def get_stocktakingcollections(admin, collection_id):
"""
Returns the stocktakingcollection with the requested id. In addition,
all stocktakings that belong to this collection are returned.
:param admin: Is the administrator user,
determined by @adminRequired.
:param collection_id: Is the stocktakingcollection id.
:return: The requested stocktakingcollection and all
related stocktakings JSON object.
:raises EntryNotFound: If the stocktakingcollection with this ID does
not exist.
"""
# Query the stocktakingcollection.
collection = StocktakingCollection.query.filter_by(
id=collection_id).first()
# If it does not exist, raise an exception.
if not collection:
raise exc.EntryNotFound()
fields_collection = [
'id', 'timestamp', 'admin_id', 'revoked', 'revokehistory'
]
fields_stocktaking = ['id', 'product_id', 'count', 'collection_id']
stocktakings = collection.stocktakings.all()
result = convert_minimal(collection, fields_collection)[0]
result['stocktakings'] = convert_minimal(stocktakings, fields_stocktaking)
return jsonify(result), 200
def get_replenishmentcollection(admin, id):
"""
Returns the replenishmentcollection with the requested id. In addition,
all replenishments that belong to this collection are returned.
:param admin: Is the administrator user,
determined by @adminRequired.
:param id: Is the replenishmentcollection id.
:return: The requested replenishmentcollection and all
related replenishments JSON object.
:raises EntryNotFound: If the replenishmentcollection with this ID does
not exist.
"""
# Query the replenishmentcollection.
replcoll = ReplenishmentCollection.query.filter_by(id=id).first()
# If it does not exist, raise an exception.
if not replcoll:
raise exc.EntryNotFound()
fields_replcoll = [
'id', 'timestamp', 'admin_id', 'price', 'revoked', 'revokehistory',
'comment'
]
fields_repl = [
'id', 'replcoll_id', 'product_id', 'amount', 'total_price', 'revoked'
]
repls = replcoll.replenishments.all()
result = convert_minimal(replcoll, fields_replcoll)[0]
result['replenishments'] = convert_minimal(repls, fields_repl)
return jsonify(result), 200
def list_purchases(admin):
"""
Returns a list of all purchases. If this route is called by an
administrator, all information is returned. However, if it is called
without further rights, a minimal version is returned.
:param admin: Is the administrator user, determined by @adminOptional.
:return: A list of all purchases.
"""
if admin is not None:
fields = [
'id', 'timestamp', 'user_id', 'admin_id', 'product_id',
'productprice', 'amount', 'revoked', 'price'
]
else:
fields = [
'id', 'timestamp', 'user_id', 'admin_id', 'product_id', 'amount'
]
query = QueryFromRequestParameters(Purchase, request.args, fields)
if admin is None:
query = query.filter(~exists().where(
PurchaseRevoke.purchase_id == Purchase.id))
result, content_range = query.result()
response = jsonify(convert_minimal(result, fields))
response.headers['Content-Range'] = content_range
return response
def get_user(admin, user_id):
"""
Returns the user with the requested id.
:param admin: Is the administrator user, determined by @adminOptional.
:param user_id: Is the user id.
:return: The requested user as JSON object.
"""
# Query user
user = User.query.filter(User.id == user_id).first()
if not user:
raise exc.EntryNotFound()
if admin is None:
# Check if the user has been verified.
if not user.is_verified:
raise exc.UserIsNotVerified()
# Check if the user is inactive
if not user.active:
raise exc.UserIsInactive()
fields = ['id', 'firstname', 'lastname', 'fullname', 'credit', 'rank_id', 'imagename', 'active',
'is_admin', 'creation_date', 'verification_date', 'is_verified']
user = convert_minimal(user, fields)[0]
return jsonify(user), 200
def list_users(admin):
"""
Returns a list of all users. If this route is called by an
administrator, all information is returned. However, if it is called
without further rights, a minimal version is returned.
:param admin: Is the administrator user, determined by @adminOptional.
:return: A list of all users.
