def user_details_update(): #TODO: separate to a validation class if request.get_json() is None: return ru.http_unsupported_media_type() if request.get_json().get('email') is None: return ru.http_bad_gateway(message="Email must not be empty") if not vu.is_valid_email(request.get_json().get('email')): return ru.http_bad_gateway(message="Email is invalid") if request.get_json().get('first_name') is None: return ru.http_bad_gateway(message="First name must not be empty") if request.get_json().get('last_name') is None: return ru.http_bad_gateway(message="Last name must not be empty") if request.get_json().get('role') is None: return ru.http_bad_gateway(message="Role must not be empty") if request.get_json().get('role') not in role_values: return ru.http_bad_gateway(message="Role value is not valid") if request.headers.get('authorization') is None: return ru.http_unauthorized() auth = request.headers.get('authorization').split(' ') if not vu.is_valid_bearer(auth): return ru.http_unauthorized(message="Invalid Bearer Authentication") token = UserToken.is_valid_token(auth[1]) if token is None: return ru.http_unauthorized(message="Invalid token") if token.is_blocked or token.is_expired: return ru.http_forbidden() if User.is_existing_email_for_update_by_id( token.user, request.get_json().get('email')): return ru.http_conflict(message="Email is already existing") user = User.find_by_id(token.user) if user is None: return ru.http_forbidden() if not User.update_user_by_id( user.id, email=request.get_json().get('email'), first_name=request.get_json().get('first_name'), last_name=request.get_json().get('last_name'), role=user.role): ru.http_conflict(message="Failed to update the resource") return ru.http_success(message="Successful updated")
def user_details(uid): auth = request.headers.get('authorization').split(' ') if not vu.is_valid_bearer(auth): return ru.http_unauthorized(message="Invalid Bearer Authentication") token = UserToken.is_valid_token(auth[1]) if token is None: return ru.http_unauthorized(message="Invalid token") if token.is_blocked or token.is_expired: return ru.http_forbidden() user = User.find_by_id(token.user) if user is None: return ru.http_unauthorized(message="Token is invalid") return ru.http_success( meta={ 'uid': user.uid, 'first_name': user.first_name, 'last_name': user.last_name, 'email': user.email, 'role': role_values_reverse.get(user.role), 'status': status_values_reverse.get(user.status) })
def user_password_update_for_admin(uid): #TODO: separate to a validation class if request.get_json() is None: return ru.http_unsupported_media_type() #TODO: improve validation for password if request.get_json().get('password') is None: return ru.http_bad_gateway(message="Password must not be empty") if len(request.get_json().get('password')) < 8: return ru.http_bad_gateway( message="Password must be a minimum of 8 characters") if request.headers.get('authorization') is None: return ru.http_unauthorized() auth = request.headers.get('authorization').split(' ') if not vu.is_valid_bearer(auth): return ru.http_unauthorized(message="Invalid Bearer Authentication") token = UserToken.is_valid_token(auth[1]) if token is None: return ru.http_unauthorized(message="Invalid token") if token.is_blocked or token.is_expired: return ru.http_forbidden() user = User.find_by_id(token.user) if user is None: return ru.http_forbidden() if not user.is_admin: return ru.http_forbidden() if not User.update_user_password_by_uid( uid, User.generate_password(request.get_json().get('password'))): ru.http_conflict(message="Failed to update the resource") return ru.http_success(message="Successful updated password")
def get_users_for_admin(): auth = request.headers.get('authorization').split(' ') if not vu.is_valid_bearer(auth): return ru.http_unauthorized(message="Invalid Bearer Authentication") token = UserToken.is_valid_token(auth[1]) if token is None: return ru.http_unauthorized(message="Invalid token") if token.is_blocked or token.is_expired: return ru.http_forbidden() user = User.find_by_id(token.user) if user is None: return ru.http_forbidden() if not user.is_admin: return ru.http_forbidden() #TODO: pagination #request.args.get('offset'), request.args.get('limit') all_users = User.get_all() meta = [] if all_users is not None: for row in all_users: meta.append({ 'uid': row.uid, 'first_name': row.first_name, 'last_name': row.last_name, 'email': row.email, 'role': role_values_reverse.get(row.role), 'status': status_values_reverse.get(row.status) }) return ru.http_success(meta=meta)
