class AllCommunityInvitations(Resource):
@jwt_required
@marshal_with(SimpleMessage.get_marshaller())
def post(self):
data = invitation_parser.parse_args()
user = UserModel.find_by_username(data['user'])
community = CommunityModel.find_by_id(data['community'])
if not user:
abort(404, message=USER_DOESNT_EXIST)
if not community:
abort(404, message=COMMUNIY_DOESNT_EXIST)
if user in community.users:
abort(400, message=USER_ALREADY_INVITED)
new_community_user_link = CommunityUserLinkModel(
user_id=user.id,
community_id=community.id,
invitation_accepted=False,
is_owner=False)
try:
new_community_user_link.persist()
return SimpleMessage(COMMUNIY_INVITATION_SENT), 200
except:
abort(500, message=INTERNAL_SERVER_ERROR)
class MarkCommunityAsFavourite(Resource):
@jwt_required
@marshal_with(SimpleMessage.get_marshaller())
def put(self, community_id):
user = UserModel.find_by_username(get_jwt_identity())
community_user_links = CommunityUserLinkModel.find_by_user(user.id)
faved_community_cul = next((cul for cul in community_user_links
if cul.community.id == community_id), None)
if not faved_community_cul:
abort(404, message=COMMUNIY_DOESNT_EXIST)
if user not in faved_community_cul.community.users:
abort(401, message=UNAUTHORIZED)
try:
for cul in community_user_links:
cul.is_favourite = False
cul.add_to_session()
faved_community_cul.is_favourite = True
faved_community_cul.add_to_session()
db.session.commit()
return SimpleMessage(COMMUNITY_MARKED_AS_FAVOURITE), 200
except:
abort(500, message=INTERNAL_SERVER_ERROR)
class SingleCar(Resource):
@jwt_required
@marshal_with(CarModel.get_marshaller())
def get(self, id):
car = CarModel.find_by_id(id)
if not car:
abort(404, message=CAR_DOESNT_EXIST)
return car, 200
@jwt_required
@marshal_with(CarModel.get_marshaller())
def put(self, id):
data = parser.parse_args()
car = CarModel.find_by_id(id)
if not car:
abort(404, message=CAR_DOESNT_EXIST)
car.name = data['name']
car.make = data['make']
car.model = data['model']
car.persist()
return car, 200
@jwt_required
@marshal_with(SimpleMessage.get_marshaller())
def delete(self, id):
try:
CarModel.delete_by_id(id)
except NoData:
abort(404, message=CAR_DOESNT_EXIST)
return SimpleMessage(CAR_DELETED), 200
class SingleCommunity(Resource):
@jwt_required
@marshal_with(CommunityModel.get_detailed_marshaller())
def get(self, id):
user = UserModel.find_by_username(get_jwt_identity())
community = CommunityModel.find_by_id(id)
if not community:
abort(404, message=COMMUNIY_DOESNT_EXIST)
if user not in community.users:
abort(401, message=UNAUTHORIZED)
is_owner = CommunityUserLinkModel.find_by_user_and_community(
user.id, community.id).is_owner
community.is_deletable = is_owner
community.is_editable = is_owner
return community, 200
@jwt_required
@marshal_with(CommunityModel.get_marshaller())
def put(self, id):
data = put_parser.parse_args()
community = CommunityModel.find_by_id(id)
if not community:
abort(404, message=COMMUNIY_DOESNT_EXIST)
community.name = data['name']
community.persist()
return community, 200
@jwt_required
@marshal_with(SimpleMessage.get_marshaller())
def delete(self, id):
user = UserModel.find_by_username(get_jwt_identity())
try:
link = CommunityUserLinkModel.find_by_user_and_community(
user.id, id)
if not link or not link.is_owner:
abort(401, message=UNAUTHORIZED)
except NoData:
abort(404, message=COMMUNIY_DOESNT_EXIST)
all_links = CommunityUserLinkModel.find_by_community(id)
for link in all_links:
link.delete()
try:
CommunityModel.delete_by_id(id)
except NoData:
abort(404, message=COMMUNIY_DOESNT_EXIST)
return SimpleMessage(COMMUNIY_DELETED), 200
class SingleCommunityInvitation(Resource):
@jwt_required
@marshal_with(SimpleMessage.get_marshaller())
def put(self, community_id):
