def test_query_draft_event_user_error(event, user_login):
"Different user should not be able to access draft event of other user"
event.state = 'draft'
with pytest.raises(ObjectNotFound):
event_query(Ticket.query, {'event_id': event.id})
with pytest.raises(ObjectNotFound):
event_query(Order.query, {'event_identifier': event.identifier})
def test_query_event(event):
assert str(event_query(Order.query, {'event_id': event.id})) == str(
Order.query.join(Event).filter(Event.id == event.id))
assert str(
event_query(Ticket.query,
{'event_identifier': event.identifier})) == str(
Ticket.query.join(Event).filter(Event.id == event.id))
def test_query_restricted_event_admin(event, admin_login):
assert str(event_query(
Order.query, {'event_id': event.id}, restrict=True)) == str(
Order.query.join(Event).filter(Event.id == event.id))
assert str(
event_query(Ticket.query, {'event_identifier': event.identifier},
restrict=True)) == str(
Ticket.query.join(Event).filter(Event.id == event.id))
def test_query_draft_event_admin(event, admin_login):
event.state = 'draft'
assert str(event_query(Order.query, {'event_id': event.id})) == str(
Order.query.join(Event).filter(Event.id == event.id))
assert str(
event_query(Ticket.query,
{'event_identifier': event.identifier})) == str(
Ticket.query.join(Event).filter(Event.id == event.id))
def test_query_restricted_event_organizer(event, user, user_login):
get_owner(event, user)
assert str(event_query(
Order.query, {'event_id': event.id}, restrict=True)) == str(
Order.query.join(Event).filter(Event.id == event.id))
assert str(
event_query(Ticket.query, {'event_identifier': event.identifier},
restrict=True)) == str(
Ticket.query.join(Event).filter(Event.id == event.id))
def test_query_draft_event_organizer(event, user, user_login):
get_owner(event, user)
event.state = 'draft'
assert str(event_query(Order.query, {'event_id': event.id})) == str(
Order.query.join(Event).filter(Event.id == event.id))
assert str(
event_query(Ticket.query,
{'event_identifier': event.identifier})) == str(
Ticket.query.join(Event).filter(Event.id == event.id))
def query(self, view_kwargs):
"""
query method for Attendees List
:param view_kwargs:
:return:
"""
query_ = self.session.query(TicketHolder)
if view_kwargs.get('order_identifier'):
order = safe_query(self, Order, 'identifier', view_kwargs['order_identifier'], 'order_identifier')
if not has_access('is_registrar', event_id=order.event_id) and not has_access('is_user_itself',
user_id=order.user_id):
raise ForbiddenException({'source': ''}, 'Access Forbidden')
query_ = query_.join(Order).filter(Order.id == order.id)
if view_kwargs.get('ticket_id'):
ticket = safe_query(self, Ticket, 'id', view_kwargs['ticket_id'], 'ticket_id')
if not has_access('is_registrar', event_id=ticket.event_id):
raise ForbiddenException({'source': ''}, 'Access Forbidden')
query_ = query_.join(Ticket).filter(Ticket.id == ticket.id)
if view_kwargs.get('user_id'):
user = safe_query(self, User, 'id', view_kwargs['user_id'], 'user_id')
if not has_access('is_user_itself', user_id=user.id):
raise ForbiddenException({'source': ''}, 'Access Forbidden')
query_ = query_.join(User, User.email == TicketHolder.email).filter(User.id == user.id)
query_ = event_query(self, query_, view_kwargs, permission='is_registrar')
return query_
def query(self, view_kwargs):
"""
query method for Attendees List
:param view_kwargs:
:return:
"""
query_ = self.session.query(TicketHolder)
if view_kwargs.get('order_identifier'):
order = safe_query(self, Order, 'identifier', view_kwargs['order_identifier'], 'order_identifier')
if not has_access('is_registrar', event_id=order.event_id) or not has_access('is_user_itself',
id=order.user_id):
