def update(self, request, cell_id):
cell = Cell.objects.get(pk=cell_id)
cell_revision = CellRevision(cell=cell)
form = CellUpdateForm(request.user,
request.POST,
instance=cell_revision)
if not form.is_valid():
raise APIBadRequest(form.errors)
# check for conflicts
if form.instance.number > cell.revisions + 1:
raise APIBadRequest({'error': 'Wrong revision number'})
elif form.instance.number < cell.revisions + 1:
# lower revision number, just ignore
pass
else:
# cell is root of shared and user is not owner then, change
# values in share
if cell.owner != request.user and cell.share_set.count():
# TODO
# maybe we can do that with a form, instead of using
# CellUpdateForm. Just to be clean and safe
share = cell.share_set.get(user=request.user)
share.name = form.instance.name or share.name
share.parent = form.instance.parent or share.parent
share.save()
# change cell.name and cell.parent according to share
# used only to return values, do NOT save
cell.name = share.name
cell.parent = share.parent
return cell
else:
form.save()
if form.instance.parent:
# set all parents updated
cell.get_ancestors().update(updated=datetime.now())
# find if any parent is shared, and if yes set all shares
# updated time
Share.objects.filter(cell__in=cell.get_ancestors()).update(
updated=datetime.now())
# # if the new parent tree is shared with others then:
# _recursive_update_shares(cell, request.user)
return cell
def delete(self, request, cell_id, username=None):
cell = Cell.objects.get(pk=cell_id)
try:
share_root = Share.objects.filter(
Q(cell__in = cell.get_ancestors()) |\
Q(cell = cell)
)[0].cell
except IndexError:
# cell is not shared, nothing to delete
raise APIBadRequest("Cell or Tree not shared")
if username:
user = User.objects.get(username=username)
# user if not owner and tries to delete another user from
# share
if request.user != share_root.owner and user != request.user:
raise APIForbidden("You don't have permission to delete "
"user '%s'" % user)
else:
# delete own share
share_root.share_set.filter(user=user).delete()
else:
# only owner can delete everything
if request.user == share_root.owner:
share_root.share_set.all().delete()
else:
raise APIForbidden("You don't have permission to delete "
"shares of cell %s" % share_root)
return rc.DELETED
def read(self, request, timestamp=None):
# note that the default timestamp is 24hours
if not timestamp:
timestamp = datetime.now() - timedelta(days=1)
else:
# parse timestamp
try:
timestamp = datetime.fromtimestamp(float(timestamp))
except (ValueError, TypeError), error_message:
raise APIBadRequest({'timestamp': 'Bad timestamp format'})
def delete(self, request, droplet_id, revision_number):
droplet = Droplet.objects.get(pk=droplet_id)
revision = droplet.dropletrevision_set.filter(number=revision_number)
if droplet.dropletrevision_set.count() == 1:
# cannot delete the last revision
raise APIBadRequest("Cannot delete the last revision "
"of droplet %s" % droplet.id)
revision.delete()
return rc.DELETED
def create(self, request):
if not getattr(settings, 'MELISSI_REGISTRATIONS_OPEN', False):
raise APIForbidden({'register': 'Registrations are closed'})
form = UserCreateForm(request.POST)
if not form.is_valid():
raise APIBadRequest(form.errors)
if User.objects.filter(Q(username=form.cleaned_data['username']) |\
Q(email=form.cleaned_data['email'])).count():
raise APIBadRequest(
{'error': 'email and / or username already exists'})
user = User.objects.create_user(form.cleaned_data['username'],
form.cleaned_data['email'],
form.cleaned_data['password'])
user.first_name = form.cleaned_data['first_name']
user.last_name = form.cleaned_data['last_name']
user.save()
return user
def create(self, request):
cell = Cell(owner=request.user)
form = CellCreateForm(request.user, request.POST, instance=cell)
if not form.is_valid():
