ProgrammingBuddies · petak5 · Jun 29, 2020 · Jun 29, 2020 · Jun 29, 2020 · Jun 29, 2020
diff --git a/README.md b/README.md
@@ -39,6 +39,9 @@ Run the server:
 
 Your `.env` file should now look something like [example.env](https://github.com/ProgrammingBuddies/programmingbuddies-api/blob/develop/example.env)
 
+- Optionally you can set the JWT token timeout
+    - `JWT_ACCESS_TOKEN_EXPIRES` - time in seconds
+
 ### Testing
 
 - to run multiple tests just specify the directory which contains them for example `pipenv run pytest tests/`

diff --git a/src/api/controllers/projectController.py b/src/api/controllers/projectController.py
@@ -1,60 +1,79 @@
-from api.models import db, Project, UserHasProject, ProjectLink, ProjectFeedback
+from api.models import db, User, Project, UserHasProject, ProjectLink, ProjectFeedback
 
 class ProjectController:
-    session = db.session()
+    session = db.session
 
     # Project
-    def create_project(self, **kwargs):
+    def create_project(self, user_id, **kwargs):
         try:
+            user = User.query.filter_by(id=user_id).first()
+
+            if user == None:
+                return None, "User not found", 404
+
             project = Project(**kwargs)
-            self.session.add(project)
+
+            userHasProject = UserHasProject(role=1)
+            userHasProject.project = project
+            userHasProject.user = user
+
+            self.session.add(userHasProject)
             self.session.commit()
 
-            return project
+            return project, "OK", 201
         except:
-            return None
+            self.session.rollback()
+            return None, "Project creation failed", 400
 
-    def update_project(self, id, **kwargs):
-        project = Project.query.filter_by(id=id).first()
+    def update_project(self, user_id, **kwargs):
+        if 'user_id' in kwargs:
+            return None, "Failed to update project. Request body can not specify user's id.", 400
 
-        if project == None:
-            return None
+        if 'id' not in kwargs:
+            return None, "Failed to update project. Request body must specify project's id.", 400
 
-        for key, value in kwargs.items():
-            if not hasattr(project, key):
-                return None
+        user = User.query.filter_by(id=user_id).first()
 
-        for key, value in kwargs.items():
-            setattr(project, key, value)
-
-        db.session.commit()
+        if user == None:
+            return None, "User not found", 404
 
-        return project
-
-    def update_project(self, id, **kwargs):
-        project = Project.query.filter_by(id=id).first()
+        project = Project.query.filter_by(id=kwargs["id"]).first()
 
         if project == None:
-            return project
+            return None, "Project not found", 404
+
+        # Note that we are updating the id too, but to the same id because we used it to query the user with it
+        for key, value in kwargs.items():
+            if not hasattr(project, key):
+                return None, f"Forbidden attribute '{key}'", 400
 
         for key, value in kwargs.items():
             setattr(project, key, value)
 
         db.session.commit()
 
-        return project
+        return project, "OK", 200
 
     def get_project(self, **kwargs):
         project = Project.query.filter_by(**kwargs).first()
 
-        return project
+        if project:
+            return project, "OK", 200
+        else:
+            return None, "Project not found", 404
 
     def get_all_projects(self, **kwargs):
         all_projects = Project.query.all()
 
-        return all_projects
+        return all_projects, "OK", 200
+
+    def delete_project(self, user_id, id):
+
+        userHasProject = UserHasProject.query.filter_by(user_id=user_id, project_id=id).first()
+        # TODO: verify that the user owns the project (or has neccessary rights)
+        if not userHasProject:
+            return None, "Failed to delete project. Current user does not belong to specified project, or the project does not exist.", 404
 
-    def delete_project(self, id):
         # Remove all project's links
         for link in ProjectLink.query.filter_by(project_id=id).all():
             db.session.delete(link)
@@ -66,84 +85,99 @@ def delete_project(self, id):
         project = Project.query.filter_by(id=id).first()
 
         if project == None:
-            return project
+            # TODO: db.session.rollback?
+            return None, "Project not found", 404
 
         db.session.delete(project)
         db.session.commit()
 
