def update_user(user_id):
"""
Update an user account.
"""
user = User.get(user_id)
if not user:
return api_error('User not found', 404)
form_kwargs = dict(
validate_unique_email=user.email != request.json.get('email')
)
if 'password' in request.json:
form = FullUserForm(**form_kwargs)
else:
form = BaseUserForm(**form_kwargs)
if not form.validate_on_submit():
return api_error(form.errors)
services = []
if form.role.data == 'provider':
user.services = Service.get_by_ids(form.services.data)
user.email = form.email.data
if 'password' in request.json:
user.set_password(form.password.data)
user.name = form.name.data
user.organization = form.organization.data
user.phone_number = form.phone_number.data
user.role = form.role.data
user.save()
return jsonify(user)
def mark_need_resolved(need_id):
"""
Resolve a need and close an alert if necessary.
Send out a message stating the alert was closed as well.
"""
need = Need.get(need_id)
# Check validity of need_id
if not need:
return api_error('Need not found')
if not current_user.is_admin and current_user.id != need.alert.user_id:
return api_error('Permission denied')
if need.resolved:
return api_error('Need already resolved!')
# validate the form
form = ResolveNeedForm(need=need)
if not form.validate_on_submit():
return api_error(form.errors)
# Update Need with form data, including setting resolved to True.
need.resolved = True
need.resolved_at = datetime.utcnow()
need.resolve_notes = form.notes.data
need.resolve_message = form.message.data
for provision in need.provisions:
provision.selected = provision.id in form.provisions.data
need.save()
# Check if alert is resolved, notify those involved
resolve_need(need)
return '', 200
def get_need(need_id):
need = Need.get(need_id)
if not need:
return api_error('Need not found')
if not current_user.is_admin and current_user.id != need.alert.user_id:
return api_error('Permission denied')
return jsonify(need.to_advocate_json())
def update_category(category_id):
"""
Update an category.
"""
category = Category.get(category_id)
if not category:
return api_error('Category not found', 404)
form = CategoryForm(
validate_unique_name=category.name != request.json.get('name')
)
if not form.validate_on_submit():
return api_error(form.errors)
category.name = form.name.data
category.description = form.description.data
if 'services' in request.json:
services = request.json['services']
for data in services:
service = Service.get(data['id'])
service.sort_order = data['sort_order']
service.save()
category.save()
return '', 200
def get_need(need_id):
need = Need.get(need_id)
if not need:
return api_error('Need not found')
if current_user.id != need.alert.user_id:
return api_error('Permission denied')
return jsonify(need.to_advocate_json())
def delete_user(id):
"""
Delete an user.
"""
user = User.get(id)
if not user:
return api_error('User not found', 404)
if user.id == current_user.id:
return api_error('Cannot delete self', 404)
user.delete()
return '', 202
def change_password():
"""
Change logged in user's password.
"""
form = ChangePasswordForm(request.json_multidict)
if not form.validate_on_submit():
return api_error(form.errors)
if not current_user.check_password(form.current.data):
return api_error(dict(form=['Current password is incorrect.']))
current_user.set_password(form.new_password.data)
current_user.save()
return '', 200
def delete_response(uuid):
"""
Delete a response to an alert.
"""
return 'Not Implemented', 501 # We currently don't support a UI for this
alert = Alert.get(uuid)
if not alert:
return api_error('Alert not found.', 404)
if current_user.role == 'advocate' and alert.user.id != current_user.id:
return api_error('Forbidden.', 403)
alert.delete()
return '', 202
def login():
"""
Authenticate with the application.
