def create_order():
user = current_user
# You can not check is user is not None because user is LocalProxy even when no authenticated
# to check if the user is authenticated we may do hasattr
user_id = user.id if hasattr(user, 'id') else None
address_id = request.json.get('address_id', None)
if address_id is not None:
# reusing address, the user has to be authenticated and owning that address
address = Address.query.filter_by(id=address_id, user_id=user_id).first()
if address is None:
return get_error_response('Permission Denied, you can not use this address', 401)
else:
first_name = request.json.get('first_name', None)
last_name = request.json.get('last_name', None)
zip_code = request.json.get('zip_code', None)
street_address = request.json.get('address', None)
country = request.json.get('address', None)
city = request.json.get('address', None)
if user_id is not None:
if first_name is None:
first_name = user.first_name
if last_name is None:
last_name = user.last_name
address = Address(first_name=first_name, last_name=last_name, city=city, country=country,
street_address=street_address, zip_code=zip_code, )
if hasattr(user, 'id'):
address.user_id = user.id
db.session.add(address)
db.session.flush() # we would need the address.id so let's save the address to the db to have the id
import faker
fake = faker.Faker()
order = Order(order_status=0, tracking_number=fake.uuid4(), address_id=address.id)
cart_items = request.json.get('cart_items')
product_ids = [ci['id'] for ci in cart_items]
products = db.session.query(Product).filter(Product.id.in_(product_ids)).all()
if len(products) != len(cart_items):
return get_error_response('Error, make sure all products you want to order are still available')
for index, product in enumerate(products):
order.order_items.append(OrderItem(price=product.price,
quantity=cart_items[index]['quantity'], product=product,
name=product.name,
slug=product.slug,
user_id=user_id))
db.session.add(order)
db.session.commit()
return get_success_response('Order created successfully', data=order.get_summary(include_order_items=True),
status_code=200)
def unlike(article_slug):
user = current_identity
article = Article.query.filter_by(slug=article_slug).options(load_only('id', 'title')).first()
like = Like.query.filter_by(article_id=article.id, user_id=user.id).first()
if like is not None:
db.session.delete(like)
db.session.commit()
return get_success_response('You have just successfully disliked the article: %s' % article.title)
else:
return get_error_response('Permission denied, You are not liking this article')
def like_article(article_slug):
user = current_identity
article = Article.query.filter_by(slug=article_slug).options(load_only('id', 'title')).first()
if Like.query.filter_by(article_id=article.id, user_id=user.id).count() == 0:
like = Like(article_id=article.id, user_id=user.id)
db.session.add(like)
db.session.commit()
return get_success_response('You are now liking %s' % article.title)
else:
return get_error_response('Permission denied, You already liked this article')
def update_comment(comment_id):
comment = Comment.query.get_or_404(comment_id)
if comment is None:
return get_error_response(messages='not found', status_code=404)
content = request.json.get('content')
if content:
comment.content = content
db.session.commit()
return get_success_response(data=CommentDetailsSerializer(comment).data,
messages='Comment updated successfully')
def destroy_comment(comment_id):
comment = Comment.query.get(comment_id)
if comment is None:
return get_error_response('Comment not found', status_code=404)
if current_user.is_admin() or comment.user_id == current_user.id:
db.session.delete(comment)
db.session.commit()
return get_success_response('Comment deleted successfully')
else:
return get_error_response(
'Permission denied, you can not delete this comment',
status_code=401)
def create_comment(article_slug):
content = request.json.get('content')
claims = get_jwt_claims()
user_id = claims.get('id')
article_id = db.session.query(
Article.id).filter_by(slug=article_slug).first()[0]
comment = Comment(content=content, user_id=user_id, article_id=article_id)
db.session.add(comment)
db.session.commit()
return get_success_response(data=CommentDetailsSerializer(comment).data,
messages='Comment created successfully')
def unfollow_user(username):
user = current_identity
following = User.query.filter_by(username=username).options(load_only('id')).first()
if not hasattr(following, 'id'):
return get_error_response('Permission denied, This user does not exist')
user_subscription = UserSubscription.query.filter_by(following_id=following.id, follower_id=user.id).first()
if user_subscription is not None:
db.session.delete(user_subscription)
db.session.commit()
return get_success_response('You are now not following %s' % username)
else:
return get_error_response('Permission denied, You are not following this user')
def register():
first_name = request.json.get('first_name', None)
last_name = request.json.get('last_name', None)
username = request.json.get('username', None)
password = request.json.get('password', None)
email = request.json.get('email', None)
role = db.session.query(Role).filter_by(name='ROLE_USER').first()
db.session.add(
User(first_name=first_name,