-        return project
+        return project, "OK", 200
 
     # Project Link
-    def create_link(self, project_id, **kwargs):
+    def create_link(self, user_id, **kwargs):
         try:
-            link = ProjectLink(project_id=project_id, **kwargs)
-            self.session.add(link)
-            self.session.commit()
+            if "project_id" in kwargs and "name" in kwargs and "url" in kwargs and len(kwargs) == 3:
+                if kwargs["project_id"] is None or kwargs["name"] is None or kwargs["url"] is None:
+                    return None, "Arguments can't be empty", 400
 
-            return link
+                link = ProjectLink(**kwargs)
+                self.session.add(link)
+                self.session.commit()
+
+                return link, "OK", 201
+            else:
+                return None, "Forbidden attributes used in request. Only 'project_id', 'name' and 'url' allowed.", 400
         except:
             self.session.rollback()
-            return None
-
-    def update_link(self, project_id, link_id, **kwargs):
-        link = ProjectLink.query.filter_by(project_id=project_id, id=link_id).first()
+            return None, "Failed to create project link.", 400
 
-        if link == None:
-            return None
+    def update_link(self, user_id, **kwargs):
+        if "project_id" in kwargs and "id" in kwargs and len(kwargs) >= 2:
+            if kwargs["project_id"] is None or kwargs["id"] is None:
+                return None, "Arguments can't be empty", 400
 
-        for key, value in kwargs.items():
-            if not hasattr(link, key):
-                return None
+            link = ProjectLink.query.filter_by(project_id=kwargs["project_id"], id=kwargs["id"]).first()
 
-        for key, value in kwargs.items():
-            setattr(link, key, value)
+            if link == None:
+                return None, "Failed to update project link. Project link not found.", 404
 
-        db.session.commit()
+            for key, value in kwargs.items():
+                if not hasattr(link, key):
+                    return None, f"Failed to update project link. Forbidden attribute '{key}'.", 400
 
-        return link
+            for key, value in kwargs.items():
+                setattr(link, key, value)
 
-    def get_all_links(self, project_id):
-        all_links = ProjectLink.query.filter_by(project_id=project_id).all()
+            db.session.commit()
 
-        return all_links
+            return link, "OK", 200
+        else:
+            return None, "Forbidden attributes used in request. Only 'project_id', 'id', 'name' and 'url' allowed.", 400
 
-    def delete_link(self, project_id, link_id):
-        link = ProjectLink.query.filter_by(project_id=project_id, id=link_id).first()
+    def delete_link(self, user_id, link_id):
+        link = ProjectLink.query.filter_by(id=link_id).first()
 
         if link == None:
-            return None
+            return None, "Failed to delete project link. Project link not found.", 404
 
         db.session.delete(link)
         db.session.commit()
 
-        return link
+        return link, "OK", 200
 
     # Project Feedback
-    def create_feedback(self, project_id, **kwargs):
+    def create_feedback(self, author_id, **kwargs):
+        if 'project_id' not in kwargs:
+            return None, "Failed to create feedback. Request body must specify feedback's project_id.", 400
+
         try:
-            feedback = ProjectFeedback(project_id=project_id, **kwargs)
-            self.session.add(feedback)
-            self.session.commit()
+            if "project_id" in kwargs and "rating" in kwargs and "description" in kwargs and len(kwargs) == 3:
+                if kwargs["project_id"] is None or kwargs["rating"] is None or kwargs["description"] is None:
+                    return None, "Arguments can't be empty", 400
 
-            return feedback
+                feedback = ProjectFeedback(author_id=author_id, **kwargs)
+                self.session.add(feedback)
+                self.session.commit()
+
+                return feedback, "OK", 201
+            else:
+                return None, "Forbidden attributes used in request. Only 'project_id', 'rating' and 'description' allowed.", 400
         except:
             self.session.rollback()
-            return None
-
-    def get_all_feedbacks(self, project_id):
-        all_feedbacks = ProjectFeedback.query.filter_by(project_id=project_id).all()
+            return None, "Failed to create project feedback.", 400
 
