Пример #1
0
    def add(cls, email, password, confirm_password, first_name, last_name, brief=None):

        # validate email
        if not is_email_address_valid(email):
            raise InvalidFieldError("Email address is not valid", ["email"])

        # check matched password
        if password != confirm_password:
            raise InvalidFieldError("Password and confirm password does not match", ["password", "confirm_password"])
        elif len(password) < 6:
            raise InvalidFieldError("Password length must be at least 6 characters", ["password"])
        # validate name
        if not first_name or not last_name:
            raise InvalidFieldError("First name and/or last name are in valid", ["first_name", "last_name"])

        args = {
            "email": email.lower(),
            "password": hashlib.md5(password).hexdigest(),
            "first_name": first_name,
            "last_name": last_name
        }

        if brief:
            args["brief"] = brief

        # create activate id
        user = DBUser(**args)
        user.activation_id = hashlib.md5(email + password).hexdigest()

        # persistent user object
        try:
            user.save()
            return user
        except:
            raise
Пример #2
0
    def delete_user(cls, request_user_id, user_delete):
        user = DBUser.get_by_id(request_user_id)
        dl_user = DBUser.get_by_id(user_delete)

        # if not user:
        #     raise UserNotFoundError("user with id = %d does not exist", request_user_id)

        if not dl_user:
            raise UserNotFoundError("user with id = %d does not exist", user_delete)

        if user.role != "manager":
            raise AccessDeniedError("Not manager user cannot delete account")
        else:
            dl_user.delete()
Пример #3
0
    def delete_comment(cls, user_id, comment_id):
        # not necessary to check user_id
        # if not is_id_valid(user_id):
        #     raise InvalidFieldError("user id is invalid", ["user_id"])

        if not is_id_valid(comment_id):
            raise InvalidFieldError("comment id is invalid", ["comment_id"])

        user = DBUser.get_by_id(user_id)
        if not user:
            raise UserNotFoundError("User with id = %d  does not exist" % user_id)

        comment = DBComment.get_by_id(comment_id)
        if not comment:
            raise CommentNotFoundError(comment_id=comment_id)

        # only allow commenter/post author to delete comment
        if comment.user_id != user_id and comment.post.author.id != user_id:
            raise AccessDeniedError("You cannot delete others comment")

        try:
            comment.delete()
            return comment
        except:
            raise
Пример #4
0
    def update_comment(cls, user_id, comment_id, content):

        # not necessary to check user_id
        # if not is_id_valid(user_id):
        #     raise InvalidFieldError("user id is invalid", ["user_id"])

        if not is_id_valid(comment_id):
            raise InvalidFieldError("comment id is invalid", ["comment_id"])

        commenter = DBUser.get_by_id(user_id)
        if not commenter:
            raise UserNotFoundError("User with id = %d  does not exist" % user_id)

        comment = DBComment.get_by_id(comment_id)
        if not comment:
            raise CommentNotFoundError(comment_id=comment_id)

        if len(content) < 10:
            raise InvalidFieldError("comment is too short", ["content"])

        # only allow commenter to update comment
        if comment.user_id != user_id:
            raise AccessDeniedError("You cannot edit others comment")

        comment.content = content
        try:
            comment.update()
            return comment
        except:
            raise
Пример #5
0
    def find_post_by_author_pagination(cls, author_id, page=1, per_page=10):
        """
        Find all post publish by specific author

        :param author_id: id of author to find post by
        :param page: page index begin at 1
        :param per_page:
        :return:
        """

        # valid user if
        if not is_id_valid(author_id):
            raise InvalidFieldError("author id does not valid.", ["author_id"])

