def getUserInfoByToken(token):
'''
in
string
out
- 200
{
"user_id": 0,
"login": "******",
"name": "Solo_228"
}
- 404 Non-existing token
'''
# valid token ?
# yes -> get userId from token. Get login and password by userId. Add to Answer. Return Answer, 200
# no -> return 404
# Searching token in tokens list
user_id = token_manager.getUserIdByToken(token)
# If token doesn't exist
if user_id is None:
abort(404, 'Non-existing token')
token_manager.updateToken(token)
user = User.query.filter_by(id=user_id).first()
info = {'user_id': user_id, 'login': user.login, 'name': user.name}
return jsonify(info), 200
def ifCollectionDelete():
'''
in
{
"token": "f57ebe597a3741b688269209fa29b053",
"collection_id": 228
}
out
200:
description: "OK"
403:
description: 'Not have enough permissions'
404:
description: "Incorrect post_id"
'''
if not request.json or \
not 'token' in request.json or \
not 'collection_id' in request.json:
abort(400, 'Missed required arguments')
token = request.json['token']
collection_id = request.json['post_id']
user_id = token_manager.getUserIdByToken(token)
if user_id is None:
abort(404, 'Non-existing token')
token_manager.updateToken(token)
user_collections_role = json.loads(getUserRole(user_id)[0].get_data())
is_admin = False
for current_collection_user_role in user_collections_role:
if current_collection_user_role['collection_id'] == collection_id and \
current_collection_user_role['role_id'] == 10:
is_admin = True
if not is_admin:
abort(403, 'Not have enough permissions')
existing_public_collection = PublicCollection \
.query \
.filter_by(collection_id=collection_id) \
.first()
if existing_public_collection:
db.session.delete(existing_public_collection)
db.session.commit()
# Clean up db UserRoleInCollection
user_role_in_collection = 'notNone'
while user_role_in_collection is not None:
user_role_in_collection = UserRoleInCollection \
.query \
.filter_by(collection_id=collection_id) \
.first()
if user_role_in_collection is None:
break
db.session.delete(user_role_in_collection)
db.session.commit()
return '', 200
def setPublicCollection():
'''
in
{
token: df43f3rf34345452d2dfy3244
collection_id: 322
}
out
- 200
- 400
'''
if not request.json or \
not 'token' in request.json or \
not 'collection_id' in request.json:
abort(400, 'Missed required arguments')
token = request.json['token']
collection_id = request.json['collection_id']
user_id = token_manager.getUserIdByToken(token)
if user_id is None:
abort(404, 'Non-existing token')
token_manager.updateToken(token)
user_collections_role = json.loads(getUserRole(user_id)[0].get_data())
is_admin = False
for current_collection_user_role in user_collections_role:
if current_collection_user_role['collection_id'] == collection_id and \
current_collection_user_role['role_id'] == 10:
is_admin = True
break
if not is_admin:
abort(403, 'Not have enough permissions')
# Finding public collection with same collection_id
existing_public_collection = PublicCollection \
.query \
.filter_by(collection_id=collection_id) \
.first()
# If collection already public, abort
if existing_public_collection:
abort(409, 'Collection already public!')
