def before_post(self, args, kwargs, data):
"""
method to add user_id to view_kwargs before post
:param args:
:param kwargs:
:param data:
:return:
"""
require_relationship(['event', 'user'], data)
if not has_access('is_coorganizer', event_id=data['event']):
event = safe_query(self, Event, 'id', data['event'], 'event_id')
if event.state == "draft":
raise ObjectNotFound({'parameter': 'event_id'},
"Event: {} not found".format(
data['event_id']))
if 'sessions' in data:
session_ids = data['sessions']
for session_id in session_ids:
if not has_access('is_session_self_submitted',
session_id=session_id):
raise ObjectNotFound(
{'parameter': 'session_id'},
"Session: {} not found".format(session_id))
def before_post(self, args, kwargs, data):
require_relationship(['event'], data)
if not has_access('is_coorganizer', event_id=data['event']):
raise ForbiddenError(
{'pointer': '/data/relationships/event'},
'Co-organizer access is required.',
)
def before_post(self, args, kwargs, data=None):
"""
method to add user_id to view_kwargs before post
:param args:
:param kwargs:
:param data:
:return:
"""
require_relationship(['event', 'user'], data)
if not has_access('is_coorganizer', event_id=data['event']):
event = db.session.query(Event).filter_by(id=data['event']).one()
if event.state == "draft":
raise ObjectNotFound({'parameter': 'event_id'},
"Event: {} not found".format(data['event_id']))
if get_count(db.session.query(Event).filter_by(id=int(data['event']), is_sessions_speakers_enabled=False)) > 0:
raise ForbiddenException({'pointer': ''}, "Speakers are disabled for this Event")
if get_count(db.session.query(Speaker).filter_by(event_id=int(data['event']), email=data['email'],
deleted_at=None)) > 0:
raise ForbiddenException({'pointer': ''}, 'Speaker with this Email ID already exists')
if 'sessions' in data:
session_ids = data['sessions']
for session_id in session_ids:
if not has_access('is_session_self_submitted', session_id=session_id):
raise ObjectNotFound({'parameter': 'session_id'},
"Session: {} not found".format(session_id))
def before_post(self, args, kwargs, data):
"""
before post method to check for required relationship and proper permission
:param args:
:param kwargs:
:param data:
:return:
"""
require_relationship(['event'], data)
if not has_access('is_coorganizer', event_id=data['event']):
raise ObjectNotFound(
{'parameter': 'event_id'}, "Event: {} not found".format(data['event'])
)
if (
get_count(
db.session.query(Ticket.id).filter_by(
name=data['name'], event_id=int(data['event']), deleted_at=None
)
)
> 0
):
raise ConflictError(
{'pointer': '/data/attributes/name'}, "Ticket already exists"
)
def before_post(self, args, kwargs, data=None):
"""
method to add user_id to view_kwargs before post
:param args:
:param kwargs:
:param data:
:return:
"""
data['user'] = current_user.id
require_relationship(['event', 'user'], data)
if not has_access('is_coorganizer', event_id=data['event']):
event = db.session.query(Event).filter_by(id=data['event']).one()
if event.state == "draft":
raise ObjectNotFound(
{'parameter': 'event_id'},
"Event: {} not found".format(data['event']),
)
if (get_count(
db.session.query(Event).filter_by(
id=int(data['event']), is_sessions_speakers_enabled=False))
> 0):
raise ForbiddenError({'pointer': ''},
"Speakers are disabled for this Event")
if (not data.get('is_email_overridden') and get_count(
db.session.query(Speaker).filter_by(event_id=int(
data['event']),
email=data['email'],
deleted_at=None)) > 0):
raise ForbiddenError({'pointer': ''},
'Speaker with this Email ID already exists')
if data.get('is_email_overridden') and not has_access(
'is_organizer', event_id=data['event']):
raise ForbiddenError(
{'pointer': 'data/attributes/is_email_overridden'},
'Organizer access required to override email',
)
if (data.get('is_email_overridden')
and has_access('is_organizer', event_id=data['event'])
and not data.get('email')):
data['email'] = current_user.email
if 'sessions' in data:
session_ids = data['sessions']
for session_id in session_ids:
if not has_access('is_session_self_submitted',
session_id=session_id):
raise ObjectNotFound(
{'parameter': 'session_id'},
f"Session: {session_id} not found",
)
data[
'complex_field_values'] = validate_custom_form_constraints_request(
'speaker', self.schema, Speaker(event_id=data['event']), data)
def before_post(self, args, kwargs, data):
"""
Before post method to check for required relationship and proper permissions
:param args:
:param kwargs:
:param data:
:return:
"""
require_relationship(['ticket', 'event'], data)
def before_post(self, args, kwargs, data):
"""
before post method to check for required relationship and proper permission
:param args:
:param kwargs:
:param data:
:return:
"""
require_relationship(['event'], data)
def before_post(self, args, kwargs, data):
"""
before post method to check for required relationship and proper permission
:param args:
:param kwargs:
:param data:
:return:
"""
require_relationship(['event'], data)
data['creator_id'] = current_identity.id
def before_post(self, args, kwargs, data):
"""
before post method to check for required relationship and proper permission
:param args:
:param kwargs:
:param data:
:return:
"""
require_relationship(['event_topic'], data)
if not has_access('is_admin'):
raise ForbiddenException({'source': ''}, 'Admin access is required.')