"""
# Define fields
if admin is None:
fields = ['id', 'firstname', 'lastname', 'fullname', 'rank_id', 'imagename']
else:
fields = ['id', 'firstname', 'lastname', 'fullname', 'credit', 'rank_id', 'imagename', 'active',
'is_admin', 'creation_date', 'verification_date', 'is_verified']
query = QueryFromRequestParameters(User, request.args, fields=fields)
# Hide non verified, inactive and system users for non-administrators
if admin is None:
query = (query
.filter(User.is_verified.is_(True))
.filter(User.active.is_(True))
.filter(User.is_system_user.is_(False)))
result, content_range = query.result()
response = jsonify(convert_minimal(result, fields))
response.headers['Content-Range'] = content_range
return response
def list_tags():
"""
Returns a list of all tags.
:return: A list of all tags.
"""
result = Tag.query.all()
tags = convert_minimal(result, ['id', 'name', 'created_by'])
return jsonify(tags), 200
def list_ranks():
"""
Returns a list of all ranks.
:return: A list of all ranks.
"""
result = Rank.query.all()
ranks = convert_minimal(result, ['id', 'name', 'debt_limit'])
return jsonify(ranks), 200
def login():
"""
Registered users can log in on this route.
:return: A temporary valid token, which users can use
to identify themselves when making requests to
the API.
:raises DataIsMissing: If the id or password (or both) is not included
in the request.
:raises UnknownField: If an unknown parameter exists in the request
data.
:raises InvalidType: If one or more parameters have an invalid type.
:raises InvalidCredentials: If no user can be found with the given data.
:raises UserIsNotVerified: If the user has not yet been verified.
"""
data = json_body()
# Check all items in the json body.
required = {'id': int, 'password': str}
check_fields_and_types(data, required)
# Try to get the user with the id
user = User.query.filter_by(id=data['id']).first()
# If no user with this data exists cancel the authentication.
if not user:
raise exc.InvalidCredentials()
# Check if the user has already been verified.
if not user.is_verified:
raise exc.UserIsNotVerified()
# Check if the user is inactive
if not user.active:
raise exc.UserIsInactive()
# Check if the user has set a password.
if not user.password:
raise exc.InvalidCredentials()
# Check if the password matches the user's password.
if not bcrypt.check_password_hash(user.password, str(data['password'])):
raise exc.InvalidCredentials()
# Create a dictionary object of the user.
fields = ['id', 'firstname', 'lastname', 'credit', 'is_admin']
d_user = convert_minimal(user, fields)[0]
# Create a token.
exp = datetime.datetime.utcnow() + datetime.timedelta(minutes=60)
token = jwt.encode({'user': d_user, 'exp': exp}, app.config['SECRET_KEY'])
# Return the result.
return jsonify({'result': True, 'token': token.decode('UTF-8')}), 200
def list_turnovers(admin):
"""
Returns a list of all turnovers.
:param admin: Is the administrator user, determined by @adminRequired.
:return: A list of all turnovers.
"""
turnovers = Turnover.query.all()
fields = ['id', 'timestamp', 'amount', 'comment', 'revoked', 'admin_id']
return jsonify(convert_minimal(turnovers, fields)), 200
def list_replenishmentcollections(admin):
"""
Returns a list of all replenishmentcollections.
:param admin: Is the administrator user, determined by @adminRequired.
:return: A list of all replenishmentcollections.
"""
data = ReplenishmentCollection.query.all()
fields = ['id', 'timestamp', 'admin_id', 'price', 'revoked', 'comment']
response = convert_minimal(data, fields)
return jsonify(response), 200
def list_stocktakingcollections(admin):
"""
Returns a list of all stocktakingcollections.
:param admin: Is the administrator user, determined by @adminRequired.
:return: A list of all stocktakingcollections.
"""
data = (StocktakingCollection.query.order_by(
StocktakingCollection.timestamp).all())
fields = ['id', 'timestamp', 'admin_id', 'revoked']
return jsonify(convert_minimal(data, fields)), 200
def list_tags():
"""
Returns a list of all tags.
:return: A list of all tags.
"""
fields = ['id', 'name', 'created_by', 'is_for_sale']
query = QueryFromRequestParameters(Tag, request.args, fields)
result, content_range = query.result()
response = jsonify(convert_minimal(result, fields))
response.headers['Content-Range'] = content_range
return response
def list_ranks():
"""
Returns a list of all ranks.
