feat: add support for group actions

7086cmd · 7086cmd · commit 664dc9e4a1a8 · 2024-05-02T23:42:59.000+08:00
diff --git a/routers/groups_router.py b/routers/groups_router.py
@@ -5,7 +5,7 @@
 from pydantic import BaseModel
 from util.get_class import get_activities_related_to_user
 
-from utils import compulsory_temporary_token, get_current_user
+from utils import compulsory_temporary_token, get_current_user, validate_object_id
 
 router = APIRouter()
 
@@ -33,32 +33,56 @@ async def create_group(payload: Group, user=Depends(get_current_user)):
 
 
 @router.get("")
-async def get_groups(page: int = -1, perpage: int = 10, user=Depends(get_current_user)):
+async def get_groups(
+    page: int = 1,
+    perpage: int = 10,
+    type="all",
+    search="",
+    user=Depends(get_current_user),
+):
     """
     Get all groups
     """
 
     if len(user["per"]) == 0:
         raise HTTPException(status_code=403, detail="Permission denied")
 
-    count = await db.zvms.groups.count_documents({})
+    if type == "all":
+        target = ["permission", "class"]
+    elif type == "permission":
+        target = ["permission"]
+    elif type == "class":
+        target = ["class"]
+    else:
+        raise HTTPException(status_code=400, detail="Invalid type")
+
+    count = await db.zvms.groups.count_documents(
+        {"name": {"$regex": search, "$options": "i"}}
+    )
 
     pipeline = [
+        {
+            "$match": {
+                "type": {"$in": target},
+                "name": {"$regex": search, "$options": "i"},
+            },
+        },
+        {"$project": {"description": 0}},
         {"$sort": {"name": 1}},
-        {"$skip": (page - 1) * perpage},
-        {"$limit": perpage},
+        {"$skip": 0 if page < 1 else (page - 1) * perpage},
+        {"$limit": count if page < 1 else perpage},
     ]
 
     result = await db.zvms.groups.aggregate(pipeline).to_list(None)
 
-
     for group in result:
         group["_id"] = str(group["_id"])
 
     return {
         "status": "ok",
         "code": 200,
         "data": result,
+        "metadata": {"size": count},
     }
 
 
@@ -98,7 +122,7 @@ async def update_group_name(
         raise HTTPException(status_code=403, detail="Permission denied")
 
     await db.zvms.groups.update_one(
-        {"_id": ObjectId(group_id)}, {"$set": {"name": payload.name}}
+        {"_id": validate_object_id(group_id)}, {"$set": {"name": payload.name}}
     )
 
     return {
@@ -110,10 +134,11 @@ async def update_group_name(
 @router.get("/{group_id}/activity")
 async def get_class_activities(
     group_id: str,
-    page: int = -1,
+    page: int = 1,
     perpage: int = 10,
     query: str = "",
-    user=Depends(get_current_user)):
+    user=Depends(get_current_user),
+):
     """
     Get activities related to a group
     """
@@ -128,39 +153,48 @@ async def get_class_activities(
     }
 
