Allow removing trophies via API

(for redditgifts rematching trophy tally) Also, restrict trophies that can be add/removed in such a fashion to trophies that specifically allow it.
k21 · Jan 3, 2012 · 7162742 · 7162742
1 parent fcf33fb
commit 7162742
Show file tree

Hide file tree

Showing 5 changed files with 53 additions and 21 deletions.
diff --git a/r2/r2/controllers/api.py b/r2/r2/controllers/api.py
@@ -1881,10 +1881,11 @@ def POST_assignad(self, form, jquery, ad, sr, weight):
                    codename = VLength("codename", max_length = 100),
                    title = VLength("title", max_length = 100),
                    awardtype = VOneOf("awardtype",
-                                      ("regular", "manual", "invisible")),
+                                    ("regular", "manual", "invisible")),
+                   api_ok=VBoolean("api_ok"),
                    imgurl = VLength("imgurl", max_length = 1000))
     def POST_editaward(self, form, jquery, award, colliding_award, codename,
-                       title, awardtype, imgurl):
+                       title, awardtype, api_ok, imgurl):
         if form.has_errors(("codename", "title", "awardtype", "imgurl"),
                            errors.NO_TEXT):
             pass
@@ -1901,14 +1902,15 @@ def POST_editaward(self, form, jquery, award, colliding_award, codename,
             return
 
         if award is None:
-            Award._new(codename, title, awardtype, imgurl)
+            Award._new(codename, title, awardtype, imgurl, api_ok)
             form.set_html(".status", "saved. reload to see it.")
             return
 
         award.codename = codename
         award.title = title
         award.awardtype = awardtype
         award.imgurl = imgurl
+        award.api_ok = api_ok
         award._commit()
         form.set_html(".status", _('saved'))
 
@@ -2221,27 +2223,28 @@ def POST_selectflair(self, form, jquery, user, flair_template, text):
         jquery('#flairrow_%s input[name="css_class"]' % user._id36).data(
             'saved', css_class).val(css_class)
 
-    @validatedForm(VAdminOrAdminSecret("secret"),
+    @validatedForm(secret_used=VAdminOrAdminSecret("secret"),
                    award = VByName("fullname"),
                    description = VLength("description", max_length=1000),
                    url = VLength("url", max_length=1000),
                    cup_hours = VFloat("cup_hours",
                                       coerce=False, min=0, max=24 * 365),
                    recipient = VExistingUname("recipient"))
-    def POST_givetrophy(self, form, jquery, award, description,
+    def POST_givetrophy(self, form, jquery, secret_used, award, description,
                         url, cup_hours, recipient):
-        if form.has_errors("award", errors.NO_TEXT):
-            pass
-
         if form.has_errors("recipient", errors.USER_DOESNT_EXIST,
                                         errors.NO_USER):
             pass
 
-        if form.has_errors("fullname", errors.NO_TEXT):
+        if form.has_errors("fullname", errors.NO_TEXT, errors.NO_THING_ID):
             pass
 
         if form.has_errors("cup_hours", errors.BAD_NUMBER):
             pass
+
+        if secret_used and not award.api_ok:
+            c.errors.add(errors.NO_API, field='secret')
+            form.has_errors('secret', errors.NO_API)
 
         if form.has_error():
             return
@@ -2251,26 +2254,33 @@ def POST_givetrophy(self, form, jquery, award, description,
             cup_expiration = timefromnow("%s seconds" % cup_seconds)
         else:
             cup_expiration = None
-
+        
         t = Trophy._new(recipient, award, description=description, url=url,
                         cup_info=dict(expiration=cup_expiration))
 
         form.set_html(".status", _('saved'))
-
+        form._send_data(trophy_fn=t._id36)
+
     @validatedForm(VAdmin(),
                    account = VExistingUname("account"))
     def POST_removecup(self, form, jquery, account):
         if not account:
             return self.abort404()
         account.remove_cup()
 