raise ForbiddenException({'source': ''}, 'Access Forbidden')
query_ = query_.join(Order).filter(Order.id == order.id)
if view_kwargs.get('ticket_id'):
ticket = safe_query(self, Ticket, 'id', view_kwargs['ticket_id'], 'ticket_id')
if not has_access('is_registrar', event_id=ticket.event_id):
raise ForbiddenException({'source': ''}, 'Access Forbidden')
query_ = query_.join(Ticket).filter(Ticket.id == ticket.id)
if view_kwargs.get('user_id'):
user = safe_query(self, User, 'id', view_kwargs['user_id'], 'user_id')
if not has_access('is_user_itself', id=user.id):
raise ForbiddenException({'source': ''}, 'Access Forbidden')
query_ = query_.join(User, User.email == TicketHolder.email).filter(User.id == user.id)
query_ = event_query(self, query_, view_kwargs, permission='is_registrar')
return query_
def query(self, view_kwargs):
"""
query method for resource list
:param view_kwargs:
:return:
"""
query_ = self.session.query(Ticket).filter_by(is_hidden=False)
if view_kwargs.get('ticket_tag_id'):
ticket_tag = safe_query(self, TicketTag, 'id',
view_kwargs['ticket_tag_id'],
'ticket_tag_id')
query_ = query_.join(ticket_tags_table).filter_by(
ticket_tag_id=ticket_tag.id)
query_ = event_query(self, query_, view_kwargs)
if view_kwargs.get('access_code_id'):
access_code = safe_query(self, AccessCode, 'id',
view_kwargs['access_code_id'],
'access_code_id')
# access_code - ticket :: many-to-many relationship
query_ = Ticket.query.filter(
Ticket.access_codes.any(id=access_code.id))
if view_kwargs.get('order_identifier'):
order = safe_query(self, Order, 'identifier',
view_kwargs['order_identifier'],
'order_identifier')
ticket_ids = []
for ticket in order.tickets:
ticket_ids.append(ticket.id)
query_ = query_.filter(Ticket.id.in_(tuple(ticket_ids)))
return query_
def query(self, view_kwargs):
"""
query method for speakers list class
:param view_kwargs:
:return:
"""
query_ = self.session.query(Speaker)
query_ = event_query(query_, view_kwargs)
if view_kwargs.get('user_id'):
user = safe_query_kwargs(User, view_kwargs, 'user_id')
query_ = query_.join(User).filter(User.id == user.id)
if view_kwargs.get('session_id'):
session = safe_query_kwargs(Session, view_kwargs, 'session_id')
# session-speaker :: many-to-many relationship
query_ = Speaker.query.filter(Speaker.sessions.any(id=session.id))
if 'Authorization' in request.headers and not has_access(
'is_coorganizer', event_id=session.event_id):
if not has_access('is_session_self_submitted',
session_id=session.id):
query_ = query_.filter(Session.state == "approved"
or Session.state == "accepted")
return query_
def query(self, view_kwargs):
"""
query method for resource list
:param view_kwargs:
:return:
"""
if 'Authorization' in request.headers:
verify_jwt_in_request()
if current_user.is_super_admin or current_user.is_admin:
query_ = self.session.query(Ticket)
elif view_kwargs.get('event_id') and has_access(
'is_organizer', event_id=view_kwargs['event_id']):
query_ = self.session.query(Ticket)
else:
query_ = self.session.query(Ticket).filter_by(is_hidden=False)
else:
query_ = self.session.query(Ticket).filter_by(is_hidden=False)
if view_kwargs.get('ticket_tag_id'):
ticket_tag = safe_query(self, TicketTag, 'id',
view_kwargs['ticket_tag_id'],
'ticket_tag_id')
query_ = query_.join(ticket_tags_table).filter_by(
ticket_tag_id=ticket_tag.id)
query_ = event_query(self, query_, view_kwargs)
if view_kwargs.get('access_code_id'):
access_code = safe_query(self, AccessCode, 'id',
view_kwargs['access_code_id'],
'access_code_id')
# access_code - ticket :: many-to-many relationship
query_ = Ticket.query.filter(
Ticket.access_codes.any(id=access_code.id))
if view_kwargs.get('discount_code_id'):
discount_code = safe_query(
self,
DiscountCode,
'id',