def user_login(): #TODO: separate to a validation class if request.get_json() is None: return ru.http_unsupported_media_type() if request.get_json().get('email') is None: return ru.http_bad_gateway() if not vu.is_valid_email(request.get_json().get('email')): return ru.http_bad_gateway() #TODO: improve validation for password if request.get_json().get('password') is None: return ru.http_bad_gateway() if len(request.get_json().get('password')) < 8: return ru.http_bad_gateway( message="Password must be a minimum of 8 characters") user = User.is_valid_user(request.get_json().get('email'), request.get_json().get('password')) if user is None: return ru.http_unauthorized(message="Email and password is not valid") token = UserToken.generate_token() if UserToken.create_token(user=user.id, token=token): ru.http_conflict(message="Failed to create a user token") return ru.http_success( meta={ 'uid': user.uid, 'token': token, 'role': role_values_reverse.get(user.role), 'first_name': user.first_name, 'last_name': user.last_name })
def user_registration_for_admin(): #TODO: separate to a validation class if request.get_json() is None: return ru.http_unsupported_media_type() if request.get_json().get('email') is None: return ru.http_bad_gateway(message="Email must not be empty") if not vu.is_valid_email(request.get_json().get('email')): return ru.http_bad_gateway(message="Email is invalid") #TODO: improve validation for password if request.get_json().get('password') is None: return ru.http_bad_gateway(message="Password must not be empty") if len(request.get_json().get('password')) < 8: return ru.http_bad_gateway( message="Password must be a minimum of 8 characters") if request.get_json().get('first_name') is None: return ru.http_bad_gateway(message="First name must not be empty") if request.get_json().get('last_name') is None: return ru.http_bad_gateway(message="Last name must not be empty") if request.get_json().get('role') is None: return ru.http_bad_gateway(message="Role must not be empty") if request.get_json().get('role') not in role_values: return ru.http_bad_gateway(message="Role value is not valid") if request.headers.get('authorization') is None: return ru.http_unauthorized() auth = request.headers.get('authorization').split(' ') if not vu.is_valid_bearer(auth): return ru.http_unauthorized(message="Invalid Bearer Authentication") token = UserToken.is_valid_token(auth[1]) if token is None: return ru.http_unauthorized(message="Invalid token") if token.is_blocked or token.is_expired: return ru.http_forbidden() if User.is_existing_email(request.get_json().get('email')): return ru.http_conflict(message="Email is already existing") user = User.find_by_id(token.user) if user is None: return ru.http_forbidden() if not user.is_admin: return ru.http_forbidden() if not User.create_user( email=request.get_json().get('email'), password=User.generate_password( request.get_json().get('password')), uid=User.generate_uid(), first_name=request.get_json().get('first_name'), last_name=request.get_json().get('last_name'), role=role_values.get(request.get_json().get('role')), #status default = 2 for the meantime when there is no email validation yet status=1): ru.http_conflict(message="Failed to create the resource") return ru.http_created()
