Merge pull request #1621 from alexandermendes/fix-1592

Fix 1592

Author: teleyinex

alembic/versions/4e795a38cd4b_add_info_to_category.py

@@ -0,0 +1,22 @@
+"""Add info to category
+
+Revision ID: 4e795a38cd4b
+Revises: 0a6628a97161
+Create Date: 2017-08-15 12:21:47.441561
+
+"""
+
+# revision identifiers, used by Alembic.
+revision = '4e795a38cd4b'
+down_revision = '0a6628a97161'
+
+from alembic import op
+import sqlalchemy as sa
+from sqlalchemy.dialects.postgresql import JSON
+
+def upgrade():
+    op.add_column('category', sa.Column('info', JSON))
+
+
+def downgrade():
+    op.drop_column('category', 'info')

doc/api.rst

@@ -274,8 +274,8 @@ It is possible to limit the number of returned objects::
     GET http://{pybossa-site-url}/api/{domain-object}[?field1=value&limit=20]
 
 
-It is possible to access first level JSON keys within the **info** field of Projects,
-Tasks, Task Runs and Results::
+It is possible to access first level JSON keys within the **info** field of Categories,
+Projects, Tasks, Task Runs and Results::
 
     GET http://{pybossa-site-url}/api/{domain-object}[?field1=value&info=foo::bar&limit=20]
 
@@ -313,9 +313,9 @@ When you use the fulltextsearch argument, the API will return the objects enrich
  * **headline**: The matched words of the key1::value1 found, with <b></b> items to highlight them.
  * **rank**: The ranking returned by the database. Ranking attempts to measure how relevant documents are to a particular query, so that when there are many matches the most relevant ones can be shown first.
 
-Here you have an example of the expected output for an api call like this:: 
+Here you have an example of the expected output for an api call like this::
 
-    /api/task?project_id=1&info=name::ipsum%26bravo&fulltextsearch=1 
+    /api/task?project_id=1&info=name::ipsum%26bravo&fulltextsearch=1
 
 .. code-block:: python
 
@@ -349,7 +349,7 @@ Here you have an example of the expected output for an api call like this::
     We use PostgreSQL ts_rank_cd with the following configuration: ts_rank_cd(textsearch, query, 4). For more details check the official documentation of PostgreSQL.
 
 .. note::
-	By default PYBOSSA uses English for the searches. You can customize this behavior using any of the supported languages by PostgreSQL changing the settings_local.py config variable: *FULLTEXTSEARCH_LANGUAGE* = 'spanish'. 
+	By default PYBOSSA uses English for the searches. You can customize this behavior using any of the supported languages by PostgreSQL changing the settings_local.py config variable: *FULLTEXTSEARCH_LANGUAGE* = 'spanish'.
 
 .. note::
     By default all GET queries return a maximum of 20 objects unless the
@@ -459,14 +459,14 @@ Favorites
 ---------
 
 Authenticated users can mark a task as a favorite. This is useful for users when they
-want to see all the tasks they have done to remember them. For example, a user can mark 
+want to see all the tasks they have done to remember them. For example, a user can mark
 as a favorite a picture that's beautiful and that he/she has marked as favorited.
 
 For serving this purpose PYBOSSA provides the following api endpoint::
 
     GET /api/favorites
 
-If the user is authenticated it will return all the tasks the user has marked as favorited. 
+If the user is authenticated it will return all the tasks the user has marked as favorited.
 
 To add a task as a favorite, a POST should be done with a payload of {'task_id': Task.id}::
 
@@ -493,7 +493,7 @@ You can also use **limit** to get more than 1 task for the user like this::
 
     GET http://{pybossa-site-url}/api/{project.id}/newtask?limit=100
 
-That query will return 100 tasks for the user. 
+That query will return 100 tasks for the user.
 
 .. note::
     That's the maximum of tasks that a user can get at once. If you pass an argument of 200,
@@ -610,7 +610,7 @@ User api endpoint
 ----------------
 
 While all the other endpoints behave the same, this one is a bit special as we deal with private information
-like emails. 
+like emails.
 
