def get(self, wallet_id, account_id):
ro, code = self.limit_access()
if ro:
return ro, code
try:
if not wallet_id:
return make_bad_request_response(APIError.WRONG_API)
wallet = Wallet.query.filter_by(id=wallet_id).first()
if not wallet:
return make_bad_request_response(APIError.WALLET_NOT_FOUND)
user_id = self.get_user_id()
is_user_wallet_admin = user_id == wallet.admin
membership_record = WalletMember.query.filter_by(
wallet_id=wallet_id, user_id=user_id)
if not is_user_wallet_admin and not membership_record:
return make_bad_request_response(APIError.ACCESS_DENIED)
if account_id is None:
accounts = Account.query.filter_by(wallet_id=wallet_id).all()
data = []
for account in accounts:
data.append(AccountAPI.get_data(account, wallet))
response_object = default_response_object()
response_object['data'] = data
return make_success_response(response_object, 200)
else:
account = Account.query.filter_by(id=account_id).first()
if not account:
return make_bad_request_response(
APIError.ACCOUNT_NOT_FOUND)
response_object = default_response_object()
response_object['data'] = AccountAPI.get_data(account, wallet)
return make_success_response(response_object, 200)
except Exception:
return make_bad_request_response(APIError.UNKNOWN_EXCEPTION)
def get(self, user_id):
ro, code = self.limit_access()
if ro:
return ro, code
try:
if user_id is None:
filter_email = request.args.get('filter[email]')
if filter_email is not None:
users = User.query.filter_by(email=filter_email).all()
else:
users = User.query.order_by(User.id.asc()).all()
response_object = default_response_object()
data = []
for user in users:
data.append(UserAPI.get_data(user))
response_object['data'] = data
response_object['links'] = {
'self': url_for('users.user_api', _method='GET')
}
return make_success_response(response_object, 200)
else:
user = User.query.filter_by(id=user_id).first()
if not user:
return make_not_found_response(
APIError.USER_DOES_NOT_EXIST)
response_object = default_response_object()
response_object['data'] = UserAPI.get_data(user)
return make_success_response(response_object, 200)
except Exception:
return make_internal_server_error_response(
APIError.UNKNOWN_EXCEPTION)
def post(self):
ro, code = self.limit_access()
if ro:
return ro, code
try:
post_data = request.get_json()
if not post_data:
return make_bad_request_response(APIError.NOT_JSON)
data = post_data.get('data')
if not data:
return make_bad_request_response(APIError.WRONG_API)
the_type = data.get('type')
if not the_type or the_type != 'wallets':
return make_bad_request_response(APIError.WRONG_API)
attributes = data.get('attributes')
if not attributes:
return make_bad_request_response(APIError.WRONG_API)
name = attributes.get('name')
if not name:
return make_bad_request_response(APIError.WRONG_API)
notes = attributes.get('notes')
if not notes:
notes = ''
user_id = self.get_user_id()
user = User.query.filter_by(id=user_id).first()
wallet = Wallet(admin=user_id, name=name, notes=notes)
db.session.add(wallet)
db.session.commit()
response_object = default_response_object()
response_object['data'] = WalletAPI.get_data(wallet=wallet,
minimal=True)
return make_success_response(response_object, 201)
except Exception:
return make_internal_server_error_response(
APIError.UNKNOWN_EXCEPTION)
def delete(self, wallet_id, account_id):
ro, code = self.limit_access()
if ro:
return ro, code
try:
if not wallet_id:
return make_bad_request_response(APIError.WRONG_API)
wallet = Wallet.query.filter_by(id=wallet_id).first()
if not wallet:
return make_bad_request_response(APIError.WALLET_NOT_FOUND)
user_id = self.get_user_id()
is_user_wallet_admin = user_id == wallet.admin
membership_record = WalletMember.query.filter_by(
wallet_id=wallet_id, user_id=user_id)
if not is_user_wallet_admin and not membership_record:
return make_bad_request_response(APIError.ACCESS_DENIED)