def get_users_by_roles(role): if role is None: ru.http_bad_gateway(message="Role is required") if role not in role_values: ru.http_bad_gateway(message="Role is invalid") if request.headers.get('authorization') is None: return ru.http_unauthorized() auth = request.headers.get('authorization').split(' ') if not vu.is_valid_bearer(auth): return ru.http_unauthorized(message="Invalid Bearer Authentication") token = UserToken.is_valid_token(auth[1]) if token is None: return ru.http_unauthorized(message="Invalid token") if token.is_blocked or token.is_expired: return ru.http_forbidden() user = User.find_by_id(token.user) if user is None: return ru.http_forbidden() if user.is_admin: meta = [] for row in User.find_by_role(role_values.get(role)): meta.append({ "first_name": row.first_name, "last_name": row.last_name, "email": row.email, "uid": row.uid }) return ru.http_success(message="Successful fetching of data", meta=meta) if user.is_employee and role == 'manager': meta = [] for row in User.find_by_role(role_values.get(role)): meta.append({ "first_name": row.first_name, "last_name": row.last_name, "email": row.email, "uid": row.uid }) return ru.http_success(message="Successful fetching of data", meta=meta) if user.is_manager and role == 'finance_manager': meta = [] for row in User.find_by_role(role_values.get(role)): meta.append({ "first_name": row.first_name, "last_name": row.last_name, "email": row.email, "uid": row.uid }) return ru.http_success(message="Successful fetching of data", meta=meta) return ru.http_bad_gateway(message="Invalid role")
def get_travel_finance_record(): auth = request.headers.get('authorization').split(' ') if not vu.is_valid_bearer(auth): return ru.http_unauthorized(message="Invalid Bearer Authentication") token = UserToken.is_valid_token(auth[1]) if token is None: return ru.http_unauthorized(message="Invalid token") if token.is_blocked or token.is_expired: return ru.http_forbidden() user = User.find_by_id(token.user) if user is None: return ru.http_forbidden() if user.is_finance_manager: travels = db.session.query(Travel).join( TravelApproval, TravelApproval.travel == Travel.id).filter( or_(TravelApproval.approver == user.id, TravelApproval.sender == user.id)).all() meta = [] if travels is not None: for travel in travels: query = db.session.query(TravelApproval, User).join( User, TravelApproval.approver == User.id, isouter=True).filter(travel.id == TravelApproval.travel) sub = db.session.query(TravelApproval.status).filter( TravelApproval.travel == travel.id).order_by( desc(TravelApproval.id)).limit(1) if status_values.get(request.args.get('status')) is not None: query = query.filter( TravelApproval.status == sub, TravelApproval.status == status_values.get( request.args.get('status')), TravelApproval.status != 0) else: query = query.filter(TravelApproval.status == sub, TravelApproval.status.in_([1, 2, 3])) query = query.order_by(desc(TravelApproval.id)).limit(1) for row in query.all(): o = User.find_by_id(travel.owner) s = User.find_by_id(row[0].sender) a = row[0] u = row[1] #t_ : for travel object #ta_ : for travel approval object #u_ : for user object if a is not None: meta.append({ 't_id': travel.id, 't_created': travel.created, 't_modified': travel.modified, 't_description': travel.description, 't_start_date': travel.start_date, 't_end_date': travel.end_date, 't_mode': travel.mode, 't_ticket_cost': travel.ticket_cost, 't_home_airport_cost': travel.home_airport_cab_cost, 't_destination_airport_cost': travel.dest_airport_cab_cost, 't_hotel_cost': travel.hotel_cost, 't_local_conveyance': travel.local_conveyance, 'ta_status': status_values_reverse.get(a.status), 'u_id': u.uid, 'u_email': u.email, 'u_first_name': u.first_name, 'u_last_name': u.last_name, 'u_role': role_values_reverse.get(u.role), 'o_first_name': o.first_name, 'o_last_name': o.last_name, 's_id': s.uid, 's_first_name': s.first_name, 's_last_name': s.last_name, }) else: meta.append({ 't_id': travel.id, 't_created': travel.created, 't_modified': travel.modified, 't_description': None, 't_start_date': travel.start_date, 't_end_date': travel.end_date, 't_mode': travel.mode, 't_ticket_cost': travel.ticket_cost, 't_home_airport_cost': travel.home_airport_cab_cost, 't_destination_airport_cost': travel.dest_airport_cab_cost, 't_hotel_cost': travel.hotel_cost, 't_local_conveyance': travel.local_conveyance, 'ta_status': None, 'u_id': None, 'u_email': None, 'u_first_name': None, 'u_last_name': None, 'u_role': None, 'o_first_name': o.first_name, 'o_last_name': o.last_name, 's_id': s.uid, 's_first_name': s.first_name, 's_last_name': s.last_name, }) return ru.http_success(message="successfully fetched", meta=meta) else: return ru.http_forbidden( message='Role is not allowed to access this resource')
