def votes_collection_add_json(request):
ctx = request.context
user_id = authenticated_userid(request)
permissions = get_permissions(
user_id, ctx.get_discussion_id())
check_permissions(ctx, user_id, permissions, CrudPermissions.CREATE)
typename = ctx.collection_class.external_typename()
typename = request.json_body.get(
'@type', ctx.collection_class.external_typename())
json = request.json_body
json['voter'] = User.uri_generic(user_id)
try:
instances = ctx.create_object(typename, json, user_id)
except Exception as e:
raise HTTPBadRequest(e)
if instances:
first = instances[0]
db = first.db()
for instance in instances:
db.add(instance)
db.flush()
view = request.GET.get('view', None) or 'default'
return Response(
dumps(first.generic_json(view, user_id, permissions)),
location=first.uri_generic(first.id),
status_code=201)
def set_local_role(request):
# Do not use check_permissions, this is a special case
ctx = request.context
instance = ctx._instance
user_id = authenticated_userid(request)
if not user_id:
raise HTTPUnauthorized()
discussion_id = ctx.get_discussion_id()
user_uri = User.uri_generic(user_id)
if discussion_id is None:
raise HTTPBadRequest()
permissions = get_permissions(user_id, discussion_id)
json = request.json_body
requested_user = json.get('user', None)
if not requested_user:
json['user'] = requested_user = user_uri
elif requested_user != user_uri and P_ADMIN_DISC not in permissions:
raise HTTPUnauthorized()
if P_ADMIN_DISC not in permissions:
if P_SELF_REGISTER in permissions:
json['requested'] = False
json['role'] = R_PARTICIPANT
elif P_SELF_REGISTER_REQUEST in permissions:
json['requested'] = True
else:
raise HTTPUnauthorized()
updated = instance.update_from_json(json, user_id, ctx)
view = request.GET.get('view', None) or 'default'
if view == 'id_only':
return [updated.uri()]
else:
return updated.generic_json(view, user_id, permissions)
def set_local_role(request):
# Do not use check_permissions, this is a special case
ctx = request.context
instance = ctx._instance
user_id = authenticated_userid(request)
if not user_id:
raise HTTPUnauthorized()
discussion_id = ctx.get_discussion_id()
user_uri = User.uri_generic(user_id)
if discussion_id is None:
raise HTTPBadRequest()
permissions = get_permissions(user_id, discussion_id)
json = request.json_body
requested_user = json.get('user', None)
if not requested_user:
json['user'] = requested_user = user_uri
elif requested_user != user_uri and P_ADMIN_DISC not in permissions:
raise HTTPUnauthorized()
if P_ADMIN_DISC not in permissions:
if P_SELF_REGISTER in permissions:
json['requested'] = False
json['role'] = R_PARTICIPANT
elif P_SELF_REGISTER_REQUEST in permissions:
json['requested'] = True
else:
raise HTTPUnauthorized()
updated = instance.update_from_json(json, user_id, ctx)
view = request.GET.get('view', None) or 'default'
if view == 'id_only':
return [updated.uri()]
else:
return updated.generic_json(view, user_id, permissions)
def post_put_json(request):
json_data = request.json_body
if has_moderation(json_data):
raise_if_cannot_moderate(request)
json_data['moderated_on'] = datetime.utcnow().isoformat()+"Z"
json_data['moderator'] = User.uri_generic(
authenticated_userid(request))
return instance_put_json(request, json_data)
def post_put_json(request):
json_data = request.json_body
if has_moderation(json_data):
raise_if_cannot_moderate(request)
json_data['moderated_on'] = datetime.utcnow().isoformat()+"Z"
json_data['moderator'] = User.uri_generic(
authenticated_userid(request))
return instance_put_json(request, json_data)
def post_put(request):
form_data = request.params
if has_moderation(form_data):
raise_if_cannot_moderate(request)
form_data = dict(form_data)
form_data['moderated_on'] = datetime.utcnow().isoformat()+"Z"
form_data['moderator'] = User.uri_generic(
authenticated_userid(request))
return instance_put_form(request, form_data)
def post_put(request):
form_data = request.params
if has_moderation(form_data):
raise_if_cannot_moderate(request)
form_data = dict(form_data)
form_data['moderated_on'] = datetime.utcnow().isoformat()+"Z"
form_data['moderator'] = User.uri_generic(
authenticated_userid(request))
return instance_put_form(request, form_data)
def add_local_role(request):
# Do not use check_permissions, this is a special case
ctx = request.context
user_id = request.authenticated_userid
if not user_id:
raise HTTPUnauthorized()
discussion_id = ctx.get_discussion_id()
discussion = Discussion.get(discussion_id)
user_uri = User.uri_generic(user_id)
if discussion_id is None:
raise HTTPBadRequest()
permissions = get_permissions(user_id, discussion_id)
json = request.json_body
if "discussion" not in json:
json["discussion"] = Discussion.uri_generic(discussion_id)
requested_user = json.get('user', None)
if not requested_user:
json['user'] = requested_user = user_uri
elif requested_user != user_uri and P_ADMIN_DISC not in permissions:
raise HTTPUnauthorized()
if P_ADMIN_DISC not in permissions:
if P_SELF_REGISTER in permissions:
json['requested'] = False
json['role'] = R_PARTICIPANT
req_user = User.get_instance(requested_user)
if not discussion.check_authorized_email(req_user):
raise HTTPForbidden()
elif P_SELF_REGISTER_REQUEST in permissions:
json['requested'] = True
else:
raise HTTPUnauthorized()
try:
instances = ctx.create_object("LocalUserRole", json, user_id)
except HTTPClientError as e:
raise e
except Exception as e:
raise HTTPBadRequest(e)
if instances:
first = instances[0]
db = first.db
for instance in instances:
db.add(instance)
db.flush()
