You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
199 lines
5.8 KiB
199 lines
5.8 KiB
#!/usr/bin/env python |
|
# -*- encoding: utf-8 -*- |
|
|
|
from flask import Blueprint |
|
from flask import request |
|
from flask import jsonify |
|
|
|
from luncho.server import Place |
|
from luncho.server import User |
|
from luncho.server import db |
|
|
|
from luncho.helpers import auth |
|
from luncho.helpers import ForceJSON |
|
|
|
from luncho.exceptions import AccountNotVerifiedException |
|
from luncho.exceptions import ElementNotFoundException |
|
from luncho.exceptions import UserIsNotAdminException |
|
from luncho.exceptions import NewMaintainerDoesNotExistException |
|
|
|
places = Blueprint('places', __name__) |
|
|
|
|
|
@places.route('', methods=['POST']) |
|
@ForceJSON(required=['name']) |
|
@auth |
|
def create_place(): |
|
"""*Authenticated request* |
|
|
|
Create a new place. The user becomes the maintainer of the place once it |
|
is created. |
|
|
|
**Example request**: |
|
|
|
.. sourcecode:: http |
|
|
|
{ "name": "<place name>" } |
|
|
|
:reqheader Authorization: The token received in `/token/`. |
|
|
|
:statuscode 200: Success, the new place id will be returned in the |
|
response |
|
|
|
.. sourcecode:: http |
|
|
|
{ "status": "OK", "id": <place id> } |
|
:statuscode 404: User not found (via token) |
|
(:py:class:`UserNotFoundException`) |
|
:statuscode 412: Authorization required |
|
(:py:class:`AuthorizationRequiredException`) |
|
:statuscode 412: Account not verified |
|
(:py:class:`AccountNotVerifiedException`) |
|
""" |
|
if not request.user.verified: |
|
raise AccountNotVerifiedException() |
|
|
|
json = request.get_json(force=True) |
|
new_place = Place(name=json['name'], owner=request.user) |
|
db.session.add(new_place) |
|
db.session.commit() |
|
|
|
return jsonify(status='OK', |
|
id=new_place.id) |
|
|
|
|
|
@places.route('', methods=['GET']) |
|
@auth |
|
def get_places(): |
|
"""*Authenticated request* |
|
|
|
Return the list of places the user is the maintainer or belongs to one of |
|
the user's groups. |
|
|
|
:reqheader Authorization: Access token received from `/token/` |
|
|
|
:statuscode 200: Success |
|
|
|
.. sourcecode:: http |
|
|
|
HTTP/1.1 200 OK |
|
Content-Type: text/json |
|
|
|
{ "status": "OK", "places": [ { "id": "<placeId>", |
|
"name": "<place name>", |
|
"maintainer": <true if the user is |
|
the group maintainer>}, |
|
...] } |
|
|
|
:statuscode 404: User not found (via token) |
|
(:py:class:`UserNotFoundException`) |
|
:statuscode 412: Authorization required |
|
(:py:class:`AuthorizationRequiredException`) |
|
""" |
|
places = {} |
|
for group in request.user.groups: |
|
for place in group.places: |
|
maintainer = place.owner == request.user.username |
|
places[place.id] = {'id': place.id, |
|
'name': place.name, |
|
'maintainer': maintainer} |
|
|
|
for place in Place.query.filter_by(owner=request.user.username): |
|
maintainer = place.owner == request.user.username |
|
places[place.id] = {'id': place.id, |
|
'name': place.name, |
|
'maintainer': maintainer} |
|
|
|
return jsonify(status='OK', |
|
places=places.values()) |
|
|
|
|
|
@places.route('<placeId>/', methods=['PUT']) |
|
@ForceJSON() |
|
@auth |
|
def update_place(placeId): |
|
"""*Authenticated request* |
|
|
|
Update the place information. The user must be the maintainer of the place |
|
to change any information. Partial requests are accepted and missing |
|
fields will not be changed. |
|
|
|
:param placeId: Id for the place, as returned via GET or POST. |
|
|
|
**Example request**: |
|
|
|
.. sourcecode:: http |
|
|
|
{ "name": "New name", "admin": "newAdmin" } |
|
|
|
:reqheader Authorization: Access token received from `/token/`. |
|
|
|
:status 200: Success |
|
:status 400: Request must be in JSON format |
|
(:py:class:`RequestMustBeJSONException`) |
|
:status 403: User is not administrator of the group |
|
(:py:class:`UserIsNotAdminException`) |
|
:status 404: User not found (via token) |
|
(:py:class:`UserNotFoundException`) |
|
:status 404: New maintainer does not exist |
|
(:py:class:`NewMaintainerDoesNotExistException`) |
|
:status 404: Place does not exist (:py:class:`ElementNotFoundException`) |
|
:status 412: Authorization required |
|
(:py:class:`AuthorizationRequiredException`) |
|
""" |
|
place = Place.query.get(placeId) |
|
if not place: |
|
raise ElementNotFoundException('Place') |
|
|
|
if not place.owner == request.user.username: |
|
raise UserIsNotAdminException() |
|
|
|
name = request.as_json.get('name') |
|
if name: |
|
place.name = name |
|
|
|
admin = request.as_json.get('admin') |
|
if admin: |
|
new_maintainer = User.query.get(admin) |
|
if not new_maintainer: |
|
raise NewMaintainerDoesNotExistException() |
|
|
|
place.owner = new_maintainer.username |
|
|
|
db.session.commit() |
|
return jsonify(status='OK') |
|
|
|
|
|
@places.route('<placeId>/', methods=['DELETE']) |
|
@auth |
|
def delete_place(placeId): |
|
"""*Authenticated request* |
|
|
|
Delete the place. The user must be the maintainer of the place to delete |
|
it. |
|
|
|
:param placeId: The place Id, as returned by GET or POST |
|
|
|
:header Authorization: Access token from `/token/` |
|
|
|
:status 200: Success |
|
:status 403: User is not the group administrator |
|
(:py:class:`UserIsNotAdminException`) |
|
:status 404: User not found (via token) |
|
(:py:class:`UserNotFoundException`) |
|
:status 404: Place does not exist |
|
(:py:class:`ElementNotFoundException`) |
|
:status 412: Authorization required |
|
(:py:class:`AuthorizationRequiredException`) |
|
""" |
|
place = Place.query.get(placeId) |
|
if not place: |
|
raise ElementNotFoundException('Place') |
|
|
|
if not place.owner == request.user.username: |
|
raise UserIsNotAdminException() |
|
|
|
db.session.delete(place) |
|
db.session.commit() |
|
|
|
return jsonify(status='OK')
|
|
|