class UserFollowingUpdate(Resource): @api.login_required(oauth_scopes=['users:write']) @api.permission_required(permissions.OwnerRolePermission()) @api.permission_required(permissions.WriteAccessPermission()) @api.response(schemas.UserSchema()) def patch(self, uid): """Follow a new user """ # TODO: do not follow himself with api.commit_or_abort( db.session, default_error_message="Failed to update following relationships" ): user = User.query.get_or_404(current_user.id) user.follows(uid) return user @api.login_required(oauth_scopes=['users:write']) @api.permission_required(permissions.OwnerRolePermission()) @api.permission_required(permissions.WriteAccessPermission()) @api.response(schemas.UserSchema()) def delete(self, uid): """Un-follow a user """ # TODO: do not follow himself with api.commit_or_abort( db.session, default_error_message="Failed to update following relationships" ): user = User.query.get_or_404(current_user.id) user.unfollows(uid) return user
def test_WriteAccessPermission_authenticated_user(authenticated_user_instance): authenticated_user_instance.is_regular_user = True with permissions.WriteAccessPermission(): pass authenticated_user_instance.is_regular_user = False with pytest.raises(HTTPException): with permissions.WriteAccessPermission(): pass
class SingleStory(Resource): @api.response(StorySchema()) def get(self, story_id): """ Get details of a story""" return Story.get(story_id=story_id) @api.login_required(oauth_scopes=['stories:write']) @api.permission_required( permissions.OwnerRolePermission, kwargs_on_request=lambda kwargs: {'obj': kwargs['story']}) @api.parameters(UpdateStoryParameters()) @api.response(StorySchema()) def patch(self, args, story_id): """ Update a story""" with api.commit_or_abort( db.session, default_error_message="Failed to patch a story."): Story.query.filter_by(id=story_id).update(dict(args)) return Story.get(story_id=story_id) @api.login_required(oauth_scopes=['stories:write']) @api.permission_required( permissions.OwnerRolePermission, kwargs_on_request=lambda kwargs: {'obj': kwargs['story']}) @api.permission_required(permissions.WriteAccessPermission()) def delete(self, story_id): """ Delete a specifici story (TODO)""" pass
class UserByID(Resource): """ Manipulations with a specific user. """ @api.permission_required( permissions.OwnerRolePermission, kwargs_on_request=lambda kwargs: {'obj': kwargs['user']} ) @api.response(schemas.UserSchema()) def get(self, user): """ Get user details by ID. """ return user @api.login_required(oauth_scopes=['users:write']) @api.permission_required( permissions.OwnerRolePermission, kwargs_on_request=lambda kwargs: {'obj': kwargs['user']} ) @api.permission_required(permissions.WriteAccessPermission()) @api.parameters(parameters.PatchUserDetailsParameters()) @api.response(schemas.UserSchema()) def patch(self, args, user): """ Patch user details by ID. """ with api.commit_or_abort( db.session, default_error_message="Failed to update user details." ): parameters.PatchUserDetailsParameters.perform_patch(args, user) db.session.merge(user) return user
class DatasetStoryLinkAction(Resource): """ Manipulations with a dataset-story link. """ @api.login_required(oauth_scopes=['stories:write']) @api.response(DatasetSchema(only=['id', 'story_count'])) def patch(self, story_id, dataset_id): """Create a new link between a story and a dataset """ with api.commit_or_abort( db.session, default_error_message="Failed to link a story and dataset." ): user = current_user # Check existence of dataset and story dataset = Dataset.get(id=dataset_id) story = Story.get(story_id=story_id) sd = StoryDatasetAssociation( story_id=story.id, dataset_id=dataset.id, linker_id=user.id ) db.session.add(sd) return dataset @api.login_required(oauth_scopes=['stories:write']) @api.permission_required(permissions.WriteAccessPermission()) @api.response(DatasetSchema(only=['id', 'story_count'])) def delete(self, story_id, dataset_id): """Remove the link between a dataset and a story """ with api.commit_or_abort( db.session, default_error_message="Failed to unlink a story and dataset." ): user = current_user # Check existence of dataset and story dataset = Dataset.get(id=dataset_id) story = Story.get(story_id=story_id) # TODO: unauthorized to unlink others' post. sd = StoryDatasetAssociation.query.filter_by( story_id=story.id, dataset_id=dataset.id, linker_id=user.id ).first() if sd is not None: db.session.delete(sd) else: raise CatalogException('Unlinked already') return dataset