# Create new public collection
new_public_collection = PublicCollection(collection_id=collection_id)
# Add new public collection into
db.session.add(new_public_collection)
db.session.commit()
return '', 200
def editUserInfo():
'''
in
{
"token": "f57ebe597a3741b688269209fa29b053",
"info": {
"password": "******",
"new_password": "******",
"name": "Solo_322"
}
}
out
- 200
- 400
'''
if not request.json or \
not 'token' in request.json or \
not 'info' in request.json:
abort(400, 'Missed required arguments')
# Request data
token = request.json['token']
info = request.json['info']
# Searching token in tokens list
user_id = token_manager.getUserIdByToken(token)
# If token doesn't exist -> abort(404)
if user_id is None:
abort(404, 'Non-existing token')
token_manager.updateToken(token)
user = User.query.filter_by(id=user_id).first()
# If user want to change pass, check with hash in db
if 'password' in info and 'new_password' in info:
password = info['password']
new_password = info['new_password']
if not bcrypt.checkpw(password.encode('utf8'),
user.password.encode('utf8')):
abort(401, 'Password is incorrect')
user.password = bcrypt.hashpw(new_password.encode('utf8'),
bcrypt.gensalt()).decode('utf8')
# If user want to change name
if 'name' in info:
user.name = info['name']
db.session.commit()
return '', 200
def validate(token):
'''
in
string
out
- 200 OK
- 404 Non-existing token
'''
user_id = token_manager.getUserIdByToken(token)
if user_id is None:
abort(404, 'Non-existing token')
token_manager.updateToken(token)
return '', 200
def setCollectionOwner():
'''
In:
{
"token": "f57ebe597a3741b688269209fa29b053",
"collection_id": 228
}
Out:
- 200: "Success"
- 400: "Missed required arguments"
- 409: "Collection already has owner"
- 404: "Non-existing token"
'''
if not request.json or \
not 'token' in request.json or \
not 'collection_id' in request.json:
abort(400, 'Missed required arguments')
token = request.json['token']
collection_id = request.json['collection_id']
user_id = token_manager.getUserIdByToken(token)
if user_id is None:
abort(404, 'Non-existing token')
token_manager.updateToken(token)
# If collection already have owner -> abort(403)
if not UserRoleInCollection \
.query \
.filter_by(collection_id=collection_id, role_id=10) \
.first() is None:
abort(409, 'Collection already has owner')
collection_owner = UserRoleInCollection(user_id=user_id,
collection_id=collection_id,
role_id=10)
db.session.add(collection_owner)
db.session.commit()
return '', 200
def ifPostDelete():
'''
in
{
"token": "f57ebe597a3741b688269209fa29b053",
"post_id": 228
}
out
200:
description: "OK"
403:
description: 'Not have enough permissions'
404:
description: "Incorrect token/post_id"
'''
if not request.json or \
not 'token' in request.json or \
not 'post_id' in request.json:
abort(400, 'Missed required arguments')
token = request.json['token']
post_id = request.json['post_id']
user_id = token_manager.getUserIdByToken(token)
if user_id is None:
abort(404, 'Non-existing token')
token_manager.updateToken(token)
post = Post.query.filter_by(post_id=post_id).first()
if post is None:
abort(404, 'Non-existing post')
if post.user_id != user_id:
abort(403, 'Not have enough permissions')
db.session.delete(post)
db.session.commit()
return '', 200
def editUserRole():
'''
in
{
"token": "f57ebe597jma3741b688269209fa29b053",
"collection_id": 228,
"user_id": 5,
"role_id": 30
}
out
- 200: "OK"
- 403: "Not have enough permissions"
- 404: "Non-existing token"
- 404: "User doesn't belong to this collection"
- 404: "Unknown role"
'''
if not request.json or \
not 'token' in request.json or \
not 'collection_id' in request.json or \
not 'user_id' in request.json or \
not 'role_id' in request.json:
abort(400, 'Missed required arguments')
token = request.json['token']
collection_id = request.json['collection_id']
target_user_id = request.json['user_id']
target_role_id = request.json['role_id']
user_id = token_manager.getUserIdByToken(token)
if user_id is None:
abort(404, 'Non-existing token')
token_manager.updateToken(token)
# Role existing checking
role = Role.query.filter_by(id=target_role_id).first()
if role is None:
abort(404, 'Unknown role')
# Check client permissions and belonging to collection
user_collections_role = json.loads(getUserRole(user_id)[0].get_data())
user_role_id = None
