def post(self):
data = self.company_parser.parse_args()
company = CompanyModel.find_by_name(data["company_name"])
# auth group: admin only
identity = get_jwt_identity()
if not identity["auth_level"] == "admin":
return {"message": "unauthorized access."}, 500
if company:
return {"message": "company with this name already exits."}, 400
company = CompanyModel(data["company_name"], data["email"],
data["phone"])
company.save_to_db()
line2 = data["line2"]
if not line2:
line2 = ""
address = AddressModel(
line1=data["line1"],
line2=line2,
city=data["city"],
state=data["state"],
zip=data["zip"],
company_id=company.id,
user_id=1 # 1=not applicable
)
address.save_to_db()
return {
"message":
"company '{}' is created successfully.".format(
data["company_name"])
}, 200
def add_super_company_user():
first_company = CompanyModel.find_by_name("OneSteward")
if not first_company:
first_company = CompanyModel("OneSteward", "*****@*****.**",
"555-555-5555")
first_company.save_to_db()
first_staff = StaffModel.find_by_name("admin")
if not first_staff:
first_staff = StaffModel("admin", "admin",
generate_password_hash("admin_password"),
first_company.id)
first_staff.save_to_db()
first_user = UserModel.find_by_name("NA")
if not first_user:
first_user = UserModel(generate_password_hash("admin_password"),
name="NA",
email="NA",
phone="")
first_user.save_to_db()
def company_create():
# only admin is allowed to add new companies
if not is_admin(current_user):
return render_error_page_unauthorized_access()
form = RegistrationForm()
if form.validate_on_submit():
company = CompanyModel(name=form.company_name.data,
email=form.email.data,
phone=form.phone.data)
company.save_to_db()
address = AddressModel(line1=form.line1.data,
line2=form.line2.data,
city=form.city.data,
state=form.state.data,
zip=form.zip.data,
company_id=company.id,
user_id=1)
address.save_to_db()
return redirect(url_for("company.company_info"))
return render_template("company_create.html", form=form)
def company_close_account(company_id):
if not is_admin():
return render_error_page_unauthorized_access()
company = CompanyModel.find_by_id(company_id)
if company:
company.delete_from_db()
return redirect(url_for("company.company_info"))
def company_update(company_id):
if not is_admin_or_company_admin_of_the_same_company(
current_user, company_id):
return render_error_page_unauthorized_access()
form = UpdateForm()
company = CompanyModel.find_by_id(company_id)
if form.validate_on_submit():
company.email = form.email.data
company.phone = form.phone.data
company.save_to_db()
return redirect(url_for("company.company_info"))
form.company_name.data = company.name
form.email.data = company.email
form.phone.data = company.phone
return render_template("company_update.html", form=form)
def post(self):
data = self.company_parser.parse_args()
company = CompanyModel.find_by_name(data["company_name"])
if not company:
return {
"message":
"company name: {} not found".format(data["company_name"])
}, 404
# auth group: admin and staff of the company
identity = get_jwt_identity()
if identity["auth_level"] == "user":
return {"message": "unauthorized access."}, 500
if identity["auth_level"] == "staff":
staff = StaffModel.find_by_id(identity["id"])
if not staff.company_id == company.id:
return {"message": "unauthorized access."}, 500
return company.json(), 200
def delete(self):
# auth group: admin only
identity = get_jwt_identity()
if not identity["auth_level"] == "admin":
return {"message": "unauthorized access."}, 500
data = self.company_parser.parse_args()
company = CompanyModel.find_by_name(data["company_name"])
if not company:
return {
"message":
"company name:{} not found".format(data["company_name"])
}, 404
# if not check_password_hash(company.password_hash, data["password"]):
# return {
# "message": "incorrect password."
# },401
company.delete_from_db()
return {
"message": "company:{} deleted".format(data["company_name"])
}, 200
def put(self):
data = self.company_parser.parse_args()
company = CompanyModel.find_by_name(data["company_name"])
if not company:
return {
"message":
"company name: {} not found".format(data["company_name"])
}, 404
# auth group: admin and staff of the company
identity = get_jwt_identity()
if identity["auth_level"] == "user":
return {"message": "unauthorized access."}, 500
if identity["auth_level"] == "staff" and identity[
"company_id"] != company.id:
return {"message": "unauthorized access."}, 500
company.email = data["email"]
company.phone = data["phone"]
company.save_to_db()
return {"message": "company info updated"}, 200
def validate_email(self, email):
if CompanyModel.find_by_email(email.data):
raise ValidationError("Email already exists.")
def validate_company_name(self, company_name):
if CompanyModel.find_by_name(company_name.data):
raise ValidationError("Company name already exists.")
def company_info():
page = request.args.get("page", 1, type=int)
companies = CompanyModel.find_all().paginate(page=page, per_page=10)
return render_template("company_info.html", companies=companies)