account = Account.query.filter_by(id=account_id).first()
if not account:
return make_bad_request_response(APIError.ACCOUNT_NOT_FOUND)
db.session.delete(account)
db.session.commit()
response_object = default_response_object()
return make_success_response(response_object, 200)
except Exception:
return make_internal_server_error_response(
APIError.UNKNOWN_EXCEPTION)
def post(self, wallet_id):
ro, code = self.limit_access()
if ro:
return ro, code
try:
if wallet_id is None:
return make_bad_request_response(APIError.WRONG_API)
user_id = self.get_user_id()
wallet = Wallet.query.filter_by(id=wallet_id).first()
if not wallet:
return make_bad_request_response(APIError.WALLET_NOT_FOUND)
if user_id != wallet.admin:
return make_bad_request_response(APIError.ACCESS_DENIED)
post_data = request.get_json()
if not post_data:
return make_bad_request_response(APIError.NOT_JSON)
data = post_data.get('data')
if not data:
return make_bad_request_response(APIError.WRONG_API)
data_type = data.get('type')
if not data_type or data_type != 'walletMembers':
return make_bad_request_response(APIError.WRONG_API)
relationships = data.get('relationships')
if not relationships:
return make_bad_request_response(APIError.WRONG_API)
member_data = relationships.get('member')
if not member_data:
return make_bad_request_response(APIError.WRONG_API)
member_type = member_data.get('type')
if not member_type or member_type != 'users':
return make_bad_request_response(APIError.WRONG_API)
member_id = member_data.get('id')
if not member_id:
return make_bad_request_response(APIError.WRONG_API)
member = User.query.filter_by(id=member_id).first()
if not member:
return make_bad_request_response(APIError.USER_DOES_NOT_EXIST)
if member_id == wallet.admin:
return make_conflict_response(
APIError.WALLET_ADMIN_CAN_NOT_BE_MEMBER)
membership_record = WalletMember.query.filter_by(
user_id=member_id, wallet_id=wallet_id).first()
if membership_record:
return make_conflict_response(
APIError.WALLET_MEMBER_ALREADY_EXIST)
wallet_member = WalletMember(user_id=member_id,
wallet_id=wallet_id)
db.session.add(wallet_member)
db.session.commit()
response_object = default_response_object()
response_object['data'] = WalletMemberAPI.get_data(wallet=wallet,
user=member)
return make_success_response(response_object, 201)
except Exception:
return make_bad_request_response(APIError.UNKNOWN_EXCEPTION)
def post(self):
post_data = request.get_json()
if not post_data:
return make_bad_request_response(APIError.NOT_JSON)
data = post_data.get('data')
if not data:
return make_bad_request_response(APIError.WRONG_API)
the_type = data.get('type')
if not the_type or the_type != 'auth':
return make_bad_request_response(APIError.WRONG_API)
attributes = data.get('attributes')
if not attributes:
return make_bad_request_response(APIError.WRONG_API)
email = attributes.get('email')
first_name = attributes.get('firstName')
last_name = attributes.get('lastName')
password = attributes.get('password')
if (not email or not is_email_valid(email)) or (
not first_name or not first_name.strip()) or (
not last_name
or not last_name.strip()) or (not password
or not password.strip()):
return make_bad_request_response(APIError.WRONG_API)
user = User.query.filter_by(email=email).first()
if not user:
try:
admin = User.query.count() == 0
user = User(email=email,
first_name=first_name,
last_name=last_name,
password=password,
admin=admin)
db.session.add(user)
db.session.commit()
auth_token = User.encode_auth_token(user.id)
token = Token(auth_token.decode(), user.id)
db.session.add(token)
db.session.commit()
response_object = default_response_object()
response_object['data'] = {
'type': 'auth',
'attributes': {
'token': auth_token.decode()
},
'links': {
'self': url_for('auth.register_api')
}
}
return make_success_response(response_object, 201)
except Exception:
return make_internal_server_error_response(
APIError.UNKNOWN_EXCEPTION)