def before_post(self, args, kwargs, data):
"""
before post method to check for required relationship and proper permission
:param args:
:param kwargs:
:param data:
:return:
"""
require_relationship(['event_topic'], data)
if not has_access('is_admin'):
raise ForbiddenError({'source': ''}, 'Admin access is required.')
def before_post(self, args, kwargs, data):
"""
before get method to get the resource id for fetching details
:param args:
:param kwargs:
:param data:
:return:
"""
require_relationship(['event', 'role'], data)
if not has_access('is_organizer', event_id=data['event']):
raise ForbiddenError({'source': ''}, 'Organizer access is required.')
def before_post(self, args, kwargs, data):
"""
before post method to check for required relationship and proper permission
:param args:
:param kwargs:
:param data:
:return:
"""
require_relationship(['event'], data)
if not has_access('is_coorganizer', event_id=data['event']):
raise ForbiddenException({'source': ''}, 'Co-organizer access is required.')
def before_post(self, args, kwargs, data):
"""
before get method to get the resource id for fetching details
:param args:
:param kwargs:
:param data:
:return:
"""
require_relationship(['event', 'role'], data)
if not has_access('is_organizer', event_id=data['event']):
raise ForbiddenException({'source': ''}, 'Organizer access is required.')
def before_post(self, args, kwargs, data=None):
"""
before post method to check for required relationship and proper permission
:param args:
:param kwargs:
:param data:
:return:
"""
require_relationship(['event', 'ticket_holders'], data)
if not has_access('is_coorganizer', event_id=data['event']):
data['status'] = 'pending'
def before_post(self, args, kwargs, data):
"""
before post method to check for required relationships and permissions
:param args:
:param kwargs:
:param data:
:return:
"""
require_relationship(['event', 'user'], data)
if not has_access('is_coorganizer', event_id=data['event']):
raise ForbiddenError({'source': ''}, "Minimum Organizer access required")
def before_post(self, args, kwargs, data):
"""
before post method to check for required relationship and proper permission
:param args:
:param kwargs:
:param data:
:return:
"""
require_relationship(['event'], data)
if not has_access('is_coorganizer', event_id=data['event']):
raise ForbiddenException({'source': ''}, 'Co-organizer access is required.')