view_kwargs['discount_code_id'],
'discount_code_id',
)
# discount_code - ticket :: many-to-many relationship
query_ = Ticket.query.filter(
Ticket.discount_codes.any(id=discount_code.id))
if view_kwargs.get('order_identifier'):
order = safe_query(
self,
Order,
'identifier',
view_kwargs['order_identifier'],
'order_identifier',
)
ticket_ids = []
for ticket in order.tickets:
ticket_ids.append(ticket.id)
query_ = query_.filter(Ticket.id.in_(tuple(ticket_ids)))
return query_
def query(self, view_kwargs):
"""
query method for SessionList class
:param view_kwargs:
:return:
"""
query_ = self.session.query(Session)
if view_kwargs.get('track_id') is not None:
track = safe_query(self, Track, 'id', view_kwargs['track_id'],
'track_id')
query_ = query_.join(Track).filter(Track.id == track.id)
if view_kwargs.get('session_type_id') is not None:
session_type = safe_query(self, SessionType, 'id',
view_kwargs['session_type_id'],
'session_type_id')
query_ = query_.join(SessionType).filter(
SessionType.id == session_type.id)
if view_kwargs.get('microlocation_id') is not None:
microlocation = safe_query(self, Microlocation, 'id',
view_kwargs['microlocation_id'],
'microlocation_id')
query_ = query_.join(Microlocation).filter(
Microlocation.id == microlocation.id)
if view_kwargs.get('user_id') is not None:
user = safe_query(self, User, 'id', view_kwargs['user_id'],
'user_id')
query_ = query_.join(User).filter(User.id == user.id)
query_ = event_query(self, query_, view_kwargs)
if view_kwargs.get('speaker_id'):
speaker = safe_query(self, Speaker, 'id',
view_kwargs['speaker_id'], 'speaker_id')
# session-speaker :: many-to-many relationship
query_ = Session.query.filter(Session.speakers.any(id=speaker.id))
return query_
def query(self, view_kwargs):
"""
Method to get access codes list based on different view_kwargs
:param view_kwargs:
:return:
"""
query_ = self.session.query(AccessCode)
query_ = event_query(self,
query_,
view_kwargs,
permission='is_coorganizer')
if view_kwargs.get('user_id'):
user = safe_query(self, User, 'id', view_kwargs['user_id'],
'user_id')
if not has_access('is_user_itself', user_id=user.id):
raise ForbiddenException({'source': ''}, 'Access Forbidden')
query_ = query_.join(User).filter(User.id == user.id)
if view_kwargs.get('ticket_id'):
ticket = safe_query(self, Ticket, 'id', view_kwargs['ticket_id'],
'ticket_id')
if not has_access('is_coorganizer', event_id=ticket.event_id):
raise ForbiddenException({'source': ''}, 'Access Forbidden')
# access_code - ticket :: many-to-many relationship
query_ = AccessCode.query.filter(
AccessCode.tickets.any(id=ticket.id))
query_
return query_
def query(self, view_kwargs):
"""
query method for SessionList class
:param view_kwargs:
:return:
"""
query_ = self.session.query(Session)
if view_kwargs.get('track_id') is not None:
track = safe_query(self, Track, 'id', view_kwargs['track_id'], 'track_id')
query_ = query_.join(Track).filter(Track.id == track.id)
if view_kwargs.get('session_type_id') is not None:
session_type = safe_query(self, SessionType, 'id', view_kwargs['session_type_id'], 'session_type_id')
query_ = query_.join(SessionType).filter(SessionType.id == session_type.id)
if view_kwargs.get('microlocation_id') is not None:
microlocation = safe_query(self, Microlocation, 'id', view_kwargs['microlocation_id'], 'microlocation_id')
query_ = query_.join(Microlocation).filter(Microlocation.id == microlocation.id)
if view_kwargs.get('user_id') is not None:
user = safe_query(self, User, 'id', view_kwargs['user_id'], 'user_id')
query_ = query_.join(User).filter(User.id == user.id)
query_ = event_query(self, query_, view_kwargs)
if view_kwargs.get('speaker_id'):
speaker = safe_query(self, Speaker, 'id', view_kwargs['speaker_id'], 'speaker_id')
