def test_get_note_by_id(self, app, client, fake_auth, mock_coe_advising_note):
"""Returns note in JSON compatible with BOA front-end."""
fake_auth.login(admin_uid)
note = self._api_note_by_id(client=client, note_id=mock_coe_advising_note.id)
assert note
assert 'id' in note
assert note['type'] == 'note'
assert note['body'] == note['message']
assert note['read'] is False
# Mark as read and re-test
NoteRead.find_or_create(AuthorizedUser.get_id_per_uid(admin_uid), note['id'])
assert self._api_note_by_id(client=client, note_id=mock_coe_advising_note.id)['read'] is True
def mark_note_read(note_id):
if NoteRead.find_or_create(current_user.get_id(), note_id):
return tolerant_jsonify({'status': 'created'}, status=201)
else:
raise BadRequestError(
f'Failed to mark note {note_id} as read by user {current_user.get_uid()}'
)
def update_note():
params = request.form
body = params.get('body', None)
is_private = to_bool_or_none(params.get('isPrivate', False))
note_id = params.get('id', None)
subject = params.get('subject', None)
topics = get_note_topics_from_http_post()
note = Note.find_by_id(note_id=note_id) if note_id else None
if not note:
raise ResourceNotFoundError('Note not found')
if not subject:
raise BadRequestError('Note subject is required')
if note.author_uid != current_user.get_uid():
raise ForbiddenRequestError(
'Sorry, you are not the author of this note.')
if (is_private is not note.is_private
) and not current_user.can_access_private_notes:
raise ForbiddenRequestError(
'Sorry, you are not authorized to manage note privacy')
note = Note.update(
body=process_input_from_rich_text_editor(body),
is_private=is_private,
note_id=note_id,
subject=subject,
topics=topics,
)
note_read = NoteRead.find_or_create(current_user.get_id(), note_id)
return tolerant_jsonify(
_boa_note_to_compatible_json(note=note, note_read=note_read))
def create_note():
params = request.form
sid = params.get('sid', None)
subject = params.get('subject', None)
body = params.get('body', None)
topics = get_note_topics_from_http_post()
if not sid or not subject:
raise BadRequestError('Note creation requires \'subject\' and \'sid\'')
user_dept_codes = dept_codes_where_advising(current_user)
if current_user.is_admin or not len(user_dept_codes):
raise ForbiddenRequestError(
'Sorry, only advisors can create advising notes.')
author_profile = _get_author_profile()
attachments = get_note_attachments_from_http_post(tolerate_none=True)
note = Note.create(
**author_profile,
subject=subject,
body=process_input_from_rich_text_editor(body),
topics=topics,
sid=sid,
attachments=attachments,
template_attachment_ids=get_template_attachment_ids_from_http_post(),
)
note_read = NoteRead.find_or_create(current_user.get_id(), note.id)
return tolerant_jsonify(
_boa_note_to_compatible_json(note=note, note_read=note_read))
def remove_attachment(note_id, attachment_id):
existing_note = Note.find_by_id(note_id=note_id)
if not existing_note:
raise BadRequestError('Note id not found.')
if existing_note.author_uid != current_user.get_uid() and not current_user.is_admin:
raise ForbiddenRequestError('You are not authorized to remove attachments from this note.')
note = Note.delete_attachment(
note_id=note_id,
attachment_id=int(attachment_id),
)
return tolerant_jsonify(
_boa_note_to_compatible_json(
note=note,
note_read=NoteRead.find_or_create(current_user.get_id(), note_id),
),
)
def update_note():
params = request.form
note_id = params.get('id', None)
subject = params.get('subject', None)
body = params.get('body', None)
topics = get_note_topics_from_http_post()
if not note_id or not subject:
raise BadRequestError('Note requires \'id\' and \'subject\'')
if Note.find_by_id(note_id=note_id).author_uid != current_user.get_uid():
raise ForbiddenRequestError('Sorry, you are not the author of this note.')
note = Note.update(
note_id=note_id,
subject=subject,
body=process_input_from_rich_text_editor(body),
topics=topics,
)
note_read = NoteRead.find_or_create(current_user.get_id(), note_id)
return tolerant_jsonify(_boa_note_to_compatible_json(note=note, note_read=note_read))
def add_attachment(note_id):
if Note.find_by_id(note_id=note_id).author_uid != current_user.get_uid():
raise ForbiddenRequestError('Sorry, you are not the author of this note.')
attachments = _get_attachments(request.files)
if len(attachments) != 1:
raise BadRequestError('A single attachment file must be supplied.')
note = Note.add_attachment(
note_id=note_id,
attachment=attachments[0],
)
note_json = note.to_api_json()
return tolerant_jsonify(
note_to_compatible_json(
note=note_json,
note_read=NoteRead.find_or_create(current_user.get_id(), note_id),
attachments=note_json.get('attachments'),
topics=note_json.get('topics'),
),
)
def add_attachments(note_id):
note = Note.find_by_id(note_id=note_id)
if note.author_uid != current_user.get_uid():
raise ForbiddenRequestError('Sorry, you are not the author of this note.')
attachments = get_note_attachments_from_http_post()
attachment_limit = app.config['NOTES_ATTACHMENTS_MAX_PER_NOTE']
if len(attachments) + len(note.attachments) > attachment_limit:
raise BadRequestError(f'No more than {attachment_limit} attachments may be uploaded at once.')
for attachment in attachments:
note = Note.add_attachment(
note_id=note_id,
attachment=attachment,
)
return tolerant_jsonify(
_boa_note_to_compatible_json(
note=note,
note_read=NoteRead.find_or_create(current_user.get_id(), note_id),
),
)
def update_note():
params = request.form
note_id = params.get('id', None)
subject = params.get('subject', None)
body = params.get('body', None)
topics = _get_topics(params)
delete_ids_ = params.get('deleteAttachmentIds') or []
delete_ids_ = delete_ids_ if isinstance(delete_ids_, list) else str(delete_ids_).split(',')
delete_attachment_ids = [int(id_) for id_ in delete_ids_]
if not note_id or not subject:
raise BadRequestError('Note requires \'id\' and \'subject\'')
if Note.find_by_id(note_id=note_id).author_uid != current_user.get_uid():
raise ForbiddenRequestError('Sorry, you are not the author of this note.')
note = Note.update(
note_id=note_id,
subject=subject,
body=process_input_from_rich_text_editor(body),
topics=topics,
attachments=_get_attachments(request.files, tolerate_none=True),
delete_attachment_ids=delete_attachment_ids,
)
note_read = NoteRead.find_or_create(current_user.get_id(), note_id)
return tolerant_jsonify(_boa_note_to_compatible_json(note=note, note_read=note_read))