From e8647534ac697bb5ea154e60b8e9e1fca6b00e78 Mon Sep 17 00:00:00 2001 From: aranzaiger Date: Mon, 29 Jun 2015 20:11:09 +0300 Subject: [PATCH 1/2] added data verification --- SE_API/CampusRoutes.py | 20 ++++- SE_API/CourseRoutes.py | 34 +++++++-- SE_API/MessageRoutes.py | 13 +++- SE_API/ProjectRoutes.py | 19 ++++- SE_API/TaskRoutes.py | 31 ++++++-- SE_API/UserRoutes.py | 165 ++++++++++++++++++++++------------------ 6 files changed, 191 insertions(+), 91 deletions(-) diff --git a/SE_API/CampusRoutes.py b/SE_API/CampusRoutes.py index c32d172..90d4b4d 100644 --- a/SE_API/CampusRoutes.py +++ b/SE_API/CampusRoutes.py @@ -123,7 +123,12 @@ def joinCampus(token, campusId): user = get_user_by_token(token) - campus = Campus.get_by_id(int(campusId)) + try: + campus = Campus.get_by_id(int(campusId)) + except Exception as e: + return bad_request("Bad id format") + + if campus is None: return bad_request("No such course") @@ -294,7 +299,12 @@ def getCampusesByUserID(token, id): if user is None: return forbidden("Invalid Token") - user = get_user_by_id(int(id)) + + try: + user = get_user_by_id(int(id)) + except Exception as e: + return bad_request("Bad id format") + if user is None: return no_content("No User") @@ -351,7 +361,11 @@ def deleteCampus(token,campusId): return forbidden("Invalid token or not a lecturer!") user = get_user_by_token(token) - camp = Campus.get_by_id(int(campusId)) + + try: + camp = Campus.get_by_id(int(campusId)) + except Exception as e: + return bad_request("Bad id format") if camp is None: return bad_request("no such campus") diff --git a/SE_API/CourseRoutes.py b/SE_API/CourseRoutes.py index 4a282bc..500d341 100644 --- a/SE_API/CourseRoutes.py +++ b/SE_API/CourseRoutes.py @@ -145,7 +145,11 @@ def joinCourse(token, courseId): if user is None: return bad_request("Wrong user Token") - course = Course.get_by_id(int(courseId)) + try: + course = Course.get_by_id(int(courseId)) + except Exception as e: + return bad_request("Bad id format") + if course is None: return bad_request("No such course") @@ -205,7 +209,12 @@ def getAllCoursesByCampus(token, campusId): arr = [] query = Course.all() - query.filter("campusId = ", int(campusId)) + + try: + query.filter("campusId = ", int(campusId)) + except Exception as e: + return bad_request("Bad id format") + for c in query.run(): arr.append(dict(json.loads(c.to_JSON()))) @@ -258,7 +267,11 @@ def getUserCoursesByCampus(token, campusId): if user is None: return bad_request("Bad user Token") - campus = Campus.get_by_id(int(campusId)) + try: + campus = Campus.get_by_id(int(campusId)) + except Exception as e: + return bad_request("Bad id format") + if campus is None: return bad_request("No such Campus") @@ -318,6 +331,11 @@ def getCoursesByUser(token, userId): if user is None: return bad_request("Bad user Token") + try: + otherUser = User.get_by_id(int(userId)) + except Exception as e: + return bad_request("Bad id format") + otherUser = User.get_by_id(int(userId)) if otherUser is None: return bad_request("Bad user Id") @@ -349,9 +367,9 @@ def getCoursesByUser(token, userId): -@course_routes.route('/api/courses/deleteCourse//', methods=['DELETE']) +@course_routes.route('/api/courses/deleteCourse//', methods=['DELETE']) @auto.doc() -def deleteCourse(token, courseid): +def deleteCourse(token, courseId): """ This Call will delete a specific Course
@@ -383,7 +401,11 @@ def deleteCourse(token, courseid): return forbidden("Invalid token or not a lecturer!") user = get_user_by_token(token) - c = Course.get_by_id(int(courseid)) + + try: + c = Course.get_by_id(int(courseId)) + except Exception as e: + return bad_request("Bad id format") if c is None: return bad_request("no such course") diff --git a/SE_API/MessageRoutes.py b/SE_API/MessageRoutes.py index 1a81eb7..4bdd08d 100644 --- a/SE_API/MessageRoutes.py +++ b/SE_API/MessageRoutes.py @@ -153,7 +153,11 @@ def getMessagesByGroup(token, groupId): arr = [] query = Message.all() - query.filter("groupId = ", int(groupId)) + + try: + query.filter("groupId = ", int(groupId)) + except Exception as e: + return bad_request("Bad id format") for m in query.run(): msgDic = dict(json.loads(m.to_JSON())) @@ -222,7 +226,12 @@ def deleteMessage(token, msgId): if user is None: return bad_request("No such User") - msg = Message.get_by_id(int(msgId)) + try: + msg = Message.get_by_id(int(msgId)) + except Exception as e: + return bad_request("Bad id format") + + if msg is None: return bad_request("No such Message") diff --git a/SE_API/ProjectRoutes.py b/SE_API/ProjectRoutes.py index 279a2bb..973016e 100644 --- a/SE_API/ProjectRoutes.py +++ b/SE_API/ProjectRoutes.py @@ -134,7 +134,12 @@ def joinProject(token, projectId): if user is None: return bad_request("Wrong user Token") - project = Project.get_by_id(int(projectId)) + try: + project = Project.get_by_id(int(projectId)) + except Exception as e: + return bad_request("Bad id format") + + if project is None: return bad_request("No such Project") @@ -193,7 +198,11 @@ def getProjectsByCourse(token, courseId): arr = [] query = Project.all() - query.filter("courseId = ", int(courseId)) + + try: + query.filter("courseId = ", int(courseId)) + except Exception as e: + return bad_request("Bad id format") for p in query.run(): proj = dict(json.loads(p.to_JSON())) @@ -305,7 +314,11 @@ def deleteProject(token,projectId): user = get_user_by_token(token) if user is None: return bad_request("Bad user Token") - p = Project.get_by_id(int(projectId)) + + try: + p = Project.get_by_id(int(projectId)) + except Exception as e: + return bad_request("Bad id format") if p is None: return bad_request("no such Project") diff --git a/SE_API/TaskRoutes.py b/SE_API/TaskRoutes.py index 136a2ab..2dd7a06 100644 --- a/SE_API/TaskRoutes.py +++ b/SE_API/TaskRoutes.py @@ -192,7 +192,11 @@ def getAllTasksByCourse(token, courseId): arr = [] query = Task.all() - query.filter("courseId = ", courseId) + + try: + query.filter("courseId = ", int(courseId)) + except Exception as e: + return bad_request("Bad id format") for t in query.run(): taskDic =dict(json.loads(t.to_JSON())) @@ -254,7 +258,11 @@ def getAllFutureTasks(token, courseId): arr = [] query = Task.all() - query.filter("courseId = ", courseId) + + try: + query.filter("courseId = ", int(courseId)) + except Exception as e: + return bad_request("Bad id format") for t in query.run(): taskDic =dict(json.loads(t.to_JSON())) @@ -324,7 +332,11 @@ def getTaskComponents(token, taskId): arr = [] query = TaskComponent.all() - query.filter("taskId = ", taskId) + + try: + query.filter("taskId = ", int(taskId)) + except Exception as e: + return bad_request("Bad id format") for tc in query.run(): arr.append(dict(json.loads(tc.to_JSON()))) @@ -384,7 +396,11 @@ def deleteTask(token, taskId): #return forbidden("lecturer is not owner of course") user = get_user_by_token(token) - c = Task.get_by_id(int(taskId)) + + try: + c = Task.get_by_id(int(taskId)) + except Exception as e: + return bad_request("Bad id format") if c is None: return bad_request("no such Task") @@ -432,7 +448,12 @@ def deleteTaskComponents(token,taskId): #return forbidden("lecturer is not owner of course") user = get_user_by_token(token) - t = Task.get_by_id(int(taskId)) + + + try: + t = Task.get_by_id(int(taskId)) + except Exception as e: + return bad_request("Bad id format") if t is None: return bad_request("no such Task") diff --git a/SE_API/UserRoutes.py b/SE_API/UserRoutes.py index 90715da..09de2df 100644 --- a/SE_API/UserRoutes.py +++ b/SE_API/UserRoutes.py @@ -145,63 +145,63 @@ def updateUser(token): -@user_routes.route('/api/users/addUserToCampus/', methods=["PUT"]) -@auto.doc() -def addUserToCampus(token): - """ - >This Call will add a Campus to user Campus list -
- Route Parameters
- - seToken: 'seToken' -
-
- Payload
- - JSON Object, Example:
- {
- 'campusId': 1234567890
- }
-
- Response -
- 200 - User updated -
- 400 - Bad Request - """ - - if not request.data: - return bad_request() - - try: - payload = json.loads(request.data) - except Exception as e: - print e - return bad_request() - - if not is_lecturer(token): #todo: change to lecturer id - return forbidden("Invalid token or not a lecturer!") - - user = get_user_by_token(token) - - #check Campus Exists - campus = Campus.get_by_id(payload['campusId']) - if campus is None: - return bad_request("No such Campus!") - - try: - if str(payload['campusId']) in user.campuses_id_list: - return accepted("Already a member of that campus") - - user.campuses_id_list.append(str(payload['campusId'])) - except Exception as e: - print e - return bad_request() - - - db.put(user) - db.save - return Response(response=user.to_JSON(), - status=200, - mimetype="application/json") # Real response! +# @user_routes.route('/api/users/addUserToCampus/', methods=["PUT"]) +# @auto.doc() +# def addUserToCampus(token): +# """ +# >This Call will add a Campus to user Campus list +#
+# Route Parameters
+# - seToken: 'seToken' +#
+#
+# Payload
+# - JSON Object, Example:
+# {
+# 'campusId': 1234567890
+# }
+#
+# Response +#
+# 200 - User updated +#
