def post(self): data = self.company_parser.parse_args() company = CompanyModel.find_by_name(data["company_name"]) # auth group: admin only identity = get_jwt_identity() if not identity["auth_level"] == "admin": return {"message": "unauthorized access."}, 500 if company: return {"message": "company with this name already exits."}, 400 company = CompanyModel(data["company_name"], data["email"], data["phone"]) company.save_to_db() line2 = data["line2"] if not line2: line2 = "" address = AddressModel( line1=data["line1"], line2=line2, city=data["city"], state=data["state"], zip=data["zip"], company_id=company.id, user_id=1 # 1=not applicable ) address.save_to_db() return { "message": "company '{}' is created successfully.".format( data["company_name"]) }, 200
def add_super_company_user(): first_company = CompanyModel.find_by_name("OneSteward") if not first_company: first_company = CompanyModel("OneSteward", "*****@*****.**", "555-555-5555") first_company.save_to_db() first_staff = StaffModel.find_by_name("admin") if not first_staff: first_staff = StaffModel("admin", "admin", generate_password_hash("admin_password"), first_company.id) first_staff.save_to_db() first_user = UserModel.find_by_name("NA") if not first_user: first_user = UserModel(generate_password_hash("admin_password"), name="NA", email="NA", phone="") first_user.save_to_db()
def company_create(): # only admin is allowed to add new companies if not is_admin(current_user): return render_error_page_unauthorized_access() form = RegistrationForm() if form.validate_on_submit(): company = CompanyModel(name=form.company_name.data, email=form.email.data, phone=form.phone.data) company.save_to_db() address = AddressModel(line1=form.line1.data, line2=form.line2.data, city=form.city.data, state=form.state.data, zip=form.zip.data, company_id=company.id, user_id=1) address.save_to_db() return redirect(url_for("company.company_info")) return render_template("company_create.html", form=form)
def company_close_account(company_id): if not is_admin(): return render_error_page_unauthorized_access() company = CompanyModel.find_by_id(company_id) if company: company.delete_from_db() return redirect(url_for("company.company_info"))
def company_update(company_id): if not is_admin_or_company_admin_of_the_same_company( current_user, company_id): return render_error_page_unauthorized_access() form = UpdateForm() company = CompanyModel.find_by_id(company_id) if form.validate_on_submit(): company.email = form.email.data company.phone = form.phone.data company.save_to_db() return redirect(url_for("company.company_info")) form.company_name.data = company.name form.email.data = company.email form.phone.data = company.phone return render_template("company_update.html", form=form)
def post(self): data = self.company_parser.parse_args() company = CompanyModel.find_by_name(data["company_name"]) if not company: return { "message": "company name: {} not found".format(data["company_name"]) }, 404 # auth group: admin and staff of the company identity = get_jwt_identity() if identity["auth_level"] == "user": return {"message": "unauthorized access."}, 500 if identity["auth_level"] == "staff": staff = StaffModel.find_by_id(identity["id"]) if not staff.company_id == company.id: return {"message": "unauthorized access."}, 500 return company.json(), 200
def delete(self): # auth group: admin only identity = get_jwt_identity() if not identity["auth_level"] == "admin": return {"message": "unauthorized access."}, 500 data = self.company_parser.parse_args() company = CompanyModel.find_by_name(data["company_name"]) if not company: return { "message": "company name:{} not found".format(data["company_name"]) }, 404 # if not check_password_hash(company.password_hash, data["password"]): # return { # "message": "incorrect password." # },401 company.delete_from_db() return { "message": "company:{} deleted".format(data["company_name"]) }, 200
def put(self): data = self.company_parser.parse_args() company = CompanyModel.find_by_name(data["company_name"]) if not company: return { "message": "company name: {} not found".format(data["company_name"]) }, 404 # auth group: admin and staff of the company identity = get_jwt_identity() if identity["auth_level"] == "user": return {"message": "unauthorized access."}, 500 if identity["auth_level"] == "staff" and identity[ "company_id"] != company.id: return {"message": "unauthorized access."}, 500 company.email = data["email"] company.phone = data["phone"] company.save_to_db() return {"message": "company info updated"}, 200
def validate_email(self, email): if CompanyModel.find_by_email(email.data): raise ValidationError("Email already exists.")
def validate_company_name(self, company_name): if CompanyModel.find_by_name(company_name.data): raise ValidationError("Company name already exists.")
def company_info(): page = request.args.get("page", 1, type=int) companies = CompanyModel.find_all().paginate(page=page, per_page=10) return render_template("company_info.html", companies=companies)