def before_post(self, args, kwargs, data):
"""
method to check for required relationship with event
:param args:
:param kwargs:
:param data:
:return:
"""
require_relationship(['event'], data)
if not has_access('is_coorganizer', event_id=data['event']):
raise ObjectNotFound({'parameter': 'event_id'},
"Event: {} not found".format(data['event']))
def before_post(self, args, kwargs, data):
"""
method to check for required relationship with event
:param args:
:param kwargs:
:param data:
:return:
"""
require_relationship(['event', 'user'], data)
if not has_access('is_user_itself', id=data['user']):
raise ObjectNotFound({'parameter': 'user_id'},
"User: {} doesn't match auth key".format(data['user']))
def before_post(self, args, kwargs, data):
"""
before post method to check for required relationship and proper permission
:param args:
:param kwargs:
:param data:
:return:
"""
require_relationship(['event', 'track'], data)
data['creator_id'] = current_user.id
if get_count(db.session.query(Event).filter_by(id=int(data['event']), is_sessions_speakers_enabled=False)) > 0:
raise ForbiddenException({'pointer': ''}, "Sessions are disabled for this Event")
def before_post(self, args, kwargs, data):
"""
before post method to check for required relationship and proper permission
:param args:
:param kwargs:
:param data:
:return:
"""
require_relationship(['event', 'track'], data)
data['creator_id'] = current_identity.id
if get_count(db.session.query(Event).filter_by(id=int(data['event']), is_sessions_speakers_enabled=False)) > 0:
raise ForbiddenException({'pointer': ''}, "Sessions are disabled for this Event")
def before_post(self, args, kwargs, data):
if data['used_for'] == 'ticket':
self.schema = DiscountCodeSchemaTicket
require_relationship(['event'], data)
if not has_access('is_coorganizer', event_id=data['event']):
raise ForbiddenException({'source': ''}, 'You are not authorized')
elif data['used_for'] == 'event' and has_access('is_admin') and 'events' in data:
self.schema = DiscountCodeSchemaEvent
else:
raise UnprocessableEntity({'source': ''}, "Please verify your permission or check your relationship")
data['user_id'] = current_identity.id
def before_post(self, args, kwargs, data):
"""
before post method to check for required relationship and proper permission
:param args:
:param kwargs:
:param data:
:return:
"""
require_relationship(['event'], data)
if not has_access('is_coorganizer', event_id=data['event']):
raise ObjectNotFound({'parameter': 'event_id'},
"Event: {} not found".format(data['event_id']))
def before_post(self, args, kwargs, data):
"""
Before post method to check for required relationship and proper permissions
:param args:
:param kwargs:
:param data:
:return:
"""
require_relationship(['ticket', 'event'], data)
ticket = (
db.session.query(Ticket)
.filter_by(id=int(data['ticket']), deleted_at=None)
.first()
)
if ticket is None:
raise UnprocessableEntity(
{'pointer': '/data/relationships/ticket'}, "Invalid Ticket"
)
if ticket.event_id != int(data['event']):
raise UnprocessableEntity(
{'pointer': '/data/relationships/ticket'},
"Ticket belongs to a different Event",
)
# Check if the ticket is already sold out or not.
if get_sold_and_reserved_tickets_count(ticket.event_id) >= ticket.quantity:
raise ConflictException(
{'pointer': '/data/attributes/ticket_id'}, "Ticket already sold out"
)
if 'device_name_checkin' in data and data['device_name_checkin'] is not None:
if 'is_checked_in' not in data or not data['is_checked_in']:
raise UnprocessableEntity(
{'pointer': '/data/attributes/device_name_checkin'},
"Attendee needs to be checked in first",
)
elif 'checkin_times' not in data or data['checkin_times'] is None:
raise UnprocessableEntity(
{'pointer': '/data/attributes/device_name_checkin'},
"Check in Times missing",
)
elif len(data['checkin_times'].split(",")) != len(
data['device_name_checkin'].split(",")
):
raise UnprocessableEntity(
{'pointer': '/data/attributes/device_name_checkin'},
"Check in Times missing for the corresponding device name",
)
if 'checkin_times' in data:
if 'device_name_checkin' not in data or data['device_name_checkin'] is None:
data['device_name_checkin'] = '-'
def before_post(self, args, kwargs, data):
"""
method to check for required relationship with event
:param args:
:param kwargs:
:param data:
:return:
"""
require_relationship(['event', 'user'], data)
if not has_access('is_user_itself', id=data['user']):
raise ObjectNotFound({'parameter': 'user_id'},
"User: {} doesn't match auth key".format(
data['user']))
def before_post(self, args, kwargs, data):
"""
before post method for checking required relationship
:param args:
:param kwargs:
:param data:
:return:
"""
require_relationship(['event'], data)
if not has_access('is_coorganizer', event_id=data['event']):
raise ForbiddenError({'source': ''},
'Co-organizer access is required.')