"""
# TODO: issue API key here instead of cookie
form = LoginForm(request.json_multidict)
if not form.validate_on_submit():
return api_error(form.errors)
user = User.get_by_email(form.email.data.lower())
password = form.password.data
if user is not None and user.check_password(password):
login_user(user)
return jsonify(user)
return api_error(dict(form=['Invalid username/password.']))
def get_alert(alert_id):
alert = Alert.get(alert_id)
if not alert:
return api_error('Alert not found')
if current_user.role == 'provider':
if not alert.provider_has_permission(current_user):
return api_error('Permission denied')
data = alert.to_provider_json(current_user)
elif current_user.role == 'advocate':
if alert.user.id != current_user.id:
return api_error('Permission denied')
data = alert.to_advocate_json()
else: # is an admin
data = alert.to_advocate_json()
return jsonify(data)
def get_alert(alert_id):
alert = Alert.get(alert_id)
if not alert:
return api_error('Alert not found')
if current_user.role == 'provider':
if not alert.provider_has_permission(current_user):
return api_error('Permission denied')
data = alert.to_provider_json(current_user)
elif current_user.role == 'advocate':
if alert.user.id != current_user.id:
return api_error('Permission denied')
data = alert.to_advocate_json()
else: # is an admin
data = alert.to_json()
return jsonify(data)
def update_service(service_id):
"""
Update an service.
"""
service = Service.get(service_id)
if not service:
return api_error("Service not found", 404)
form = ServiceForm(validate_unique_name=service.name != request.json.get("name"))
if not form.validate_on_submit():
return api_error(form.errors)
service.name = form.name.data
service.description = form.description.data
service.category = Category.get(form.category.data)
service.save()
return "", 200
def help_message():
"""
Send a help message on behalf of the provider.
"""
if 'message' not in request.json:
return api_error('Message not specified.')
send_help_message(current_user, request.json['message'])
return '', 200
def delete_category(category_id):
"""
Delete an category.
"""
category = Category.get(category_id)
if not category:
return api_error('Category not found', 404)
category.delete()
return '', 200
def delete_category(category_id):
"""
Delete an category.
"""
category = Category.get(category_id)
if not category:
return api_error('Category not found', 404)
category.delete()
return '', 200
def delete_service(service_id):
"""
Delete an service.
"""
service = Service.get(service_id)
if not service:
return api_error('Service not found', 404)
service.delete()
return '', 200
def create_response():
"""
Create a response to an alert.
POST params:
- alert_id: alert identifier
- message: response message
"""
if 'alert_id' not in request.json or 'needs_provided' not in request.json:
return api_error('Invalid form')
alert = Alert.get(int(request.json['alert_id']))
if not alert:
return api_error('Alert not found.', 404)
respond_to_alert(current_user, request.json['needs_provided'], alert)
return '', 201
def create_alert():
"""
Create an alert. Must be an advocate.
"""
form = AlertForm()
if not form.validate_on_submit():
return api_error(form.errors)
send_out_alert(form)
return '', 201
def create_alert():
"""
Create an alert. Must be an advocate.
"""
form = AlertForm()
if not form.validate_on_submit():
return api_error(form.errors)
send_out_alert(form)
return '', 201
def create_service():
"""
Create a service. Must be an admin.
"""
form = ServiceForm()
if not form.validate_on_submit():
return api_error(form.errors)
service = Service(name=form.name.data, description=form.description.data, category=Category.get(form.category.data))
service.save()
return "", 201
def resolve_need(need_id):
need = Need.get(need_id)
if not need:
return api_error('Need not found')
if current_user.id != need.alert.user_id:
return api_error('Permission denied')
if need.resolved:
return api_error('Need already resolved!')
form = ResolveNeedForm(need=need)
if not form.validate_on_submit():
return api_error(form.errors)
need.resolved = True
need.resolved_at = datetime.utcnow()
need.resolve_notes = form.notes.data
need.resolve_message = form.message.data
for provision in need.provisions:
provision.selected = provision.id in form.provisions.data
send_out_resolution(need)
need.save()
return '', 200
def set_category_sort():
"""
Sets the order of the categories.
"""
if 'categories' not in request.json:
return api_error('Invalid form.')
categories = request.json['categories']
for data in categories:
category = Category.get(data['id'])
category.sort_order = data['sort_order']
category.save()
return jsonify(Category.all())
def set_category_sort():
"""
Sets the order of the categories.
"""
if 'categories' not in request.json:
return api_error('Invalid form.')
categories = request.json['categories']
for data in categories:
category = Category.get(data['id'])
category.sort_order = data['sort_order']
category.save()
return jsonify(Category.all())
def forgot_password():
"""
Send a password reset email.