        # confirm user existent
        author = DBUser.get_by_id(author_id)
        if not author:
            raise UserNotFoundError("User with id = %d does not exist")

        args = {"user_id": author_id}

        # validate pagination info
        if not is_id_valid(page):
            page = 1

        if int(per_page) <= 0 or int(per_page) >= 50:
            per_page = 10

        pagination = DBPost.pagination_get(filter_dict=args, page=page, per_page=per_page, order_by="time desc")
        return pagination, author
Пример #6
0
    def delete_post(cls, user_id, post_id):
        user = DBUser.get_by_id(user_id)
        if not user:
            raise UserNotFoundError("User with id = %d does not exist" % user_id)

        if not is_id_valid(post_id):
            raise InvalidFieldError("Post id is invalid", ["post_id"])

        post = DBPost.get_by_id(post_id)
        if not post:
            raise PostNotFoundError(post_id=post_id)

        # only allow author and manager to delete post
        if post.author.id != user_id and user.role != "manager":
            raise AccessDeniedError("You don't have permission to delete this post.")

        post.delete()
Пример #7
0
    def update_user(cls, user_id, email=None, password=None, confirm_password=None, first_name=None, last_name=None,
                    brief=None, avatar=None):
        try:
            user = DBUser.get_by_id(user_id)

            if user is None:
                raise UserNotFoundError("User with id = %d does not exist" %user_id)

            # validate email
            if email and not is_email_address_valid(email):
                raise InvalidFieldError("Email address is not valid", ["email"])
            elif email:
                user.email = email

            if password and confirm_password:
                # check matched password
                if password != confirm_password:
                    raise InvalidFieldError("Password and confirm password does not match", ["password", "confirm_password"])
                elif len(password) < 6:
                    raise InvalidFieldError("Password length must be at least 6 characters", ["password"])
                else:
                    user.password = hashlib.md5(password).hexdigest()

            # validate name
            if first_name is not None and len(first_name) == 0:
                raise InvalidFieldError("First name is in valid", ["first_name"])
            elif first_name:
                user.first_name = first_name

            if last_name is not  None and len(last_name) == 0:
                raise InvalidFieldError("Last name is in valid", ["last_name"])
            elif last_name:
                user.last_name = last_name

            if brief:
                user.brief = brief

            if avatar:
                user.avatar = avatar

            # persistent user object
            user.update()
            return user
        except:
            raise
Пример #8
0
    def test_update_no_info(self):
        args = {
            "email": "*****@*****.**",
            "password": "******",
            "confirm_password": "******",
            "first_name": "Editor2",
            "last_name": "Nguyen",
            "brief": "Hello world"
        }

        User.update_user(self.user_id[1])
        user = DBUser.get_by_id(self.user_id[1])

        self.assertEqual(user.id, self.user_id[1])
        self.assertEqual(user.email, args["email"])
        self.assertEqual(user.password, hashlib.md5(args["password"]).hexdigest())
        self.assertEqual(user.first_name, args["first_name"])
        self.assertEqual(user.last_name, args["last_name"])
        self.assertEqual(user.brief, args["brief"])
Пример #9
0
    def test_update_user_all_valid_field(self):
        args = {
            "email": "*****@*****.**",
            "password": "******",
            "confirm_password": "******",
            "first_name": "Dzung",
            "last_name": "Nguyen Tien",
            "brief": "Hello world Again"
        }

        User.update_user(self.user_id[0], **args)
        user = DBUser.get_by_id(self.user_id[0])

        self.assertEqual(user.id, self.user_id[0])
        self.assertEqual(user.email, args["email"])
        self.assertEqual(user.password, hashlib.md5(args["password"]).hexdigest())
        self.assertEqual(user.first_name, args["first_name"])
        self.assertEqual(user.last_name, args["last_name"])
        self.assertEqual(user.brief, args["brief"])
Пример #10
0
    def activate_user(cls, email, activation_id):
        # validate input
        if not is_email_address_valid(email):
            return None

        arg = {
            "email": email.lower(),
        }

        user = DBUser.get_one(arg)

        if user :
                if user.activation_id == activation_id:
                    # only return some basic info
                    user.activation_id = ""
                    user.activated = True
                    user.update()
                    return user
                else:
                    return None
        else:
            return None
Пример #11
0
    def verify_user(cls, email, password):
        # validate input
        if not is_email_address_valid(email) or len(password) < 6:
            return None

        arg = {
            "email": email.lower(),
        }

        password_hashed = hashlib.md5(password).hexdigest()
        user = DBUser.get_one(arg)