:return: A list of all ranks.
"""
fields = ['id', 'name', 'debt_limit', 'is_system_user']
query = QueryFromRequestParameters(Rank, request.args, fields)
result, content_range = query.result()
response = jsonify(convert_minimal(result, fields))
response.headers['Content-Range'] = content_range
return response
def list_pending_validations(admin):
"""
Returns a list of all non verified users.
:param admin: Is the administrator user, determined by @adminRequired.
:return: A list of all non verified users.
"""
res = (db.session.query(User)
.filter(~exists().where(UserVerification.user_id == User.id))
.all())
fields = ['id', 'firstname', 'lastname']
return jsonify(convert_minimal(res, fields)), 200
def list_users(admin):
"""
Returns a list of all users. If this route is called by an
administrator, all information is returned. However, if it is called
without further rights, a minimal version is returned.
:param admin: Is the administrator user, determined by @adminOptional.
:return: A list of all users.
"""
query = User.query.filter(User.is_verified.is_(True))
if not admin:
query = query.filter(User.active.is_(True))
fields = ['id', 'firstname', 'lastname', 'rank_id']
return jsonify(convert_minimal(query.all(), fields)), 200
fields = [
'id', 'firstname', 'lastname', 'credit', 'is_admin', 'creation_date',
'rank_id'
]
return jsonify(convert_minimal(query.all(), fields)), 200
def list_refunds(admin):
"""
Returns a list of all refunds.
:param admin: Is the administrator user, determined by @adminRequired.
:return: A list of all refunds.
"""
refunds = Refund.query.all()
fields = [
'id', 'timestamp', 'user_id', 'total_price', 'comment', 'revoked',
'admin_id'
]
return jsonify(convert_minimal(refunds, fields)), 200
def list_deposits(admin):
"""
Returns a list of all deposits.
:param admin: Is the administrator user, determined by @adminRequired.
:return: A list of all deposits.
"""
deposits = Deposit.query.all()
fields = [
'id', 'timestamp', 'user_id', 'amount', 'comment', 'revoked',
'admin_id'
]
return jsonify(convert_minimal(deposits, fields)), 200
def get_user_deposits(user, user_id):
"""
Returns a list with all deposits of a user.
:param user: Is the user, determined by @checkIfUserIsValid.
:param user_id: Is the user id.
:return: A list with all deposits of the user.
"""
fields = ['id', 'timestamp', 'admin_id', 'amount', 'revoked', 'comment']
deposits = convert_minimal(user.deposits.all(), fields)
return jsonify(deposits), 200
def get_user_purchases(user, user_id):
"""
Returns a list with all purchases of a user.
:param user: Is the user, determined by @checkIfUserIsValid.
:param user_id: Is the user id.
:return: A list with all purchases of the user.
"""
fields = ['id', 'timestamp', 'product_id', 'admin_id', 'productprice', 'amount', 'revoked', 'price']
purchases = convert_minimal(user.purchases.all(), fields)
return jsonify(purchases), 200
def list_replenishments(admin):
"""
Returns a list of all replenishments.
:param admin: Is the administrator user, determined by @adminRequired.
:return: A list of all replenishments.
"""
fields = ['id', 'product_id', 'amount', 'total_price', 'revoked']
query = QueryFromRequestParameters(Replenishment, request.args, fields)
result, content_range = query.result()
response = jsonify(convert_minimal(result, fields))
response.headers['Content-Range'] = content_range
return response
def list_stocktakingcollections(admin):
"""
Returns a list of all stocktakingcollections.
:param admin: Is the administrator user, determined by @adminRequired.
:return: A list of all stocktakingcollections.
"""
fields = ['id', 'timestamp', 'admin_id', 'revoked']
query = QueryFromRequestParameters(StocktakingCollection, request.args,
fields)
result, content_range = query.result()
response = jsonify(convert_minimal(result, fields))
response.headers['Content-Range'] = content_range
return response
def get_rank(rank_id):
"""
Returns the rank with the requested id.
:param rank_id: Is the rank id.
:return: The requested rank as JSON object.
:raises EntryNotFound: If the rank with this ID does not exist.
