def get(self, _id): account_id = request.headers.get("account_id") if _id == account_id or (not is_customer(account_id) and is_customer(_id)): result = get_account_visits(_id) return make_response(jsonify(result), 200) else: return make_response("Invalid request, account id needed", 400)
def get(self, _id=None): if _id: account_id = request.headers.get("account_id") if _id == account_id or (not is_customer(account_id) and is_customer( _id)): # to not allow hairdresses to check other hairdressers result = get_account_data(_id) return make_response(result, 200) else: return make_response("User not authorized to view this data", 401) else: if not is_customer(request.headers.get("account_id")): result = get_all_customers_data() return make_response(result, 200) else: return make_response("Not authorized to see all users data", 401)
def get_account_visits(account_id: str) -> dict: """ Provides date, address/full name of customer, and id of the visits of the given account id """ if is_customer(account_id): return get_customer_visits(account_id) else: return get_hairdresser_visits(account_id)
def get(self): account_id = request.headers.get("account_id") session_id = request.headers.get("session_id") access_results = {"isHairdresser": False, "isAdmin": False} if not is_customer(account_id): access_results["isHairdresser"] = True if can_access_admin(session_id, account_id): access_results["isAdmin"] = True return make_response(access_results, 200)
def get(self, _id=None): if authorized_to_access_visit(_id, request.headers.get("account_id")): for_edit = request.headers.get("for_edit") if _id and for_edit: result = get_visit_details_for_edit(_id) return make_response(result, 200) elif _id and not for_edit: result = get_visit_details(_id, is_customer(request.headers.get("account_id"))) return make_response(result, 200) else: return make_response("No visit id provided", 400) else: return make_response("User not authorized to see this visit", 401)
def patch(self, _id): data = request.get_json() if data["summary"] or data["pictures"]: if not is_customer(request.headers.get("account_id")): visit_summary_update = add_visit_summary(request.get_json()) if visit_summary_update: return make_response("Visit updated successfully", 200) else: return make_response(jsonify(visit_summary_update), 400) else: if authorized_to_access_visit(data["id"], request.headers.get("account_id")): inputs = VisitInputs(request) if inputs.validate(): visit_update = update_visit(data) else: return make_response(str(inputs.errors), 400) if visit_update["success"]: return make_response("Visit updated successfully", 200) else: return make_response(jsonify(visit_update), 400) else: return make_response("User not authorized to edit this visit", 401)
def on_model_change(self, form, model, is_created): if is_created and is_customer(form.account_id.data): raise (AttributeError("Klient nie może byc administratorem"))