        if user :
            if user.activated:
                if user.password == password_hashed:
                    # only return some basic info

                    return user
                else:
                    return None
            else:
                raise UserNotActivatedError()
        else:
            return None
Пример #12
0
    def update_post(cls, user_id, post_id, title=None, content=None, feature_image=None, tags=None, categories=None,
                    draft=False):
        # only allow author or manager to edit post
        user = DBUser.get_by_id(user_id)
        if not user:
            raise UserNotFoundError("User with id = %d does not exist" % user_id)

        if not is_id_valid(post_id):
            raise InvalidFieldError("Post id is invalid", ["post_id"])

        post = DBPost.get_by_id(post_id)
        if not post:
            raise PostNotFoundError(post_id=post_id)

        if post.author.id != user_id and user.role != "manager":
            raise AccessDeniedError("You cannot edit post not published by you.")

        if title:
            post.title = title

        if content:
            post.content = content
        elif content is not None and len(content) == 0:
            raise InvalidFieldError("Post's content cannot be empty", ["content"])

        if feature_image:
            post.feature_image = feature_image

        if tags:
            post.tags = tags

        if categories:
            post.categories = ",".join("`%s`"%cat for cat in categories)

        post.update()
        return post
Пример #13
0
def set_up_db():
    args = {
        "email": "*****@*****.**",
        "password": hashlib.md5("123456").hexdigest(),
        "first_name": "Admin",
        "last_name": "Nguyen",
        "brief": "Hello world",
        "role": "manager"
    }
    user = User(**args)
    user.save()

    args["email"] = "*****@*****.**"
    args["first_name"] = "Editor2"
    args["role"] = 'editor'
    user = User(**args)
    user.save()

    args["email"] = "*****@*****.**"
    args["first_name"] = "Editor3"
    user = User(**args)
    user.save()

    args["email"] = "*****@*****.**"
    args["first_name"] = "Editor4"
    user = User(**args)
    user.save()

    args = {
        "title": "Post 1 title",
        "content": """<p>Lorem ipsum dolor sit amet, consectetur adipisicing elit. Eveniet doloribus qui, adipisci inventore sequi fugiat dolores ullam, provident a, accusantium, necessitatibus ab nisi aliquam. Ipsam voluptas dolores magni necessitatibus provident.</p>
        <p>Sunt quo placeat fugiat nesciunt vel assumenda dolorem incidunt provident eligendi ipsa, quam autem optio id nostrum beatae corporis a. Tempore saepe quod nemo hic magni in veritatis illum natus.</p>
        <p>Et beatae ipsam repellat officiis similique cupiditate distinctio expedita rem at, aut aspernatur, voluptate quibusdam! Voluptatum aut quos porro eos nulla officiis adipisci magnam perferendis, dicta minima quis eligendi enim.</p>
        <p>Sed itaque dignissimos eligendi reprehenderit, nesciunt ducimus voluptates dolores suscipit fugit ipsam aperiam praesentium laborum odit qui libero ipsum tempora, eos quis hic, sapiente perspiciatis amet labore voluptatibus alias. Vitae.</p>""",
        "user_id": 1,
        "categories": ["c++","python"]
    }

    post = Post(**args)
    post.save()

    args["title"] = "Post 2 title"
    args["user_id"] = 2

    post = Post(**args)
    post.save()

    args["title"] = "Post 3 title"
    args["user_id"] = 3

    post = Post(**args)
    post.save()

    args["title"] = "Post 4 title"
    args["user_id"] = 4

    post = Post(**args)
    post.save()

    args["title"] = "Post Hello title"
    args["user_id"] = 1
    args["categories"] = ["non-it"]

    post = Post(**args)
    post.save()

    args["title"] = "Good morning"
    args["user_id"] = 2

    post = Post(**args)
    post.save()

    args["title"] = "First day at Moscow"
    args["user_id"] = 2
    args["categories"] = ["journey","non-it"]

    post = Post(**args)
    post.save()

