def func_wrapper(*args, **kwargs):
response = None
with app.app_context(): # change the context in order to allow for use of request
try: # fetch the user by id
token = request.headers['Authorization']
the_user = User.nodes.get(id=token) # fetch the user by id
if level == AuthenticationLevels.ANY:
pass
if level == AuthenticationLevels.USER and the_user.id != user_id:
raise planit_error.WrongUserError()
if level == AuthenticationLevels.EVENT_CREATOR and the_user.role not in [
UserRoles.EVENT_CREATOR_ROLE, UserRoles.ADMIN_ROLE]:
raise planit_error.Forbidden()
if level == AuthenticationLevels.ADMIN and the_user.role != UserRoles.ADMIN_ROLE:
raise planit_error.Forbidden()
response = func(*args, **kwargs)
except DoesNotExist: # return an error message if token is bad
response = application_codes.error_response([application_codes.BAD_AUTHENTICATION])
except KeyError: # return an error message if authentication not provided
response = application_codes.error_response([application_codes.NO_AUTHENTICATION])
except planit_error.WrongUserError:
response = application_codes.error_response([planit_appcodes.WRONG_USER])
except planit_error.Forbidden:
response = application_codes.error_response([application_codes.FORBIDDEN_VIOLATION])
return response
def func_wrapper(*args, **kwargs):
if debug_mode:
response = func(*args, **kwargs)
else:
response = None
with app.app_context(): # change the context in order to allow for use of request
try: # fetch the user by id
token = request.headers['Authorization']
the_user = accesstoken.AccessTokenV1.nodes.get(id=token).user.single() # fetch the user by id
if level == AuthenticationLevels.ANY:
pass
if level == AuthenticationLevels.USER and the_user.id != user_id and the_user.role != UserRoles.SYS_ADMIN:
raise katyscareerror.WrongUserError()
if level == AuthenticationLevels.ADMIN and the_user.role != UserRoles.SYS_ADMIN:
raise katyscareerror.Forbidden()
response = func(*args, **kwargs)
except DoesNotExist: # return an error message if token is bad
response = application_codes.error_response([application_codes.BAD_AUTHENTICATION])
except KeyError: # return an error message if authentication not provided
response = application_codes.error_response([application_codes.NO_AUTHENTICATION])
except katyscareerror.WrongUserError:
response = application_codes.error_response([kc_appcodes.WRONG_USER])
except katyscareerror.Forbidden:
response = application_codes.error_response([application_codes.FORBIDDEN_VIOLATION])
return response
def calf_wrapper(calf_id):
"""
NOTE: cid is case sensitive and determined by the user who creates the calf
The id is made up of the cid and farm id. {farmid}_{cid}
"""
response = None
req_data = json.loads(request.data) if request.data else dict()
try: # Authorize here (not ideal, but this type of auth not supported by def at top of page)
if calf_id:
token = request.headers['Authorization']
the_user = accesstoken.AccessTokenV1.nodes.get(id=token).user.single()
calf = Calf.nodes.get(id=calf_id)
permitted_users = calf.farm.single().staff.all()
if the_user in permitted_users:
pass
else:
raise katyscareerror.KatysCareError
except DoesNotExist:
return application_codes.error_response([application_codes.BAD_AUTHENTICATION])
except katyscareerror.KatysCareError:
return application_codes.error_response([application_codes.FORBIDDEN_VIOLATION])
except KeyError:
return application_codes.error_response([application_codes.NO_AUTHENTICATION])
@authenticate(AuthenticationLevels.ANY)
def public_calls():
if request.method == 'POST':
try:
farm_id = req_data["data"]["relationships"]["farm"]["data"]["id"]
cid = req_data["data"]["attributes"]["cid"]
req_data["data"]["attributes"]["id"] = "{fid}_{cid}".format(fid=farm_id, cid=cid)
return Calf.create_resource(req_data)
except KeyError:
return application_codes.error_response([application_codes.BAD_FORMAT_VIOLATION])
elif request.method == 'GET' and calf_id:
return Calf.get_resource(request.args, calf_id)
elif request.method == 'GET':
return Calf.get_collection(request.args)
@authenticate(AuthenticationLevels.ANY)
def private_calls():
if request.method == 'PATCH':
return Calf.update_resource(req_data, calf_id)
elif request.method == 'DELETE': # WARNING: THIS DOES A FULL DELETE NOT A DEACTIVATE
try:
the_calf = Calf.nodes.get(id=calf_id)
the_calf.delete()
except DoesNotExist:
return application_codes.error_response([application_codes.RESOURCE_NOT_FOUND])
# return Calf.deactivate_resource(calf_id) (old behavior)
return '', 204
if request.method in ['POST', 'GET']:
response = public_calls()
elif request.method in ['PATCH', 'DELETE']:
response = private_calls()
return response
def get_token():
request_json = json.loads(request.data)
try:
response = user_module.login(request_json, request.args)
except KeyError:
response = application_codes.error_response([application_codes.BAD_FORMAT_VIOLATION])
return response
def login(request_form, request_args):
try:
email = request_form['email'].lower()
password = request_form['password']
password = hashlib.sha256(password).hexdigest()
u = UserV1.nodes.get(email=email, password=password) # get user from id and password
new_token = token_representation(u.id)
if u.token:
accesstoken.AccessTokenV1.update_resource(new_token, u.token.single().id)