def submit_to_finance_manager_by_manager(id): #TODO: separate to a validation class if request.get_json() is None: return ru.http_unsupported_media_type() finance_manager_id = None if 'approver' not in request.get_json(): return ru.http_bad_gateway( message="Approver is required in the request") else: if request.get_json().get('approver') is None: pass else: finance_manager = User.find_by_uid( request.get_json().get('approver')) if finance_manager is None: return ru.http_bad_gateway(message="Invalid manager") if not finance_manager.is_finance_manager: return ru.http_bad_gateway(message="Invalid manager") finance_manager_id = finance_manager.id auth = request.headers.get('authorization').split(' ') if not vu.is_valid_bearer(auth): return ru.http_unauthorized(message="Invalid Bearer Authentication") token = UserToken.is_valid_token(auth[1]) if token is None: return ru.http_unauthorized(message="Invalid token") if token.is_blocked or token.is_expired: return ru.http_forbidden() user = User.find_by_id(token.user) if user is None: return ru.http_forbidden() if user.is_manager: travel = db.session.query(Travel).join( TravelApproval, TravelApproval.travel == Travel.id).filter( TravelApproval.approver == user.id, TravelApproval.status == 2, Travel.id == id).first() if travel is None: return ru.http_conflict(message="No travel available for update") ta = db.session.query(TravelApproval).filter( travel.id == TravelApproval.travel).order_by( desc(TravelApproval.id)).limit(1).first() if ta is None: return ru.http_conflict(message="No data available for update") #if not submitted if ta.status != 2: return ru.http_conflict(message="Data is not available for update") if ta.approver != user.id: return ru.http_conflict( message="Data is not available for update of the user") TravelApproval.create(status=1, travel=travel.id, sender=user.id, approver=finance_manager_id) return ru.http_success() else: return ru.http_forbidden( message='Role is not allowed to access this resource')
def approve_record_by_manager(id): #TODO: separate to a validation class if request.get_json() is None: return ru.http_unsupported_media_type() if request.get_json().get('status') is None: return ru.http_bad_gateway(message="Status is required") if status_values.get( request.get_json().get('status')) is None or status_values.get( request.get_json().get('status')) not in (2, 3): return ru.http_bad_gateway(message="Status is invalid") auth = request.headers.get('authorization').split(' ') if not vu.is_valid_bearer(auth): return ru.http_unauthorized(message="Invalid Bearer Authentication") token = UserToken.is_valid_token(auth[1]) if token is None: return ru.http_unauthorized(message="Invalid token") if token.is_blocked or token.is_expired: return ru.http_forbidden() user = User.find_by_id(token.user) if user is None: return ru.http_forbidden() if user.is_manager: travel = db.session.query(Travel).join( TravelApproval, TravelApproval.travel == Travel.id).filter( TravelApproval.approver == user.id, TravelApproval.status == 1, Travel.id == id).first() if travel is None: return ru.http_conflict(message="No travel available for update") ta = db.session.query(TravelApproval).filter( travel.id == TravelApproval.travel).order_by( desc(TravelApproval.id)).limit(1).first() if ta is None: return ru.http_conflict(message="No data available for update") #if not submitted if ta.status != 1: return ru.http_conflict(message="Data is not available for update") if ta.approver != user.id: return ru.http_conflict( message="Data is not available for update of the user") ta.status = status_values.get(request.get_json().get('status')) db.session.commit() return ru.http_success() else: return ru.http_forbidden( message='Role is not allowed to access this resource')
