def get_card():
data = request.json
if 'card_id' not in list(data.keys()):
return s_vars.bad_request, 400
auth_status, auth_user = au_ser.check_auth_token(request.headers)
result_arr = []
card_from_db = Card.query.filter(Card.card_id.in_(data['card_id'])).all()
for card in card_from_db:
acc = 'RW' if auth_user == card.owner else access_from_card_access(
card.card_id, auth_user)
if auth_user == card.owner or card.owner == 'public' or acc != '':
user_access = [
card_a.__repr__() for card_a in CardAccess.query.filter(
CardAccess.card_id == card.card_id).all()
]
res = card.__repr__()
res['access_type'] = acc
res['user_access_list'] = user_access
result_arr.append(res)
if len(result_arr) > 0:
return jsonify({
'result': result_arr
}), 200 if len(result_arr) == len(data['card_id']) else 200
else:
return s_vars.card_not_exist, 404
def update_card(card_id):
data = request.json
auth_status, auth_user = au_ser.check_auth_token(request.headers)
try:
card_from_db = Card.query.filter_by(card_id=card_id).first()
if card_from_db is None:
return s_vars.card_not_exist, 404
elif auth_user == '':
return s_vars.not_authorized, 401
elif card_from_db.owner == auth_user or card_from_db.owner == 'public' or access_from_card_access(
card_id, auth_user) == 'RW':
keys = list(data.keys())
if card_from_db.owner == 'public' and card_from_db.created_by != auth_user and 'owner' in keys:
return s_vars.cannot_change_owner, 403
if 'owner' in keys:
if data['owner'] != 'public':
user = user_model.User.query.filter_by(
username=data['owner']).first()
if user is not None:
card_from_db.owner = data[
'owner'] if 'owner' in keys else card_from_db.owner
else:
return s_vars.user_not_exist, 404
else:
card_from_db.owner = 'public'
card_from_db.title = data[
'title'] if 'title' in keys else card_from_db.title
card_from_db.description = data[
'description'] if 'description' in keys else card_from_db.description
card_from_db.icon_url = data[
'icon_url'] if 'icon_url' in keys else card_from_db.icon_url
card_from_db.short_url = data[
'short_url'] if 'short_url' in keys else card_from_db.short_url
card_from_db.redirect_url = data[
'redirect_url'] if 'redirect_url' in keys else card_from_db.redirect_url
card_from_db.expiry = parser.parse(
data['expiry']) if 'expiry' in keys else card_from_db.expiry
card_from_db.status = data[
'status'] if 'status' in keys else card_from_db.status
card_from_db.last_updated = datetime.utcnow()
db.session.commit()
card_json_data = card_from_db.__repr__()
card_json_data['user_access_list'] = [
card_a.__repr__() for card_a in CardAccess.query.filter(
CardAccess.card_id == card_from_db.card_id).all()
]
res = {'result': card_json_data}
return jsonify(res), 200
else:
return s_vars.not_authorized, 401
except KeyError:
return s_vars.bad_request, 400
def action_for_card(action_type):
data = request.json
if 'card_ids' not in list(data.keys()):
return s_vars.bad_request, 400
auth_status, auth_user = au_ser.check_auth_token(request.headers)
try:
card_from_db = Card.query.filter(Card.card_id.in_(
data['card_ids'])).all()
except KeyError:
return s_vars.bad_request, 400
if len(card_from_db) == 0:
return s_vars.card_not_exist, 404
else:
result = {'result': []}
for card in card_from_db:
owner = card.owner
if not (auth_user == owner or card.owner == 'public' or
access_from_card_access(card.card_id, auth_user) == 'RW'):
return s_vars.not_authorized, 401
for card in card_from_db:
owner = card.owner
card_title = card.title
if auth_user == owner or card.owner == 'public' or access_from_card_access(
card.card_id, auth_user) == 'RW':
if action_type == 'deactivate':
change_card_activation(card.card_id, False)
card.last_updated = datetime.utcnow()
result['result'].append(card.__repr__())
elif action_type == 'activate':
change_card_activation(card.card_id, True)
card.last_updated = datetime.utcnow()
result['result'].append(card.__repr__())
elif action_type == 'delete':
delete_card(card.card_id)
result['result'].append('Deleted : {}'.format(card_title))
db.session.commit()
return jsonify(result), 200
def remove_card_access():
data = request.json
try:
auth_status, auth_user = au_ser.check_auth_token(request.headers)
card_from_db = Card.query.filter_by(card_id=data['card_id']).first()
if card_from_db.owner == auth_user or access_from_card_access(
card_from_db.card_id, auth_user) == 'RW':
card_access = CardAccess.query.filter_by(
card_id=card_from_db.card_id,
username=data['username']).first()
if card_access is None:
return jsonify({
'result':
'{} does not have access for card {}'.format(
data['username'], card_from_db.title)
}), 200
msg = ''
if data['action_name'] == 'delete':
db.session.delete(card_access)
