def post(self):
api_key = request.args.get('api_key')
user = User()
user.api_login(api_key)
if not user.is_authenticated():
return jsonify({'status':False})
data = request.json
project = Project()
project.create(data['name'],data['description'])
user.add_project(str(project.get_id()))
return jsonify({'status':True})
def delete(self,project_id):
api_key = request.args.get('api_key')
if not authorized(api_key,project_id):
return jsonify({'status':False})
user = User()
user.api_login(api_key)
project = Project()
project.get(project_id)
if not project.get_id() in user.user.project:
return jsonify({'status':False})
user.remove_project(project.get_id())
model = MongoModel(project=project.project_,collection=project.collection_)
model.delete({'_id':objectid.ObjectId(str(project_id))})
return jsonify({'status':True})
def authorized(api_key,project_id):
user = User()
print "api key is %s" % api_key
user.api_login(api_key)
if not user.is_authenticated():
print "wrong password"
return False
login_user(user)
identity_changed.send(current_app._get_current_object(),identity=Identity(user.user.id))
permission = EditProjectPermission(project_id)
if not permission.can():
print "bad permission"
return False
return True
def get(self,project_id):
if project_id:
project = Project()
project.get(project_id)
data = project.project.to_mongo()
else:
data = {}
project = ProjectList()
all_project = []
for p in project.all():
all_project.append(p.project.to_mongo())
data['all'] = all_project
if request.args.get('api_key'):
user = User()
user.api_login(request.args.get('api_key'))
user_project = user.user.project
data['user'] = self.get_project(user_project)
data = json.dumps(data,default=bson.json_util.default)
resp = Response(data,status=200,mimetype='application/json')
resp.headers['Link'] = 'http://localhost:5000'
return resp
def put(self,project_id):
api_key = request.args.get('api_key')
project = Project()
project.get(project_id)
user = User()
user.api_login(api_key)
data = request.json
if data.get('action') == 'join':
user.add_project(project.get_id())
return jsonify({'status':True,'msg':'join project'})
elif data.get('action') == 'withdraw':
user.remove_project(project.get_id())
return jsonify({'status':True,'msg':'withdrawn from project'})
if not authorized(api_key,project_id):
return jsonify({'status':False,'msg':'unauthorized'})
if not project.get_id() in user.user.project:
return jsonify({'status':False,'msg':'project not in user'})
project.project.description = data['description']
project.save()
return jsonify({'status':True})