else:
return make_conflict_response(APIError.USER_ALREADY_EXISTS)
def get(self, currency_id):
ro, code = self.limit_access()
if ro:
return ro, code
try:
if currency_id is None:
currencies=Currency.query.all()
data=[]
for currency in currencies:
data.append(CurrencyAPI.get_data(currency))
response_object=default_response_object()
response_object['data']=data
return make_success_response(response_object, 200)
else:
currency=Currency.query.filter_by(id=currency_id).first()
if not currency:
return make_bad_request_response(APIError.CURRENCY_NOT_FOUND)
response_object=default_response_object()
response_object['data']=CurrencyAPI.get_data(currency)
return make_success_response(response_object, 200)
except Exception:
return make_bad_request_response(APIError.UNKNOWN_EXCEPTION)
def patch(self, user_id):
ro, code = self.limit_access()
if ro:
return ro, code
try:
if not self.auth.user.admin and self.auth.user.id != user_id:
return make_unauthorized_response(APIError.ACCESS_DENIED)
user = User.query.filter_by(id=user_id).first()
if not user:
return make_not_found_response(APIError.USER_DOES_NOT_EXIST)
post_data = request.get_json()
if not post_data:
return make_bad_request_response(APIError.NOT_JSON)
data = post_data.get('data')
if not data:
return make_bad_request_response(APIError.WRONG_API)
data_type = data.get('type')
if not data_type or data_type != 'users':
return make_bad_request_response(APIError.WRONG_API)
data_id = data.get('id')
if not data_id or data_id != user_id:
return make_bad_request_response(APIError.WRONG_API)
attributes = data.get('attributes')
if not attributes:
return make_bad_request_response(APIError.WRONG_API)
email = attributes.get('email')
first_name = attributes.get('firstName')
last_name = attributes.get('lastName')
password = attributes.get('password')
admin = attributes.get('admin')
if email and is_email_valid(email):
user.email = email
if first_name and first_name.strip():
user.first_name = first_name
if last_name and last_name.strip():
user.last_name = last_name
if password and password.strip():
user.password = User.get_password_hash(password)
if admin is not None:
if self.auth.user.admin:
user.admin = admin
else:
return make_unauthorized_response(APIError.ACCESS_DENIED)
db.session.commit()
response_object = default_response_object()
response_object['data'] = UserAPI.get_data(user)
return make_success_response(response_object, 200)
except Exception:
return make_internal_server_error_response(
APIError.UNKNOWN_EXCEPTION)
def delete(self, wallet_id):
ro, code = self.limit_access()
if ro:
return ro, code
try:
if wallet_id is None:
return make_bad_request_response(APIError.WRONG_API)
user_id = self.get_user_id()
wallet = Wallet.query.filter_by(id=wallet_id).first()
if not wallet:
return make_bad_request_response(APIError.WALLET_NOT_FOUND)
if user_id != wallet.admin:
return make_bad_request_response(APIError.ACCESS_DENIED)
post_data = request.get_json()
if not post_data:
return make_bad_request_response(APIError.NOT_JSON)
data = post_data.get('data')
if not data:
return make_bad_request_response(APIError.WRONG_API)
data_type = data.get('type')
if not data_type or data_type != 'walletMembers':
return make_bad_request_response(APIError.WRONG_API)
relationships = data.get('relationships')
if not relationships:
return make_bad_request_response(APIError.WRONG_API)
member_data = relationships.get('member')
if not member_data:
return make_bad_request_response(APIError.WRONG_API)
member_type = member_data.get('type')
if not member_type or member_type != 'users':
return make_bad_request_response(APIError.WRONG_API)
member_id = member_data.get('id')
if not member_id:
return make_bad_request_response(APIError.WRONG_API)
membership_record = WalletMember.query.filter_by(
user_id=member_id, wallet_id=wallet_id).first()
if not membership_record:
return make_bad_request_response(