# Side effect: materialize subscriptions.
if not first.requested:
# relationship may not be initialized
user = first.user or User.get(first.user_id)
user.get_notification_subscriptions(discussion_id, True)
# Update the user's AgentStatusInDiscussion
user.update_agent_status_subscribe(discussion)
view = request.GET.get('view', None) or 'default'
permissions = get_permissions(
user_id, ctx.get_discussion_id())
return CreationResponse(first, user_id, permissions, view)
def add_local_role(request):
# Do not use check_permissions, this is a special case
ctx = request.context
user_id = request.authenticated_userid
if not user_id:
raise HTTPUnauthorized()
discussion_id = ctx.get_discussion_id()
discussion = Discussion.get(discussion_id)
user_uri = User.uri_generic(user_id)
if discussion_id is None:
raise HTTPBadRequest()
permissions = get_permissions(user_id, discussion_id)
json = request.json_body
if "discussion" not in json:
json["discussion"] = Discussion.uri_generic(discussion_id)
requested_user = json.get('user', None)
if not requested_user:
json['user'] = requested_user = user_uri
elif requested_user != user_uri and P_ADMIN_DISC not in permissions:
raise HTTPUnauthorized()
if P_ADMIN_DISC not in permissions:
if P_SELF_REGISTER in permissions:
json['requested'] = False
json['role'] = R_PARTICIPANT
req_user = User.get_instance(requested_user)
if not discussion.check_authorized_email(req_user):
raise HTTPForbidden()
elif P_SELF_REGISTER_REQUEST in permissions:
json['requested'] = True
else:
raise HTTPUnauthorized()
try:
instances = ctx.create_object("LocalUserRole", json, user_id)
except HTTPClientError as e:
raise e
except Exception as e:
raise HTTPBadRequest(e)
if instances:
first = instances[0]
db = first.db
for instance in instances:
db.add(instance)
db.flush()
# Side effect: materialize subscriptions.
if not first.requested:
# relationship may not be initialized
user = first.user or User.get(first.user_id)
user.get_notification_subscriptions(discussion_id, True)
# Update the user's AgentStatusInDiscussion
user.update_agent_status_subscribe(discussion)
view = request.GET.get('view', None) or 'default'
permissions = get_permissions(user_id, ctx.get_discussion_id())
return CreationResponse(first, user_id, permissions, view)
def votes_collection_add_json(request):
ctx = request.context
user_id = authenticated_userid(request)
if not user_id:
raise HTTPUnauthorized
permissions = ctx.get_permissions()
check_permissions(ctx, user_id, CrudPermissions.CREATE)
spec = ctx.get_instance_of_class(AbstractVoteSpecification)
if spec:
required = spec.get_vote_class()
else:
required = ctx.collection_class
widget = ctx.get_instance_of_class(VotingWidget)
if not widget and spec:
widget = spec.widget
if not widget:
raise HTTPBadRequest("Please provide a reference to a widget")
if widget.activity_state != 'active':
raise HTTPUnauthorized("Not in voting period")
typename = request.json_body.get('@type', None)
if typename:
cls = get_named_class(typename)
if not issubclass(cls, required):
raise HTTPBadRequest("@type is %s, should be in %s" % (
typename, spec.get_vote_class().__name__))
else:
typename = required.external_typename()
json = request.json_body
json['voter'] = User.uri_generic(user_id)
if "@type" not in json:
json["@type"] = typename
else:
pass # TODO: Check subclass
try:
instances = ctx.create_object(typename, json)
except Exception as e:
raise HTTPBadRequest(e)
if instances:
first = instances[0]
db = first.db
for instance in instances:
db.add(instance)
db.flush()
# validate after flush so we can check validity with DB constraints
if not first.is_valid():
raise HTTPBadRequest("Invalid vote")
view = request.GET.get('view', None) or 'default'
return Response(
dumps(first.generic_json(view, user_id, permissions)),
location=first.uri_generic(first.id),
status_code=201)
def add_local_role(request):
# Do not use check_permissions, this is a special case
ctx = request.context
user_id = authenticated_userid(request)
if user_id == Everyone:
raise HTTPUnauthorized()
discussion_id = ctx.get_discussion_id()
user_uri = User.uri_generic(user_id)
if discussion_id is None:
raise HTTPBadRequest()
permissions = get_permissions(user_id, discussion_id)
json = request.json_body
if "discussion" not in json:
json["discussion"] = Discussion.uri_generic(discussion_id)
requested_user = json.get('user', None)
if not requested_user:
json['user'] = requested_user = user_uri
elif requested_user != user_uri and P_ADMIN_DISC not in permissions:
raise HTTPUnauthorized()
if P_ADMIN_DISC not in permissions:
if P_SELF_REGISTER in permissions:
json['requested'] = False
json['role'] = R_PARTICIPANT
elif P_SELF_REGISTER_REQUEST in permissions:
json['requested'] = True
else:
raise HTTPUnauthorized()
try:
instances = ctx.create_object("LocalUserRole", json, user_id)
except HTTPClientError as e:
raise e
except Exception as e:
raise HTTPBadRequest(e)
if instances:
first = instances[0]
db = first.db()
for instance in instances:
db.add(instance)
db.flush()
