Beispiel #1
0
 def get(self, _id):
     account_id = request.headers.get("account_id")
     if _id == account_id or (not is_customer(account_id) and is_customer(_id)):
         result = get_account_visits(_id)
         return make_response(jsonify(result), 200)
     else:
         return make_response("Invalid request, account id needed", 400)
Beispiel #2
0
 def get(self, _id=None):
     if _id:
         account_id = request.headers.get("account_id")
         if _id == account_id or (not is_customer(account_id) and is_customer(
                 _id)):  # to not allow hairdresses to check other hairdressers
             result = get_account_data(_id)
             return make_response(result, 200)
         else:
             return make_response("User not authorized to view this data", 401)
     else:
         if not is_customer(request.headers.get("account_id")):
             result = get_all_customers_data()
             return make_response(result, 200)
         else:
             return make_response("Not authorized to see all users data", 401)
Beispiel #3
0
def get_account_visits(account_id: str) -> dict:
    """
    Provides date, address/full name of customer, and id of the visits of the given account id
    """
    if is_customer(account_id):
        return get_customer_visits(account_id)
    else:
        return get_hairdresser_visits(account_id)
Beispiel #4
0
 def get(self):
     account_id = request.headers.get("account_id")
     session_id = request.headers.get("session_id")
     access_results = {"isHairdresser": False, "isAdmin": False}
     if not is_customer(account_id):
         access_results["isHairdresser"] = True
     if can_access_admin(session_id, account_id):
         access_results["isAdmin"] = True
     return make_response(access_results, 200)
Beispiel #5
0
 def get(self, _id=None):
     if authorized_to_access_visit(_id, request.headers.get("account_id")):
         for_edit = request.headers.get("for_edit")
         if _id and for_edit:
             result = get_visit_details_for_edit(_id)
             return make_response(result, 200)
         elif _id and not for_edit:
             result = get_visit_details(_id, is_customer(request.headers.get("account_id")))
             return make_response(result, 200)
         else:
             return make_response("No visit id provided", 400)
     else:
         return make_response("User not authorized to see this visit", 401)
Beispiel #6
0
    def patch(self, _id):
        data = request.get_json()
        if data["summary"] or data["pictures"]:
            if not is_customer(request.headers.get("account_id")):
                visit_summary_update = add_visit_summary(request.get_json())
                if visit_summary_update:
                    return make_response("Visit updated successfully", 200)
                else:
                    return make_response(jsonify(visit_summary_update), 400)
        else:
            if authorized_to_access_visit(data["id"], request.headers.get("account_id")):
                inputs = VisitInputs(request)
                if inputs.validate():
                    visit_update = update_visit(data)
                else:
                    return make_response(str(inputs.errors), 400)

                if visit_update["success"]:
                    return make_response("Visit updated successfully", 200)
                else:
                    return make_response(jsonify(visit_update), 400)
            else:
                return make_response("User not authorized to edit this visit", 401)
Beispiel #7
0
 def on_model_change(self, form, model, is_created):
     if is_created and is_customer(form.account_id.data):
         raise (AttributeError("Klient nie może byc administratorem"))