-    @validatedForm(VAdmin(),
+    @validatedForm(secret_used=VAdminOrAdminSecret("secret"),
                    trophy = VTrophy("trophy_fn"))
-    def POST_removetrophy(self, form, jquery, trophy):
+    def POST_removetrophy(self, form, jquery, secret_used, trophy):
         if not trophy:
             return self.abort404()
         recipient = trophy._thing1
         award = trophy._thing2
+        if secret_used and not award.api_ok:
+            c.errors.add(errors.NO_API, field='secret')
+            form.has_errors('secret', errors.NO_API)
+
+        if form.has_error():
+            return
 
         trophy._delete()
         Trophy.by_account(recipient, _update=True)

diff --git a/r2/r2/controllers/errors.py b/r2/r2/controllers/errors.py
@@ -89,6 +89,7 @@
         ('OAUTH2_INVALID_CLIENT', _('invalid client id')),
         ('OAUTH2_ACCESS_DENIED', _('access denied by the user')),
         ('CONFIRM', _("please confirm the form")),
+        ('NO_API', _('cannot perform this action via the API')),
     ))
 errors = Storage([(e, e) for e in error_list.keys()])
 

diff --git a/r2/r2/controllers/validator/validator.py b/r2/r2/controllers/validator/validator.py
@@ -619,9 +619,12 @@ def run(self):
 
 class VAdminOrAdminSecret(VAdmin):
     def run(self, secret):
+        '''If validation succeeds, return True if the secret was used,
+        False otherwise'''
         if secret and constant_time_compare(secret, g.ADMINSECRET):
-            return
+            return True
         super(VAdminOrAdminSecret, self).run()
+        return False
 
 class VVerifiedUser(VUser):
     def run(self):

diff --git a/r2/r2/models/award.py b/r2/r2/models/award.py
@@ -29,6 +29,7 @@
 class Award (Thing):
     _defaults = dict(
         awardtype = 'regular',
+        api_ok = False
         )
 
     @classmethod
@@ -45,11 +46,9 @@ def _all_awards(cls, _update=False):
         return [ d[id] for id in all ]
 
     @classmethod
-    def _new(cls, codename, title, awardtype, imgurl):
-#        print "Creating new award codename=%s title=%s imgurl=%s" % (
-#            codename, title, imgurl)
+    def _new(cls, codename, title, awardtype, imgurl, api_ok):
         a = Award(codename=codename, title=title, awardtype=awardtype,
-                  imgurl=imgurl)
+                  imgurl=imgurl, api_ok=api_ok)
         a._commit()
         Award._all_awards_cache(_update=True)
 
@@ -142,8 +141,12 @@ def _new(cls, recipient, award, description = None,
             recipient.set_cup(cup_info)
 
         t._commit()
-        Trophy.by_account(recipient, _update=True)
-        Trophy.by_award(award, _update=True)
+        t.update_caches()
+        return t
+
+    def update_caches(self):
+        self.by_account(self._thing1, _update=True)
+        self.by_award(self._thing2, _update=True)
 
     @classmethod
     @memoize('trophy.by_account2')

diff --git a/r2/r2/templates/adminawards.html b/r2/r2/templates/adminawards.html
@@ -40,7 +40,8 @@
   <br/>
 </%def>
 
-<%def name="awardedit(fullname, title='', awardtype='', codename='', imgurl='')">
+<%def name="awardedit(fullname, title='', awardtype='', codename='', imgurl='',
+                      api_ok=False)">
  <form action="/post/editaward" method="post" class="pretty-form medium-text"
        style="display:none"
        onsubmit="return post_form(this, 'editaward');" id="awardedit-${fullname}">
@@ -71,6 +72,20 @@
         ${error_field("NO_TEXT", "awardtype", "span")}
       </td>
     </tr>
+    <tr>
+      <td>API ok?</td>
+      <td>
+        <input name="api_ok" id="award_${fullname}_api_ok"
+          type="checkbox"
+          %if api_ok:
+            checked="checked"
+          %endif
+          />
+        <label for="award_${fullname}_api_ok">
+          allow adding/removing this award via API
+        </label>
+      </td>
+    </tr>
     <tr>
       <td>img url</td>
       <td>