1 files changed, 40 insertions, 46 deletions

diff --git a/opendc/api/v2/simulations/simulationId/endpoint.py b/opendc/api/v2/simulations/simulationId/endpoint.py
index 09714560..5c9d126f 100644
--- a/opendc/api/v2/simulations/simulationId/endpoint.py
+++ b/opendc/api/v2/simulations/simulationId/endpoint.py
@@ -1,49 +1,41 @@
 from datetime import datetime
 
-from opendc.models_old.simulation import Simulation
+from opendc.models.simulation import Simulation
+from opendc.models.user import User
 from opendc.util import database, exceptions
 from opendc.util.rest import Response
 
 
-def DELETE(request):
-    """Delete this Simulation."""
-
-    # Make sure required parameters are there
+def GET(request):
+    """Get this Simulation."""
 
     try:
-        request.check_required_parameters(path={'simulationId': 'int'})
-
+        request.check_required_parameters(path={'simulationId': 'string'})
     except exceptions.ParameterError as e:
         return Response(400, str(e))
 
-    # Instantiate a Simulation and make sure it exists
-
-    simulation = Simulation.from_primary_key((request.params_path['simulationId'], ))
+    simulation = Simulation.from_id(request.params_path['simulationId'])
+    validation_error = simulation.validate()
+    if validation_error is not None:
+        return validation_error
 
-    if not simulation.exists():
-        return Response(404, '{} not found.'.format(simulation))
+    user = User.from_google_id(request.google_id)
+    authorizations = list(filter(
+        lambda x: str(x['simulationId']) == str(request.params_path['simulationId']),
+        user.obj['authorizations']))
+    if len(authorizations) == 0 or authorizations[0]['authorizationLevel'] == 'VIEW':
+        return Response(403, "Forbidden from retrieving simulation.")
 
-    # Make sure this User is allowed to delete this Simulation
+    return Response(200, 'Successfully retrieved simulation', simulation.obj)
 
-    if not simulation.google_id_has_at_least(request.google_id, 'OWN'):
-        return Response(403, 'Forbidden from deleting {}.'.format(simulation))
 
-    # Delete this Simulation from the database
-
-    simulation.delete()
-
-    # Return this Simulation
-
-    return Response(200, 'Successfully deleted {}.'.format(simulation), simulation.to_JSON())
-
-
-def GET(request):
-    """Get this Simulation."""
+def PUT(request):
+    """Update a simulation's name."""
 
     # Make sure required parameters are there
 
     try:
-        request.check_required_parameters(path={'simulationId': 'int'})
+        request.check_required_parameters(body={'simulation': {'name': 'name'}}, path={'simulationId': 'string'})
 
     except exceptions.ParameterError as e:
         return Response(400, str(e))
@@ -55,25 +47,32 @@ def GET(request):
     if not simulation.exists():
         return Response(404, '{} not found.'.format(simulation))
 
-    # Make sure this User is allowed to view this Simulation
+    # Make sure this User is allowed to edit this Simulation
 
-    if not simulation.google_id_has_at_least(request.google_id, 'VIEW'):
-        return Response(403, 'Forbidden from retrieving {}.'.format(simulation))
+    if not simulation.google_id_has_at_least(request.google_id, 'EDIT'):
+        return Response(403, 'Forbidden from editing {}.'.format(simulation))
 
-    # Return this Simulation
+    # Update this Simulation in the database
 
     simulation.read()
 
-    return Response(200, 'Successfully retrieved {}'.format(simulation), simulation.to_JSON())
+    simulation.name = request.params_body['simulation']['name']
+    simulation.datetime_last_edited = database.datetime_to_string(datetime.now())
 
+    simulation.update()
 
-def PUT(request):
-    """Update a simulation's name."""
+    # Return this Simulation
+
+    return Response(200, 'Successfully updated {}.'.format(simulation), simulation.to_JSON())
+
+
+def DELETE(request):
+    """Delete this Simulation."""
 
     # Make sure required parameters are there
 
     try:
-        request.check_required_parameters(body={'simulation': {'name': 'name'}}, path={'simulationId': 'int'})
+        request.check_required_parameters(path={'simulationId': 'string'})
 
     except exceptions.ParameterError as e:
         return Response(400, str(e))
@@ -85,20 +84,15 @@ def PUT(request):
     if not simulation.exists():
         return Response(404, '{} not found.'.format(simulation))
 
-    # Make sure this User is allowed to edit this Simulation
-
-    if not simulation.google_id_has_at_least(request.google_id, 'EDIT'):
-        return Response(403, 'Forbidden from editing {}.'.format(simulation))
-
-    # Update this Simulation in the database
+    # Make sure this User is allowed to delete this Simulation
 
-    simulation.read()
+    if not simulation.google_id_has_at_least(request.google_id, 'OWN'):
+        return Response(403, 'Forbidden from deleting {}.'.format(simulation))
 
-    simulation.name = request.params_body['simulation']['name']
-    simulation.datetime_last_edited = database.datetime_to_string(datetime.now())
+    # Delete this Simulation from the database
 
-    simulation.update()
+    simulation.delete()
 
     # Return this Simulation
 
-    return Response(200, 'Successfully updated {}.'.format(simulation), simulation.to_JSON())
+    return Response(200, 'Successfully deleted {}.'.format(simulation), simulation.to_JSON())