# session-speaker :: many-to-many relationship
query_ = Session.query.filter(Session.speakers.any(id=speaker.id))
return query_
def query(self, view_kwargs):
"""
query method for social link
:param view_kwargs:
:return:
"""
query_ = self.session.query(SocialLink)
query_ = event_query(self, query_, view_kwargs)
return query_
def query(self, view_kwargs):
"""
query method for resource list
:param view_kwargs:
:return:
"""
query_ = self.session.query(Tax)
query_ = event_query(self, query_, view_kwargs)
return query_
def query(self, view_kwargs):
"""
query method for different view_kwargs
:param view_kwargs:
:return:
"""
query_ = self.session.query(Feedback)
query_ = event_query(self, query_, view_kwargs)
return query_
def query(self, view_kwargs):
"""
query method for Sponsor List
:param view_kwargs:
:return:
"""
query_ = self.session.query(Sponsor)
query_ = event_query(self, query_, view_kwargs)
return query_
def query(self, view_kwargs):
"""
query method for social link
:param view_kwargs:
:return:
"""
query_ = self.session.query(SocialLink)
query_ = event_query(self, query_, view_kwargs)
return query_
def query(self, view_kwargs):
"""
query method for different view_kwargs
:param view_kwargs:
:return:
"""
query_ = self.session.query(CustomForms)
query_ = event_query(query_, view_kwargs)
return query_
def query(self, view_kwargs):
"""
query method for Session Type List
:param view_kwargs:
:return:
"""
query_ = self.session.query(FaqType)
query_ = event_query(self, query_, view_kwargs)
return query_
def query(self, view_kwargs):
"""
query method for role invites list
:param view_kwargs:
:return:
"""
query_ = self.session.query(RoleInvite)
query_ = event_query(self, query_, view_kwargs)
return query_
def query(self, view_kwargs):
"""
query method for Session Type List
:param view_kwargs:
:return:
"""
query_ = self.session.query(SessionType)
query_ = event_query(query_, view_kwargs)
return query_
def query(self, view_kwargs):
"""
query method for different view_kwargs
:param view_kwargs:
:return:
"""
query_ = self.session.query(Feedback)
query_ = event_query(self, query_, view_kwargs)
return query_
def query(self, view_kwargs):
"""
query method for Sponsor List
:param view_kwargs:
:return:
"""
query_ = self.session.query(Sponsor)
query_ = event_query(self, query_, view_kwargs)
return query_
def query(self, view_kwargs):
"""
query method for resource list
:param view_kwargs:
:return:
"""
query_ = self.session.query(Track)
query_ = event_query(self, query_, view_kwargs)
return query_
def query(self, view_kwargs):
"""
query method for role invites list
:param view_kwargs:
:return:
"""
query_ = self.session.query(RoleInvite)
query_ = event_query(self, query_, view_kwargs)
return query_
def query(self, view_kwargs):
query_ = Exhibitor.query
if view_kwargs.get('session_id'):
session = safe_query_kwargs(Session, view_kwargs, 'session_id')
# session-exhibitor :: many-to-many relationship
query_ = Exhibitor.query.filter(
Exhibitor.sessions.any(id=session.id))
elif view_kwargs.get('event_id') or view_kwargs.get(
'event_identifier'):
query_ = event_query(query_, view_kwargs)
return query_
def query(self, view_kwargs):
"""
query method for resource list
:param view_kwargs:
:return:
"""
query_ = self.session.query(Microlocation)
query_ = event_query(query_, view_kwargs)
if view_kwargs.get('session_id'):
session = safe_query_kwargs(Session, view_kwargs, 'session_id')
query_ = query_.join(Session).filter(Session.id == session.id)
return query_
def query(self, view_kwargs):
"""
query method for resource list
:param view_kwargs:
:return:
"""
query_ = self.session.query(Microlocation)
query_ = event_query(self, query_, view_kwargs)