def before_post(self, args, kwargs, data):
"""
before post method to check for required relationship and proper permission
:param args:
:param kwargs:
:param data:
:return:
"""
require_relationship(['event'], data)
if not has_access('is_organizer', event_id=data['event']):
raise ForbiddenException({'source': ''}, "Minimum Organizer access required")
if get_count(db.session.query(Event).filter_by(id=int(data['event']), can_pay_by_stripe=False)) > 0:
raise ForbiddenException({'pointer': ''}, "Stripe payment is disabled for this Event")
def before_post(self, args, kwargs, data):
"""
before post method to check for required relationship and proper permission
:param args:
:param kwargs:
:param data:
:return:
"""
require_relationship(['event'], data)
if not has_access('is_coorganizer', event_id=data['event']):
raise ForbiddenException({'source': ''}, 'Co-organizer access is required.')
if get_count(db.session.query(Event).filter_by(id=int(data['event']), is_tax_enabled=False)) > 0:
raise MethodNotAllowed({'parameter': 'event_id'}, "Tax is disabled for this Event")
def before_post(self, args, kwargs, data):
"""
before post method to check for required relationship and proper permission
:param args:
:param kwargs:
:param data:
:return:
"""
require_relationship(['user'], data)
if get_count(db.session.query(UserEmail.id).filter_by(email_address=data.get('email-address'),
user_id=int(data['user']), deleted_at=None)) > 0:
raise ConflictException({'pointer': '/data/attributes/name'}, "Email already exists")
def before_post(self, args, kwargs, data):
"""Before post method to check required relationships and set user_id
:param args:
:param kwargs:
:param data:
:return:"""
if data['used_for'] == 'ticket':
require_relationship(['event'], data)
if not has_access('is_coorganizer', event_id=data['event']):
raise ForbiddenException({'source': ''}, 'You are not authorized')
elif not data['used_for'] == 'event' and has_access('is_admin') and 'events' in data:
raise UnprocessableEntity({'source': ''}, "Please verify your permission or check your relationship")
data['user_id'] = current_identity.id
def before_post(self, args, kwargs, data):
"""
Before post method to check for required relationship and proper permissions
:param args:
:param kwargs:
:param data:
:return:
"""
require_relationship(['ticket', 'event'], data)
ticket = db.session.query(Ticket).filter_by(
id=int(data['ticket']), deleted_at=None
).first()
if ticket is None:
raise UnprocessableEntity(
{'pointer': '/data/relationships/ticket'}, "Invalid Ticket"
)
if ticket.event_id != int(data['event']):
raise UnprocessableEntity(
{'pointer': '/data/relationships/ticket'},
"Ticket belongs to a different Event"
)
# Check if the ticket is already sold out or not.
if get_count(db.session.query(TicketHolder.id).
filter_by(ticket_id=int(data['ticket']), deleted_at=None)) >= ticket.quantity:
raise ConflictException(
{'pointer': '/data/attributes/ticket_id'},
"Ticket already sold out"
)
if 'device_name_checkin' in data and data['device_name_checkin'] is not None:
if 'is_checked_in' not in data or not data['is_checked_in']:
raise UnprocessableEntity(
{'pointer': '/data/attributes/device_name_checkin'},
"Attendee needs to be checked in first"
)
elif 'checkin_times' not in data or data['checkin_times'] is None:
raise UnprocessableEntity(
{'pointer': '/data/attributes/device_name_checkin'},
"Check in Times missing"
)
elif len(data['checkin_times'].split(",")) != len(data['device_name_checkin'].split(",")):
raise UnprocessableEntity(
{'pointer': '/data/attributes/device_name_checkin'},
"Check in Times missing for the corresponding device name"
)
if 'checkin_times' in data:
if 'device_name_checkin' not in data or data['device_name_checkin'] is None:
data['device_name_checkin'] = '-'
def before_post(self, args, kwargs, data):
"""Before post method to check required relationships and set user_id
:param args:
:param kwargs:
:param data:
:return:"""
if data['used_for'] == 'ticket':
require_relationship(['event'], data)
if not has_access('is_coorganizer', event_id=data['event']):
raise ForbiddenException({'source': ''}, 'You are not authorized')
elif data['used_for'] == 'event' and not has_access('is_admin') and 'events' in data:
raise UnprocessableEntity({'source': ''}, "Please verify your permission or check your relationship")
data['user_id'] = current_identity.id
def before_post(self, args, kwargs, data=None):
# Enforce owner to current user
if not current_identity.is_admin or 'owner' not in data:
data['owner'] = current_identity.id
require_relationship(['type'], data)
# Enforce holder to owner
data['holder'] = data['owner']
if 'born_at_home' in data and data['born_at_home']:
self._data_layer.__create_first_move = True
del data['born_at_home']
else:
self._data_layer.__create_first_move = False
def before_post(self, args, kwargs, data):
"""
before get method to get the resource id for fetching details
:param args:
:param kwargs:
:param data:
:return:
"""
require_relationship(['group', 'role'], data)
group = Group.query.get(data['group'])
role = Role.query.get(data['role'])
if group.user != current_user:
raise ForbiddenError({'pointer': 'group'}, 'Owner access is required.')