    args["title"] = "Surprising"
    args["user_id"] = 3

    post = Post(**args)
    post.save()

    args["title"] = "So awesome lake"
    args["user_id"] = 3

    post = Post(**args)
    post.save()

    args["title"] = "My new Phone"
    args["user_id"] = 3
    args["categories"] = ["photo","non-it"]

    post = Post(**args)
    post.save()

    args["title"] = "Photo with new phone"
    args["user_id"] = 3

    post = Post(**args)
    post.save()

    args["title"] = "List of useful app for Blackberry"
    args["user_id"] = 3
    args["categories"] = ["uncategorized"]

    post = Post(**args)
    post.save()


    cmt_args={
        "content":"<p>Lorem ipsum dolor sit amet, consectetur adipisicing elit. Ut ipsum ad, mollitia repellendus harum dignissimos rem beatae, dolore minus. Sapiente saepe mollitia magnam molestiae natus officiis corrupti voluptatibus, qui repudiandae.</p>",
        "post_id":1,
        "user_id":2,
    }
    cmt = Comment(**cmt_args)
    cmt.save()


    cmt_args["post_id"] = 1
    cmt_args["user_id"] = 3
    cmt = Comment(**cmt_args)
    cmt.save()

    cmt_args["post_id"] = 1
    cmt_args["user_id"] = 4
    cmt = Comment(**cmt_args)
    cmt.save()

    cmt_args["post_id"] = 3
    cmt_args["user_id"] = 4
    cmt = Comment(**cmt_args)
    cmt.save()

    cmt_args["post_id"] = 3
    cmt_args["user_id"] = 2
    cmt = Comment(**cmt_args)
    cmt.save()
    cmt_args["post_id"] = 4
    cmt_args["user_id"] = 1
    cmt = Comment(**cmt_args)
    cmt.save()
    cmt_args["post_id"] = 7
    cmt_args["user_id"] = 1
    cmt = Comment(**cmt_args)
    cmt.save()
    cmt_args["post_id"] = 4
    cmt_args["user_id"] = 2
    cmt = Comment(**cmt_args)
    cmt.save()

    cmt_args["post_id"] = 3
    cmt_args["user_id"] = 3
    cmt = Comment(**cmt_args)
    cmt.save()

    cmt_args["post_id"] = 2
    cmt_args["user_id"] = 4
    cmt = Comment(**cmt_args)
    cmt.save()

    cmt_args["post_id"] = 2
    cmt_args["user_id"] = 1
    cmt = Comment(**cmt_args)
    cmt.save()

    cmt_args["post_id"] = 2
    cmt_args["user_id"] = 3
    cmt = Comment(**cmt_args)
    cmt.save()

    cmt_args["post_id"] = 2
    cmt_args["user_id"] = 4
    cmt = Comment(**cmt_args)
    cmt.save()

    cmt_args["post_id"] = 5
    cmt_args["user_id"] = 3
    cmt = Comment(**cmt_args)
    cmt.save()

    cmt_args["post_id"] = 5
    cmt_args["user_id"] = 2
    cmt = Comment(**cmt_args)
    cmt.save()

    cmt_args["post_id"] = 5
    cmt_args["user_id"] = 3
    cmt = Comment(**cmt_args)
    cmt.save()

    cmt_args["post_id"] = 5
    cmt_args["user_id"] = 4
    cmt = Comment(**cmt_args)
    cmt.save()

    cmt_args["post_id"] = 6
    cmt_args["user_id"] = 4
    cmt = Comment(**cmt_args)
    cmt.save()

    cmt_args["post_id"] = 6
    cmt_args["user_id"] = 1
    cmt = Comment(**cmt_args)
    cmt.save()

    cmt_args["post_id"] = 9
    cmt_args["user_id"] = 1
    cmt = Comment(**cmt_args)
    cmt.save()

    cmt_args["post_id"] = 9
    cmt_args["user_id"] = 1
    cmt = Comment(**cmt_args)
    cmt.save()

    cmt_args["post_id"] = 9
    cmt_args["user_id"] = 3
    cmt = Comment(**cmt_args)
    cmt.save()