Using PATCH to do comment rating.

2016-07-27 17:18:58 +02:00
parent 63a78440a1
commit 6a7d25cec7
5 changed files with 274 additions and 2 deletions
--- a/pillar/application/modules/nodes/custom/init.py
+++ b/pillar/application/modules/nodes/custom/init.py
@@ -18,3 +18,7 @@ def register_patch_handler(node_type):
        return func

    return wrapper
+
+
+# Import sub-modules so they can register themselves.
+from . import comment
--- a/pillar/application/modules/nodes/custom/comment.py
+++ b/pillar/application/modules/nodes/custom/comment.py
@@ -0,0 +1,118 @@
+"""PATCH support for comment nodes."""
+import logging
+
+from flask import current_app
+import werkzeug.exceptions as wz_exceptions
+
+from application.utils import authorization, authentication, jsonify
+from . import register_patch_handler
+
+log = logging.getLogger(__name__)
+ROLES_FOR_COMMENT_VOTING = {u'subscriber', u'demo'}
+VALID_COMMENT_OPERATIONS = {u'upvote', u'downvote', u'revoke'}
+
+
+@register_patch_handler(u'comment')
+def patch_comment(node_id, patch):
+    assert_is_valid_patch(node_id, patch)
+    user_id = authentication.current_user_id()
+
+    # Find the node
+    nodes_coll = current_app.data.driver.db['nodes']
+    node_query = {'_id': node_id,
+                  '$or': [{'properties.ratings.$.user': {'$exists': False}},
+                          {'properties.ratings.$.user': user_id}]}
+    node = nodes_coll.find_one(node_query,
+                               projection={'properties': 1})
+    if node is None:
+        log.warning('How can the node not be found?')
+        raise wz_exceptions.NotFound('Node %s not found' % node_id)
+
+    props = node['properties']
+
+    # Find the current rating (if any)
+    rating = next((rating for rating in props.get('ratings', ())
+                   if rating.get('user') == user_id), None)
+
+    def revoke():
+        if not rating:
+            # No rating, this is a no-op.
+            return
+
+        label = 'positive' if rating.get('is_positive') else 'negative'
+        update = {'$pull': {'properties.ratings': rating},
+                  '$inc': {'properties.rating_%s' % label: -1}}
+        return update
+
+    def upvote():
+        if rating and rating.get('is_positive'):
+            # There already was a positive rating, so this is a no-op.
+            return
+
+        update = {'$inc': {'properties.rating_positive': 1}}
+        if rating:
+            update['$inc']['properties.rating_negative'] = -1
+            update['$set'] = {'properties.ratings.$.is_positive': True}
+        else:
+            update['$push'] = {'properties.ratings': {
+                'user': user_id, 'is_positive': True,
+            }}
+        return update
+
+    def downvote():
+        if rating and not rating.get('is_positive'):
+            # There already was a negative rating, so this is a no-op.
+            return
+
+        update = {'$inc': {'properties.rating_negative': 1}}
+        if rating:
+            update['$inc']['properties.rating_positive'] = -1
+            update['$set'] = {'properties.ratings.$.is_positive': False}
+        else:
+            update['$push'] = {'properties.ratings': {
+                'user': user_id, 'is_positive': False,
+            }}
+        return update
+
+    actions = {
+        u'upvote': upvote,
+        u'downvote': downvote,
+        u'revoke': revoke,
+    }
+    action = actions[patch['op']]
+    mongo_update = action()
+
+    if not mongo_update:
+        return jsonify({'_status': 'OK', 'result': 'no-op'})
+
+    log.info('Running %s', mongo_update)
+    if rating:
+        result = nodes_coll.update_one({'_id': node_id, 'properties.ratings.user': user_id},
+                                       mongo_update)
+    else:
+        result = nodes_coll.update_one({'_id': node_id}, mongo_update)
+
+    return jsonify({'_status': 'OK', 'result': result})
+
+
+def assert_is_valid_patch(node_id, patch):
+    """Raises an exception when the patch isn't valid."""
+
+    try:
+        op = patch['op']
+    except KeyError:
+        raise wz_exceptions.BadRequest("PATCH should have a key 'op' indicating the operation.")
+
+    if op not in VALID_COMMENT_OPERATIONS:
+        raise wz_exceptions.BadRequest('Operation should be one of %s',
+                                       ', '.join(VALID_COMMENT_OPERATIONS))
+
+    # See whether the user is allowed to patch
+    if authorization.user_matches_roles(ROLES_FOR_COMMENT_VOTING):
+        log.debug('User is allowed to upvote/downvote comment')
+        return
+
+    # Access denied.
+    log.info('User %s wants to PATCH comment node %s, but is not allowed.',
+             authentication.current_user_id(), node_id)
+    raise wz_exceptions.Forbidden()
--- a/pillar/application/utils/init.py
+++ b/pillar/application/utils/init.py
@@ -8,7 +8,7 @@ import bson.objectid
 from eve import RFC1123_DATE_FORMAT
 from flask import current_app
 from werkzeug import exceptions as wz_exceptions
-
+import pymongo.results

 __all__ = ('remove_private_keys', 'PillarJSONEncoder')
 log = logging.getLogger(__name__)
@@ -41,6 +41,9 @@ class PillarJSONEncoder(json.JSONEncoder):
        if isinstance(obj, bson.ObjectId):
            return str(obj)

+        if isinstance(obj, pymongo.results.UpdateResult):
+            return obj.raw_result
+
        # Let the base class default method raise the TypeError
        return json.JSONEncoder.default(self, obj)

--- a/pillar/application/utils/authorization.py
+++ b/pillar/application/utils/authorization.py
@@ -123,7 +123,7 @@ def has_permissions(collection_name, resource, method, append_allowed_methods=Fa
    return False


-def compute_aggr_permissions(collection_name, resource, check_node_type):
+def compute_aggr_permissions(collection_name, resource, check_node_type=None):
    """Returns a permissions dict."""

    # We always need the know the project.