# Side effect: materialize subscriptions.
if not first.requested:
# relationship may not be initialized
user = first.user or User.get(first.user_id)
user.get_notification_subscriptions(discussion_id, True)
view = request.GET.get('view', None) or 'default'
permissions = get_permissions(
user_id, ctx.get_discussion_id())
return Response(
dumps(first.generic_json(view, user_id, permissions)),
location=first.uri_generic(first.id),
status_code=201)
def votes_collection_add_json(request):
ctx = request.context
user_id = authenticated_userid(request)
if not user_id:
raise HTTPUnauthorized
permissions = get_permissions(
user_id, ctx.get_discussion_id())
check_permissions(ctx, user_id, permissions, CrudPermissions.CREATE)
widget = ctx.get_instance_of_class(MultiCriterionVotingWidget)
if widget.activity_state != 'active':
raise HTTPUnauthorized("Not in voting period")
spec = ctx.get_instance_of_class(AbstractVoteSpecification)
if spec:
required = spec.get_vote_class()
else:
required = ctx.collection_class
typename = request.json_body.get('@type', None)
if typename:
cls = get_named_class(typename)
if not issubclass(cls, required):
raise HTTPBadRequest("@type is %s, should be in %s" % (
typename, spec.get_vote_class().__name__))
else:
typename = required.external_typename()
json = request.json_body
json['voter'] = User.uri_generic(user_id)
try:
instances = ctx.create_object(typename, json, user_id)
except Exception as e:
raise HTTPBadRequest(e)
if instances:
first = instances[0]
db = first.db
for instance in instances:
db.add(instance)
db.flush()
# validate after flush so we can check validity with DB constraints
if not first.is_valid():
raise HTTPBadRequest("Invalid vote")
view = request.GET.get('view', None) or 'default'
return Response(
dumps(first.generic_json(view, user_id, permissions)),
location=first.uri_generic(first.id),
status_code=201)
def votes_collection_add_json(request):
ctx = request.context
user_id = authenticated_userid(request)
if not user_id:
raise HTTPUnauthorized
permissions = get_permissions(
user_id, ctx.get_discussion_id())
check_permissions(ctx, user_id, permissions, CrudPermissions.CREATE)
widget = ctx.get_instance_of_class(MultiCriterionVotingWidget)
if widget.activity_state != 'active':
raise HTTPUnauthorized("Not in voting period")
spec = ctx.get_instance_of_class(AbstractVoteSpecification)
if spec:
required = spec.get_vote_class()
else:
required = ctx.collection_class
typename = request.json_body.get('@type', None)
if typename:
cls = get_named_class(typename)
if not issubclass(cls, required):
raise HTTPBadRequest("@type is %s, should be in %s" % (
typename, spec.get_vote_class().__name__))
else:
typename = required.external_typename()
json = request.json_body
json['voter'] = User.uri_generic(user_id)
try:
instances = ctx.create_object(typename, json, user_id)
except Exception as e:
raise HTTPBadRequest(e)
if instances:
first = instances[0]
if not first.is_valid():
raise HTTPBadRequest("Invalid vote")
db = first.db
for instance in instances:
db.add(instance)
db.flush()
view = request.GET.get('view', None) or 'default'
return Response(
dumps(first.generic_json(view, user_id, permissions)),
location=first.uri_generic(first.id),
status_code=201)
def post_put(request):
form_data = request.params
if has_moderation(form_data):
raise_if_cannot_moderate(request)
form_data = dict(form_data)
form_data['moderated_on'] = datetime.utcnow().isoformat()+"Z"
form_data['moderator'] = User.uri_generic(
request.authenticated_userid)
ctx = request.context
user_id = request.authenticated_userid or Everyone
permissions = get_permissions(
user_id, ctx.get_discussion_id())
post = ctx._instance
discussion = post.discussion
if (post.publication_state == models.PublicationStates.PUBLISHED and
P_MODERATE not in permissions and
discussion.preferences['with_moderation']):
raise HTTPUnauthorized()
# TODO: apply guess_languages
return instance_put_form(request, form_data)