 
-@router.get('/{group_id}/user')
-async def get_users_in_class(group_id: str, page: int = -1, perpage: int = 10, query: str = '', user=Depends(get_current_user)):
-    '''
+@router.get("/{group_id}/user")
+async def get_users_in_class(
+    group_id: str,
+    page: int = 1,
+    perpage: int = 10,
+    search: str = "",
+    user=Depends(get_current_user),
+):
+    """
     Get users in a class
-    '''
+    """
     same_class = False
-    if 'secretary' in user['per']:
-        user = await db.zvms.users.find_one({'_id': ObjectId(user['_id'])})
+    if "secretary" in user["per"]:
+        user = await db.zvms.users.find_one({"_id": ObjectId(user["_id"])})
         if user is None:
-            raise HTTPException(status_code=404, detail='User not found')
-        classid = user['group']
+            raise HTTPException(status_code=404, detail="User not found")
+        classid = user["group"]
         if classid == group_id:
             same_class = True
     if user is None:
-        raise HTTPException(status_code=404, detail='User not found')
-    if not 'admin' in user['per'] and not 'auditor' in user['per'] and not 'department' in user['per'] and (not 'secretary' in user['per'] or not same_class):
-        raise HTTPException(status_code=403, detail='Permission denied')
-    count = await db.zvms.users.count_documents({'group': group_id})
+        raise HTTPException(status_code=404, detail="User not found")
+    if (
+        not "admin" in user["per"]
+        and not "auditor" in user["per"]
+        and not "department" in user["per"]
+        and (not "secretary" in user["per"] or not same_class)
+    ):
+        raise HTTPException(status_code=403, detail="Permission denied")
+    count = await db.zvms.users.count_documents(
+        {"group": group_id, "name": {"$regex": search, "$options": "i"}}
+    )
     pipeline = [
-        {"$match": {"group": group_id}},
-        {"$sort": {"name": 1}},
+        {"$match": {"group": group_id, "name": {"$regex": search, "$options": "i"}}},
+        {"$sort": {"id": 1}},
         {"$skip": (page - 1) * perpage},
         {"$limit": perpage},
     ]
     result = await db.zvms.users.aggregate(pipeline).to_list(None)
     for user in result:
-        user['_id'] = str(user['_id'])
-    return {
-        'status': 'ok',
-        'code': 200,
-        'data': result,
-        'metadata': {'size': count}
-    }
+        user["_id"] = str(user["_id"])
+    return {"status": "ok", "code": 200, "data": result, "metadata": {"size": count}}
+
 
 class PutGroupDescription(BaseModel):
     description: str
diff --git a/routers/images_router.py b/routers/images_router.py
@@ -43,6 +43,8 @@ async def upload_image(file: UploadFile, user=Depends(get_current_user)):
 @router.get("/{image_id}/data")
 async def get_image(image_id: str):
     data = await db.zvms.images.find_one({"_id": validate_object_id(image_id)})
+    if data is None:
+        raise HTTPException(status_code=404, detail="Image not found")
     image = image_storage.getBBImage(data['id'])
     if image.status_code != 200:
         raise HTTPException(status_code=image.status_code, detail=image.text)
@@ -57,10 +59,9 @@ def generate():
 
 @router.delete("/{image_id}")
 async def delete_image(image_id: str, user=Depends(compulsory_temporary_token)):
-    image = db.zvms.images.find_one({"id": image_id})
-    if not image:
-        raise HTTPException(status_code=404, detail="Image not found")
     image = await db.zvms.images.find_one({"_id": validate_object_id(image_id)})
+    if image is None:
+        raise HTTPException(status_code=404, detail="Image not found")
     image_storage.remove(image['id'])
     await db.zvms.images.delete_one({"_id": validate_object_id(image["_id"])})
     return {"status": "ok", "code": 200}
diff --git a/routers/notifications_router.py b/routers/notifications_router.py
@@ -1,3 +1,4 @@
+from datetime import datetime
 from fastapi import APIRouter, HTTPException, Depends, Request
 from typings.notification import Notification
 from utils import compulsory_temporary_token, get_current_user, validate_object_id
@@ -99,12 +100,20 @@ async def update_notification_content(
     item = await db.zvms.notifications.find_one(
         {"_id": validate_object_id(notification_oid)}
     )
-    if user["id"] != item["publisher"] and "admin" not in user["per"]:
+    if item is None:
+        raise HTTPException(status_code=404, detail="Notification not found")
+    if user["id"] != item["publisher"] or "admin" not in user["per"]:
+        raise HTTPException(status_code=403, detail="Permission denied")
+    actioner = await db.zvms.users.find_one({"_id": item["publisher"]})
+    if actioner is None:
+        raise HTTPException(status_code=404, detail="User not found")
+    msg = f"{actioner['name']} modified notification at {datetime.now()}"
+    if user["id"] != item["publisher"] or "admin" not in user["per"]:
         raise HTTPException(status_code=403, detail="Permission denied")
     # Update notification content
     await db.zvms.notifications.update_one(
         {"_id": validate_object_id(notification_oid)},
-        {"$set": {"content": request.content}},
+        {"$set": {"content": request.content + "\n" + msg}},
     )
 