-        return all_feedbacks
-
-    def delete_feedback(self, project_id, feedback_id):
-        feedback = ProjectFeedback.query.filter_by(project_id=project_id, id=feedback_id).first()
+    def delete_feedback(self, author_id, feedback_id):
+        feedback = ProjectFeedback.query.filter_by(id=feedback_id).first()
 
         if feedback == None:
-            return None
+            return None, "Failed to delete project feedback. Project feedback not found.", 404
+
+        if feedback.author_id != author_id:
+            return None, "Failed to delete project feedback. Cannot delete project feedback that you did not create.", 400
 
         db.session.delete(feedback)
         db.session.commit()
 
-        return feedback
+        return feedback, "OK", 200
 
 projectController = ProjectController()
diff --git a/src/api/controllers/userController.py b/src/api/controllers/userController.py
@@ -4,7 +4,7 @@
 from flask import jsonify
 
 class UserController:
-    session = db.session()
+    session = db.session
 
     # User
     def create_user(self, **kwargs):
@@ -16,17 +16,17 @@ def create_user(self, **kwargs):
             return user, "OK", 200
         except:
             self.session.rollback()
-            return None, "Forbidden Attributes", 400
+            return None, "Forbidden attributes", 400
 
     def update_user(self, id, **kwargs):
         user = User.query.filter_by(id=id).first()
 
         if user == None:
-            return None, "user not found", 404
+            return None, "User not found", 404
 
         for key, value in kwargs.items():
             if not hasattr(user, key):
-                return None, "forbidden attribute", 400
+                return None, f"Forbidden attribute '{key}'", 400
 
         for key, value in kwargs.items():
             setattr(user, key, value)
@@ -39,15 +39,10 @@ def get_user(self, **kwargs):
         user = User.query.filter_by(**kwargs).first()
 
         if user is None:
-            return None, "User Not Found", 404
+            return None, "User not found", 404
 
         return user, "OK", 200
 
-    def get_all_users(self, **kwargs):
-        all_users = User.query.all()
-
-        return all_users
-
     def delete_user(self, id):
         # Remove all user's links
         for link in UserLink.query.filter_by(user_id=id).all():
@@ -60,7 +55,7 @@ def delete_user(self, id):
         user = User.query.filter_by(id=id).first()
 
         if user == None:
-            return None, "user not found", 404
+            return None, "User not found", 404
 
         db.session.delete(user)
         db.session.commit()
@@ -81,7 +76,7 @@ def create_link(self, user_id, **kwargs):
                 return None, "Forbidden attributes used in request. only name and url allowed.", 400
         except:
             self.session.rollback()
-            return None, "link creation failed", 500
+            return None, "Link creation failed", 500
 
     def update_link(self, user_id, **kwargs):
         if not 'id' in kwargs:
@@ -108,7 +103,7 @@ def get_all_links(self, user_id):
         user = User.query.filter_by(id=user_id).first()
         if user is None:
             return None, "User not found", 404
-        
+
         return user.links, "OK", 200
 
     def delete_link(self, user_id, **kwargs):

diff --git a/src/api/models/projectFeedbackModel.py b/src/api/models/projectFeedbackModel.py
@@ -2,15 +2,15 @@
 
 class ProjectFeedback(db.Model):
     id = db.Column(db.Integer, primary_key=True)
-    user_id = db.Column(db.Integer, db.ForeignKey('user.id'))
+    author_id = db.Column(db.Integer, db.ForeignKey('user.id'))
     project_id = db.Column(db.Integer, db.ForeignKey('project.id'))
     rating = db.Column(db.Integer, nullable=False)
     description = db.Column(db.String(255), nullable=True)
 
     def as_dict(self):
         obj_d = {
             'id': self.id,
-            'user_id': self.user_id,
+            'author_id': self.author_id,
             'project_id': self.project_id,
             'rating': self.rating,
             'description': self.description,