raise APIBadRequest(form.errors)
form.save()
rev = form.instance.cellrevision_set.all()[0]
rev.resource = form.cleaned_data['resource']
rev.save()
return form.instance
def create(self, request):
if request.user.is_staff or request.user.is_superuser:
form = UserCreateForm(request.POST)
if not form.is_valid():
raise APIBadRequest(form.errors)
if User.objects.filter(Q(username=form.cleaned_data['username']) |\
Q(email=form.cleaned_data['email'])).count():
raise APIBadRequest(
{'error': 'email and / or username already exists'})
user = User.objects.create_user(form.cleaned_data['username'],
form.cleaned_data['email'],
form.cleaned_data['password'])
user.first_name = form.cleaned_data['first_name']
user.last_name = form.cleaned_data['last_name']
user.save()
return user
else:
raise APIForbidden(
{'user': "******"})
def create(self, request):
droplet = Droplet(owner=request.user)
form = DropletCreateForm(request.user,
request.POST,
request.FILES,
instance=droplet)
if not form.is_valid():
raise APIBadRequest(form.errors)
form.save()
rev = form.instance.dropletrevision_set.all()[0]
rev.resource = form.cleaned_data['resource']
rev.save()
return form.instance
def update(self, request, user_id):
"""
User update call. Currently used only for password changing
"""
user = User.objects.get(pk=user_id)
if request.user.is_staff or request.user.is_superuser or user == request.user:
form = UserUpdateForm(request.POST)
if not form.is_valid():
raise APIBadRequest(form.errors)
user.set_password(form.cleaned_data['password'])
user.save()
return user
else:
raise APIForbidden(
{'user': "******"})
def create(self, request, cell_id, username):
"""
If user not in shared_with add him. If user in shared_with
update entry
"""
cell = Cell.objects.get(pk=cell_id)
user = User.objects.get(username=username)
cell_share, created = Share.objects.get_or_create(cell=cell, user=user)
form = CellShareCreateForm(request.POST, instance=cell_share)
if not form.is_valid():
raise APIBadRequest(form.errors)
form.save()
# _recursive_update_shares(cell, request.user)
return rc.CREATED
def create(self, request, droplet_id):
droplet = Droplet.objects.get(pk=droplet_id)
resource, created = UserResource.objects.get_or_create(
user=request.user, name=request.POST.get('resource', 'melissi'))
if created:
resource.save()
revision = DropletRevision(
resource=resource,
droplet=droplet,
)
form = DropletRevisionCreateForm(request.user,
request.POST,
request.FILES,
instance=revision)
if not form.is_valid():
raise APIBadRequest(form.errors)
# check for conflicts
if form.instance.number > droplet.revisions + 1:
raise APIBadRequest({'error': 'Wrong revision number'})
elif form.instance.number < droplet.revisions + 1:
# houston we have a conflict
# create a new droplet
new_droplet = Droplet(name=droplet.name,
owner=droplet.owner,
created=droplet.created,
cell=droplet.cell,
content=droplet.content,
patch=droplet.patch,
content_sha256=droplet.content_sha256,
patch_sha256=droplet.patch_sha256,
deleted=droplet.deleted)
new_droplet.save()
# delete autogenerated revisions
try:
new_droplet.dropletrevision_set.all().delete()
except ObjectDoesNotExist:
# _update_droplet will raise DoesNotExist that we
# can safetly ignore, since we will create manually
# the revisions
pass
# copy revisions
for rev in droplet.dropletrevision_set.all().order_by("number"):
if rev.number == form.instance.number:
# don't copy conflicting revision
# break since its the last to copy
break
new_rev = DropletRevision(droplet=new_droplet,
resource=rev.resource,
name=rev.name,
number=rev.number,
cell=rev.cell,
content=rev.content,
patch=rev.patch,
content_sha256=rev.content_sha256,
patch_sha256=rev.patch_sha256)
new_rev.save()
# set new_droplet
droplet = new_droplet
form.instance.droplet = new_droplet
form.save()
return droplet