last_name=last_name,
username=username,
password=bcrypt.generate_password_hash(password).decode('utf-8'),
roles=[role],
email=email))
db.session.commit()
return get_success_response('User registered successfully')
def create_comment(product_slug):
content = request.json.get('content')
# claims = get_jwt_claims()
# user_id = claims.get('user_id')
# user_id = get_jwt_identity()
# user = current_user
claims = get_jwt_claims()
user_id = claims.get('user_id')
product_id = db.session.query(
Product.id).filter_by(slug=product_slug).first()[0]
comment = Comment(content=content, user_id=user_id, product_id=product_id)
db.session.add(comment)
db.session.commit()
return get_success_response(data=CommentDetailsSerializer(comment).data,
messages='Comment created successfully')
def create_tag():
if current_user.is_not_admin():
return jsonify(
get_error_response('Permission denied, you must be admin',
status_code=401))
name = request.form.get('name')
description = request.form.get('description')
tag = Tag(name=name, description=description)
if 'images[]' in request.files:
for image in request.files.getlist('images[]'):
if image and validate_file_upload(image.filename):
filename = secure_filename(image.filename)
dir_path = app.config['IMAGES_LOCATION']
dir_path = os.path.join((os.path.join(dir_path, 'tags')))
if not os.path.exists(dir_path):
os.makedirs(dir_path)
file_path = os.path.join(dir_path, filename)
image.save(file_path)
file_path = file_path.replace(
app.config['IMAGES_LOCATION'].rsplit(os.sep, 2)[0], '')
if image.content_length == 0:
file_size = image.content_length
else:
file_size = os.stat(file_path).st_size
ti = TagImage(file_path=file_path,
file_name=filename,
original_name=image.filename,
file_size=file_size)
tag.images.append(ti)
db.session.add(tag)
db.session.commit()
return get_success_response(data=tag.get_summary(),
messages='Tag created successfully')
def follow_user(username):
user = current_identity
following = User.query.filter_by(username=username).options(load_only('id')).first()
if not hasattr(following, 'username'):
return get_error_response('Permission denied, This user does not exist')
if following.id == user.id:
return get_error_response('Permission denied, You can not follow yourself')
user_subscription = UserSubscription.query.filter_by(following_id=following.id, follower_id=user.id).first()
if user_subscription is None:
if following.is_admin_or_author():
user_subscription = UserSubscription(following_id=following.id, follower_id=user.id)
db.session.add(user_subscription)
db.session.commit()
return get_success_response('You are now following %s' % username)
else:
return get_error_response('Permission denied, You can not follow a non author user')
else:
return get_error_response('Permission denied, You already following this user')
def update_comment(comment_id):
# comment = Comment.query.get_or_404(comment_id)
comment = Comment.query.get(comment_id)
if comment is None:
return get_error_response(messages='not found', status_code=404)
if current_user.is_admin() or comment.user_id == current_user.id:
content = request.json.get('content')
rating = request.json.get('rating')
if content:
comment.content = content
if rating:
comment.rating = rating
db.session.commit()
return get_success_response(
data=CommentDetailsSerializer(comment).data,
messages='Comment updated successfully')
else:
return get_error_response(
'Permission denied, you can not update this comment',
status_code=401)
def created_address():
first_name = request.json.get('first_name')
last_name = request.json.get('last_name')
zip_code = request.json.get('zip_code')
phone_number = request.json.get('phone_number')
city = request.json.get('city')
country = request.json.get('country')
street_address = request.json.get('address')
# Method 1 of retrieving the user_id when using flask-jwt-extended
# claims = get_jwt_claims()
# user_id = claims.get('user_id')
# Method 2; Method 3 is get_jwt_identity()
user_id = current_user.id
address = Address(first_name=first_name, last_name=last_name, zip_code=zip_code, phone_number=phone_number,
street_address=street_address, user_id=user_id, city=city, country=country)
db.session.add(address)
db.session.commit()
return get_success_response(data=address.get_summary(), messages='Address created successfully')
def destroy(product_slug):
product = Product.query.filter_by(slug=product_slug).first()
db.session.delete(product)
db.session.commit()
return get_success_response('Product deleted successfully')
def destroy_article_by_id(article_id):
article = Article.query.get(article_id).first()
db.session.delete(article)
db.session.commit()
return get_success_response('Article deleted successfully')
def destroy_article(article_slug):
article = Article.query.filter_by(slug=article_slug).first()
db.session.delete(article)
db.session.commit()
return get_success_response('Article deleted successfully')
def destroy_by_id(product_id):
product = Product.query.get(product_id).first()
db.session.delete(product)
db.session.commit()
return get_success_response('Product deleted successfully')
def destroy_comment(comment_id):
comment = Comment.query.get(comment_id)
db.session.delete(comment)
db.session.commit()
return get_success_response('Comment deleted successfully')