|  | @@ -1,52 +1,56 @@
 | 
	
		
			
			| 1 | 1 |  import tg
 | 
	
		
			
			| 2 | 2 |  from tg import request
 | 
	
		
			
			|  | 3 | +from tg import abort
 | 
	
		
			
			| 3 | 4 |  from tg import RestController
 | 
	
		
			
			| 4 | 5 |  from sqlalchemy.orm.exc import NoResultFound
 | 
	
		
			
			| 5 | 6 |  
 | 
	
		
			
			| 6 | 7 |  from tracim.lib.content import ContentApi
 | 
	
		
			
			| 7 | 8 |  from tracim.lib.user import UserApi
 | 
	
		
			
			| 8 | 9 |  from tracim.model.data import ContentType
 | 
	
		
			
			|  | 10 | +from tracim.config.app_cfg import CFG
 | 
	
		
			
			| 9 | 11 |  
 | 
	
		
			
			| 10 | 12 |  
 | 
	
		
			
			| 11 | 13 |  class EventRestController(RestController):
 | 
	
		
			
			| 12 | 14 |  
 | 
	
		
			
			| 13 | 15 |      @tg.expose('json')
 | 
	
		
			
			| 14 | 16 |      def post(self):
 | 
	
		
			
			| 15 |  | -        json = request.json_body
 | 
	
		
			
			| 16 |  | -
 | 
	
		
			
			| 17 |  | -        from tracim.config.app_cfg import CFG
 | 
	
		
			
			|  | 17 | +        try:
 | 
	
		
			
			|  | 18 | +            json = request.json_body
 | 
	
		
			
			|  | 19 | +        except:
 | 
	
		
			
			|  | 20 | +            abort(400,'Bad json')
 | 
	
		
			
			| 18 | 21 |          cfg = CFG.get_instance()
 | 
	
		
			
			| 19 |  | -
 | 
	
		
			
			| 20 | 22 |          if 'token' in json and json['token'] == cfg.EMAIL_REPLY_TOKEN:
 | 
	
		
			
			| 21 |  | -            if 'user_mail' not in json or 'content_id' not in json:
 | 
	
		
			
			| 22 |  | -                return {'status': 'error',
 | 
	
		
			
			| 23 |  | -                        'error': 'bad json', }
 | 
	
		
			
			|  | 23 | +            if 'user_mail' not in json:
 | 
	
		
			
			|  | 24 | +                abort(400,'Bad sson : user_mail is required.')
 | 
	
		
			
			|  | 25 | +            if 'content_id' not in json:
 | 
	
		
			
			|  | 26 | +                abort(400, 'Bad json : content_id is required.')
 | 
	
		
			
			|  | 27 | +            if  'payload' not in json:
 | 
	
		
			
			|  | 28 | +                abort(400, 'Bad json : payload is required.')
 | 
	
		
			
			| 24 | 29 |              uapi = UserApi(None)
 | 
	
		
			
			| 25 |  | -            # TODO support Empty result error
 | 
	
		
			
			| 26 | 30 |              try:
 | 
	
		
			
			| 27 | 31 |                  user = uapi.get_one_by_email(json['user_mail'])
 | 
	
		
			
			| 28 | 32 |              except NoResultFound:
 | 
	
		
			
			| 29 |  | -                return {'status': 'error',
 | 
	
		
			
			| 30 |  | -                        'error': 'bad user mail', }
 | 
	
		
			
			|  | 33 | +                abort(400,'Unknown user email.')
 | 
	
		
			
			| 31 | 34 |              api = ContentApi(user)
 | 
	
		
			
			| 32 | 35 |  
 | 
	
		
			
			| 33 | 36 |              try:
 | 
	
		
			
			| 34 | 37 |                  thread = api.get_one(json['content_id'],
 | 
	
		
			
			| 35 | 38 |                                       content_type=ContentType.Any)
 | 
	
		
			
			| 36 | 39 |              except NoResultFound:
 | 
	
		
			
			| 37 |  | -                return {'status': 'error',
 | 
	
		
			
			| 38 |  | -                        'error': 'bad content id', }
 | 
	
		
			
			|  | 40 | +                abort(400,'Unknown content_id.')
 | 
	
		
			
			| 39 | 41 |              # INFO - G.M - 2017-11-17
 | 
	
		
			
			| 40 | 42 |              # When content_id is a sub-elem of a main content like Comment,
 | 
	
		
			
			| 41 | 43 |              # Attach the thread to the main content.
 | 
	
		
			
			| 42 | 44 |              if thread.type == ContentType.Comment:
 | 
	
		
			
			| 43 | 45 |                  thread = thread.parent
 | 
	
		
			
			| 44 | 46 |              if thread.type == ContentType.Folder:
 | 
	
		
			
			| 45 |  | -                return {'status': 'error',
 | 
	
		
			
			| 46 |  | -                        'error': 'comment for folder not allowed', }
 | 
	
		
			
			| 47 |  | -            api.create_comment(thread.workspace, thread,
 | 
	
		
			
			| 48 |  | -                               json['payload']['content'], True)
 | 
	
		
			
			| 49 |  | -            return {'status': 'ok', }
 | 
	
		
			
			|  | 47 | +                abort(400,'comment for folder not allowed')
 | 
	
		
			
			|  | 48 | +
 | 
	
		
			
			|  | 49 | +            if 'content' in json['payload']:
 | 
	
		
			
			|  | 50 | +                api.create_comment(thread.workspace, thread,
 | 
	
		
			
			|  | 51 | +                                   json['payload']['content'], True)
 | 
	
		
			
			|  | 52 | +                abort(204)
 | 
	
		
			
			|  | 53 | +            else:
 | 
	
		
			
			|  | 54 | +                abort(400,'No content to add new comment')
 | 
	
		
			
			| 50 | 55 |          else:
 | 
	
		
			
			| 51 |  | -            return {'status': 'error',
 | 
	
		
			
			| 52 |  | -                    'error': 'invalid token', }
 | 
	
		
			
			|  | 56 | +            abort(403)
 |