def get(self, user_id):
ro, code = self.limit_access()
if ro:
return ro, code
try:
if user_id is None:
filter_email = request.args.get('filter[email]')
if filter_email is not None:
users = User.query.filter_by(email=filter_email).all()
else:
users = User.query.order_by(User.id.asc()).all()
response_object = default_response_object()
data = []
for user in users:
data.append(UserAPI.get_data(user))
response_object['data'] = data
response_object['links'] = {
'self': url_for('users.user_api', _method='GET')
}
return make_success_response(response_object, 200)
else:
user = User.query.filter_by(id=user_id).first()
if not user:
return make_not_found_response(
APIError.USER_DOES_NOT_EXIST)
response_object = default_response_object()
response_object['data'] = UserAPI.get_data(user)
return make_success_response(response_object, 200)
except Exception:
return make_internal_server_error_response(
APIError.UNKNOWN_EXCEPTION)
def patch(self, user_id):
ro, code = self.limit_access()
if ro:
return ro, code
try:
if not self.auth.user.admin and self.auth.user.id != user_id:
return make_unauthorized_response(APIError.ACCESS_DENIED)
user = User.query.filter_by(id=user_id).first()
if not user:
return make_not_found_response(APIError.USER_DOES_NOT_EXIST)
post_data = request.get_json()
if not post_data:
return make_bad_request_response(APIError.NOT_JSON)
data = post_data.get('data')
if not data:
return make_bad_request_response(APIError.WRONG_API)
data_type = data.get('type')
if not data_type or data_type != 'users':
return make_bad_request_response(APIError.WRONG_API)
data_id = data.get('id')
if not data_id or data_id != user_id:
return make_bad_request_response(APIError.WRONG_API)
attributes = data.get('attributes')
if not attributes:
return make_bad_request_response(APIError.WRONG_API)
email = attributes.get('email')
first_name = attributes.get('firstName')
last_name = attributes.get('lastName')
password = attributes.get('password')
admin = attributes.get('admin')
if email and is_email_valid(email):
user.email = email
if first_name and first_name.strip():
user.first_name = first_name
if last_name and last_name.strip():
user.last_name = last_name
if password and password.strip():
user.password = User.get_password_hash(password)
if admin is not None:
if self.auth.user.admin:
user.admin = admin
else:
return make_unauthorized_response(APIError.ACCESS_DENIED)
db.session.commit()
response_object = default_response_object()
response_object['data'] = UserAPI.get_data(user)
return make_success_response(response_object, 200)
except Exception:
return make_internal_server_error_response(
APIError.UNKNOWN_EXCEPTION)
def delete(self, user_id):
ro, code = self.limit_access()
if ro:
return ro, code
try:
if not self.auth.user.admin:
return make_unauthorized_response(APIError.ACCESS_DENIED)
user = User.query.filter_by(id=user_id).first()
if not user:
return make_not_found_response(APIError.USER_DOES_NOT_EXIST)
db.session.delete(user)
db.session.commit()
response_object = default_response_object()
return make_success_response(response_object, 200)
except Exception:
return make_internal_server_error_response(
APIError.UNKNOWN_EXCEPTION)
def post(self):
post_data = request.get_json()
if not post_data:
return make_bad_request_response(APIError.NOT_JSON)
data = post_data.get('data')
if not data:
return make_bad_request_response(APIError.WRONG_API)
the_type = data.get('type')
if not the_type or the_type != 'auth':
return make_bad_request_response(APIError.WRONG_API)
attributes = data.get('attributes')
if not attributes:
return make_bad_request_response(APIError.WRONG_API)
email = attributes.get('email')
password = attributes.get('password')
if not email or not password:
return make_bad_request_response(APIError.WRONG_API)
try:
user = User.query.filter_by(email=email).first()
if not user:
return make_not_found_response(APIError.USER_DOES_NOT_EXIST)
if not bcrypt.check_password_hash(user.password, password):
return make_forbidden_response(APIError.WRONG_PASSWORD)
auth_token = User.encode_auth_token(user.id)
if auth_token:
token = Token(auth_token.decode(), user.id)
db.session.add(token)
db.session.commit()
response_object = default_response_object()
response_object['data'] = {
'type': 'auth',
'attributes': {
'token': auth_token.decode()
},
'links': {
'self': url_for('auth.login_api')
}
}
return make_success_response(response_object, 200)
except Exception:
return make_internal_server_error_response(
APIError.UNKNOWN_EXCEPTION)
def get(self, wallet_id):
ro, code = self.limit_access()
if ro:
return ro, code
try:
if wallet_id is None:
user_id = self.get_user_id()
wallets = Wallet.query.filter_by(admin=user_id).all()
membership_records = WalletMember.query.filter_by(
user_id=user_id).all()
for membership_record in membership_records:
wallets.append(
Wallet.query.filter_by(
id=membership_record.wallet_id).first())
response_object = default_response_object()
data = []
for wallet in wallets:
wallet_admin = User.query.filter_by(
id=wallet.admin).first()
wallet_members = WalletMember.query.filter_by(
wallet_id=wallet.id).all()
members = []
for wallet_member in wallet_members:
members.append(
User.query.filter_by(
id=wallet_member.user_id).first())
wallet_accounts = Account.query.filter_by(
wallet_id=wallet.id).all()
data.append(
WalletAPI.get_data(wallet, members, wallet_accounts,
wallet_admin))
response_object['data'] = data
response_object['link'] = {
'self': url_for('wallets.wallet_api', _method='GET')
}
return make_success_response(response_object, 200)
else:
wallet = Wallet.query.filter_by(id=wallet_id).first()
if not wallet:
return make_not_found_response(APIError.WALLET_NOT_FOUND)
user_id = self.get_user_id()
user = User.query.filter_by(id=user_id).first()
isUserAdmin = wallet.admin == user_id
membership_record = WalletMember.query.filter_by(
wallet_id=wallet_id, user_id=user_id).first()
if isUserAdmin == False and not membership_record:
return make_forbidden_response(APIError.ACCESS_DENIED)
wallet_members = WalletMember.query.filter_by(
wallet_id=wallet.id).all()
members = []
for wallet_member in wallet_members:
members.append(
User.query.filter_by(id=wallet_member.user_id).first())
wallet_accounts = Account.query.filter_by(
wallet_id=wallet.id).all()
response_object = default_response_object()
response_object['data'] = WalletAPI.get_data(
wallet=wallet,
members=members,
accounts=wallet_accounts,
admin=user)
return make_success_response(response_object, 200)
except Exception:
return make_internal_server_error_response(
APIError.UNKNOWN_EXCEPTION)