for collection_role in user_collections_role:
if collection_role['collection_id'] == collection_id:
user_role_id = collection_role['role_id']
break
if user_role_id is None:
abort(404, 'User doesn\'t belong to this collection')
# Check target user existing and belonging to collection
target_user_collections_role = json.loads(
getUserRole(target_user_id)[0].get_data())
target_user_role_id = None
for collection_role in target_user_collections_role:
if collection_role['collection_id'] == collection_id:
target_user_role_id = collection_role['role_id']
break
if target_user_role_id is None:
abort(404, 'User doesn\'t belong to this collection')
# Checking client permissions (must be less or equal 20)
# for editing others permissions
if user_role_id > 20:
abort(403, 'Not have enough permissions')
# Moderator can't give admin or moderator permissions
# elif user_role_id > 10 and target_user_role_id <= 20:
elif user_role_id >= target_user_role_id:
abort(403, 'Not have enough permissions')
target_user_role_in_collection = UserRoleInCollection \
.query \
.filter_by(user_id=target_user_id, collection_id=collection_id) \
.first()
target_user_role_in_collection.role_id = target_role_id
db.session.commit()
return '', 200
def setUserRole():
'''
in
{
"token": "f57ebe597a3741b688269209fa29b053",
"collection_id": 228,
"user_id": 5,
"role_id": 30
}
out
- 200: "OK"
- 400: "Access error"
- 404: "Non-existing token"
'''
if not request.json or not 'token' in request.json or \
not 'collection_id' in request.json or \
not 'user_id' in request.json or \
not 'role_id' in request.json:
abort(400, 'Missed required arguments')
token = request.json['token']
collection_id = request.json['collection_id']
user_id_target = request.json['user_id']
role_id = request.json['role_id']
user_id_self = token_manager.getUserIdByToken(token)
if user_id_self is None:
abort(404, 'Non-existing token')
token_manager.updateToken(token)
user_target = User.query.filter_by(id=user_id_target).first()
if user_target is None:
abort(404, 'Non-existing user ID')
# Check if role_id is incorrect
# incorrect -> abort(404)
role_in_collection_self = UserRoleInCollection \
.query \
.filter_by(user_id=user_id_self, collection_id=collection_id) \
.first()
if role_in_collection_self is None:
abort(404, 'User doesn\'t belong to this collection')
if not UserRoleInCollection.query.filter_by(
user_id=user_id_target).first() is None:
abort(409, 'User already has role in collection')
# Check if user_id_self are enough rights for
# set current role_id to user_id_target
# false -> abort(403, 'Not have enough permissions')
if role_in_collection_self.role_id < role_id:
target_user_role_in_collection = UserRoleInCollection(
collection_id=collection_id,
role_id=role_id,
user_id=user_id_target)
db.session.add(target_user_role_in_collection)
db.session.commit()
else:
abort(403, 'Not have enough permissions')
return '', 200
def userDelete(token):
'''
in
string
out
- 200 OK
- 404 Non-existing token
'''
user_id = token_manager.getUserIdByToken(token)
# If token doesn't exist
if user_id is None:
abort(404, 'Non-existing token')
# Temporarily. In the future, transfer initialization and remove code below
# global last_user_id
# Initialize last_user_id
# if last_user_id is None:
# last_user_table_id = db.session.query(func.max(User.id)).scalar()
# if last_user_table_id is None:
# last_user_id = 0
# else:
# last_user_id = last_user_table_id
# End of temp code
# last_user_id -= 1
# logout all tokens with current user_id
# for i in tokens:
# if i['user_id'] == user_id:
# tokens.pop(tokens.index(i))
if isinstance(token, str):
is_exist = token_manager.deleteToken(token)
# Clean up db UserRoleInCollection
user_role_in_collection = 'notNone'
while user_role_in_collection is not None:
user_role_in_collection = UserRoleInCollection \
.query \
.filter_by(user_id=user_id) \
.first()
if user_role_in_collection is None:
break
db.session.delete(user_role_in_collection)
db.session.commit()
# Clean up db Post
post = 'notNone'
while post is not None:
post = Post.query.filter_by(user_id=user_id).first()
if post is None:
break
db.session.delete(post)
db.session.commit()
# Remove login from db. Decrement userId. return 200
user = User.query.filter_by(id=user_id).first()
db.session.delete(user)
db.session.commit()
return "Complete", 200