r = accesstoken.AccessTokenV1.get_resource(request_args, u.token.single().id)
else:
r = accesstoken.AccessTokenV1.create_resource(new_token, request_args) # create the new token then connect it
except DoesNotExist:
r = application_codes.error_response([application_codes.RESOURCE_NOT_FOUND])
except KeyError:
r = application_codes.error_response([application_codes.BAD_FORMAT_VIOLATION])
return r
def private_calls():
if request.method == 'PATCH':
return Calf.update_resource(req_data, calf_id)
elif request.method == 'DELETE': # WARNING: THIS DOES A FULL DELETE NOT A DEACTIVATE
try:
the_calf = Calf.nodes.get(id=calf_id)
the_calf.delete()
except DoesNotExist:
return application_codes.error_response([application_codes.RESOURCE_NOT_FOUND])
# return Calf.deactivate_resource(calf_id) (old behavior)
return '', 204
def public_calls():
if request.method == 'POST':
try:
farm_id = req_data["data"]["relationships"]["farm"]["data"]["id"]
cid = req_data["data"]["attributes"]["cid"]
req_data["data"]["attributes"]["id"] = "{fid}_{cid}".format(fid=farm_id, cid=cid)
return Calf.create_resource(req_data)
except KeyError:
return application_codes.error_response([application_codes.BAD_FORMAT_VIOLATION])
elif request.method == 'GET' and calf_id:
return Calf.get_resource(request.args, calf_id)
elif request.method == 'GET':
return Calf.get_collection(request.args)
def user_wrapper(id):
"""Methods related to the user resource"""
response = None
if id:
id = id.lower()
req_data = None
try:
if request.data:
req_data = json.loads(request.data)
if "email" in req_data["data"]["attributes"]:
req_data["data"]["attributes"]["email"] = req_data["data"]["attributes"]["email"].lower() # emails should be lower case
if "id" in req_data["data"]["attributes"]:
req_data["data"]["attributes"]["id"] = req_data["data"]["attributes"]["id"].lower()
except KeyError:
return application_codes.error_response([application_codes.BAD_FORMAT_VIOLATION])
def post_user():
return User.create_resource(req_data)
@authenticate(AuthenticationLevels.USER, id)
def patch_user():
return User.update_resource(req_data, id)
@authenticate(AuthenticationLevels.USER, id)
def delete_user():
return User.deactivate_resource(id)
@authenticate(AuthenticationLevels.USER, id)
def get_user():
return User.get_resource(request.args, id)
@authenticate(AuthenticationLevels.ADMIN)
def get_user_collection():
return User.get_collection(request.args)
# pick method to execute
if request.method == 'POST': # no auth required
response = post_user()
elif request.method == 'PATCH': # must be user
response = patch_user()
elif request.method == 'DELETE': # must be user
response = delete_user()
elif request.method == 'GET' and id: # must be user
response = get_user()
elif request.method == 'GET': # must be administrator
response = get_user_collection()
return response
def post_event():
req_data = eval(request.data)
try: # convert dates to datetime format
st = req_data['data']['attributes'].get('start_time')
et = req_data['data']['attributes'].get('end_time')
# set the owner
req_data['data']['relationships']['owner'] = dict()
req_data['data']['relationships']['owner']['data'] = {'id': request.headers['Authorization'], 'type': 'users'}
if st:
req_data['data']['attributes']['start_time'] = datetime.strptime(st, '%Y-%m-%d %H:%M:%S')
if et:
req_data['data']['attributes']['end_time'] = datetime.strptime(et, '%Y-%m-%d %H:%M:%S')
except KeyError:
return application_codes.error_response([application_codes.BAD_FORMAT_VIOLATION])
# set the owner
return Event.create_resource(req_data)
def treatment_plan_wrapper(tp_id):
response = None
tp_id = tp_id.lower() if tp_id else tp_id
req_data = json.loads(request.data) if request.data else dict()
tp_owner_id = None
try: # Attempt to find user associated with treatment plan
if tp_id:
tp = TreatmentPlan.nodes.get(id=tp_id)
tp_owner = tp.veterinarian.single()
if tp_owner:
tp_owner_id = tp_owner.id
except DoesNotExist:
return application_codes.error_response([application_codes.RESOURCE_NOT_FOUND])
@authenticate(AuthenticationLevels.ANY)
def public_calls():
if request.method == 'POST':
user_id = user_from_token(request.headers['Authorization'])
if 'relationships' not in req_data['data']:
req_data['data']['relationships'] = dict()
req_data['data']['relationships']['veterinarian'] = dict()
req_data['data']['relationships']['veterinarian']['data'] = {'type': 'users', 'id': user_id}
return TreatmentPlan.create_resource(req_data)
elif request.method == 'GET' and tp_id:
return TreatmentPlan.get_resource(request.args, tp_id)
elif request.method == 'GET':
return TreatmentPlan.get_collection(request.args)
@authenticate(AuthenticationLevels.USER, user_id=tp_owner_id)
def private_calls():
if request.method == 'PATCH':
return TreatmentPlan.update_resource(req_data, tp_id)
elif request.method == 'DELETE':
return TreatmentPlan.deactivate_resource(tp_id)
if request.method in ['POST', 'GET']:
response = public_calls()
elif request.method in ['PATCH', 'DELETE']:
response = private_calls()
return response
def method_not_allowed(error):
return application_codes.error_response([application_codes.METHOD_NOT_ALLOWED])
def not_found(error):
return application_codes.error_response([application_codes.RESOURCE_NOT_FOUND])