APIError.WALLET_MEMBER_NOT_FOUND)
db.session.delete(membership_record)
db.session.commit()
respons_object = default_response_object()
return make_success_response(respons_object, 200)
except (error):
print(error)
return make_bad_request_response(APIError.UNKNOWN_EXCEPTION)
def delete(self, user_id):
ro, code = self.limit_access()
if ro:
return ro, code
try:
if not self.auth.user.admin:
return make_unauthorized_response(APIError.ACCESS_DENIED)
user = User.query.filter_by(id=user_id).first()
if not user:
return make_not_found_response(APIError.USER_DOES_NOT_EXIST)
db.session.delete(user)
db.session.commit()
response_object = default_response_object()
return make_success_response(response_object, 200)
except Exception:
return make_internal_server_error_response(
APIError.UNKNOWN_EXCEPTION)
def post(self):
post_data = request.get_json()
if not post_data:
return make_bad_request_response(APIError.NOT_JSON)
data = post_data.get('data')
if not data:
return make_bad_request_response(APIError.WRONG_API)
the_type = data.get('type')
if not the_type or the_type != 'auth':
return make_bad_request_response(APIError.WRONG_API)
attributes = data.get('attributes')
if not attributes:
return make_bad_request_response(APIError.WRONG_API)
email = attributes.get('email')
password = attributes.get('password')
if not email or not password:
return make_bad_request_response(APIError.WRONG_API)
try:
user = User.query.filter_by(email=email).first()
if not user:
return make_not_found_response(APIError.USER_DOES_NOT_EXIST)
if not bcrypt.check_password_hash(user.password, password):
return make_forbidden_response(APIError.WRONG_PASSWORD)
auth_token = User.encode_auth_token(user.id)
if auth_token:
token = Token(auth_token.decode(), user.id)
db.session.add(token)
db.session.commit()
response_object = default_response_object()
response_object['data'] = {
'type': 'auth',
'attributes': {
'token': auth_token.decode()
},
'links': {
'self': url_for('auth.login_api')
}
}
return make_success_response(response_object, 200)
except Exception:
return make_internal_server_error_response(
APIError.UNKNOWN_EXCEPTION)
def delete(self, wallet_id):
ro, code = self.limit_access()
if ro:
return ro, code
try:
if not wallet_id:
return make_bad_request_response(APIError.WRONG_API)
wallet = Wallet.query.filter_by(id=wallet_id).first()
if not wallet:
return make_bad_request_response(APIError.WALLET_NOT_FOUND)
user_id = self.get_user_id()
if wallet.admin != user_id:
return make_forbidden_response(APIError.ACCESS_DENIED)
db.session.delete(wallet)
db.session.commit()
response_object = default_response_object()
return make_success_response(response_object, 200)
except Exception:
return make_internal_server_error_response(
APIError.UNKNOWN_EXCEPTION)
def post(self):
ro, code = self.limit_access()
if ro:
return ro, code
try:
token = Token.query.filter_by(token=str(self.auth.token)).first()
if token:
token.blacklist()
db.session.commit()
response_object = default_response_object()
response_object['data'] = {
'type': 'auth',
'links': {
'self': url_for('auth.logout_api')
}
}
return make_success_response(response_object, 200)
except Exception:
return make_internal_server_error_response(
APIError.UNKNOWN_EXCEPTION)
def delete(self, currency_id):
ro, code = self.limit_access()
if ro:
return ro, code
try:
if currency_id is None:
return make_bad_request_response(APIError.WRONG_API)
user_id=self.get_user_id()
user=User.query.filter_by(id=user_id).first()
if user.admin == False:
return make_bad_request_response(APIError.ACCESS_DENIED)
currency=Currency.query.filter_by(id=currency_id).first()
if not currency:
return make_bad_request_response(APIError.CURRENCY_NOT_FOUND)
db.session.delete(currency)
db.session.commit()
response_object = default_response_object()
return make_success_response(response_object, 200)
except Exception:
