def get_documents_to_validate(session, *args):
"""
This method si used to get documents to validate
"""
attributes = args[0]
if Document.is_allowed(attributes):
query = session.query(Document).join(ValidationStatus).filter(
ValidationStatus.status == Status.InValidation)
return query.all()
else:
documents = session.query(Document).join(ValidationStatus).filter(
ValidationStatus.status == Status.InValidation).all()
return [doc for doc in documents if doc.owner_id() == attributes['user_id']]
def check_authorization(session, auth_info, doc_id):
"""
Checks if the authenticated user has rights on the document identified
by the `doc_ic`. The function returns `True` only if the user is the
owner of the document or an admin
:param session: The sqlalchemy session
:param auth_info: The authenticated use info
:param doc_id: The document id
:return: True if the user has rights on the document, False otherwise
"""
document = session.query(Document) \
.filter(Document.id == doc_id).one()
return Document.is_allowed(auth_info) \
or document.is_owner(auth_info)
def update_document(session, auth_info, doc_id, attributes):
document = session.query(Document) \
.filter(Document.id == doc_id).one()
# To change not supposed to be done in Controller
documents = session.query(Document).join(ValidationStatus).filter(
and_(Document.id == doc_id,
ValidationStatus.status == Status.InValidation)).all()
doc_count = len([doc for doc in documents
if doc.owner_id() == auth_info['user_id']])
if Document.is_allowed(auth_info) or doc_count > 0:
ArchiveController.create_archive(document.serialize())
document.update(attributes)
session.add(document)
return document
else:
raise AuthError
def delete_document_file(session, auth_info, doc_id):
document = session.query(Document) \
.filter(Document.id == doc_id).one()
if document:
if document.is_owner(auth_info) or \
Document.is_allowed(auth_info):
filename = document.file
if filename:
ArchiveController.create_archive(document.serialize())
document.update({
'file': None
})
session.add(document)
return document
else:
raise NotFound
else:
raise AuthError
else:
raise NotFound
def delete_documents(session, *args):
an_id = args[0]
attributes = args[1]
documents = session.query(Document).filter(
Document.id == an_id).all()
doc_count = len([doc for doc in documents
if doc.owner_id() == attributes['user_id']])
if Document.is_allowed(attributes) or doc_count > 0:
# we also remove the associated image
# located in 'UPLOAD_FOLDER' directory
a_doc = session.query(Document).filter(
Document.id == an_id).one()
if a_doc:
ArchiveController.create_archive(a_doc.serialize())
session.delete(a_doc)
try:
os.remove(UPLOAD_FOLDER + '/' + a_doc.file)
return a_doc
except Exception as e:
print(e)
info_logger.error(e)
else:
raise AuthError