 Anonymous users
 ~~~~~~~~~~~~~~~
@@ -3731,7 +3731,7 @@ argument: **?template=basic** for the basic or **?template=iamge** for the image
       "title": "Project: asdf1324 &middot; Task Presenter Editor"
     }
 
-Then, you can use that template, or if you prefer you can do a POST directly without that information. As in 
+Then, you can use that template, or if you prefer you can do a POST directly without that information. As in
 any other request involving a POST you will need the CSRFToken to validate it.
 
 **POST**
@@ -4225,7 +4225,7 @@ Therefore, if you want to import tasks from a CSV link, you will have to do the
 
     GET server/project/<short_name>/tasks/import?type=csv
 
-That query will return the same output as before, but instead of the available_importers, you will get the the form fields and CSRF token for that importer. 
+That query will return the same output as before, but instead of the available_importers, you will get the the form fields and CSRF token for that importer.
 
 **POST**
 

doc/conf.py

@@ -72,9 +72,9 @@
 # built documents.
 #
 # The short X.Y version.
-version = 'v2.6.0'
+version = 'v2.6.1'
 # The full version, including alpha/beta/rc tags.
-release = 'v2.6.0'
+release = 'v2.6.1'
 
 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.

doc/customizing.rst

@@ -139,7 +139,7 @@ Multiple languages
 ==================
 
 By default PYBOSSA only speaks English, however the default theme comes with a few
-translations (Spanish, French, Italian, Japanese, Greek and German). 
+translations (Spanish, French, Italian, Japanese, Greek and German).
 
 You can enable those translations (mostly user interface strings and actions) by doing
 the following: creating a symlink to the translations folders:
@@ -150,14 +150,14 @@ the following: creating a symlink to the translations folders:
 
 This will use the default translations of PYBOSSA for your server. We recommend to use
 these translations with the default theme. If you use your own theme, the best thing is
-to do your own translation, (see :ref:`translating`), as you might want to name things 
+to do your own translation, (see :ref:`translating`), as you might want to name things
 differently on the templates.
 
 You can disable/enable different languages in your config file
 **settings_local.py**. For example, to remove French you can add
 this configuration to the settings file:
 
-.. code-block:: python 
+.. code-block:: python
 
     LOCALES = [('en', 'English'), ('es', u'Español'),
                ('it', 'Italiano'), ('ja', u'日本語')]
@@ -167,23 +167,23 @@ Also, you can always specify a different default locale using the following
 snippet in the same settings file
 
 
-.. code-block:: python 
+.. code-block:: python
 
     DEFAULT_LOCALE = 'es'
 
 
 .. note::
     PYBOSSA tries to first match the user preferred language from their
     browser. This will work for anonymous users, while registered ones can
-    specify the language they want using their user preferences. 
+    specify the language they want using their user preferences.
 
 
 .. note::
     As an alternative way to allow anonymous users to *force* a different
     language, PYBOSSA looks for a cookie named **language** where it expects
     the key of any of the supported langes in the LOCALES list. You can use
     JavaScript to set it up.
-    
+
 
 Creating your own theme
 =======================
@@ -699,7 +699,7 @@ Making extra key/value pairs in info field public
 =================================================
 
 By default PYBOSSA protects all the information the info field except for those
-values that are public like the url of the image of the project, the container 
+values that are public like the url of the image of the project, the container
 where that picture is stored and a few extra. While this will be more than enough
 for most projects, sometimes, a server will need to expose more information publicly
 via the info field for the User and Project Domain Objects.
@@ -712,7 +712,7 @@ to show user's badges to anonymous people.
 With projects it could be the same. You want to highlight some info to anyone, but hide everything else.
 
 As PYBOSSA hides everything by default, you can always turn on which other fields from the