if view_kwargs.get('session_id'):
session = safe_query(self, Session, 'id', view_kwargs['session_id'], 'session_id')
query_ = query_.join(Session).filter(Session.id == session.id)
return query_
def query(self, view_kwargs):
"""
query method for different view_kwargs
:param view_kwargs:
:return:
"""
query_ = self.session.query(Faq)
query_ = event_query(query_, view_kwargs)
if view_kwargs.get('faq_type_id') is not None:
faq_type = safe_query_kwargs(FaqType, view_kwargs, 'faq_type_id')
query_ = query_.join(FaqType).filter(FaqType.id == faq_type.id)
return query_
def query(self, view_kwargs):
"""
method to query Ticket tags based on different params
:param view_kwargs:
:return:
"""
query_ = self.session.query(TicketTag)
if view_kwargs.get('ticket_id'):
ticket = safe_query(self, Ticket, 'id', view_kwargs['ticket_id'], 'ticket_id')
query_ = query_.join(ticket_tags_table).filter_by(ticket_id=ticket.id)
query_ = event_query(self, query_, view_kwargs)
return query_
def query(self, view_kwargs):
"""
method to query Ticket tags based on different params
:param view_kwargs:
:return:
"""
query_ = self.session.query(TicketTag)
if view_kwargs.get('ticket_id'):
ticket = safe_query_kwargs(Ticket, view_kwargs, 'ticket_id')
query_ = query_.join(ticket_tags_table).filter_by(
ticket_id=ticket.id)
query_ = event_query(query_, view_kwargs)
return query_
def query(self, view_kwargs):
query_ = self.session.query(Order)
if view_kwargs.get('user_id'):
# orders under a user
user = safe_query_kwargs(User, view_kwargs, 'user_id')
if not has_access('is_user_itself', user_id=user.id):
raise ForbiddenError({'source': ''}, 'Access Forbidden')
query_ = query_.filter(Order.user_id == user.id)
else:
# orders under an event
query_ = event_query(query_, view_kwargs, restrict=True)
return query_
def query(self, view_kwargs):
"""
query method for event invoice list
:param view_kwargs:
:return:
"""
query_ = self.session.query(EventInvoice)
query_ = event_query(self, query_, view_kwargs)
if view_kwargs.get('user_id'):
user = safe_query(self, User, 'id', view_kwargs['user_id'], 'user_id')
query_ = query_.join(User).filter(User.id == user.id)
if view_kwargs.get('discount_code_id'):
discount_code = safe_query(self, DiscountCode, 'id', view_kwargs['discount_code_id'], 'discount_code_id')
query_ = query_.join(DiscountCode).filter(DiscountCode.id == discount_code.id)
return query_
def query(self, view_kwargs):
"""
query method for SessionList class
:param view_kwargs:
:return:
"""
query_ = self.session.query(Session)
if view_kwargs.get('track_id'):
track = safe_query_kwargs(Track, view_kwargs, 'track_id')
query_ = query_.join(Track).filter(Track.id == track.id)
elif view_kwargs.get('session_type_id'):
session_type = safe_query_kwargs(SessionType, view_kwargs, 'session_type_id')
query_ = query_.join(SessionType).filter(SessionType.id == session_type.id)
elif view_kwargs.get('microlocation_id'):
microlocation = safe_query_kwargs(
Microlocation,
view_kwargs,
'microlocation_id',
)
query_ = query_.join(Microlocation).filter(
Microlocation.id == microlocation.id
)
elif view_kwargs.get('user_id'):
user = safe_query_kwargs(User, view_kwargs, 'user_id')
query_ = (
query_.join(Session.speakers)
.filter(
Session.creator_id == user.id
or Session.speakers.any(
or_(Speaker.user_id == user.id, Speaker.email == user.email)
)
)
.distinct(*get_distinct_sort_fields(SessionSchema, Session, sort=False))
.order_by(*get_distinct_sort_fields(SessionSchema, Session))
)
elif view_kwargs.get('speaker_id'):
speaker = safe_query_kwargs(Speaker, view_kwargs, 'speaker_id')
# session-speaker :: many-to-many relationship
query_ = Session.query.filter(Session.speakers.any(id=speaker.id))
elif view_kwargs.get('exhibitor_id'):