return make_bad_request_response(APIError.UNKNOWN_EXCEPTION)
def get(self):
ro, code = self.limit_access()
if ro:
return ro, code
response_object = default_response_object()
response_object['data'] = {
'type': 'index',
'relationships': {
'user': {
'data': UserAPI.get_data(self.auth.user, minimal=True)
}
},
'links': {
'self': url_for('index.versioned_api')
}
}
if self.auth.user.admin:
response_object['data']['relationships']['users'] = {
'links': url_for('users.user_api', _method='GET')
}
return make_success_response(response_object, 200)
def post(self):
ro, code = self.limit_access()
if ro:
return ro, code
try:
user_id=self.get_user_id()
user=User.query.filter_by(id=user_id).first()
if user.admin == False:
return make_bad_request_response(APIError.ACCESS_DENIED)
post_data=request.get_json()
if not post_data:
return make_bad_request_response(APIError.NOT_JSON)
data=post_data.get('data')
if not data:
return make_bad_request_response(APIError.WRONG_API)
data_type=data.get('type')
if not data_type or data_type != 'currencies':
return make_bad_request_response(APIError.WRONG_API)
attributes=data.get('attributes')
if not attributes:
return make_bad_request_response(APIError.WRONG_API)
code=attributes.get('code')
name=attributes.get('name')
if not code or not name:
return make_bad_request_response(APIError.WRONG_API)
currency_record=Currency.query.filter_by(code=code).first()
if currency_record:
return make_conflict_response(APIError.CURRENCY_ALREADY_EXIST)
new_currency=Currency(
code=code,
name=name
)
db.session.add(new_currency)
db.session.commit()
response_object=default_response_object()
response_object['data']=CurrencyAPI.get_data(new_currency)
return make_success_response(response_object, 201)
except Exception:
return make_bad_request_response(APIError.UNKNOWN_EXCEPTION)
def post(self, wallet_id):
ro, code = self.limit_access()
if ro:
return ro, code
try:
if not wallet_id:
return make_bad_request_response(APIError.WRONG_API)
wallet = Wallet.query.filter_by(id=wallet_id).first()
if not wallet:
return make_bad_request_response(APIError.WALLET_NOT_FOUND)
user_id = self.get_user_id()
is_user_wallet_admin = user_id == wallet.admin
membership_record = WalletMember.query.filter_by(
wallet_id=wallet_id, user_id=user_id)
if not is_user_wallet_admin and not membership_record:
return make_bad_request_response(APIError.ACCESS_DENIED)
post_data = request.get_json()
if not post_data:
return make_bad_request_response(APIError.NOT_JSON)
data = post_data.get('data')
if not data:
return make_bad_request_response(APIError.WRONG_API)
data_type = data.get('type')
if not data_type or data_type != 'tags':
return make_bad_request_response(APIError.WRONG_API)
attributes = data.get('attributes')
if not attributes:
return make_bad_request_response(APIError.WRONG_API)
name = attributes.get('name')
if not name:
return make_bad_request_response(APIError.WRONG_API)
tag = Tag(wallet_id=wallet_id, name=name)
db.session.add(tag)
db.session.commit()
response_object = default_response_object()
response_object['data'] = TagAPI.get_data(tag, wallet)
return make_success_response(response_object, 201)
except Exception:
return make_bad_request_response(APIError.UNKNOWN_EXCEPTION)
def get(self):
from project.server.users.views import UserAPI
ro, code = self.limit_access()
if ro:
return ro, code
response_object = default_response_object()
response_object['data'] = {
'type': 'auth',
'attributes': {
'token': self.auth.token
},
'relationships': {
'user': {
'data': UserAPI.get_data(self.auth.user, minimal=True)
}
},
'links': {
'self': url_for('auth.status_api')
}
}
return make_success_response(response_object, 200)
def get(self, wallet_id):
ro, code = self.limit_access()
if ro:
return ro, code
try:
if wallet_id is None:
user_id = self.get_user_id()
wallets = Wallet.query.filter_by(admin=user_id).all()
membership_records = WalletMember.query.filter_by(