-info field can be shown to anonymous users, making them public. 
+info field can be shown to anonymous users, making them public.
 
 .. note::
 
@@ -725,6 +725,7 @@ the following config variables::
 
     PROJECT_INFO_PUBLIC_FIELDS = ['key1', 'key2']
     USER_INFO_PUBLIC_FIELDS = ['badges', 'key2', ...]
+    CATEGORY_INFO_PUBLIC_FIELDS = ['key1', 'key2']
 
 Add as many as you want, need. But please, be careful about which information you disclose.
 
@@ -903,7 +904,7 @@ If you want to enable it, you will have to add to your settings_local.py::
 
     SSE = True
 
-Also, you will need to configure uwsgi and nginx to support SSE events. This is not 
+Also, you will need to configure uwsgi and nginx to support SSE events. This is not
 trivial, as there are several different scenarios, libraries and options, so instead of
 recommending one solution, we invite you to read the `uwsgi documentation about it <http://uwsgi-docs.readthedocs.org/en/latest/Async.html>`_, so you can take a decission based on your
 own infrastructure and preferences.
@@ -996,7 +997,7 @@ Web Push notifications
     onesignal.com in order to support this feature. If you cannot use HTTPS we recommend to not enable
     it.
 
-PYBOSSA can send web push notifications to Google Chrome, Mozilla Firefox and Safari browsers. 
+PYBOSSA can send web push notifications to Google Chrome, Mozilla Firefox and Safari browsers.
 
 For supporting this feature, PYBOSSA uses the Onesignal.com service. You will need an account and create
 an app for your PYBOSSA server. Then follow their documentation to download the WebPush SDK and configure
@@ -1016,13 +1017,13 @@ settings_local.py file::
     ONESIGNAL_APP_ID = 'app-id'
     ONESIGNAL_API_KEY = 'app-key'
 
-Restart the server, and add one background worker for the *webpush* queue. This queue will handle the 
+Restart the server, and add one background worker for the *webpush* queue. This queue will handle the
 creation of the apps, as well as sending the push notifications.
 
 Then you will need to update your PYBOSSA theme in order to allow your users to subscribe. As this could
 vary a lot from one project to another, we do not provide a template but some guidelines:
 
- * Use the JS SDK to subscribe a user to a given project using the *tags* option of Onesignal. 
+ * Use the JS SDK to subscribe a user to a given project using the *tags* option of Onesignal.
  * PYBOSSA sends notifications using those tags thanks to the *filters* option that allows us to
    segment traffic. PYBOSSA is especting the project.id as the tag key for segmenting.
  * The JS SDK allows you to subscribe/unsubscribe a user to a give project (not only the whole server) with

pybossa/api/category.py

@@ -22,6 +22,7 @@
     * categories
 
 """
+from werkzeug.exceptions import BadRequest
 from api_base import APIBase
 from pybossa.model.category import Category
 
@@ -30,4 +31,12 @@ class CategoryAPI(APIBase):
 
     """Class API for domain object Category."""
 
+    reserved_keys = set(['id', 'created'])
+
     __class__ = Category
+
+    def _forbidden_attributes(self, data):
+        for key in data.keys():
+            if key in self.reserved_keys:
+                msg = "Reserved keys in payload: %s" % key
+                raise BadRequest(msg)

pybossa/model/category.py

@@ -18,6 +18,9 @@
 
 from sqlalchemy import Integer, Text
 from sqlalchemy.schema import Column, ForeignKey
+from sqlalchemy.dialects.postgresql import JSON
+from sqlalchemy.ext.mutable import MutableDict
+from flask import current_app
 
 from pybossa.core import db
 from pybossa.model import DomainObject, make_timestamp
@@ -38,12 +41,20 @@ class Category(db.Model, DomainObject):
     description = Column(Text, nullable=False)
     #: UTC timestamp when the Category was created
     created = Column(Text, default=make_timestamp)
+    #: Info field formatted as JSON for storing additional data
+    info = Column(MutableDict.as_mutable(JSON), default=dict())
 
     @classmethod
     def public_attributes(self):
         """Return a list of public attributes."""
-        return ['description', 'short_name', 'created', 'id', 'name']
+        return ['description', 'short_name', 'created', 'id', 'name', 'info']
 
+    @classmethod
     def public_info_keys(self):