exhibitor = safe_query_kwargs(Exhibitor, view_kwargs, 'exhibitor_id')
# session-exhibitor :: many-to-many relationship
query_ = Session.query.filter(Session.exhibitors.any(id=exhibitor.id))
elif view_kwargs.get('event_id') or view_kwargs.get('event_identifier'):
query_ = event_query(query_, view_kwargs)
return query_
def query(self, view_kwargs):
"""
query method for Attendees List
:param view_kwargs:
:return:
"""
query_ = self.session.query(TicketHolder)
if view_kwargs.get('order_identifier'):
order = safe_query_kwargs(
Order,
view_kwargs,
'order_identifier',
'identifier',
)
is_coorganizer = has_access(
'is_coorganizer',
event_id=order.event_id,
)
if not (
is_coorganizer
or current_user.id == order.user_id
or order.is_attendee(current_user)
):
raise ForbiddenError({'source': ''}, 'Access Forbidden')
query_ = query_.join(Order).filter(Order.id == order.id)
if not is_coorganizer and current_user.id != order.user_id:
query_ = query_.filter(TicketHolder.user == current_user)
if view_kwargs.get('ticket_id'):
ticket = safe_query_kwargs(Ticket, view_kwargs, 'ticket_id')
# if not has_access('is_registrar', event_id=ticket.event_id):
# raise ForbiddenError({'source': ''}, 'Access Forbidden')
query_ = query_.join(Ticket).filter(Ticket.id == ticket.id)
if view_kwargs.get('user_id'):
user = safe_query_kwargs(User, view_kwargs, 'user_id')
if not has_access('is_user_itself', user_id=user.id):
raise ForbiddenError({'source': ''}, 'Access Forbidden')
query_ = query_.join(User, User.email == TicketHolder.email).filter(
User.id == user.id
)
query_ = event_query(query_, view_kwargs, restrict=True)
return query_
def query(self, view_kwargs):
"""
query method for event invoice list
:param view_kwargs:
:return:
"""
user = current_user
user_id = view_kwargs.get('user_id')
if user_id != user.id and not user.is_staff:
raise ForbiddenError({'source': ''}, 'Admin access is required')
query_ = self.session.query(EventInvoice)
query_ = event_query(query_, view_kwargs)
if user_id:
user = safe_query_kwargs(User, view_kwargs, 'user_id')
query_ = query_.join(User).filter(User.id == user.id)
return query_
def query(self, view_kwargs):
"""
query method for event invoice list
:param view_kwargs:
:return:
"""
query_ = self.session.query(EventInvoice)
query_ = event_query(query_, view_kwargs)
if view_kwargs.get('user_id'):
user = safe_query_kwargs(User, view_kwargs, 'user_id')
query_ = query_.join(User).filter(User.id == user.id)
if view_kwargs.get('discount_code_id'):
discount_code = safe_query_kwargs(
DiscountCode, view_kwargs, 'discount_code_id',
)
query_ = query_.join(DiscountCode).filter(DiscountCode.id == discount_code.id)
return query_
def query(self, view_kwargs):
query_ = self.session.query(Order)
if view_kwargs.get('user_id'):
# orders under a user
user = safe_query(self, User, 'id', view_kwargs['user_id'], 'user_id')
if not has_access('is_user_itself', user_id=user.id):
raise ForbiddenException({'source': ''}, 'Access Forbidden')
query_ = query_.join(User, User.id == Order.user_id).filter(User.id == user.id)
else:
# orders under an event
query_ = event_query(self, query_, view_kwargs)
# expire the pending orders if the time limit is over.
orders = query_.all()
for order in orders:
set_expiry_for_order(order)
return query_
def query(self, view_kwargs):
query_ = self.session.query(Order)
if view_kwargs.get('user_id'):
# orders under a user
user = safe_query(self, User, 'id', view_kwargs['user_id'], 'user_id')
if not has_access('is_user_itself', user_id=user.id):
raise ForbiddenException({'source': ''}, 'Access Forbidden')
query_ = query_.join(User, User.id == Order.user_id).filter(User.id == user.id)
else:
# orders under an event
query_ = event_query(self, query_, view_kwargs)
