def get_scratchpad(scratchpad_id): scratchpad = scratchpad_models.Scratchpad.get_by_id(scratchpad_id) if scratchpad: return scratchpad else: return api_not_found_response( "No scratchpad with id %s" % scratchpad_id)
def delete_scratchpad(scratchpad_id): """Mark a pre-existing Scratchpad as deleted. An empty request body is expected.""" if not gandalf.bridge.gandalf("scratchpads"): return api_forbidden_response( "Forbidden: You don't have permission to do this") user = UserData.current() scratchpad = scratchpad_models.Scratchpad.get_by_id(scratchpad_id) if not scratchpad or scratchpad.deleted: return api_not_found_response( "No scratchpad with id %s" % scratchpad_id) # Users can only delete scratchpad they created # EXCEPTION: Developres can delete any scratchpad if not user.developer and scratchpad.user_id != user.user_id: return api_forbidden_response( "Forbidden: Scratchpad owned by different user") scratchpad.deleted = True scratchpad.put() return api_success_no_content_response()
def get_scratchpad(scratchpad_id): scratchpad = scratchpad_models.Scratchpad.get_by_id(scratchpad_id) if scratchpad: return scratchpad else: return api_not_found_response("No scratchpad with id %s" % scratchpad_id)
def delete_scratchpad(scratchpad_id): """Mark a pre-existing Scratchpad as deleted. An empty request body is expected.""" if not gandalf.bridge.gandalf("scratchpads"): return api_forbidden_response( "Forbidden: You don't have permission to do this") user = UserData.current() scratchpad = scratchpad_models.Scratchpad.get_by_id(scratchpad_id) if not scratchpad or scratchpad.deleted: return api_not_found_response("No scratchpad with id %s" % scratchpad_id) # Users can only delete scratchpad they created # EXCEPTION: Developres can delete any scratchpad if not user.developer and scratchpad.user_id != user.user_id: return api_forbidden_response( "Forbidden: Scratchpad owned by different user") scratchpad.deleted = True scratchpad.put() return api_success_no_content_response()
def update_scratchpad(scratchpad_id): """Update a pre-existing Scratchpad and create a new ScratchpadRevision. The POST data should be a JSON-encoded dict, which is passsed verbatim to Scratchpad.update as keyword arguments. """ if not gandalf.bridge.gandalf("scratchpads"): return api_forbidden_response( "Forbidden: You don't have permission to do this") if not request.json: return api_invalid_param_response("Bad data supplied: Not JSON") user = UserData.current() scratchpad = scratchpad_models.Scratchpad.get_by_id(scratchpad_id) if not scratchpad or scratchpad.deleted: return api_not_found_response( "No scratchpad with id %s" % scratchpad_id) if not user.developer: # Certain fields are only modifiable by developers for field in scratchpad_models.Scratchpad._developer_only_fields: if request.json.get(field): return api_forbidden_response( "Forbidden: Only developers can change the %s" % field) # The user can update the scratchpad if any of the following are true: # 1. The scratchpad is tutorial/official and the user is a developer # 2. The scratchpad was created by the user if scratchpad.category in ("tutorial", "official") and user.developer: pass elif scratchpad.user_id != user.user_id: # Only the creator of a scratchpad can update it return api_forbidden_response( "Forbidden: Scratchpad owned by different user") try: # Convert unicode encoded JSON keys to strings update_args = dict_keys_to_strings(request.json) if 'id' in update_args: # Backbone passes the id in update calls - ignore it del update_args['id'] return scratchpad.update(**update_args) except (db.BadValueError, db.BadKeyError), e: return api_invalid_param_response("Bad data supplied: " + e.message)
def update_scratchpad(scratchpad_id): """Update a pre-existing Scratchpad and create a new ScratchpadRevision. The POST data should be a JSON-encoded dict, which is passsed verbatim to Scratchpad.update as keyword arguments. """ if not gandalf.bridge.gandalf("scratchpads"): return api_forbidden_response( "Forbidden: You don't have permission to do this") if not request.json: return api_invalid_param_response("Bad data supplied: Not JSON") user = UserData.current() scratchpad = scratchpad_models.Scratchpad.get_by_id(scratchpad_id) if not scratchpad or scratchpad.deleted: return api_not_found_response("No scratchpad with id %s" % scratchpad_id) if not user.developer: # Certain fields are only modifiable by developers for field in scratchpad_models.Scratchpad._developer_only_fields: if request.json.get(field): return api_forbidden_response( "Forbidden: Only developers can change the %s" % field) # The user can update the scratchpad if any of the following are true: # 1. The scratchpad is tutorial/official and the user is a developer # 2. The scratchpad was created by the user if scratchpad.category in ("tutorial", "official") and user.developer: pass elif scratchpad.user_id != user.user_id: # Only the creator of a scratchpad can update it return api_forbidden_response( "Forbidden: Scratchpad owned by different user") try: # Convert unicode encoded JSON keys to strings update_args = dict_keys_to_strings(request.json) if 'id' in update_args: # Backbone passes the id in update calls - ignore it del update_args['id'] return scratchpad.update(**update_args) except (db.BadValueError, db.BadKeyError), e: return api_invalid_param_response("Bad data supplied: " + e.message)