def create_travel_record(): #TODO: separate to a validation class if request.get_json() is None: return ru.http_unsupported_media_type() if 'description' not in request.get_json(): return ru.http_bad_gateway( message="Description is required in the request") if 'start_date' not in request.get_json(): return ru.http_bad_gateway( message="Start date is required in the request") else: if request.get_json().get('start_date') is None: pass else: if not vu.is_valid_datetime_string( request.get_json().get('start_date')): return ru.http_bad_gateway( message="Start date must be in format YYYY-MM-DD") if 'end_date' not in request.get_json(): return ru.http_bad_gateway( message="End date is required in the request") else: if request.get_json().get('end_date') is None: pass else: if not vu.is_valid_datetime_string( request.get_json().get('end_date')): return ru.http_bad_gateway( message="End date must be in format YYYY-MM-DD") if request.get_json().get('start_date') > request.get_json().get( 'end_date'): return ru.http_bad_gateway( message= "End date must be greater than or equal to start date") if 'mode' not in request.get_json(): return ru.http_bad_gateway(message="Mode is required in the request") if 'ticket_cost' not in request.get_json(): return ru.http_bad_gateway( message="Ticket cost is required in the request") else: if request.get_json().get('ticket_cost') is None: pass else: if not (type(request.get_json().get('ticket_cost')) == int or type(request.get_json().get('ticket_cost')) == float): return ru.http_bad_gateway( message="Ticket cost must be numeric") if request.get_json().get('ticket_cost') < 0: return ru.http_bad_gateway( message="Ticket cost must greater than or equal to 0") if 'home_airport_cost' not in request.get_json(): return ru.http_bad_gateway( message="Home airport cost is required in the request") else: if request.get_json().get('home_airport_cost') is None: pass else: if not (type(request.get_json().get('home_airport_cost')) == int or type( request.get_json().get('home_airport_cost')) == float): return ru.http_bad_gateway( message="Home airport cost must be numeric") if request.get_json().get('home_airport_cost') < 0: return ru.http_bad_gateway( message="Home cost must greater than or equal to 0") if 'destination_airport_cost' not in request.get_json(): return ru.http_bad_gateway( message="Destination airport cost is required in the request") else: if request.get_json().get('destination_airport_cost') is None: pass else: if not (type( request.get_json().get('destination_airport_cost')) == int or type(request.get_json().get('destination_airport_cost')) == float): return ru.http_bad_gateway( message="Destination aiport cost must be numeric") if request.get_json().get('destination_airport_cost') < 0: return ru.http_bad_gateway( message="Home cost must greater than or equal to 0") if 'hotel_cost' not in request.get_json(): return ru.http_bad_gateway( message="Hotel cost is required in the request") else: if request.get_json().get('hotel_cost') is None: pass else: if not (type(request.get_json().get('hotel_cost')) == int or type(request.get_json().get('hotel_cost')) == float): return ru.http_bad_gateway( message="Hotel cost must be numeric") if request.get_json().get('hotel_cost') < 0: return ru.http_bad_gateway( message="Hotel cost must greater than or equal to 0") if 'local_conveyance' not in request.get_json(): return ru.http_bad_gateway( message="Local conveyance is required in the request") else: if request.get_json().get('local_conveyance') is None: pass else: if not (type(request.get_json().get('local_conveyance')) == int or type(request.get_json().get('local_conveyance')) == float): return ru.http_bad_gateway( message="Local conveyance cost must be numeric") if request.get_json().get('local_conveyance') < 0: return ru.http_bad_gateway( message="Local conveyance must greater than or equal to 0") manager_id = None if 'approver' not in request.get_json(): return ru.http_bad_gateway( message="Approver is required in the request") else: if request.get_json().get('approver') is None: pass else: manager = User.find_by_uid(request.get_json().get('approver')) if manager is None: return ru.http_bad_gateway(message="Invalid manager") if not manager.is_manager: return ru.http_bad_gateway(message="Invalid manager") manager_id = manager.id auth = request.headers.get('authorization').split(' ') if not vu.is_valid_bearer(auth): return ru.http_unauthorized(message="Invalid Bearer