def generate_and_validate_order_number(generate_order_number):
order_number = generate_order_number()
order = OrderModel.find_by_ur_code(order_number)
while order:
order_number = generate_order_number()
order = OrderModel.find_by_ur_code(order_number)
return order_number
def delete(self):
data = self.order_parser.parse_args()
order = OrderModel.find_by_ur_code(data['ur_code'])
if not order:
return {
"message":
"order with ur_code{} doen not exist.".format(data['ur_code'])
}, 404
# only admin and staff(post owner) are allowed to modify existing orders.
identity = get_jwt_identity()
if identity["auth_level"] == "admin" or (
identity["auth_level"] == "staff"
and identity["id"] == order.staff_id):
try:
order.delete_from_db()
return {"message": "order deleted succesfully."}, 200
except:
return {"message": "something went wrong."}
else:
return {
"message": "unauthorized access for modififying order."
}, 500
def put(self):
data = self.order_parser.parse_args()
order = OrderModel.find_by_ur_code(data["ur_code"])
if not order:
return {
"message":
"order with ur_code{} doen not exist.".format(data['ur_code'])
}, 404
# only admin and staff(post owner) are allowed to modify existing orders.
identity = get_jwt_identity()
if identity["auth_level"] == "admin" or (
identity["auth_level"] == "staff"
and identity["id"] == order.staff_id):
order.name = data['order_name']
order.staff_id = data['staff_id']
order.user_id = data['user_id']
order.save_to_db()
return {"message": "order info updated succesfully."}, 200
else:
return {
"message": "unauthorized access for modififying order."
}, 500
def order_check_status():
form = OrderCheckStatusByNumberForm()
if form.validate_on_submit():
order = OrderModel.find_by_ur_code(form.order_number.data)
if order:
return redirect(url_for("order.order_info", order_id=order.id))
return render_template("order_check_status.html", form=form)
def order_check_status_qrcode():
form = OrderCheckStatusByQRCodeForm()
if form.validate_on_submit():
decoded_data = decode_qrcode(form.qrcode_img.data)
order = OrderModel.find_by_ur_code(decoded_data)
if order:
return redirect(url_for("order.order_info", order_id=order.id))
return render_template("order_check_status.html", form=form)
def index():
search_method = request.args.get("search_method",
"by_order_number",
type=str)
if search_method == "by_order_number":
form = OrderCheckStatusByNumberForm()
if form.validate_on_submit():
order = OrderModel.find_by_ur_code(form.order_number.data)
if order:
return redirect(url_for("order.order_info", order_id=order.id))
else:
form = OrderCheckStatusByQRCodeForm()
if form.validate_on_submit():
decoded_data = decode_qrcode(form.qrcode_img.data)
order = OrderModel.find_by_ur_code(decoded_data)
if order:
return redirect(url_for("order.order_info", order_id=order.id))
return render_template("home.html", form=form, search_method=search_method)
def post(self):
data = self.order_parser.parse_args()
order = OrderModel.find_by_ur_code(data["ur_code"])
if not order:
return {
"message":
"order with ur_code{} doen not exist.".format(data['ur_code'])
}, 404
# TODO
# if staff:
# TODO
# if user:
# if with full permission
return order.json(), 200
def post(self):
data = self.order_parser.parse_args()
order = OrderModel.find_by_ur_code(data["ur_code"])
identity = get_jwt_identity()
# only admin and staff members are allowed to post new orders.
if identity["auth_level"] == "user":
return {
"message": "unauthorized access, user cannot create order."
}, 500
if order:
return {
"message":
"order with ur_code {} already exists.".format(data["ur_code"])
}, 400
order = OrderModel(data["ur_code"], data["order_name"],
data["staff_id"])
order.save_to_db()
return {"message": "order created succesfully."}, 200
def validate_qrcode_img(self, qrcode_img):
decoded_data = decode_qrcode(qrcode_img.data)
if not isinstance(decoded_data, str):
raise ValidationError("unable to read the QR Code")
if not OrderModel.find_by_ur_code(decoded_data):
raise ValidationError("no order found, please try again.")
def validate_order_number(self, order_number):
if not OrderModel.find_by_ur_code(order_number.data):
raise ValidationError("no order found, please try again.")
def check_ur_code(self, ur_code):
if OrderModel.find_by_ur_code(ur_code):
raise ValidationError("Sorry, that Order Number already exists.")