"""
result = Rank.query.filter_by(id=rank_id).first()
if not result:
raise exc.EntryNotFound()
rank = convert_minimal(result, ['id', 'name', 'debt_limit', 'is_system_user'])[0]
return jsonify(rank), 200
def get_user_refunds(user, id):
"""
Returns a list with all refunds of a user.
:param user: Is the user, determined by @checkIfUserIsValid.
:param id: Is the user id.
:return: A list with all refunds of the user.
"""
fields = [
'id', 'timestamp', 'admin_id', 'total_price', 'revoked', 'comment'
]
refunds = convert_minimal(user.refunds.all(), fields)
return jsonify(refunds), 200
def get_tag(tag_id):
"""
Returns the tag with the requested id.
:param tag_id: Is the tag id.
:return: The requested tag as JSON object.
:raises EntryNotFound: If the tag with this ID does not exist.
"""
result = Tag.query.filter_by(id=tag_id).first()
if not result:
raise exc.EntryNotFound()
tag = convert_minimal(result, ['id', 'name', 'created_by', 'is_for_sale'])[0]
return jsonify(tag), 200
def get_user(user, id):
"""
Returns the user with the requested id.
:param user: Is the user, determined by @checkIfUserIsValid.
:param id: Is the user id.
:return: The requested user as JSON object.
"""
fields = [
'id', 'firstname', 'lastname', 'credit', 'rank_id', 'is_admin',
'creation_date', 'verification_date'
]
user = convert_minimal(user, fields)[0]
return jsonify(user), 200
def list_deposits(admin):
"""
Returns a list of all deposits.
:param admin: Is the administrator user, determined by @adminRequired.
:return: A list of all deposits.
"""
fields = [
'id', 'timestamp', 'user_id', 'amount', 'comment', 'revoked',
'admin_id'
]
query = QueryFromRequestParameters(Deposit, request.args, fields)
result, content_range = query.result()
response = jsonify(convert_minimal(result, fields))
response.headers['Content-Range'] = content_range
return response
def get_purchase(purchase_id):
"""
Returns the purchase with the requested id.
:param purchase_id: Is the purchase id.
:return: The requested purchase as JSON object.
:raises EntryNotFound: If the purchase with this ID does not exist.
"""
purchase = Purchase.query.filter_by(id=purchase_id).first()
if not purchase:
raise exc.EntryNotFound()
fields = [
'id', 'timestamp', 'user_id', 'admin_id', 'product_id', 'amount',
'price', 'productprice', 'revoked', 'revokehistory'
]
return jsonify(convert_minimal(purchase, fields)[0]), 200
def list_products(admin):
"""
Returns a list of all products.
:param admin: Is the administrator user, determined by @adminOptional.
:return: A list of all products
"""
result = Product.query.all()
fields = [
'id', 'name', 'price', 'barcode', 'active', 'countable', 'revocable',
'imagename', 'tags', 'creation_date'
]
products = convert_minimal(result, fields)
for product in products:
product['tags'] = [t.id for t in product['tags']]
return jsonify(products), 200
def get_turnover(id):
"""
Returns the turnover with the requested id.
:param id: Is the turnover id.
:return: The requested turnover as JSON object.
:raises EntryNotFound: If the turnover with this ID does not exist.
"""
# Query the turnover
res = Turnover.query.filter_by(id=id).first()
# If it not exists, return an error
if not res:
raise exc.EntryNotFound()
# Convert the turnover to a JSON friendly format
fields = [
'id', 'timestamp', 'amount', 'comment', 'revoked', 'revokehistory'
]
return jsonify(convert_minimal(res, fields)[0]), 200
def list_products(admin):
"""
Returns a list of all products.
:param admin: Is the administrator user, determined by @adminOptional.
:return: A list of all products
"""
fields = [
'id', 'name', 'price', 'barcode', 'active', 'countable',
'purchase_sum', 'replenishment_sum', 'balance_score', 'revocable',
'imagename', 'tags', 'creation_date'
]
query = QueryFromRequestParameters(Product, request.args, fields)
result, content_range = query.result()
products = convert_minimal(result, fields)
for product in products:
product['tags'] = [t.id for t in product['tags']]
response = jsonify(products)
response.headers['Content-Range'] = content_range
return response