Authentication") token = UserToken.is_valid_token(auth[1]) if token is None: return ru.http_unauthorized(message="Invalid token") if token.is_blocked or token.is_expired: return ru.http_forbidden() user = User.find_by_id(token.user) if user is None: return ru.http_forbidden() is_submitted = 1 if for_values.get(request.args.get('for')) is not None: is_submitted = for_values.get(request.args.get('for')) if is_submitted == 1: if manager_id is None: return ru.http_conflict( message="Manager must be required when submitting for approval" ) if user.is_employee: travel = Travel.create_with_return( description=request.get_json().get('description'), start_date=request.get_json().get('start_date'), end_date=request.get_json().get('end_date'), mode=request.get_json().get('mode'), ticket_cost=request.get_json().get('ticket_cost'), home_airport_cab_cost=request.get_json().get('home_airport_cost'), dest_airport_cab_cost=request.get_json().get( 'destination_airport_cost'), hotel_cost=request.get_json().get('hotel_cost'), local_conveyance=request.get_json().get('local_conveyance'), owner=user.id, ) if travel is None: return ru.http_conflict( message="Failed to save your travel details") else: ta = TravelApproval.create(travel=travel.id, sender=user.id, approver=manager_id, status=is_submitted) if not ta: return ru.http_conflict( message="Failed to save your travel approval details") return ru.http_created(message="successfully created") else: return ru.http_forbidden( message='Role is not allowed to create a travel record')
def update_travel_record(id): #TODO: separate to a validation class if request.get_json() is None: return ru.http_unsupported_media_type() if 'description' not in request.get_json(): return ru.http_bad_gateway( message="Description is required in the request") if 'start_date' not in request.get_json(): return ru.http_bad_gateway( message="Start date is required in the request") else: if request.get_json().get('start_date') is None: pass else: if not vu.is_valid_datetime_string( request.get_json().get('start_date')): return ru.http_bad_gateway( message="Start date must be in format YYYY-MM-DD") if 'end_date' not in request.get_json(): return ru.http_bad_gateway( message="End date is required in the request") else: if request.get_json().get('end_date') is None: pass else: if not vu.is_valid_datetime_string( request.get_json().get('end_date')): return ru.http_bad_gateway( message="End date must be in format YYYY-MM-DD") if request.get_json().get('start_date') > request.get_json().get( 'end_date'): return ru.http_bad_gateway( message= "End date must be greater than or equal to start date") if 'mode' not in request.get_json(): return ru.http_bad_gateway(message="Mode is required in the request") if 'ticket_cost' not in request.get_json(): return ru.http_bad_gateway( message="Ticket cost is required in the request") else: if request.get_json().get('ticket_cost') is None: pass else: if not (type(request.get_json().get('ticket_cost')) == int or type(request.get_json().get('ticket_cost')) == float): return ru.http_bad_gateway( message="Ticket cost must be numeric") if request.get_json().get('ticket_cost') < 0: return ru.http_bad_gateway( message="Ticket cost must greater than or equal to 0") if 'home_airport_cost' not in request.get_json(): return ru.http_bad_gateway( message="Home airport cost is required in the request") else: if request.get_json().get('home_airport_cost') is None: pass else: if not (type(request.get_json().get('home_airport_cost')) == int or type( request.get_json().get('home_airport_cost')) == float): return ru.http_bad_gateway( message="Home airport cost must be numeric") if request.get_json().get('home_airport_cost') < 0: return ru.http_bad_gateway( message="Home airport cost must greater than or equal to 0" ) if 'destination_airport_cost' not in request.get_json(): return ru.http_bad_gateway( message="Destination airport cost is required in the request") else: if request.get_json().get('destination_airport_cost') is None: pass else: if not (type( request.get_json().get('destination_airport_cost')) == int or type(request.get_json().get('destination_airport_cost')) == float): return