 
@@ -118,7 +127,9 @@ async def update_notification_title(
     item = await db.zvms.notifications.find_one(
         {"_id": validate_object_id(notification_oid)}
     )
-    if user["id"] != item["publisher"] and "admin" not in user["per"]:
+    if item is None:
+        raise HTTPException(status_code=404, detail="Notification not found")
+    if user["id"] != item["publisher"] or "admin" not in user["per"]:
         raise HTTPException(status_code=403, detail="Permission denied")
     # Update notification title
     await db.zvms.notifications.update_one(
@@ -137,6 +148,8 @@ async def delete_notification(
     item = await db.zvms.notifications.find_one(
         {"_id": validate_object_id(notification_oid)}
     )
+    if item is None:
+        raise HTTPException(status_code=404, detail="Notification not found")
     if user["id"] != item["publisher"] and "admin" not in user["per"]:
         raise HTTPException(status_code=403, detail="Permission denied")
     # Remove notification
diff --git a/routers/trophies_router.py b/routers/trophies_router.py
@@ -69,6 +69,8 @@ async def get_trophy(trophy_oid: str, user=Depends(get_current_user)):
     """
     # Get trophy
     result = await db.zvms.trophies.find_one({"_id": validate_object_id(trophy_oid)})
+    if result is None:
+        raise HTTPException(status_code=404, detail="Not Found")
     result["_id"] = str(result["_id"])
     return {
         "status": "ok",
@@ -125,6 +127,8 @@ async def delete_trophy(trophy_oid: str, user=Depends(compulsory_temporary_token
     Delete Trophy
     """
     trophy = await db.zvms.trophies.find_one({"_id": validate_object_id(trophy_oid)})
+    if trophy is None:
+        raise HTTPException(status_code=404, detail="Not Found")
     if "admin" not in user["per"] and user["id"] != trophy["creator"]:
         raise HTTPException(status_code=403, detail="Permission denied")
     # Delete trophy
@@ -177,6 +181,8 @@ async def update_trophy_member_status(
     Update Trophy Member Status
     """
     trophy = await db.zvms.trophies.find_one({"_id": validate_object_id(trophy_oid)})
+    if trophy is None:
+        raise HTTPException(status_code=404, detail="Not Found")
     if "admin" in user["per"]:
         pass
     elif "department" in user["per"] and user["id"] == trophy["create"]:
@@ -223,6 +229,8 @@ async def delete_trophy_member(
     Delete Trophy Member
     """
     trophy = await db.zvms.trophies.find_one({"_id": validate_object_id(trophy_oid)})
+    if trophy is None:
+        raise HTTPException(status_code=404, detail="Not Found")
     if (
         "admin" not in user["per"]
         and not ("department" in user["per"] and user["id"] == trophy["creator"])
@@ -248,6 +256,8 @@ async def add_trophy_award(
     Add Trophy Award
     """
     trophy = await db.zvms.trophies.find_one({"_id": validate_object_id(trophy_oid)})
+    if trophy is None:
+        raise HTTPException(status_code=404, detail="Not Found")
     if "admin" not in user["per"] and user["id"] != trophy["creator"]:
         raise HTTPException(status_code=403, detail="Permission denied")
     # Add trophy award
@@ -266,6 +276,8 @@ async def delete_trophy_award(
     Delete Trophy Award
     """
     trophy = await db.zvms.trophies.find_one({"_id": validate_object_id(trophy_oid)})
+    if trophy is None:
+        raise HTTPException(status_code=404, detail="Not Found")
     if "admin" not in user["per"] and user["id"] != trophy["creator"]:
         raise HTTPException(status_code=403, detail="Permission denied")
     # Delete trophy award
@@ -293,6 +305,8 @@ async def update_trophy_award_duration(
     Update Trophy Award Duration
     """
     trophy = await db.zvms.trophies.find_one({"_id": validate_object_id(trophy_oid)})
+    if trophy is None:
+        raise HTTPException(status_code=404, detail="Not Found")
     if "admin" not in user["per"] and user["id"] != trophy["creator"]:
         raise HTTPException(status_code=403, detail="Permission denied")
     # Update trophy award duration
diff --git a/routers/users_router.py b/routers/users_router.py
