def delete(self, test_id):
curr_user = self.get_secure_cookie(auth_const.OPENID)
curr_user_role = self.get_secure_cookie(auth_const.ROLE)
if curr_user is not None:
query = {'_id': objectid.ObjectId(test_id)}
test_data = yield dbapi.db_find_one(self.table, query)
if not test_data:
raises.NotFound(message.not_found(self.table, query))
if curr_user == test_data['owner'] or \
curr_user_role.find('administrator') != -1:
yield dbapi.db_delete('applications',
{'test_id': test_data['id']})
yield dbapi.db_delete('reviews', {'test_id': test_data['id']})
self._delete(query=query)
else:
raises.Forbidden(message.no_auth())
else:
raises.Unauthorized(message.no_auth())
def delete(self, id):
query = {'_id': objectid.ObjectId(id)}
application = yield dbapi.db_find_one(self.table, query)
test_id = application['test_id']
t_query = {'id': test_id}
yield dbapi.db_delete('reviews', {'test_id': test_id})
yield dbapi.db_update('tests', t_query,
{'$set': {
'status': 'private'
}})
self._delete(query=query)
def _del(self):
query = {'openid': self.json_args['reviewer_openid']}
user = yield dbapi.db_find_one('users', query)
if not user:
raises.Forbidden(message.unauthorized())
role = self.get_secure_cookie(auth_const.ROLE)
if 'reviewer' not in role.split(','):
raises.Unauthorized(message.no_auth())
test = yield dbapi.db_find_one(
'tests', {'id': self.json_args['test_id']})
if test['owner'] == self.json_args['reviewer_openid']:
self.finish_request({'code': 403,
'msg': 'No permision to review own results'})
return
query = {
'reviewer_openid': self.json_args['reviewer_openid'],
'test_id': self.json_args['test_id']
}
yield dbapi.db_delete(self.table, query)
self.finish_request()
def _delete(self, data, query=None):
yield dbapi.db_delete(self.table, query)
self.finish_request()
