示例#1
0
def get_scratchpad(scratchpad_id):
    scratchpad = scratchpad_models.Scratchpad.get_by_id(scratchpad_id)
    if scratchpad:
        return scratchpad
    else:
        return api_not_found_response(
            "No scratchpad with id %s" % scratchpad_id)
示例#2
0
def delete_scratchpad(scratchpad_id):
    """Mark a pre-existing Scratchpad as deleted.

    An empty request body is expected."""

    if not gandalf.bridge.gandalf("scratchpads"):
        return api_forbidden_response(
            "Forbidden: You don't have permission to do this")

    user = UserData.current()
    scratchpad = scratchpad_models.Scratchpad.get_by_id(scratchpad_id)

    if not scratchpad or scratchpad.deleted:
        return api_not_found_response(
            "No scratchpad with id %s" % scratchpad_id)

    # Users can only delete scratchpad they created
    # EXCEPTION: Developres can delete any scratchpad
    if not user.developer and scratchpad.user_id != user.user_id:
        return api_forbidden_response(
            "Forbidden: Scratchpad owned by different user")

    scratchpad.deleted = True
    scratchpad.put()

    return api_success_no_content_response()
示例#3
0
def get_scratchpad(scratchpad_id):
    scratchpad = scratchpad_models.Scratchpad.get_by_id(scratchpad_id)
    if scratchpad:
        return scratchpad
    else:
        return api_not_found_response("No scratchpad with id %s" %
                                      scratchpad_id)
示例#4
0
def delete_scratchpad(scratchpad_id):
    """Mark a pre-existing Scratchpad as deleted.

    An empty request body is expected."""

    if not gandalf.bridge.gandalf("scratchpads"):
        return api_forbidden_response(
            "Forbidden: You don't have permission to do this")

    user = UserData.current()
    scratchpad = scratchpad_models.Scratchpad.get_by_id(scratchpad_id)

    if not scratchpad or scratchpad.deleted:
        return api_not_found_response("No scratchpad with id %s" %
                                      scratchpad_id)

    # Users can only delete scratchpad they created
    # EXCEPTION: Developres can delete any scratchpad
    if not user.developer and scratchpad.user_id != user.user_id:
        return api_forbidden_response(
            "Forbidden: Scratchpad owned by different user")

    scratchpad.deleted = True
    scratchpad.put()

    return api_success_no_content_response()
示例#5
0
def update_scratchpad(scratchpad_id):
    """Update a pre-existing Scratchpad and create a new ScratchpadRevision.

    The POST data should be a JSON-encoded dict, which is passsed verbatim to
    Scratchpad.update as keyword arguments.
    """
    if not gandalf.bridge.gandalf("scratchpads"):
        return api_forbidden_response(
            "Forbidden: You don't have permission to do this")

    if not request.json:
        return api_invalid_param_response("Bad data supplied: Not JSON")

    user = UserData.current()
    scratchpad = scratchpad_models.Scratchpad.get_by_id(scratchpad_id)

    if not scratchpad or scratchpad.deleted:
        return api_not_found_response(
            "No scratchpad with id %s" % scratchpad_id)

    if not user.developer:
        # Certain fields are only modifiable by developers
        for field in scratchpad_models.Scratchpad._developer_only_fields:
            if request.json.get(field):
                return api_forbidden_response(
                    "Forbidden: Only developers can change the %s" % field)

    # The user can update the scratchpad if any of the following are true:
    #  1. The scratchpad is tutorial/official and the user is a developer
    #  2. The scratchpad was created by the user
    if scratchpad.category in ("tutorial", "official") and user.developer:
        pass
    elif scratchpad.user_id != user.user_id:
        # Only the creator of a scratchpad can update it
        return api_forbidden_response(
            "Forbidden: Scratchpad owned by different user")

    try:
        # Convert unicode encoded JSON keys to strings
        update_args = dict_keys_to_strings(request.json)
        if 'id' in update_args:
            # Backbone passes the id in update calls - ignore it
            del update_args['id']
        return scratchpad.update(**update_args)
    except (db.BadValueError, db.BadKeyError), e:
        return api_invalid_param_response("Bad data supplied: " + e.message)
示例#6
0
def update_scratchpad(scratchpad_id):
    """Update a pre-existing Scratchpad and create a new ScratchpadRevision.

    The POST data should be a JSON-encoded dict, which is passsed verbatim to
    Scratchpad.update as keyword arguments.
    """
    if not gandalf.bridge.gandalf("scratchpads"):
        return api_forbidden_response(
            "Forbidden: You don't have permission to do this")

    if not request.json:
        return api_invalid_param_response("Bad data supplied: Not JSON")

    user = UserData.current()
    scratchpad = scratchpad_models.Scratchpad.get_by_id(scratchpad_id)

    if not scratchpad or scratchpad.deleted:
        return api_not_found_response("No scratchpad with id %s" %
                                      scratchpad_id)

    if not user.developer:
        # Certain fields are only modifiable by developers
        for field in scratchpad_models.Scratchpad._developer_only_fields:
            if request.json.get(field):
                return api_forbidden_response(
                    "Forbidden: Only developers can change the %s" % field)

    # The user can update the scratchpad if any of the following are true:
    #  1. The scratchpad is tutorial/official and the user is a developer
    #  2. The scratchpad was created by the user
    if scratchpad.category in ("tutorial", "official") and user.developer:
        pass
    elif scratchpad.user_id != user.user_id:
        # Only the creator of a scratchpad can update it
        return api_forbidden_response(
            "Forbidden: Scratchpad owned by different user")

    try:
        # Convert unicode encoded JSON keys to strings
        update_args = dict_keys_to_strings(request.json)
        if 'id' in update_args:
            # Backbone passes the id in update calls - ignore it
            del update_args['id']
        return scratchpad.update(**update_args)
    except (db.BadValueError, db.BadKeyError), e:
        return api_invalid_param_response("Bad data supplied: " + e.message)