ru.http_bad_gateway( message="Destination aiport cost must be numeric") if request.get_json().get('destination_airport_cost') < 0: return ru.http_bad_gateway( message= "Destination airport cost must greater than or equal to 0") if 'hotel_cost' not in request.get_json(): return ru.http_bad_gateway( message="Hotel cost is required in the request") else: if request.get_json().get('hotel_cost') is None: pass else: if not (type(request.get_json().get('hotel_cost')) == int or type(request.get_json().get('hotel_cost')) == float): return ru.http_bad_gateway( message="Hotel cost must be numeric") if request.get_json().get('hotel_cost') < 0: return ru.http_bad_gateway( message="Hotel cost must greater than or equal to 0") if 'local_conveyance' not in request.get_json(): return ru.http_bad_gateway( message="Local conveyance is required in the request") else: if request.get_json().get('local_conveyance') is None: pass else: if not (type(request.get_json().get('local_conveyance')) == int or type(request.get_json().get('local_conveyance')) == float): return ru.http_bad_gateway( message="Local conveyance cost must be numeric") if request.get_json().get('local_conveyance') < 0: return ru.http_bad_gateway( message="Local conveyance must greater than or equal to 0") manager_id = None if 'approver' not in request.get_json(): return ru.http_bad_gateway( message="Approver is required in the request") else: if request.get_json().get('approver') is None: pass else: manager = User.find_by_uid(request.get_json().get('approver')) if manager is None: return ru.http_bad_gateway(message="Invalid manager") if not manager.is_manager: return ru.http_bad_gateway(message="Invalid manager") manager_id = manager.id auth = request.headers.get('authorization').split(' ') if not vu.is_valid_bearer(auth): return ru.http_unauthorized(message="Invalid Bearer Authentication") token = UserToken.is_valid_token(auth[1]) if token is None: return ru.http_unauthorized(message="Invalid token") if token.is_blocked or token.is_expired: return ru.http_forbidden() user = User.find_by_id(token.user) if user is None: return ru.http_forbidden() is_submitted = 1 if for_values.get(request.args.get('for')) is not None: is_submitted = for_values.get(request.args.get('for')) if is_submitted == 1: if manager_id is None: return ru.http_conflict( message="Manager must be required when submitting for approval" ) if user.is_employee: sub = db.session.query( TravelApproval.id).filter(TravelApproval.travel == id).order_by( desc(TravelApproval.id)).limit(1) query = db.session.query(Travel, TravelApproval).join( TravelApproval, TravelApproval.travel == Travel.id, isouter=False).join(User, TravelApproval.approver == User.id, isouter=True).filter( Travel.owner == user.id, Travel.id == id, TravelApproval.id == sub).first() print(query) if query is None: return ru.http_bad_gateway( message="The data is not available for update") if query[1] is not None: if query[1].status != 0 or query[1].sender != user.id: return ru.http_conflict( message="The data is not available for update") if query is None: return ru.http_conflict( message="Failed to update your travel details") query[0].description = request.get_json().get('description'), query[0].start_date = request.get_json().get('start_date'), query[0].end_date = request.get_json().get('end_date'), query[0].mode = request.get_json().get('mode'), query[0].ticket_cost = request.get_json().get('ticket_cost'), query[0].home_airport_cab_cost = request.get_json().get( 'home_airport_cost'), query[0].dest_airport_cab_cost = request.get_json().get( 'destination_airport_cost'), query[0].hotel_cost = request.get_json().get('hotel_cost'), query[0].local_conveyance = request.get_json().get('local_conveyance'), if query[1] is None: ta = TravelApproval.create(travel=query[0].id, sender=user.id, approver=manager_id, status=is_submitted) else: query[1].travel = query[0].id query[1].sender = user.id query[1].approver = manager_id query[1].status = is_submitted db.session.commit() return ru.http_created(message="successfully updated") else: return ru.http_forbidden( message='Role is not allowed to update a travel record')