forked from fossasia/open-event-server
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathfeedbacks.py
More file actions
192 lines (173 loc) · 6.15 KB
/
feedbacks.py
File metadata and controls
192 lines (173 loc) · 6.15 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
from flask_jwt_extended import current_user
from flask_rest_jsonapi import ResourceDetail, ResourceList, ResourceRelationship
from flask_rest_jsonapi.exceptions import ObjectNotFound
from app.api.bootstrap import api
from app.api.helpers.db import safe_query, safe_query_kwargs
from app.api.helpers.errors import ForbiddenError, UnprocessableEntityError
from app.api.helpers.feedback import delete_feedback
from app.api.helpers.permission_manager import has_access
from app.api.helpers.query import event_query
from app.api.helpers.utilities import require_relationship
from app.api.schema.feedbacks import FeedbackSchema
from app.models import db
from app.models.event import Event
from app.models.feedback import Feedback
from app.models.session import Session
from app.models.user import User
class FeedbackListPost(ResourceList):
"""
Create and List Feedbacks
"""
def before_post(self, args, kwargs, data):
"""
method to check for required relationship with event
:param args:
:param kwargs:
:param data:
:return:
"""
require_relationship(['user'], data)
if not has_access('is_user_itself', user_id=int(data['user'])):
raise ObjectNotFound(
{'parameter': 'user_id'},
"User: {} doesn't match auth key".format(data['user']),
)
if 'event' in data and 'session' in data:
raise UnprocessableEntityError(
{'pointer': ''},
"Only one relationship between event and session is allowed",
)
if 'event' not in data and 'session' not in data:
raise UnprocessableEntityError(
{'pointer': ''}, "A valid relationship with event and session is required"
)
def before_create_object(self, data, view_kwargs):
"""
before create object method for FeedbackListPost Class
:param data:
:param view_kwargs:
:return:
"""
if data.get('session', None):
session = Session.query.filter_by(id=data['session']).first()
if session and not has_access('is_coorganizer', event_id=session.event_id):
raise ForbiddenError({'source': ''}, "Event co-organizer access required")
schema = FeedbackSchema
methods = [
'POST',
]
data_layer = {
'session': db.session,
'model': Feedback,
'methods': {'before_create_object': before_create_object},
}
class FeedbackList(ResourceList):
"""
Show List of Feedback
"""
def query(self, view_kwargs):
"""
query method for different view_kwargs
:param view_kwargs:
:return:
"""
query_ = self.session.query(Feedback)
if view_kwargs.get('user_id'):
# feedbacks under an user
user = safe_query_kwargs(User, view_kwargs, 'user_id')
query_ = query_.join(User, User.id == Feedback.user_id).filter(
User.id == user.id
)
elif view_kwargs.get('session_id'):
# feedbacks under a session
session = safe_query_kwargs(Session, view_kwargs, 'session_id')
query_ = query_.join(Session, Session.id == Feedback.session_id).filter(
Session.id == session.id
)
else:
# feedbacks under an event
query_ = event_query(query_, view_kwargs)
return query_
view_kwargs = True
methods = [
'GET',
]
schema = FeedbackSchema
data_layer = {'session': db.session, 'model': Feedback, 'methods': {'query': query}}
class FeedbackDetail(ResourceDetail):
"""
Feedback Resource
"""
def before_get_object(self, view_kwargs):
"""
before get method
:param view_kwargs:
:return:
"""
event = None
if view_kwargs.get('event_id'):
event = safe_query_kwargs(Event, view_kwargs, 'event_id')
elif view_kwargs.get('event_identifier'):
event = safe_query_kwargs(
Event, view_kwargs, 'event_identifier', 'identifier'
)
if event:
feedback = safe_query(Feedback, 'event_id', event.id, 'event_id')
view_kwargs['id'] = feedback.id
def before_update_object(self, feedback, data, view_kwargs):
"""
before update object method of feedback details
:param feedback:
:param data:
:param view_kwargs:
:return:
"""
if feedback and feedback.session_id:
session = Session.query.filter_by(id=feedback.session_id).first()
if session and not current_user.id == feedback.user_id:
raise ForbiddenError(
{'source': ''}, "Feedback can be updated only by user himself"
)
if session and not has_access('is_coorganizer', event_id=session.event_id):
raise ForbiddenError({'source': ''}, "Event co-organizer access required")
if feedback and data.get('deleted_at'):
if has_access('is_user_itself', user_id=feedback.user_id):
delete_feedback(feedback)
else:
raise ForbiddenError(
{'source': ''}, "Feedback can be deleted only by user himself"
)
decorators = (
api.has_permission(
'is_user_itself',
fetch='user_id',
fetch_as="user_id",
model=Feedback,
methods="PATCH,DELETE",
),
)
schema = FeedbackSchema
data_layer = {
'session': db.session,
'model': Feedback,
'methods': {
'before_update_object': before_update_object,
'before_get_object': before_get_object,
},
}
class FeedbackRelationship(ResourceRelationship):
"""
Feedback Relationship
"""
decorators = (
api.has_permission(
'is_user_itself',
fetch='user_id',
fetch_as="user_id",
model=Feedback,
methods="PATCH",
),
)
methods = ['GET', 'PATCH']
schema = FeedbackSchema
data_layer = {'session': db.session, 'model': Feedback}