if role.name != 'organizer':
raise ForbiddenError({'pointer': 'role'}, 'Only organizer role is allowed.')
def before_post(self, args, kwargs, data):
"""
before get method to get the resource id for fetching details
:param args:
:param kwargs:
:param data:
:return:
"""
require_relationship(['session', 'event'], data)
if not has_access('is_speaker_for_session', id=data['session']):
raise ForbiddenError({'source': ''}, 'Speaker access is required.')
if data.get('status'):
if not data['status'] == 'pending':
raise ForbiddenError(
{'source': ''},
'Speaker Invite can not created with accepted status.')
def before_post(self, args, kwargs, data):
"""
before post method to check for required relationship and proper permission
:param args:
:param kwargs:
:param data:
:return:
"""
require_relationship(['session'], data)
data['user'] = current_user.id
user_favourite_session = UserFavouriteSession.query.filter_by(
session_id=data['session'], user=current_user).first()
if user_favourite_session:
raise ConflictError({'pointer': '/data/relationships/session'},
"Session already favourited")
def before_post(cls, args, kwargs, data):
"""
before post method to check for required relationship and proper permission
:param args:
:param kwargs:
:param data:
:return:
"""
require_relationship(['group'], data)
data['user'] = current_user.id
user_follow_group = UserFollowGroup.query.filter_by(
group_id=data['group'], user=current_user).first()
if user_follow_group:
raise ConflictError({'pointer': '/data/relationships/group'},
"Group already followed")
def before_post(self, args, kwargs, data):
"""
before post method to check for required relationship and proper permission
:param args:
:param kwargs:
:param data:
:return:
"""
require_relationship(['event'], data)
if not has_access('is_organizer', event_id=data['event']):
raise ForbiddenError({'source': ''},
"Minimum Organizer access required")
if (get_count(
db.session.query(Event).filter_by(
id=int(data['event']), can_pay_by_stripe=False)) > 0):
raise ForbiddenError({'pointer': ''},
"Stripe payment is disabled for this Event")
def before_post(self, args, kwargs, data):
"""
before post method to check for required relationship and proper permission
:param args:
:param kwargs:
:param data:
:return:
"""
require_relationship(['event'], data)
if not has_access('is_coorganizer', event_id=data['event']):
raise ForbiddenError({'source': ''},
'Co-organizer access is required.')
if (get_count(
db.session.query(Event).filter_by(id=int(data['event']),
is_tax_enabled=False)) > 0):
raise MethodNotAllowed({'parameter': 'event_id'},
"Tax is disabled for this Event")
def before_post(self, args, kwargs, data):
"""
before post method to check for required relationship and proper permission
:param args:
:param kwargs:
:param data:
:return:
"""
require_relationship(['event'], data)
if not has_access('is_coorganizer', event_id=data['event']):
raise ForbiddenException({'source': ''},
'Co-organizer access is required.')