user = UserModel.find_by_username(get_jwt_identity())
invitation = CommunityUserLinkModel.find_by_user_and_community(
user.id, community_id)
if not invitation:
abort(404, message=COMMUNITY_INVITATION_DOESNT_EXIST)
if invitation.invitation_accepted:
abort(400, message=COMMUNITY_INVITATION_ALREADY_ACCEPTED)
if invitation.user_id != user.id:
abort(401, message=UNAUTHORIZED_TO_ACCEPT_COMMUNITY_INVITATION)
invitation.invitation_accepted = True
invitation.persist()
assure_favourite_community(user.id)
return SimpleMessage(COMMUNITY_INVITATION_ACCEPTED), 200
@jwt_required
@marshal_with(SimpleMessage.get_marshaller())
def delete(self, community_id):
user = UserModel.find_by_username(get_jwt_identity())
invitation = CommunityUserLinkModel.find_by_user_and_community(
user.id, community_id)
if not invitation:
abort(404, message=COMMUNITY_INVITATION_DOESNT_EXIST)
if invitation.user_id != user.id:
abort(401, message=NOT_AUTHORIZED_TO_REMOVE_USER_FROM_COMMUNITY)
if invitation.invitation_accepted and not invitation.is_owner:
invitation.delete()
return SimpleMessage(COMMUNIY_LEFT_SUCCESSFULLY), 200
if invitation.invitation_accepted and invitation.is_owner:
CommunityModel.delete_by_id(invitation.community.id)
return SimpleMessage(COMMUNIY_LEFT_AND_DELETED)
invitation.delete()
return SimpleMessage(COMMUNITY_INVITATION_DECLINED), 200
class UserLogoutAccess(Resource):
@jwt_required
@marshal_with(SimpleMessage.get_marshaller())
def post(self):
jti = get_raw_jwt()['jti']
try:
revoked_token = RevokedTokenModel(jti=jti)
revoked_token.persist()
return SimpleMessage(ACCESS_TOKEN_REVOKED), 200
except:
abort(500, message=INTERNAL_SERVER_ERROR)
class ChangePassword(Resource):
@jwt_required
@marshal_with(SimpleMessage.get_marshaller())
def put(self):
password_parser = reqparse.RequestParser()
password_parser.add_argument('old_password', help='This field cannot be blank', required=True, type=str)
password_parser.add_argument('new_password', help='This field cannot be blank', required=True, type=str)
data = password_parser.parse_args()
user = UserModel.find_by_username(get_jwt_identity())
if UserModel.verify_hash(data['old_password'], user.password):
if len(data['new_password']) < 8:
abort(400, message=PASSWORD_TOO_SHORT)
user.password = UserModel.generate_hash(data['new_password'])
user.persist()
return SimpleMessage(PASSWORD_CHANGED), 201
else:
abort(401, message=OLD_PASSWORD_INCORRECT)
class ForgotPassword(Resource):
@marshal_with(SimpleMessage.get_marshaller())
def post(self):
parser = reqparse.RequestParser()
parser.add_argument('identification', help='This field cannot be blank', required=True, type=str)
data = parser.parse_args()
user = UserModel.find_by_username(data['identification'])
if not user:
user = UserModel.find_by_email(data['identification'])
if not user:
abort(401, message=USER_NOT_FOUND)
try:
user.reset_password_hash = uuid4()
user.reset_password_hash_created = datetime.now()
user.persist()
send_forgot_password_email(user)
return SimpleMessage(RESET_PASSWORD_MAIL_SENT), 200
except:
abort(500, message=INTERNAL_SERVER_ERROR)
class DeleteEvent(Resource):
@jwt_required
@marshal_with(SimpleMessage.get_marshaller())
def delete(self, event_id):
event: EventModel = EventModel.find_by_id(event_id)
if not event:
abort(404, message=EVENT_DOESNT_EXIST)
community_member_ids = [m.id for m in event.community.users]
user = UserModel.find_by_username(get_jwt_identity())
if user.id not in community_member_ids:
abort(401, message=UNAUTHORIZED)
try:
event.delete_by_id(event_id)
return SimpleMessage(EVENT_DELETED), 200
except:
abort(500, message=INTERNAL_SERVER_ERROR)
class DeleteTask(Resource):
@jwt_required
@marshal_with(SimpleMessage.get_marshaller())
def delete(self, task_id):
task: TaskModel = TaskModel.find_by_id(task_id)
