def get_scratchpad(scratchpad_id):
scratchpad = scratchpad_models.Scratchpad.get_by_id(scratchpad_id)
if scratchpad:
return scratchpad
else:
return api_not_found_response(
"No scratchpad with id %s" % scratchpad_id)
def delete_scratchpad(scratchpad_id):
"""Mark a pre-existing Scratchpad as deleted.
An empty request body is expected."""
if not gandalf.bridge.gandalf("scratchpads"):
return api_forbidden_response(
"Forbidden: You don't have permission to do this")
user = UserData.current()
scratchpad = scratchpad_models.Scratchpad.get_by_id(scratchpad_id)
if not scratchpad or scratchpad.deleted:
return api_not_found_response(
"No scratchpad with id %s" % scratchpad_id)
# Users can only delete scratchpad they created
# EXCEPTION: Developres can delete any scratchpad
if not user.developer and scratchpad.user_id != user.user_id:
return api_forbidden_response(
"Forbidden: Scratchpad owned by different user")
scratchpad.deleted = True
scratchpad.put()
return api_success_no_content_response()
def get_scratchpad(scratchpad_id):
scratchpad = scratchpad_models.Scratchpad.get_by_id(scratchpad_id)
if scratchpad:
return scratchpad
else:
return api_not_found_response("No scratchpad with id %s" %
scratchpad_id)
def delete_scratchpad(scratchpad_id):
"""Mark a pre-existing Scratchpad as deleted.
An empty request body is expected."""
if not gandalf.bridge.gandalf("scratchpads"):
return api_forbidden_response(
"Forbidden: You don't have permission to do this")
user = UserData.current()
scratchpad = scratchpad_models.Scratchpad.get_by_id(scratchpad_id)
if not scratchpad or scratchpad.deleted:
return api_not_found_response("No scratchpad with id %s" %
scratchpad_id)
# Users can only delete scratchpad they created
# EXCEPTION: Developres can delete any scratchpad
if not user.developer and scratchpad.user_id != user.user_id:
return api_forbidden_response(
"Forbidden: Scratchpad owned by different user")
scratchpad.deleted = True
scratchpad.put()
return api_success_no_content_response()
def update_scratchpad(scratchpad_id):
"""Update a pre-existing Scratchpad and create a new ScratchpadRevision.
The POST data should be a JSON-encoded dict, which is passsed verbatim to
Scratchpad.update as keyword arguments.
"""
if not gandalf.bridge.gandalf("scratchpads"):
return api_forbidden_response(
"Forbidden: You don't have permission to do this")
if not request.json:
return api_invalid_param_response("Bad data supplied: Not JSON")
user = UserData.current()
scratchpad = scratchpad_models.Scratchpad.get_by_id(scratchpad_id)
if not scratchpad or scratchpad.deleted:
return api_not_found_response(
"No scratchpad with id %s" % scratchpad_id)
if not user.developer:
# Certain fields are only modifiable by developers
for field in scratchpad_models.Scratchpad._developer_only_fields:
if request.json.get(field):
return api_forbidden_response(
"Forbidden: Only developers can change the %s" % field)
# The user can update the scratchpad if any of the following are true:
# 1. The scratchpad is tutorial/official and the user is a developer
# 2. The scratchpad was created by the user
if scratchpad.category in ("tutorial", "official") and user.developer:
pass
elif scratchpad.user_id != user.user_id:
# Only the creator of a scratchpad can update it
return api_forbidden_response(
"Forbidden: Scratchpad owned by different user")
try:
# Convert unicode encoded JSON keys to strings
update_args = dict_keys_to_strings(request.json)
if 'id' in update_args:
# Backbone passes the id in update calls - ignore it
del update_args['id']
return scratchpad.update(**update_args)
except (db.BadValueError, db.BadKeyError), e:
return api_invalid_param_response("Bad data supplied: " + e.message)
def update_scratchpad(scratchpad_id):
"""Update a pre-existing Scratchpad and create a new ScratchpadRevision.
The POST data should be a JSON-encoded dict, which is passsed verbatim to
Scratchpad.update as keyword arguments.
"""
if not gandalf.bridge.gandalf("scratchpads"):
return api_forbidden_response(
"Forbidden: You don't have permission to do this")
if not request.json:
return api_invalid_param_response("Bad data supplied: Not JSON")
user = UserData.current()
scratchpad = scratchpad_models.Scratchpad.get_by_id(scratchpad_id)
if not scratchpad or scratchpad.deleted:
return api_not_found_response("No scratchpad with id %s" %
scratchpad_id)
if not user.developer:
# Certain fields are only modifiable by developers
for field in scratchpad_models.Scratchpad._developer_only_fields:
if request.json.get(field):
return api_forbidden_response(
"Forbidden: Only developers can change the %s" % field)
# The user can update the scratchpad if any of the following are true:
# 1. The scratchpad is tutorial/official and the user is a developer
# 2. The scratchpad was created by the user
if scratchpad.category in ("tutorial", "official") and user.developer:
pass
elif scratchpad.user_id != user.user_id:
# Only the creator of a scratchpad can update it
return api_forbidden_response(
"Forbidden: Scratchpad owned by different user")
try:
# Convert unicode encoded JSON keys to strings
update_args = dict_keys_to_strings(request.json)
if 'id' in update_args:
# Backbone passes the id in update calls - ignore it
del update_args['id']
return scratchpad.update(**update_args)
except (db.BadValueError, db.BadKeyError), e:
return api_invalid_param_response("Bad data supplied: " + e.message)
