mirror of
https://github.com/pds-nest/nest.git
synced 2024-11-25 14:34:19 +00:00
Several fixes
Now all the tests should pass.
This commit is contained in:
parent
728fbd66f2
commit
5df9053e91
9 changed files with 43 additions and 29 deletions
|
@ -15,5 +15,5 @@ class Alert(Base.Model):
|
|||
repository_id = Base.Column(Base.Integer, Base.ForeignKey("repository.id"), nullable=False)
|
||||
# Relationships
|
||||
repository = Base.relationship("Repository", back_populates="alerts")
|
||||
notifications = Base.relationship("Notification", back_populates="alert")
|
||||
operations = Base.relationship("BoolOperation", back_populates="alert")
|
||||
notifications = Base.relationship("Notification", back_populates="alert", cascade="all, delete")
|
||||
operations = Base.relationship("BoolOperation", back_populates="alert", cascade="all, delete")
|
|
@ -12,7 +12,7 @@ class Condition(Base.Model):
|
|||
type = Base.Column(Base.Enum(ConditionType), nullable=False)
|
||||
content = Base.Column(Base.String, nullable=False)
|
||||
# Relationships
|
||||
used = Base.relationship("Uses", back_populates="condition")
|
||||
used = Base.relationship("Uses", back_populates="condition", cascade="all, delete")
|
||||
tweets = Base.relationship("Contains", back_populates="condition")
|
||||
operations = Base.relationship("BoolOperation", back_populates="condition")
|
||||
|
||||
|
|
|
@ -20,10 +20,10 @@ class Repository(Base.Model):
|
|||
|
||||
# Relationships
|
||||
owner = Base.relationship("User", back_populates="owner_of")
|
||||
authorizations = Base.relationship("Authorization", back_populates="repository")
|
||||
tweets = Base.relationship("Composed", back_populates="repository")
|
||||
alerts = Base.relationship("Alert", back_populates="repository")
|
||||
uses = Base.relationship("Uses", back_populates="repository")
|
||||
authorizations = Base.relationship("Authorization", back_populates="repository", cascade="all, delete")
|
||||
tweets = Base.relationship("Composed", back_populates="repository", cascade="all, delete")
|
||||
alerts = Base.relationship("Alert", back_populates="repository", cascade="all, delete")
|
||||
uses = Base.relationship("Uses", back_populates="repository", cascade="all, delete")
|
||||
|
||||
def to_json(self):
|
||||
return {
|
||||
|
|
|
@ -12,5 +12,5 @@ class Tweet(Base.Model):
|
|||
location = Base.Column(Base.String) # Todo: see if a dedicated class for locations is needed. This is likely.
|
||||
poster = Base.Column(Base.String) # Todo: see if a dedicated class for posters is needed.
|
||||
# Relationships
|
||||
repositories = Base.relationship("Composed", back_populates="tweet")
|
||||
conditions = Base.relationship("Contains", back_populates="tweet")
|
||||
repositories = Base.relationship("Composed", back_populates="tweet", cascade="all, delete")
|
||||
conditions = Base.relationship("Contains", back_populates="tweet", cascade="all, delete")
|
|
@ -12,8 +12,8 @@ class User(Base.Model):
|
|||
password = Base.Column(Base.LargeBinary, nullable=False)
|
||||
isAdmin = Base.Column(Base.Boolean, default=False)
|
||||
# Relationships
|
||||
owner_of = Base.relationship("Repository", back_populates="owner")
|
||||
authorizations = Base.relationship("Authorization", back_populates="user")
|
||||
owner_of = Base.relationship("Repository", back_populates="owner", cascade="all, delete")
|
||||
authorizations = Base.relationship("Authorization", back_populates="user", cascade="all, delete")
|
||||
|
||||
def to_json(self):
|
||||
return {'email': self.email, 'username': self.username, 'isAdmin': self.isAdmin}
|
||||
|
|
|
@ -68,15 +68,17 @@ def repository_auth(f):
|
|||
@functools.wraps(f)
|
||||
def func(*args, **kwargs):
|
||||
user = find_user(get_jwt_identity())
|
||||
repository_id = request.json.get("id")
|
||||
repository_id = kwargs["rid"]
|
||||
if not repository_id:
|
||||
return json_error("Missing one or more parameters."), 400
|
||||
repository = Repository.query.filter_by(id=repository_id)
|
||||
repository = Repository.query.filter_by(id=repository_id).first()
|
||||
if not repository:
|
||||
