def post(self, _): request = None try: request = bson.json_util.loads(self.request.body.decode('utf-8')) except ValueError as e: raise tornado.web.HTTPError(400, e) # 1. Validate insert request validator = TournamentUpdateValidator(request) result = validator.validate() if not result[0]: raise tornado.web.HTTPError(400, result[1]) # 2. Massage request request['ownerUserId'] = self.current_user # 3. Perform insert db = self.settings['db'] tournamentId = yield db.tournaments.insert(request) if not tournamentId: raise tornado.web.HTTPError(500) # 4. Write response request['_id'] = tournamentId url = urlunsplit((self.request.protocol, self.request.host, 'api/tournaments/{0}'.format(tournamentId), '', '')) self.write(bson.json_util.dumps(request)) self.set_header('Content-Type', 'application/json') self.set_header('Location', url)
def put(self, id): request = None try: request = bson.json_util.loads(self.request.body.decode('utf-8')) except ValueError as e: raise tornado.web.HTTPError(400, e) db = self.settings['db'] spec = { '_id': ObjectId(id) } # 1. Retrieve tournament data tournament = yield db.tournaments.find_one(spec) if not tournament: raise tornado.web.HTTPError(404, 'Tournament does not exist: {0}'.format(id)) # 2. Check whether user is tournament owner if tournament['ownerUserId'] != self.current_user: raise tornado.web.HTTPError(403, 'Only tournament owner may update tournament data') # 3. Validate update request validator = TournamentUpdateValidator(request) result = validator.validate() if not result[0]: raise tornado.web.HTTPError(400, result[1]) # 4. Massage request request['ownerUserId'] = self.current_user # 5. Perform update db.tournaments.update(spec, request)