"""
form = ForgotPasswordForm(request.json_multidict)
if not form.validate_on_submit():
return api_error(form.errors)
user = User.get_by_email(form.email.data)
if user:
send_password_reset(user)
return '', 200
def create_category():
"""
Create a category. Must be an admin.
"""
form = CategoryForm()
if not form.validate_on_submit():
return api_error(form.errors)
name = form.name.data
description = form.description.data
category = Category(name=name, description=description)
category.save()
return '', 201
def delete_alert(id):
"""
Delete an alert.
"""
return 'Not Implemented', 501 # We do not support a UI for this
if current_user.role == 'advocate':
alert = Alert.get_user_alert(current_user, id)
else:
alert = Alert.get(id)
if not alert:
return api_error('No alert was found.', 404)
alert.delete()
return '', 200
def create_category():
"""
Create a category. Must be an admin.
"""
form = CategoryForm()
if not form.validate_on_submit():
return api_error(form.errors)
name = form.name.data
description = form.description.data
category = Category(name=name, description=description)
category.save()
return '', 201
def delete_alert(id):
"""
Delete an alert.
"""
return 'Not Implemented', 501 # We do not support a UI for this
if current_user.role == 'advocate':
alert = Alert.get_user_alert(current_user, id)
else:
alert = Alert.get(id)
if not alert:
return api_error('No alert was found.', 404)
alert.delete()
return '', 200
def update_profile():
"""
Update logged in user's profile.
"""
form = UpdateProfileForm(request.json_multidict)
if not form.validate_on_submit():
return api_error(form.errors)
current_user.name = form.name.data
current_user.organization = form.organization.data
current_user.email = form.email.data
current_user.phone_number = form.phone_number.data
if current_user.is_provider:
current_user.services = Service.get_by_ids(form.services.data)
current_user.save()
return jsonify(current_user)
def update_category(category_id):
"""
Update an category.
"""
category = Category.get(category_id)
if not category:
return api_error('Category not found', 404)
form = CategoryForm(
validate_unique_name=category.name != request.json.get('name'))
if not form.validate_on_submit():
return api_error(form.errors)
category.name = form.name.data
category.description = form.description.data
if 'services' in request.json:
services = request.json['services']
for data in services:
service = Service.get(data['id'])
service.sort_order = data['sort_order']
service.save()
category.save()
return '', 200
def reset_password():
"""
Reset a user's password with valid token.
Will send a password reset notification email to user.
"""
reset_token_life = timedelta(
hours=current_app.config.get('RESET_TOKEN_LIFE', 24))
form = ResetPasswordForm(request.json_multidict)
if not form.validate_on_submit():
return api_error(form.errors)
user = User.get_by_email(form.email.data)
if not user:
return api_error(dict(form=['Could not find user.']))
if not user.reset_token or user.reset_token != form.token.data:
return api_error(dict(form=['Invalid reset token.']))
if user.reset_created_at < datetime.utcnow() - reset_token_life:
return api_error(dict(form=['Reset token expired']))
user.set_password(form.password.data)
user.reset_token = None
user.reset_created_at = None
user.save()
send_confirm_password_reset(user)
login_user(user)
return jsonify(user)
def resolve_all_alert_needs(alert_id):
alert = Alert.get(alert_id)
if not alert:
return api_error('Alert not found')
for need in alert.needs:
need.resolved = True
need.resolved_at = datetime.utcnow()
need.save(False)
alert.save()
if ('notifyProvidersAllResolved' in request.json and
request.json['notifyProvidersAllResolved']):
send_out_alert_closed(alert)
return '', 200
def create_user():
"""
Create an user account.
"""
form = FullUserForm()
if not form.validate_on_submit():
return api_error(form.errors)
services = []
if form.role.data == 'provider':
services = Service.get_by_ids(form.services.data)
user = User(
name=form.name.data,
organization=form.organization.data,
email=form.email.data,
password=form.password.data,
phone_number=form.phone_number.data,
role=form.role.data,
services=services
)
user.save()
return jsonify(user)