return json_error("Cant't find the repository."), 404
|
||||
if repository.owner_id != user.email and user.email not in [a.email for a in repository.authorizations]:
|
||||
if repository.owner_id != user.email and user.email not in [a.email for a in
|
||||
repository.authorizations] and not user.isAdmin:
|
||||
return json_error("Stop right there, criminal scum! Nobody accesses protected data under MY watch!"), 403
|
||||
return f(*args, **kwargs)
|
||||
|
||||
return func
|
||||
|
||||
|
||||
|
@ -99,5 +101,9 @@ def json_success(data):
|
|||
|
||||
|
||||
def error_handler(e):
|
||||
print(f"{e.description} - {e.code}")
|
||||
return json_error(f"{e.description} - {e.code}")
|
||||
try:
|
||||
print(f"{e.description} - {e.code}")
|
||||
return json_error(f"{e.description} - {e.code}"), 500
|
||||
except Exception:
|
||||
print(e)
|
||||
return json_error(f"{e.__repr__()}"), 500
|
||||
|
|
|
@ -18,6 +18,8 @@ def page_repository(rid):
|
|||
"""
|
||||
user = find_user(get_jwt_identity())
|
||||
repository = Repository.query.filter_by(id=rid).first()
|
||||
if not repository:
|
||||
return json_error("Could not find repository."), 404
|
||||
if request.method == "GET":
|
||||
return json_success(repository.to_json()), 200
|
||||
elif request.method == "PATCH":
|
||||
|
@ -33,8 +35,12 @@ def page_repository(rid):
|
|||
Base.session.commit()
|
||||
return json_success(repository.to_json()), 200
|
||||
elif request.method == "DELETE":
|
||||
if repository.owner_id != user.email:
|
||||
if repository.owner_id != user.email and not user.isAdmin:
|
||||
return json_error("You are not the owner of this repository."), 403
|
||||
Base.session.delete(repository)
|
||||
Base.session.commit()
|
||||
try:
|
||||
Base.session.delete(repository)
|
||||
Base.session.commit()
|
||||
except Exception as e:
|
||||
Base.session.rollback()
|
||||
return json_error("Cant delete repository because of dependencies.")
|
||||
return json_success("Success"), 200
|
|
@ -16,6 +16,8 @@ def page_repository_conditions(rid):
|
|||
"""
|
||||
|
||||
repository = Repository.query.filter_by(rid=rid).first()
|
||||
if not repository:
|
||||
return json_error("Could not find repository"), 404
|
||||
user = find_user(get_jwt_identity())
|
||||
|
||||
if user.email != repository.owner_id:
|
||||
|
|
|
@ -15,32 +15,32 @@ def page_user(email):
|
|||
+ DELETE: deletes the specified user.
|
||||
"""
|
||||
user = find_user(get_jwt_identity())
|
||||
target = find_user(email)
|
||||
if not target:
|
||||
return json_error("Could not locate the user."), 404
|
||||
if request.method == "GET":
|
||||
if not email == user.email and not user.isAdmin:
|
||||
return json_error("Thou art not authorized."), 403
|
||||
target = find_user(email).to_json()
|
||||
if not target:
|
||||
return json_error("Could not locate the user."), 404
|
||||
return json_success(target)
|
||||
return json_success(target.to_json())
|
||||
elif request.method == "DELETE":
|
||||
if not user.isAdmin:
|
||||
return json_error("User is not admin."), 403
|
||||
target = find_user(email)
|
||||
if not target:
|
||||
return json_error("User not found."), 404
|
||||
if user == target:
|
||||
return json_error("The user cant delete himself. Its a sin."), 406
|
||||
Base.session.delete(target)
|
||||
Base.session.commit()
|
||||
try:
|
||||
Base.session.commit()
|
||||
except Exception:
|
||||
Base.session.rollback()
|
||||
return json_error("Could not delete the user."), 500
|
||||
return json_success("The user has been deleted.")
|
||||
elif request.method == "PATCH":
|
||||
if not email == user.email and not user.isAdmin:
|
||||
return json_error("Thou art not authorized."), 403
|
||||
target = find_user(email)
|
||||
if not target:
|
||||
return json_error("Could not locate the user."), 404
|
||||
if request.json.get("username"):
|
||||
target.username = request.json.get("username")
|
||||
if request.json.get("password"):
|
||||
target.password = gen_password(request.json.get("password"))
|
||||
Base.session.commit()
|
||||
return json_success(target.to_json())
|
||||
|
|
Loading…
Reference in a new issue