user_id=user_id).all()
for membership_record in membership_records:
wallets.append(
Wallet.query.filter_by(
id=membership_record.wallet_id).first())
response_object = default_response_object()
data = []
for wallet in wallets:
wallet_admin = User.query.filter_by(
id=wallet.admin).first()
wallet_members = WalletMember.query.filter_by(
wallet_id=wallet.id).all()
members = []
for wallet_member in wallet_members:
members.append(
User.query.filter_by(
id=wallet_member.user_id).first())
wallet_accounts = Account.query.filter_by(
wallet_id=wallet.id).all()
data.append(
WalletAPI.get_data(wallet, members, wallet_accounts,
wallet_admin))
response_object['data'] = data
response_object['link'] = {
'self': url_for('wallets.wallet_api', _method='GET')
}
return make_success_response(response_object, 200)
else:
wallet = Wallet.query.filter_by(id=wallet_id).first()
if not wallet:
return make_not_found_response(APIError.WALLET_NOT_FOUND)
user_id = self.get_user_id()
user = User.query.filter_by(id=user_id).first()
isUserAdmin = wallet.admin == user_id
membership_record = WalletMember.query.filter_by(
wallet_id=wallet_id, user_id=user_id).first()
if isUserAdmin == False and not membership_record:
return make_forbidden_response(APIError.ACCESS_DENIED)
wallet_members = WalletMember.query.filter_by(
wallet_id=wallet.id).all()
members = []
for wallet_member in wallet_members:
members.append(
User.query.filter_by(id=wallet_member.user_id).first())
wallet_accounts = Account.query.filter_by(
wallet_id=wallet.id).all()
response_object = default_response_object()
response_object['data'] = WalletAPI.get_data(
wallet=wallet,
members=members,
accounts=wallet_accounts,
admin=user)
return make_success_response(response_object, 200)
except Exception:
return make_internal_server_error_response(
APIError.UNKNOWN_EXCEPTION)
def post(self, wallet_id):
ro, code = self.limit_access()
if ro:
return ro, code
try:
if not wallet_id:
return make_bad_request_response(APIError.WRONG_API)
post_data = request.get_json()
if not post_data:
return make_bad_request_response(APIError.NOT_JSON)
data = post_data.get('data')
if not data:
return make_bad_request_response(APIError.WRONG_API)
the_type = data.get('type')
if not the_type or the_type != 'accounts':
return make_bad_request_response(APIError.WRONG_API)
attributes = data.get('attributes')
if not attributes:
return make_bad_request_response(APIError.WRONG_API)
name = attributes.get('name')
if not name:
return make_bad_request_response(APIError.WRONG_API)
notes = attributes.get('notes')
if not notes:
notes = ''
relationships = data.get('relationships')
if not relationships:
return make_bad_request_response(APIError.WRONG_API)
currency_data = relationships.get('currency')
if not currency_data:
return make_bad_request_response(APIError.WRONG_API)
currency_type = currency_data.get('type')
if not currency_type or currency_type != 'currencies':
return make_bad_request_response(APIError.WRONG_API)
currency_id = currency_data.get('id')
if not currency_id:
return make_bad_request_response(APIError.WRONG_API)
user_id = self.get_user_id()
wallet = Wallet.query.filter_by(id=wallet_id).first()
if not wallet:
return make_bad_request_response(APIError.WALLET_NOT_FOUND)
if wallet.admin != user_id:
return make_bad_request_response(APIError.ACCESS_DENIED)
currency = Currency.query.filter_by(id=currency_id).first()
if not currency:
return make_bad_request_response(APIError.CURRENCY_NOT_FOUND)
account = Account(wallet_id=wallet_id,
currency_id=currency_id,
name=name,
notes=notes)
db.session.add(account)
db.session.commit()
response_object = default_response_object()
response_object['data'] = AccountAPI.get_data(account=account,
wallet=wallet,
minimal=False)
return make_success_response(response_object, 201)
except (error):
print(error)
return make_internal_server_error_response(
APIError.UNKNOWN_EXCEPTION)