# expire the initializing orders if the time limit is over.
orders = query_.all()
for order in orders:
set_expiry_for_order(order)
return query_
def query(self, view_kwargs):
"""
query method for different view_kwargs
:param view_kwargs:
:return:
"""
query_ = self.session.query(Feedback)
if view_kwargs.get('user_id'):
# feedbacks under an user
user = safe_query(self, User, 'id', view_kwargs['user_id'], 'user_id')
query_ = query_.join(User, User.id == Feedback.user_id).filter(User.id == user.id)
elif view_kwargs.get('session_id'):
# feedbacks under a session
session = safe_query(self, Session, 'id', view_kwargs['session_id'], 'session_id')
query_ = query_.join(Session, Session.id == Feedback.session_id).filter(Session.id == session.id)
else:
# feedbacks under an event
query_ = event_query(self, query_, view_kwargs)
return query_
def query(self, view_kwargs):
"""
Method to get access codes list based on different view_kwargs
:param view_kwargs:
:return:
"""
query_ = self.session.query(AccessCode)
query_ = event_query(self, query_, view_kwargs, permission='is_coorganizer')
if view_kwargs.get('user_id'):
user = safe_query(self, User, 'id', view_kwargs['user_id'], 'user_id')
if not has_access('is_user_itself', id=user.id):
raise ForbiddenException({'source': ''}, 'Access Forbidden')
query_ = query_.join(User).filter(User.id == user.id)
if view_kwargs.get('ticket_id'):
ticket = safe_query(self, Ticket, 'id', view_kwargs['ticket_id'], 'ticket_id')
if not has_access('is_coorganizer', event_id=ticket.event_id):
raise ForbiddenException({'source': ''}, 'Access Forbidden')
# access_code - ticket :: many-to-many relationship
query_ = AccessCode.query.filter(AccessCode.tickets.any(id=ticket.id))
query_
return query_
def query(self, view_kwargs):
"""
query method for resource list
:param view_kwargs:
:return:
"""
if 'Authorization' in request.headers:
_jwt_required(current_app.config['JWT_DEFAULT_REALM'])
if current_user.is_super_admin or current_user.is_admin:
query_ = self.session.query(Ticket)
elif view_kwargs.get('event_id') and has_access('is_organizer', event_id=view_kwargs['event_id']):
query_ = self.session.query(Ticket)
else:
query_ = self.session.query(Ticket).filter_by(is_hidden=False)
else:
query_ = self.session.query(Ticket).filter_by(is_hidden=False)
if view_kwargs.get('ticket_tag_id'):
ticket_tag = safe_query(self, TicketTag, 'id', view_kwargs['ticket_tag_id'], 'ticket_tag_id')
query_ = query_.join(ticket_tags_table).filter_by(ticket_tag_id=ticket_tag.id)
query_ = event_query(self, query_, view_kwargs)
if view_kwargs.get('access_code_id'):
access_code = safe_query(self, AccessCode, 'id', view_kwargs['access_code_id'], 'access_code_id')
# access_code - ticket :: many-to-many relationship
query_ = Ticket.query.filter(Ticket.access_codes.any(id=access_code.id))
if view_kwargs.get('discount_code_id'):
discount_code = safe_query(self, DiscountCode, 'id', view_kwargs['discount_code_id'], 'discount_code_id')
# discount_code - ticket :: many-to-many relationship
query_ = Ticket.query.filter(Ticket.discount_codes.any(id=discount_code.id))
if view_kwargs.get('order_identifier'):
order = safe_query(self, Order, 'identifier', view_kwargs['order_identifier'], 'order_identifier')
ticket_ids = []
for ticket in order.tickets:
ticket_ids.append(ticket.id)
query_ = query_.filter(Ticket.id.in_(tuple(ticket_ids)))
return query_
def query(self, view_kwargs):
"""
query method for resource list
:param view_kwargs:
:return:
"""
query_ = self.session.query(Ticket).filter_by(is_hidden=False)
if view_kwargs.get('ticket_tag_id'):
ticket_tag = safe_query(self, TicketTag, 'id', view_kwargs['ticket_tag_id'], 'ticket_tag_id')
query_ = query_.join(ticket_tags_table).filter_by(ticket_tag_id=ticket_tag.id)
query_ = event_query(self, query_, view_kwargs)
if view_kwargs.get('access_code_id'):
access_code = safe_query(self, AccessCode, 'id', view_kwargs['access_code_id'], 'access_code_id')
# access_code - ticket :: many-to-many relationship
query_ = Ticket.query.filter(Ticket.access_codes.any(id=access_code.id))
if view_kwargs.get('order_identifier'):
order = safe_query(self, Order, 'identifier', view_kwargs['order_identifier'], 'order_identifier')
ticket_ids = []
for ticket in order.tickets:
ticket_ids.append(ticket.id)
query_ = query_.filter(Ticket.id.in_(tuple(ticket_ids)))
return query_
