def put(self, meal_id: str) -> Response: """ PUT request method for updating a meal document. JSON Web Token is required. Admin-level access is required. """ is_admin = Users.objects.get(id=get_jwt_identity()).access.admin if is_admin: data = request.get_json() try: # validate the passed field values Meals(**data).validate() except (FieldDoesNotExist, TypeError, ValidationError, NotUniqueError, DuplicateKeyError): return wrong_value() try: updated_meal = Meals.objects.get(id=meal_id) # if new value for the field is not given, don't change it updated_meal.update( set__name=data.get('name', updated_meal.name), set__description=data.get('description', updated_meal.description), set__price=data.get('price', updated_meal.price), set__image_url=data.get('image_url', updated_meal.image_url)) output = f'Successfully updated meal {meal_id}' return jsonify({'result': output}) except (DoesNotExist, ValidationError): output = f'No meal with id={meal_id}' return jsonify({'result': output}) except NotUniqueError: return wrong_value() else: return forbidden()
def post(self) -> Response: """ POST request method for creating a new meal document. JSON Web Token is required. Admin-level access is required. """ # check if user is admin is_admin = Users.objects.get(id=get_jwt_identity()).access.admin if is_admin: data = request.get_json() try: # validate the passed field values Meals(**data).validate() except (FieldDoesNotExist, TypeError, ValidationError): return wrong_value() try: new_meal = Meals(**data) new_meal.save() output = {'new_meal_id': str(new_meal.id)} except NotUniqueError: output = 'Meal with this name already exists.' except AttributeError: output = 'Could not get new meal\'s ID.' return jsonify({'result': output}) else: return forbidden()
def delete(self, user_id: str) : authorized: bool = Users.objects.get(id=get_jwt_identity()).access.admin if authorized: output = Meals.objects(id=user_id).delete() return jsonify({'result': output}) else: return forbidden()
def get(self): authorized: bool = Users.objects.get( id=get_jwt_identity()).access.admin if authorized: output = Users.objects() return jsonify({'result': output}) else: return forbidden()
def delete(self, user_id: str) -> Response: # DELETE response method for deleting user. authorized: bool = Users.objects.get( id=get_jwt_identity()).access.admin if authorized: output = Users.objects(id=user_id).delete() return jsonify({'result': output}) else: return forbidden()
def post(self): authorized : bool = Users.objects.get(id=get_jwt_identity()).access.admin if authorized: data = request.get_json() post_user = Meals(**data).save() output = {'id': str(post_user.id)} return jsonify({'result': output}) else: return forbidden()
def get(self, user_id: str) -> Response: # GET response method for acquiring single user data. authorized: bool = Users.objects.get( id=get_jwt_identity()).access.admin if authorized: output = Users.objects.get(id=user_id) return jsonify({'result': output}) else: return forbidden()
def put(self, user_id: str): authorized: bool = Users.objects.get( id=get_jwt_identity()).access.admin if authorized: data = request.get_json() put_user = Users.objects(id=user_id).update(**data) output = {'id': str(put_user.id)} return jsonify({'result': output}) else: return forbidden()
def put(self, user_id: str) -> Response: """ PUT request method for updating a certain user document. JSON Web Token is required. Admin-level access is required or logged in user should be the requested user. """ is_admin = Users.objects.get(id=get_jwt_identity()).access.admin # check if requested user is the same as logged in user is_logged_in_user = get_jwt_identity() == user_id if is_admin or is_logged_in_user: data = request.get_json() try: # validate the passed field values Users(**data).validate() except (FieldDoesNotExist, TypeError, ValidationError, NotUniqueError, DuplicateKeyError): return wrong_value() try: updated_user = Users.objects.get(id=user_id) # preventing change of email or password if data['email'] != updated_user.email or \ not updated_user.check_pwd_hash(data['password']): output = 'Update rejected: change of email or password is not allowed.' resp = jsonify({'result': output}) resp.status_code = 400 return resp # retrieve referenced Meals documents and add # their reference to fav_meals list (overwrites old list) if data.get('fav_meals') is not None: try: fav_meals_list = [ Meals.objects.get(__raw__=meal) for meal in data['fav_meals'] ] updated_user.update(set__fav_meals=fav_meals_list) except (OperationFailure, DoesNotExist, ValueError): return wrong_value() # if new value for the field is not given, don't change it updated_user.update( set__name=data.get('name', updated_user.name)) # grant admin access to the user (only existing admin can do it) if data.get('access') is not None: if data['access']['admin']: if is_admin: updated_user.update(set__access=data.get( 'access', updated_user.access)) else: return not_admin() output = f'Successfully updated user {user_id}' except (DoesNotExist, ValidationError): output = f'No user with id={user_id}' return jsonify({'result': output}) else: return forbidden()