+# 400 - Bad Request +# """ +# +# if not request.data: +# return bad_request() +# +# try: +# payload = json.loads(request.data) +# except Exception as e: +# print e +# return bad_request() +# +# if not is_lecturer(token): #todo: change to lecturer id +# return forbidden("Invalid token or not a lecturer!") +# +# user = get_user_by_token(token) +# +# #check Campus Exists +# campus = Campus.get_by_id(payload['campusId']) +# if campus is None: +# return bad_request("No such Campus!") +# +# try: +# if str(payload['campusId']) in user.campuses_id_list: +# return accepted("Already a member of that campus") +# +# user.campuses_id_list.append(str(payload['campusId'])) +# except Exception as e: +# print e +# return bad_request() +# +# +# db.put(user) +# db.save +# return Response(response=user.to_JSON(), +# status=200, +# mimetype="application/json") # Real response! #---------------------------------------------------------- @@ -314,7 +314,11 @@ def getUserById(token, id): if get_user_by_token(token) is None: return forbidden('Invalid Token') - u = get_user_by_id(int(id)) + try: + u = get_user_by_id(int(id)) + except Exception as e: + return bad_request("Bad id format") + if u is None: return no_content('No user Found') @@ -371,7 +375,11 @@ def getUsersByCampus(token, campusId): if user is None: return bad_request("Bad User Token") - campus = Campus.get_by_id(int(campusId)) + try: + campus = Campus.get_by_id(int(campusId)) + except Exception as e: + return bad_request("Bad id format") + if campus is None: return bad_request("No such Campus") @@ -432,7 +440,11 @@ def getUsersByCourse(token, courseId): if user is None: return bad_request("Bad User Token") - course = Course.get_by_id(int(courseId)) + try: + course = Course.get_by_id(int(courseId)) + except Exception as e: + return bad_request("Bad id format") + if course is None: return bad_request("No such Course") @@ -493,7 +505,11 @@ def getUsersByProject(token, projectId): if user is None: return bad_request("Bad User Token") - project = Project.get_by_id(int(projectId)) + try: + project = Project.get_by_id(int(projectId)) + except Exception as e: + return bad_request("Bad id format") + if project is None: return bad_request("No such Project") @@ -544,7 +560,11 @@ def removeUserFromCampus(token, userId, campusId): if requestingUser is None: return bad_request("Bad User Token") - userToRemove = User.get_by_id(int(userId)) + try: + userToRemove = User.get_by_id(int(userId)) + except Exception as e: + return bad_request("Bad id format") + if userToRemove is None: return bad_request("No such user to remove") @@ -573,9 +593,6 @@ def removeUserFromCampus(token, userId, campusId): - - - @user_routes.route('/api/users/removeUserFromCourse///', methods=["PUT"]) @auto.doc() def removeUserFromCourse(token, userId, courseId): @@ -604,7 +621,11 @@ def removeUserFromCourse(token, userId, courseId): if requestingUser is None: return bad_request("Bad User Token") - userToRemove = User.get_by_id(int(userId)) + try: + userToRemove = User.get_by_id(int(userId)) + except Exception as e: + return bad_request("Bad id format") + if userToRemove is None: return bad_request("No such user to remove") @@ -635,9 +656,6 @@ def removeUserFromCourse(token, userId, courseId): mimetype="application/json") # Real response! - - - @user_routes.route('/api/users/removeUserFromProject///', methods=["PUT"]) @auto.doc() def removeUserFromProject(token, userId, projectId): @@ -666,7 +684,12 @@ def removeUserFromProject(token, userId, projectId): if requestingUser is None: return bad_request("Bad User Token") - userToRemove = User.get_by_id(int(userId)) + try: + userToRemove = User.get_by_id(int(userId)) + except Exception as e: + return bad_request("Bad id format") + + if userToRemove is None: return bad_request("No such user to remove") @@ -698,8 +721,6 @@ def removeUserFromProject(token, userId, projectId): - - #---------------------------------------------------------- # DOCUMENTATION #---------------------------------------------------------- From cbde856845e0c24266b852eb03a689854a47c005 Mon Sep 17 00:00:00 2001 From: aranzaiger Date: Mon, 29 Jun 2015 20:19:36 +0300 Subject: [PATCH 2/2] fix --- SE_API/ProjectRoutes.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/SE_API/ProjectRoutes.py b/SE_API/ProjectRoutes.py index 973016e..0056c9a 100644 --- a/SE_API/ProjectRoutes.py +++ b/SE_API/ProjectRoutes.py @@ -86,7 +86,7 @@ def create_project(token): print e pass - project.info = get_github_data(project.gitRepository) + project.info = json.dumps(get_github_data(project.gitRepository)) db.put(project) #update user projects list @@ -94,8 +94,6 @@ def create_project(token): db.put(user) db.save - t1 = threading.Thread(target=updateProjectInfo,args=(project.key().id(),)) - t1.start() return Response(response=project.to_JSON(), status=200,