def delete_damage(damage_id, logged_in_user):
"""
Delete a damage record
"""
damage = common.get_damage_record(damage_id)
rci = common.get_rci_record(damage['rci_id'])
rci_id = rci['rci_id']
# Cannot delete a damage if the rci is locked
if rci['is_locked']:
raise Unauthorized('rci {} is locked'.format(rci_id))
# Check that the user is one of the following
# (a) a collaborator on the rci OR
# (b) has Permission.MODERATE_DAMAGES
if (user_can(Permission.MODERATE_DAMAGES, logged_in_user)):
pass
else:
rci_collaborators = [
x['user_id'] for x in common.get_rci_collaborators(rci_id)
]
if logged_in_user['user_id'] not in rci_collaborators:
raise Unauthorized('You cannot delete damages from this rci.'
'Please ask to be added to the list of '
'collaborators')
datastore.query('delete from damages '
'where damage_id = ?', (damage_id, ))
return damage
def get_rcis_for_user(user_id, logged_in_user):
"""
Fetch the rcis for which the user `user_id` is a collaborator.
"""
throw_if_not_valid_uuid(user_id)
# You can only lookup rcis for a user if
# 1 - That user is you OR
# 2 - You have permissions to MODERATE_RCIS
if (user_can(Permission.MODERATE_RCIS, logged_in_user)):
pass
else:
if user_id != logged_in_user['user_id']:
raise Unauthorized('You do not have sufficient permissions '
'to lookup rcis for someone else.')
user = get_user_record(user_id)
rci_ids = [
x['rci_id'] for x in datastore.query(
'select rci_id '
'from rci_collabs '
'where user_id = ?', (user_id, ))
]
rcis = []
for rci_id in rci_ids:
rcis.append(get_rci_by_id(rci_id, full=True))
return rcis
def search_rcis(search_string, logged_in_user):
"""
Performs a full-text-search for rcis using the rci_index table
"""
# Only those with the MODERATE_RCIS permission can do this
if not user_can(Permission.MODERATE_RCIS, logged_in_user):
raise Unauthorized('You do not have sufficient permissions '
'to perform an rci search')
# If they did not have a search term, return an empty list
if search_string is None or search_string.strip() == "":
return []
# Quote the search string. See https://sqlite.org/fts5.html
# Not doing this would treat the hyphen character `-` as a column modifier
search_string = '"{}"'.format(search_string)
search_results = datastore.query(
'select * '
'from rci_index '
'where rci_index = ?', (search_string, ))
rcis = []
for result in search_results:
rcis.append(get_rci_by_id(rci_id=result['rci_id'], full=True))
return rcis
def create_damage(logged_in_user, rci_id, item, text, image_url):
"""
Record a damage on the rci
"""
rci = common.get_rci_record(rci_id)
# Cannot record a damage if the rci is locked
if rci['is_locked']:
raise Unauthorized('Rci {} is locked'.format(rci_id))
# Check that the user is one of the following
# (a) a collaborator on the rci OR
# (b) has Permission.MODERATE_DAMAGES
if (user_can(Permission.MODERATE_DAMAGES, logged_in_user)):
pass
else:
rci_collaborators = [
x['user_id'] for x in common.get_rci_collaborators(rci_id)
]
if logged_in_user['user_id'] not in rci_collaborators:
raise Unauthorized('You cannot record damage on this rci.'
'Please ask to be added to the list of '
'collaborators')
damage_insert_args = {
'damage_id': str(uuid.uuid4()),
'rci_id': rci_id,
'item': item,
'text': text,
'image_url': image_url,
'created_by': logged_in_user['user_id'],
'created_at': datetime.utcnow()
}
datastore.query(
'insert into '
'damages(damage_id, rci_id, item, text, image_url, created_by, created_at) '
'values(:damage_id,:rci_id,:item,:text,:image_url,:created_by,:created_at) ',
damage_insert_args)
return common.get_damage_record(damage_insert_args['damage_id'])
def unlock_rci(rci_id, logged_in_user):
"""
Un-Freeze an rci, making it editable again
"""
# We will fail with a clear error here if the rci doesn't exist
rci = get_rci_record(rci_id)
# You can only unlock an rci if
# you have permission to MODERATE_RCIS
if not user_can(Permission.MODERATE_RCIS, logged_in_user):
raise Unauthorized('You do not have sufficient permissions '
'to unlock this rci')
# Go ahead and unlock it up
datastore.query('update rcis '
'set is_locked = 0 '
'where rci_id = ?', (rci_id, ))
def lock_rci(rci_id, logged_in_user):
"""
Freeze an rci, preventing it from being modified
"""
# We will fail with a clear error here if the rci doesn't exist
rci = get_rci_record(rci_id)
# You can only lock an rci if
# you have permission to MODERATE_RCIS
if not user_can(Permission.MODERATE_RCIS, logged_in_user):
raise Unauthorized('You do not have sufficient permissions '
'to lock this rci')
# Go ahead and lock it up
datastore.query('update rcis '
'set is_locked = 1 '
'where rci_id = ?', (rci_id, ))
def create_rci(user_id, building_name, room_name, logged_in_user):
"""
Creates a new rci record for a room.
The user who created it is added to the list of collaborators on
this rci
Multiple rcis can exist for the same room
"""
# You can only create rcis for someone else if you have
# permissions to MODERATE_RCS or you are creating an
# rci for youself.
if (user_can(Permission.MODERATE_RCIS, logged_in_user)):
pass
else:
if user_id != logged_in_user['user_id']:
raise Unauthorized('You do not have permissions '
'to create an rci for someone else.')
new_rci_id = str(uuid.uuid4())
rci_insert_args = {
'rci_id': new_rci_id,
'room_name': room_name,
'building_name': building_name,
'created_at': datetime.utcnow(),
'created_by': logged_in_user['user_id']
}
rci_collab_insert_args = {'rci_id': new_rci_id, 'user_id': user_id}
# Create the rci document
datastore.query(
'insert into rcis '
'(rci_id, building_name, room_name, created_at, created_by) '
'values '
'(:rci_id,:building_name,:room_name,:created_at,:created_by)',
rci_insert_args)
# Add the user as an a collaborator for the rci
datastore.query(
'insert into rci_collabs(rci_id, user_id) '
'values(:rci_id, :user_id);', rci_collab_insert_args)
# Fetch the newly created rci
return get_rci_by_id(new_rci_id, full=True)
def get_rcis_for_buildings(buildings, logged_in_user):
"""
Fetch the rcis for the specified buildings
"""
# Only users that have the MODERATE_RCIS permission can do this
if not user_can(Permission.MODERATE_RCIS, logged_in_user):
raise Unauthorized('You do not have sufficient permissions '
'to lookup rcis for a building.')
rci_ids = [
x['rci_id'] for x in datastore.query(
'select rci_id '
'from rcis '
'where building_name in ({})'.format(', '.join(
'?' for i in buildings)), buildings)
]
rcis = []
for rci_id in rci_ids:
rcis.append(get_rci_by_id(rci_id, full=True))
return rcis