def perform_group_action(group_action):
data = request.json
try:
group_id = data['group_id']
auth_status, auth_user = au_ser.check_auth_token(request.headers)
if auth_user == '':
return s_vars.not_authorized, 401
else:
group = Group.query.filter_by(group_id=group_id).first()
if group is None:
return s_vars.group_not_exist, 404
else:
if group.owner == auth_user or access_from_group_access(group_id, auth_user):
msg = ''
if group_action == 'deactivate':
change_group_activation(group_id, False)
msg = '{} deactivated'.format(group_id)
elif group_action == 'activate':
change_group_activation(group_id, True)
msg = '{} activated'.format(group_id)
elif group_action == 'delete':
delete_group(group_id)
msg = '{} activated'.format(group_id)
else:
return s_vars.invalid_action, 403
return jsonify({'result': msg})
else:
return s_vars.not_authorized, 401
except KeyError:
return s_vars.bad_request, 400
def remove_change_group_access():
data = request.json
try:
auth_status, auth_user = au_ser.check_auth_token(request.headers)
group_from_db = Group.query.filter_by(
group_id=data['group_id']).first()
if group_from_db.owner == auth_user or access_from_group_access(
group_from_db.card_id, auth_user) == 'RW':
group_access = GroupAccess.query.filter_by(
group_id=group_from_db.group_id,
username=data['username']).first()
if group_access is None:
return jsonify({
'result':
'{} does not have access for group {}'.format(
data['username'], group_from_db.title)
}), 200
msg = ''
if data['action_name'] == 'delete':
db.session.delete(group_access)
msg = 'Deleted {} access from group {}'.format(
data['username'], group_from_db.title)
elif data['action_name'] == 'enable':
group_access.access_status = True
group_access.last_updated = datetime.utcnow()
msg = 'Update: {} access from disable to enable'.format(
data['username'])
elif data['action_name'] == 'disable':
group_access.access_status = False
group_access.last_updated = datetime.utcnow()
msg = 'Update: {} access from enable to disable'.format(
data['username'])
elif data['action_name'] == 'access_RO':
group_access.access_type = 'RO'
group_access.last_updated = datetime.utcnow()
msg = 'Update: {} access from RW to RO'.format(
data['username'])
elif data['action_name'] == 'access_RW':
group_access.access_type = 'RW'
group_access.last_updated = datetime.utcnow()
msg = 'Update: {} access from RO to RW'.format(
data['username'])
else:
return s_vars.invalid_action, 403
db.session.commit()
return jsonify({'result': msg}), 200
else:
return s_vars.not_authorized, 401
except KeyError:
return s_vars.bad_request, 400
def add_group_access():
data = request.json
try:
auth_status, auth_user = au_ser.check_auth_token(request.headers)
group_from_db = Group.query.filter_by(
group_id=data['group_id']).first()
owner = group_from_db.owner
access_by = auth_user
if len(access_by) == 0:
access_by = 'public'
if owner == access_by or access_from_group_access(
data['group_id'], access_by) == 'RW':
username = data['username']
username_in_db = user_model.User.query.filter_by(
username=username, deactivated=False, verified=True).first()
if username_in_db is None and username != 'public' or owner == username:
return jsonify({'result': {username: False}})
else:
keys = list(data.keys())
group_access = GroupAccess(owner=owner,
username=username,
group_id=data['group_id'],
access_by=access_by,
access_type=data['access_type']
if 'access_type' in keys else 'RO')
db.session.add(group_access)
try:
db.session.commit()
return jsonify(
{'result': {
username: group_access.__repr__()
}}), 200
except exc.IntegrityError as e:
logging.info(e)
return jsonify({'result': {
username: '******'
}}), 200
else:
return s_vars.not_authorized, 401
except KeyError:
return s_vars.bad_request, 400
def remove_cards_from_group():
data = request.json
try:
auth_status, auth_user = au_ser.check_auth_token(request.headers)
if auth_user == '':
return s_vars.not_authorized, 401
else:
group = Group.query.filter_by(group_id=data['group_id']).first()
if group is None:
return s_vars.group_not_exist, 404
else:
if group.owner == auth_user or access_from_group_access(data['group_id'], auth_user):
GroupCards.query.filter(GroupCards.card_id.in_(data['card_ids'])).filter_by(
group_id=data['group_id']).delete(synchronize_session='fetch')
db.session.commit()
return jsonify({'result': '{} deleted from group {}'.format(data['card_ids'], data['group_id'])})
else:
return s_vars.not_authorized, 401
except KeyError:
return s_vars.bad_request, 400
def update_group(group_id):
data = request.json
auth_status, auth_user = au_ser.check_auth_token(request.headers)
try:
group_from_db = Group.query.filter_by(group_id=group_id).first()
if group_from_db is None:
return s_vars.group_not_exist, 404
elif auth_user == '':
return s_vars.not_authorized, 401
elif group_from_db.owner == auth_user or access_from_group_access(group_id, auth_user) == 'RW':
keys = list(data.keys())
if 'owner' in keys:
if data['owner'] != 'public':
user = user_model.User.query.filter_by(username=data['owner']).first()
if user is not None:
group_from_db.owner = data['owner'] if 'owner' in keys else group_from_db.owner
else:
return s_vars.user_not_exist, 404
else:
return s_vars.user_not_exist, 404
group_from_db.title = data['title'] if 'title' in keys else group_from_db.title
group_from_db.description = data['description'] if 'description' in keys else group_from_db.description
group_from_db.icon_url = data['icon_url'] if 'icon_url' in keys else group_from_db.icon_url
group_from_db.status = data['status'] if 'status' in keys else group_from_db.status
group_from_db.last_updated = datetime.utcnow()
db.session.commit()
group_json_data = group_from_db.__repr__()
group_json_data['user_access_list'] = [group_a.__repr__() for group_a in GroupAccess.query.filter(
GroupAccess.group_id == group_from_db.group_id).all()]
res = {'result': group_json_data}
return jsonify(res), 200
else:
return s_vars.not_authorized, 401
except KeyError:
return s_vars.bad_request, 400