msg = 'Deleted {} access from card {}'.format(
data['username'], card_from_db.title)
elif data['action_name'] == 'enable':
card_access.access_status = True
card_access.last_updated = datetime.utcnow()
msg = 'Update: {} access from disable to enable'.format(
data['username'])
elif data['action_name'] == 'disable':
card_access.access_status = False
card_access.last_updated = datetime.utcnow()
msg = 'Update: {} access from enable to disable'.format(
data['username'])
elif data['action_name'] == 'access_RO':
card_access.access_type = 'RO'
card_access.last_updated = datetime.utcnow()
msg = 'Update: {} access from RW to RO'.format(
data['username'])
elif data['action_name'] == 'access_RW':
card_access.access_type = 'RW'
card_access.last_updated = datetime.utcnow()
msg = 'Update: {} access from RO to RW'.format(
data['username'])
else:
return s_vars.invalid_action, 403
db.session.commit()
return jsonify({'result': msg}), 200
else:
return s_vars.not_authorized, 401
except KeyError:
return s_vars.bad_request, 400
def get_group_data(group_ids=None):
data = request.json
try:
if group_ids is None:
group_ids = data['group_ids']
result = {}
auth_status, auth_user = au_ser.check_auth_token(request.headers)
if auth_user == '':
return s_vars.not_authorized, 401
for group_id in group_ids:
user_has_access = False
user_access_type = 'RO'
group = Group.query.filter_by(group_id=group_id, owner=auth_user).first()
if group is None:
group_access = GroupAccess.query.filter_by(group_id=group_id, username=auth_user,
access_status=True).first()
if group_access is not None:
user_access_type = group_access.access_type
user_has_access = True
else:
user_has_access = True
user_access_type = 'RW'
if user_has_access:
group = Group.query.filter_by(group_id=group_id).first()
card_ids = [gc.card_id for gc in GroupCards.query.filter_by(group_id=group_id).all()]
cards = [card.__repr__() for card in Card.query.filter(Card.card_id.in_(card_ids)).all()]
for card in cards:
if user_access_type == 'RW' or access_from_card_access(card['card_id'], auth_user) == 'RW':
card['access_type'] = 'RW'
else:
card['access_type'] = 'RO'
card['user_access_list'] = [card_a.__repr__() for card_a in
CardAccess.query.filter(
CardAccess.card_id == card['card_id']).all()]
result[group_id] = {}
result[group_id]['card_list'] = cards
group_json = group.__repr__()
group_json['access_type'] = user_access_type
group_json['user_access_list'] = [group_a.__repr__() for group_a in
GroupAccess.query.filter(
GroupAccess.group_id == group.group_id).all()]
result[group_id]['group_details'] = group_json
return jsonify({'result': result}), 200
except KeyError:
return s_vars.bad_request, 400
def add_card_access():
data = request.json
try:
auth_status, auth_user = au_ser.check_auth_token(request.headers)
card_from_db = Card.query.filter_by(card_id=data['card_id']).first()
owner = card_from_db.owner
access_by = auth_user
if len(access_by) == 0:
access_by = 'public'
if owner == access_by or access_from_card_access(
data['card_id'], access_by) == 'RW':
resp = []
if len(data['username']) > 0:
for username in data['username']:
username_in_db = user_model.User.query.filter_by(
username=username, deactivated=False,
verified=True).first()
if username_in_db is None and username != 'public' or owner == username:
resp.append({username: False})
else:
keys = list(data.keys())
card_access = CardAccess(
owner=owner,
username=username,
card_id=data['card_id'],
access_by=access_by,
access_type=data['access_type']
if 'access_type' in keys else 'RO')
db.session.add(card_access)
try:
db.session.commit()
resp.append({username: True})
except exc.IntegrityError as e:
resp.append({username: '******'})
logging.info(e)
return jsonify({'result': resp}), 200
else:
return s_vars.not_authorized, 401
except KeyError:
return s_vars.bad_request, 400
def return_redirect_url(short_url):
auth_status, auth_user = au_ser.check_auth_token(request.headers)
if auth_user == '':
auth_user = '******'
card_with_short_url = Card.query.filter_by(short_url=short_url,
status=True).first()
if card_with_short_url is None:
return jsonify({'result': 'failure'}), 404
else:
if auth_user == card_with_short_url.owner or card_with_short_url.owner == 'public':
return check_expiry_and_return(card_with_short_url.expiry,
card_with_short_url.redirect_url)
else:
read_card_access = [
access_from_card_access(card_id=card_with_short_url.card_id,
auth_user=user)
for user in ['public', auth_user]
]
if 'RW' in read_card_access or 'RO' in read_card_access:
return check_expiry_and_return(
card_with_short_url.expiry,
card_with_short_url.redirect_url)
else:
return s_vars.not_authorized, 401