def get(self) -> Response: """ GET request method for retrieving all user documents. JSON Web Token is required. Admin-level access is required. """ is_admin = Users.objects.get(id=get_jwt_identity()).access.admin if is_admin: output = Users.objects.exclude('password') return jsonify({'result': output}) else: return forbidden()
def post(self) -> Response: # POST response method for creating user. authorized: bool = Users.objects.get( id=get_jwt_identity()).access.admin if authorized: data = request.get_json() post_user = Users(**data).save() output = {'id': str(post_user.id)} return jsonify({'result': output}) else: return forbidden()
def delete(self) -> Response: """ DELETE response method for deleting all users. JSON Web Token is required. Authorization is required: Access(admin=true) :return: JSON object """ authorized: bool = user.objects.get(id=get_jwt_identity()).access.admin if authorized: output = user.objects.delete() return jsonify({'result': output}) else: return forbidden()
def get(self, user_id: str) -> Response: """ GET response method for acquiring single user data. JSON Web Token is required. Authorization is required: Access(admin=true) or UserId = get_jwt_identity() :return: JSON object """ authorized: bool = user.objects.get(id=get_jwt_identity()).access.admin if authorized: output = user.objects.get(id=user_id) return jsonify({'result': output}) else: return forbidden()
def delete(self, user_id: str) -> Response: """ DELETE response method for deleting single product. JSON Web Token is required. Authorization is required: Access(admin=true) :return: JSON object """ #authorized: bool = Products.objects.get(id=get_jwt_identity()).access.admin if True: output = Products.objects(id=user_id).delete() return jsonify({'result': output}) else: return forbidden()
def post(self) -> Response: """ POST response method for creating product. JSON Web Token is required. Authorization is required: Access(admin=true) :return: JSON object """ #authorized: bool = Products.objects.get(id=get_jwt_identity()).access.admin if True: data = request.get_json() post_user = Products(**data).save() output = {'id': str(post_user.id)} return jsonify({'result': output}) else: return forbidden()
def put(self, user_id: str) -> Response: """ PUT response method for updating a user. JSON Web Token is required. Authorization is required: Access(admin=true) or UserId = get_jwt_identity() :return: JSON object """ authorized: bool = user.objects.get(id=get_jwt_identity()).access.admin if authorized: data = request.get_json() put_user = user.objects(id=user_id).update(**data) output = {'id': str(put_user.id)} return jsonify({'result': output}) else: return forbidden()
def delete(self, meal_id: str) -> Response: """ DELETE request method for deleting a meal document. JSON Web Token is required. Admin-level access is required. """ is_admin = Users.objects.get(id=get_jwt_identity()).access.admin if is_admin: try: Meals.objects.get(id=meal_id).delete() output = f'Successfully deleted meal {meal_id}' return jsonify({'result': output}) except (DoesNotExist, ValidationError): output = f'No meal with id={meal_id}' return jsonify({'result': output}) else: return forbidden()
def get(self, user_id: str) -> Response: """ GET request method for retrieving a certain user document. JSON Web Token is required. Admin-level access is required or logged in user should be the requested user. """ is_admin = Users.objects.get(id=get_jwt_identity()).access.admin # check if requested user is the same as logged in user is_logged_in_user = get_jwt_identity() == user_id if is_admin or is_logged_in_user: try: output = Users.objects.exclude('password').get(id=user_id) return jsonify({'result': output}) except (DoesNotExist, ValidationError): output = f'No user with id={user_id}' return jsonify({'result': output}) else: return forbidden()
def post(self) -> Response: """ POST request method for creating a new user document. JSON Web Token is required. Admin-level access is required. """ is_admin = Users.objects.get(id=get_jwt_identity()).access.admin if is_admin: data = request.get_json() try: # validate the passed field values Users(**data).validate() except (FieldDoesNotExist, TypeError, ValidationError): return wrong_value() try: # retrieve referenced Meals documents and add # their reference to fav_meals list fav_meals_list = [] if data.get('fav_meals') is not None: fav_meals_list = [ Meals.objects.get(__raw__=meal) for meal in data['fav_meals'] ] # create a new user with the given data new_user = Users(email=data.get('email'), password=data.get('password'), name=data.get('name'), fav_meals=fav_meals_list, access=data.get('access')) new_user.save() output = {'new_user_id': str(new_user.id)} except (OperationFailure, DoesNotExist, ValueError): return wrong_value() except NotUniqueError: output = 'User with this email already exists' except AttributeError: output = 'Could not get new user\'s ID.' return jsonify({'result': output}) else: return forbidden()