def logout():
"""
Deauthenticate with the application.
"""
# TODO: de-auth API key
logout_user()
return jsonify(csrf_token=csrf_protect._get_csrf_token())
def get_need(need_id):
need = Need.get(need_id)
if not need:
return api_error('Need not found')
if current_user.id != need.alert.user_id:
return api_error('Permission denied')
return jsonify(need.to_advocate_json())
def update_user(user_id):
"""
Update an user account.
"""
user = User.get(user_id)
if not user:
return api_error('User not found', 404)
form_kwargs = dict(
validate_unique_email=user.email != request.json.get('email')
)
if 'password' in request.json:
form = FullUserForm(**form_kwargs)
else:
form = BaseUserForm(**form_kwargs)
if not form.validate_on_submit():
return api_error(form.errors)
services = []
if form.role.data == 'provider':
user.services = Service.get_by_ids(form.services.data)
user.email = form.email.data
if 'password' in request.json:
user.set_password(form.password.data)
user.name = form.name.data
user.organization = form.organization.data
user.phone_number = form.phone_number.data
user.role = form.role.data
user.save()
return jsonify(user)
def get_need(need_id):
need = Need.get(need_id)
if not need:
return api_error('Need not found')
if not current_user.is_admin and current_user.id != need.alert.user_id:
return api_error('Permission denied')
return jsonify(need.to_advocate_json())
def set_category_sort():
"""
Sets the order of the categories.
"""
if 'categories' not in request.json:
return api_error('Invalid form.')
categories = request.json['categories']
for data in categories:
category = Category.get(data['id'])
category.sort_order = data['sort_order']
category.save()
return jsonify(Category.all())
def set_category_sort():
"""
Sets the order of the categories.
"""
if 'categories' not in request.json:
return api_error('Invalid form.')
categories = request.json['categories']
for data in categories:
category = Category.get(data['id'])
category.sort_order = data['sort_order']
category.save()
return jsonify(Category.all())
def login():
"""
Authenticate with the application.
"""
# TODO: issue API key here instead of cookie
form = LoginForm(request.json_multidict)
if not form.validate_on_submit():
return api_error(form.errors)
user = User.get_by_email(form.email.data.lower())
password = form.password.data
if user is not None and user.check_password(password):
login_user(user)
return jsonify(user)
return api_error(dict(form=['Invalid username/password.']))
def get_alert(alert_id):
alert = Alert.get(alert_id)
if not alert:
return api_error('Alert not found')
if current_user.role == 'provider':
if not alert.provider_has_permission(current_user):
return api_error('Permission denied')
data = alert.to_provider_json(current_user)
elif current_user.role == 'advocate':
if alert.user.id != current_user.id:
return api_error('Permission denied')
data = alert.to_advocate_json()
else: # is an admin
data = alert.to_advocate_json()
return jsonify(data)
def update_profile():
"""
Update logged in user's profile.
"""
form = UpdateProfileForm(request.json_multidict)
if not form.validate_on_submit():
return api_error(form.errors)
current_user.name = form.name.data
current_user.organization = form.organization.data
current_user.email = form.email.data
current_user.phone_number = form.phone_number.data
if current_user.is_provider:
current_user.services = Service.get_by_ids(form.services.data)
current_user.save()
return jsonify(current_user)
def get_alert(alert_id):
alert = Alert.get(alert_id)
if not alert:
return api_error('Alert not found')
if current_user.role == 'provider':
if not alert.provider_has_permission(current_user):
return api_error('Permission denied')
data = alert.to_provider_json(current_user)
elif current_user.role == 'advocate':
if alert.user.id != current_user.id:
return api_error('Permission denied')
data = alert.to_advocate_json()
else: # is an admin
data = alert.to_json()
return jsonify(data)
def get_alerts():
"""
Gets list of a alerts.
Admin gets a list of all results.
Provider gets a list of their outstanding alerts.
Advocate gets a list of their sent alerts.
"""
# TODO: pagination
if current_user.role == 'advocate':
alerts = Alert.get_advocate_alerts(current_user)
elif current_user.role == 'provider':
scope = request.args.get('scope')
if scope == 'all':
alerts = Alert.get_provider_alerts(current_user)
elif scope == 'responded':
alerts = Alert.get_responded_alerts_for_provider(current_user)
else:
alerts = Alert.get_active_alerts_for_provider(current_user)
else:
alerts = Alert.get_admin_alerts()
return jsonify(alerts)
def get_alerts():
"""
Gets list of a alerts.
Admin gets a list of all results.
Provider gets a list of their outstanding alerts.
Advocate gets a list of their sent alerts.
"""
# TODO: pagination
if current_user.role == 'advocate':
alerts = Alert.get_advocate_alerts(current_user)
elif current_user.role == 'provider':
scope = request.args.get('scope')
if scope == 'all':
alerts = Alert.get_provider_alerts(current_user)
elif scope == 'responded':
alerts = Alert.get_responded_alerts_for_provider(current_user)
else:
alerts = Alert.get_active_alerts_for_provider(current_user)
else:
alerts = Alert.get_alerts()
return jsonify(alerts)
def create_user():
"""
Create an user account.
"""
form = FullUserForm()
if not form.validate_on_submit():
return api_error(form.errors)
services = []
if form.role.data == 'provider':
services = Service.get_by_ids(form.services.data)
user = User(
name=form.name.data,
organization=form.organization.data,
email=form.email.data,
password=form.password.data,
phone_number=form.phone_number.data,
role=form.role.data,
services=services
)
user.save()
return jsonify(user)
def reset_password():
"""
Reset a user's password with valid token.
Will send a password reset notification email to user.
"""
reset_token_life = timedelta(
hours=current_app.config.get('RESET_TOKEN_LIFE', 24))
form = ResetPasswordForm(request.json_multidict)
if not form.validate_on_submit():
return api_error(form.errors)
user = User.get_by_email(form.email.data)
if not user:
return api_error(dict(form=['Could not find user.']))
if not user.reset_token or user.reset_token != form.token.data:
return api_error(dict(form=['Invalid reset token.']))
if user.reset_created_at < datetime.utcnow() - reset_token_life:
return api_error(dict(form=['Reset token expired']))
user.set_password(form.password.data)
user.reset_token = None
user.reset_created_at = None
user.save()
send_confirm_password_reset(user)
login_user(user)
return jsonify(user)
def get_users():
"""
Get a list of all users.
"""
return jsonify(User.all())
def get_category(category_id):
"""
Gets a category.
"""
return jsonify(Category.get(category_id))
def get_categories():
"""
Gets the list of categories.
"""
# TODO: pagination
return jsonify(Category.all())
def get_category(category_id):
"""
Gets a category.
"""
return jsonify(Category.get(category_id))
def get_services():
"""
Gets the list of services.
"""
# TODO: pagination
return jsonify(Service.all())
def get_categories():
"""
Gets the list of categories.
"""
# TODO: pagination
return jsonify(Category.all())
def get_service(service_id):
"""
Gets a service.
"""
return jsonify(Service.get(service_id))
def get_current_user():
user = None
if current_user.is_authenticated:
user = current_user
return jsonify(current_user=user)
def get_user(user_id):
"""
Gets a user by id.
"""
return jsonify(User.get(user_id))
def get_responses():
"""
Get a list of a provider's responses.
"""
return jsonify(Response.get_by_user(current_user))