false"; errorNote['status'] = "You don't permissions to see this content. Sorry."; else: errorNote['valid'] = "false"; errorNote['status'] = "The note you're trying to read doesn't exist or was removed."; return json.dumps(errorNote); # return error note. if (sessionUser['UserID'] != note['UserID']): errorNote['status'] = "You don't permissions to see this content. Sorry."; return json.dumps(errorNote); elif (note == None): errorNote['status'] = "The note you're trying to read doesn't exist or was removed."; return json.dumps(errorNote); else: # At this point the user is the correct one and the note is not None note['valid'] = "true"; errorNote['status'] = "OK"; response.content_type = 'application/json' return json.dumps(note);
def deleteNoteID(NoteID): sessionUser = checkCookiesSessionUser(); response.content_type = 'application/json'; returnedMessage = { "NoteID" : NoteID, "valid" : "false", "deleted": "false", "status" : "You're not allowed to do this action" } if (sessionUser == None): return json.dumps(returnedMessage); note = db.getNotebyNoteID(NoteID); if (note == None): returnedMessage["deleted"] = "false"; returnedMessage["status"] = "This note doesn't exist on our system or has changed location"; return json.dumps(returnedMessage); # The note doesn't exist on our database userID_note = note['UserID']; userID_session = sessionUser['UserID']; if (userID_note == userID_session): if (db.deleteNote(NoteID)): returnedMessage['valid'] = 'true'; returnedMessage['deleted'] = "true"; returnedMessage['status'] = "We have deleted your note!"; else: returnedMessage['deleted'] = "false"; returnedMessage['status'] = "You're not allowed to delete this note."; return json.dumps(returnedMessage);
def updateNotebyID(NoteID): sessionUser = checkCookiesSessionUser(); if (sessionUser == None): return redirectHome(); newTitle = request.forms.get('titleNote'); newContent = request.forms.get('contentNote'); updatedTime = datetime.now().strftime('%Y-%m-%d %H:%M:%S'); #Update fields for the note before inserting into database.. note = db.getNotebyNoteID(NoteID); #get note object from the previous note. note['Title'] = newTitle; note['Content'] = newContent; note['EditedAt'] = updatedTime; note['Color'] = request.forms.get('colorNote'); note['Private'] = request.forms.get('privateNote'); note['Published']= int(request.forms.get('publishedNote')); if db.updateNote(note): #update the note into the database. response.status = 303 user = db.getUserbyID(note['UserID']) response.set_header('Location', '/'+user['Username']+'/'+note['Permalink']); return template('singleNote', note=note, user=user); #Show login screen return template('singleNote', note=note, user=user); else: #problems updating note. return template('error', user=sessionUser)
def deleteNoteID(NoteID): sessionUser = checkCookiesSessionUser(); if (sessionUser == None): return template('login') note = db.getNotebyNoteID(NoteID); if (note == None): return redirectHome(); # The note doesn't exist on our database userID_note = note['UserID']; userID_session = sessionUser['UserID']; if (userID_note == userID_session): if (db.deleteNote(NoteID)): return template('note-deleted', user=sessionUser); else: return "Problems deleting that note<a href='/'>Go to your profile</a>" return template('error') else: return redirectPrivateZone(); # Private note. Guest can't read this note