-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathschedules.py
152 lines (135 loc) · 6.04 KB
/
schedules.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
from bottle import get, post, put, request, response, HTTPResponse
from bottle import install
from bottle_mongo import MongoPlugin
from bson.objectid import ObjectId
from pprint import pprint
import validictory
install(MongoPlugin(uri='localhost', db='mydatabase', json_mongo=True))
secret_key = 84251450
semesters = ['SPRING', 'SUMMER', 'FALL', 'WINTER']
# Schema for json Schedule object
schedule_schema = {
'type': 'object',
'properties': {
'semester': {'type': 'string', 'enum': semesters, 'required': False},
'year': {'type': 'integer', 'required': False},
'user_id': {'type': 'any', 'required': False},
'courses': {
'type': 'array',
'items': [
{
'type': 'object',
'properties': {
'name': {'type': 'string'},
'number': {'type': 'integer'},
'dept': {'type': 'string'},
'description': {'type': 'string'},
},
},
],
'additionalItems': True,
'required': False
},
'courses': {
'type': 'array',
'items': [],
'additionalItems': True,
'required': False
}
}
}
@post('/api/users/:username/schedules')
def new_schedule(username, mongodb):
'''
Input: json empty document {}
Output: Response 201 Created and Location with new _id
Checks for valid user session. If the session checks out, a new schedule
document is made. The resulting id is passed in the location header.
Status 201 is created. If the session is not valid, status 401 Unauthorized
is returned.
'''
session_user = request.get_cookie('session', secret=secret_key)
if session_user: # Do your thing, man
# Mongo cursor with single document containing only _id
user = mongodb.users.find_one({'username': username}, {'_id': 1})
if user:
if session_user in [username, 'admin']:
# Only admin and user with :username can create a schedule
print 'User: %s, Session_User: %s' % (user, session_user)
# Create new schedule with user: ObjectId() of :username
sid = mongodb.schedules.insert({'user_id': user['_id']})
# Set response headers
response.content_type = 'application/json'
response.status = 201
response.headers['location'] = '/api/users/%s/schedules/%s' % (username, str(sid))
return
else:
return HTTPResponse(status=401, output="You do not have permission.")
else:
return HTTPResponse(status=401, output="Not a valid user.")
else: # Access denied
return HTTPResponse(status=401, output="Yeah, if you could log in, that'd be great.")
@put('/api/users/:username/schedules/:sid')
def update_schedule(username, sid, mongodb):
'''
Input: json schedule document with updates
Output: Status 204 No Content, and Location with the schedule id
Checks for valid user session. If the session checks out, the schedule
is updated with the new values in the request. If the session is not valid,
status 401 Unauthorized is returned.
'''
# Check session cookie. Returns username if matched; otherwise, None.
session_user = request.get_cookie('session', secret=secret_key)
if session_user: # Do your thing, man.
user = mongodb.users.find_one({'username': username}, {'_id': 1})
if user:
if session_user in [username, 'admin']:
try:
# Validate json data from request.
validictory.validate(request.json, schedule_schema)
# Update schedule
if 'courses' not in request.json.keys():
# Clears all courses from schedule document if courses is
# not in the json object in the request.
request.json['courses'] = []
mongodb.schedules.update({'_id': ObjectId(sid)}, {'$set': request.json})
except ValueError, error:
# Return 400 status and error from validation.
return HTTPResponse(status=400, output=error)
response.status = 204
response.headers['location'] = '/api/users/%s/schedules/%s' % (username, sid)
return
else:
return HTTPResponse(status=401, output="You do not have permission.")
else:
return HTTPResponse(status=401, output="Not a valid user.")
else: # Access Denied
return HTTPResponse(status=401, output="Yeah, if you could log in, that'd be great")
@get('/api/users/:username/schedules/:sid')
def get_schedule(username, sid, mongodb):
'''
Input: schedule id, sid
Output: Schedule document
Queries and returns the schedule document with the given id.
'''
user = mongodb.users.find_one({'username': username})
if user: # Valid user
try: # Query db for schedule with user_id and sid
s = mongodb.schedules.find_one({'_id': ObjectId(sid), 'user_id': user['_id']})
# If schedule is found, return it. Otherwise, return 404.
return s if s else \
HTTPResponse(status=404, output="User %s does not own schedule %s" % (username, sid))
except: # sid in url is not a valid mongo id
return HTTPResponse(status=400, output="Not a valid schedule id.")
return HTTPResponse(status=400, output="Not a valid user.")
@get('/api/users/:username/schedules')
def get_all_schedules(username, mongodb):
'''
Input: username
Output: List of schedules for user
Queries and returns all schedule documents for the given user
'''
user = mongodb.users.find_one({'username': username})
if user: # Valid user
return mongodb.schedules.find({'user_id': user['_id']})
return HTTPResponse(status=400, output="Not a valid user.")