if not task:
abort(400, message=TASK_DOESNT_EXIST)
community_member_ids = [m.id for m in task.community.users]
user = UserModel.find_by_username(get_jwt_identity())
if user.id not in community_member_ids:
abort(401, message=UNAUTHORIZED)
try:
task.delete_by_id(task_id)
return SimpleMessage(TASK_DELETED), 200
except:
abort(500, message=INTERNAL_SERVER_ERROR)
class SingleTour(Resource):
@jwt_required
@marshal_with(TourModel.get_marshaller())
def put(self, community_id, id):
data = edit_tour_parser.parse_args()
tour = TourModel.find_by_id(id)
user = UserModel.find_by_username(get_jwt_identity())
community: CommunityModel = CommunityModel.find_by_id(community_id)
community_member_ids = [m.id for m in community.users]
if not tour:
abort(404, message=TOUR_NOT_FOUND)
if not user.id == tour.owner.id:
abort(401, message=UNAUTHORIZED)
passengers = []
if data['passengers']:
for passenger_id in set(data['passengers']):
if passenger_id not in community_member_ids:
abort(400, message=PASSENGERS_MUST_BE_COMMUNITY_MEMBERS)
else:
passengers.append([u for u in community.users if u.id == passenger_id][0])
tour.comment = data['comment']
tour.parking_position = data['parking_position']
if not tour.is_open:
abort(400, message=CANNOT_UPDATE_SENSITIVE_TOUR_DATA_WHEN_TOUR_IS_ALREADY_PAYED_FOR)
else:
if data['end_km'] <= data['start_km']:
abort(400, message=END_KM_MUST_BE_GREATER_START_KM)
tour.end_km = data['end_km']
tour.start_km = data['start_km']
tour.passengers = passengers
tour.persist()
return tour, 200
@jwt_required
@marshal_with(SimpleMessage.get_marshaller())
def delete(self, community_id, id):
tour = TourModel.find_by_id(id)
user = UserModel.find_by_username(get_jwt_identity())
if not tour:
abort(404, message=TOUR_NOT_FOUND)
if not user.id == tour.owner.id:
abort(401, message=UNAUTHORIZED)
try:
TourModel.delete_by_id(id)
except NoData:
abort(404, message=TOUR_NOT_FOUND)
return SimpleMessage(TOUR_DELETED), 200
@jwt_required
@marshal_with(TourModel.get_marshaller())
def get(self, community_id, id):
tour = TourModel.find_by_id(id)
user = UserModel.find_by_username(get_jwt_identity())
if not tour:
abort(404, message=TOUR_NOT_FOUND)
if user.id not in [u.id for u in tour.community.users]:
abort(401, message=UNAUTHORIZED)
return tour, 200
class SingleRefuel(Resource):
@jwt_required
@marshal_with(RefuelModel.get_marshaller())
def get(self, community_id, id):
user = UserModel.find_by_username(get_jwt_identity())
refuel = RefuelModel.find_by_id(id)
if not refuel:
abort(404, message=REFUEL_DOESNT_EXIST)
if user.id not in [u.id for u in refuel.community.users]:
abort(401, message=UNAUTHORIZED)
return refuel, 200
@jwt_required
@marshal_with(RefuelModel.get_marshaller())
def put(self, community_id, id):
data = parser.parse_args()
refuel = RefuelModel.find_by_id(id)
user = UserModel.find_by_username(get_jwt_identity())
if not refuel:
abort(404, message=REFUEL_DOESNT_EXIST)
if not user.id == refuel.owner.id:
abort(401, message=UNAUTHORIZED)
if not refuel.community.id == community_id:
abort(400, message=CANT_CHANGE_REFUEL_COMMUNITY)
refuel.costs = round(data['costs'], 2)
refuel.liters = data['liters']
refuel.gas_station_name = data['gas_station_name']
refuel.persist()
return refuel, 200
@jwt_required
@marshal_with(SimpleMessage.get_marshaller())
def delete(self, community_id, id):
refuel = RefuelModel.find_by_id(id)
if not refuel:
abort(404, message=REFUEL_DOESNT_EXIST)
user = UserModel.find_by_username(get_jwt_identity())
if not user.id == refuel.owner.id:
abort(401, message=UNAUTHORIZED)
if not refuel.is_open:
abort(401, message=CANNOT_DELETE_A_REFUEL_THAT_IS_PART_OF_A_PAYOFF)
try:
RefuelModel.delete_by_id(id)
except NoData:
abort(404, message=REFUEL_DOESNT_EXIST)
return SimpleMessage(REFUEL_DELETED), 200