class SingleDatasetResource(Resource): """ Manipulations with a specific dataset. """ @api.response(DatasetSchema()) def get(self, dataset): """ Get a specific dataset """ return dataset @api.login_required(oauth_scopes=['datasets:write']) @api.permission_required( permissions.OwnerRolePermission, kwargs_on_request=lambda kwargs: {'obj': kwargs['dataset']} ) @api.permission_required(permissions.WriteAccessPermission()) @api.parameters(PatchDatasetParameters()) @api.response(DatasetSchema()) def patch(self, args, dataset): """ Update a dataset """ with api.commit_or_abort( db.session, default_error_message="Failed to patch a dataset." ): PatchDatasetParameters.perform_patch(args, dataset) db.session.merge(dataset) return dataset @api.login_required(oauth_scopes=['datasets:write']) @api.permission_required( permissions.OwnerRolePermission, kwargs_on_request=lambda kwargs: {'obj': kwargs['dataset']} ) @api.permission_required(permissions.WriteAccessPermission()) @api.response(code=HTTPStatus.CONFLICT) def delete(self, dataset): """ Delete a specific dataset (TODO)""" with api.commit_or_abort( db.session, default_error_message="Failed to delete a dataset." ): Dataset.delete(dataset=dataset)
class SinglePublisher(Resource): @api.response(PublisherSchema()) def get(self, publisher_id): return Publisher.get(publisher_id=publisher_id) @api.parameters(UpdatePublisherParameters()) @api.response(PublisherSchema()) def patch(self, args, publisher_id): with api.commit_or_abort( db.session, default_error_message="Failed to patch a publisher."): Publisher.query.filter_by(id=publisher_id).update(dict(args)) return Publisher.get(publisher_id=publisher_id) @api.login_required(oauth_scopes=['datasets:write']) @api.permission_required( permissions.OwnerRolePermission, kwargs_on_request=lambda kwargs: {'obj': kwargs['publisher']}) @api.permission_required(permissions.WriteAccessPermission()) def delete(self, publisher_id): pass
class SingleOrganization(Resource): @api.response(OrganizationSchema()) def get(self, org_id): return Organization.get(org_id=org_id) @api.login_required(oauth_scopes=['datasets:write']) @api.parameters(UpdateOrganizationParameters()) @api.response(OrganizationSchema()) def patch(self, args, org_id): with api.commit_or_abort( db.session, default_error_message="Failed to patch a organization."): Organization.query.filter_by(id=org_id).update(dict(args)) return Organization.get(org_id=org_id) @api.login_required(oauth_scopes=['datasets:write']) @api.permission_required( permissions.OwnerRolePermission, kwargs_on_request=lambda kwargs: {'obj': kwargs['organization']}) @api.permission_required(permissions.WriteAccessPermission()) def delete(self, org_id): pass
class SingleComment(Resource): @api.response(CommentSchema()) def get(self, comment): """ Get a specific comment""" return comment @api.login_required(oauth_scopes=['comments:write']) @api.permission_required( permissions.OwnerRolePermission, kwargs_on_request=lambda kwargs: {'obj': kwargs['comment']} ) @api.parameters(UpdateCommentParameters()) @api.response(CommentSchema()) def patch(self, args, comment): """ Update a comment posted by current user""" with api.commit_or_abort( db.session, default_error_message="Failed to patch a comment." ): UpdateCommentParameters.perform_patch(args, comment) db.session.merge(comment) return comment @api.login_required(oauth_scopes=['comments:write']) @api.permission_required( permissions.OwnerRolePermission, kwargs_on_request=lambda kwargs: {'obj': kwargs['comment']} ) @api.permission_required(permissions.WriteAccessPermission()) def delete(self, comment): """ Remove a comment posted by current user""" with api.commit_or_abort( db.session, default_error_message="Failed to delete a comment." ): Comment.delete(comment=comment)