         """Return a list of public info keys."""
-        return []
+        default = []
+        extra = current_app.config.get('CATEGORY_INFO_PUBLIC_FIELDS')
+        if extra:
+            return list(set(default).union(set(extra)))
+        else:
+            return default

pybossa/repositories/helping_repository.py

@@ -33,35 +33,35 @@ def get_by(self, **attributes):
 
     def filter_by(self, limit=None, offset=0, yielded=False,
                   last_id=None, fulltextsearch=None, desc=False, **filters):
-        return self._filter_by(HelpingMaterial, limit, offset, yielded, 
+        return self._filter_by(HelpingMaterial, limit, offset, yielded,
                                last_id, fulltextsearch, desc, **filters)
 
-    def save(self, blogpost):
-        self._validate_can_be('saved', blogpost)
+    def save(self, hm):
+        self._validate_can_be('saved', hm)
         try:
-            self.db.session.add(blogpost)
+            self.db.session.add(hm)
             self.db.session.commit()
         except IntegrityError as e:
             self.db.session.rollback()
             raise DBIntegrityError(e)
 
-    def update(self, blogpost):
-        self._validate_can_be('updated', blogpost)
+    def update(self, hm):
+        self._validate_can_be('updated', hm)
         try:
-            self.db.session.merge(blogpost)
+            self.db.session.merge(hm)
             self.db.session.commit()
         except IntegrityError as e:
             self.db.session.rollback()
             raise DBIntegrityError(e)
 
-    def delete(self, blogpost):
-        self._validate_can_be('deleted', blogpost)
-        blog = self.db.session.query(HelpingMaterial).filter(HelpingMaterial.id==blogpost.id).first()
+    def delete(self, hm):
+        self._validate_can_be('deleted', hm)
+        blog = self.db.session.query(HelpingMaterial).filter(HelpingMaterial.id==hm.id).first()
         self.db.session.delete(blog)
         self.db.session.commit()
 
-    def _validate_can_be(self, action, blogpost):
-        if not isinstance(blogpost, HelpingMaterial):
-            name = blogpost.__class__.__name__
+    def _validate_can_be(self, action, hm):
+        if not isinstance(hm, HelpingMaterial):
+            name = hm.__class__.__name__
             msg = '%s cannot be %s by %s' % (name, action, self.__class__.__name__)
             raise WrongObjectError(msg)

pybossa/repositories/project_repository.py

@@ -29,9 +29,6 @@
 
 class ProjectRepository(Repository):
 
-    def __init__(self, db):
-        self.db = db
-
     # Methods for Project objects
     def get(self, id):
         return self.db.session.query(Project).get(id)

setup.py

@@ -65,7 +65,7 @@
 
 setup(
     name = 'pybossa',
-    version = '2.6.0',
+    version = '2.6.1',
     packages = find_packages(),
     install_requires = requirements,
     # only needed when installing directly from setup.py (PyPi, eggs?) and pointing to e.g. a git repo.

test/factories/category_factory.py

@@ -34,3 +34,4 @@ def _create(cls, model_class, *args, **kwargs):
     name = factory.Sequence(lambda n: 'category_name_%d' % n)
     short_name = factory.Sequence(lambda n: 'category_short_name_%d' % n)
     description = 'Category description for testing purposes'
+    info = {'file_name': 'test.jpg', 'container': 'user_1'}

test/test_admin.py

@@ -936,6 +936,7 @@ def test_24_admin_update_category(self):
         obj = db.session.query(Category).get(1)
         _name = obj.name
         category = obj.dictize()
+        del category['info']
 
         # Anonymous user GET
         url = '/admin/categories/update/%s' % obj.id
@@ -1058,6 +1059,7 @@ def test_25_admin_delete_category(self):
         self.create()
         obj = db.session.query(Category).get(2)
         category = obj.dictize()
+        del category['info']
 
         # Anonymous user GET
         url = '/admin/categories/del/%s' % obj.id
@@ -1104,6 +1106,7 @@ def test_25_admin_delete_category(self):
         obj = db.session.query(Category).first()
         url = '/admin/categories/del/%s' % obj.id
         category = obj.dictize()
+        del category['info']
         res = self.app.post(url, data=category, follow_redirects=True)
         print res.data
         err_msg = "Category should not be deleted"