if get_count(
db.session.query(Event).filter_by(
id=int(data['event']), is_sponsors_enabled=False)) > 0:
raise ForbiddenException({'pointer': ''},
"Sponsors are disabled for this Event")
def before_post(self, args, kwargs, data):
"""
before post method to check for required relationship and proper permission
:param args:
:param kwargs:
:param data:
:return:
"""
require_relationship(['user'], data)
if (get_count(
db.session.query(UserEmail.id).filter_by(
email_address=data.get('email-address'),
user_id=int(data['user']),
deleted_at=None,
)) > 0):
raise ConflictError({'pointer': '/data/attributes/name'},
"Email already exists")
def before_post(self, args, kwargs, data):
"""
method to check for required relationship with event
:param args:
:param kwargs:
:param data:
:return:
"""
require_relationship(['user'], data)
if not has_access('is_user_itself', user_id=int(data['user'])):
raise ObjectNotFound({'parameter': 'user_id'},
"User: {} doesn't match auth key".format(data['user']))
if 'event' in data and 'session' in data:
raise UnprocessableEntity({'pointer': ''},
"Only one relationship between event and session is allowed")
if 'event' not in data and 'session' not in data:
raise UnprocessableEntity({'pointer': ''},
"A valid relationship with event and session is required")
def before_post(self, args, kwargs, data):
"""
method to check for required relationship with event
:param args:
:param kwargs:
:param data:
:return:
"""
require_relationship(['event'], data)
if not has_access('is_coorganizer', event_id=data['event']):
raise ObjectNotFound({'parameter': 'event_id'},
"Event: {} not found".format(
data['event_id']))
# Assign is_complex to True if not found in identifier map of form type
data['is_complex'] = (
CUSTOM_FORM_IDENTIFIER_NAME_MAP[data['form']].get(
data['field_identifier']) is None)
def before_post(self, args, kwargs, data):
"""
method to check for required relationship with event
:param args:
:param kwargs:
:param data:
:return:
"""
require_relationship(['user'], data)
if not has_access('is_user_itself', user_id=int(data['user'])):
raise ObjectNotFound({'parameter': 'user_id'},
"User: {} doesn't match auth key".format(data['user']))
if 'event' in data and 'session' in data:
raise UnprocessableEntity({'pointer': ''},
"Only one relationship between event and session is allowed")
if 'event' not in data and 'session' not in data:
raise UnprocessableEntity({'pointer': ''},
"A valid relationship with event and session is required")
def before_post(self, args, kwargs, data):
"""
before post method to check for required relationship and proper permission
:param args:
:param kwargs:
:param data:
:return:
"""
require_relationship(['event'], data)
if not has_access('is_coorganizer', event_id=data['event']):
raise ObjectNotFound({'parameter': 'event_id'},
"Event: {} not found".format(data['event']))
if get_count(db.session.query(Ticket.id).filter_by(name=data['name'], event_id=int(data['event']),
deleted_at=None)) > 0:
raise ConflictException({'pointer': '/data/attributes/name'}, "Ticket already exists")
if get_count(db.session.query(Event).filter_by(id=int(data['event']), is_ticketing_enabled=False)) > 0:
raise MethodNotAllowed({'parameter': 'event_id'}, "Ticketing is disabled for this Event")
def before_post(self, args, kwargs, data=None):
"""
before post method to check for required relationships and permissions
:param args:
:param kwargs:
:param data:
:return:
"""
require_relationship(['event'], data)
if not current_user.is_verified:
raise ForbiddenException({'source': ''},
"Only verified accounts can place orders")
# Create on site attendees.
if request.args.get('onsite', False):
create_onsite_attendees_for_order(data)
elif data.get('on_site_tickets'):
del data['on_site_tickets']
require_relationship(['ticket_holders'], data)
# Ensuring that default status is always pending, unless the user is event co-organizer
if not has_access('is_coorganizer', event_id=data['event']):
data['status'] = 'pending'
def before_post(self, args, kwargs, data):
require_relationship(['event'], data)
if not has_access('is_coorganizer', event_id=data['event']):
raise ForbiddenException({'source': ''}, 'Co-organizer access is required.')
def test_require_relationship(self):
with self.assertRaises(UnprocessableEntity):
data = ['event']
require_relationship(['sponsor', 'event'], data)
def test_require_relationship(self):
"""Method to test relationship in request data"""
with self.assertRaises(UnprocessableEntity):
data = ['event']
require_relationship(['sponsor', 'event'], data)
