class EventsRolePermissionRelationship(ResourceRelationship):
"""
Events Role Permission Relationship
"""
decorators = (api.has_permission('is_admin', methods="PATCH"), )
methods = ['GET', 'PATCH']
schema = EventsRolePermissionSchema
data_layer = {'session': db.session, 'model': Permission}
class PanelPermissionDetail(ResourceDetail):
"""
Panel Permission detail by id
"""
schema = PanelPermissionSchema
decorators = (api.has_permission('is_admin', methods="GET,PATCH,DELETE"),)
data_layer = {'session': db.session, 'model': PanelPermission}
class EventsRolePermissionDetail(ResourceDetail):
"""
Events Role Permission detail by id
"""
schema = EventsRolePermissionSchema
decorators = (api.has_permission('is_admin', methods="PATCH"), )
methods = ['GET', 'PATCH']
data_layer = {'session': db.session, 'model': Permission}
class AdminStatisticsMailDetail(ResourceDetail):
"""
Detail by id
"""
methods = ['GET']
decorators = (api.has_permission('is_admin'), )
schema = AdminStatisticsMailSchema
data_layer = {'class': NoModelLayer, 'session': db.session}
class TicketFeeList(ResourceList):
"""
List and create TicketFees
"""
decorators = (api.has_permission('is_admin'), )
schema = TicketFeesSchema
data_layer = {'session': db.session, 'model': TicketFees}
class TicketFeeDetail(ResourceDetail):
"""
ticket_fee detail by id
"""
decorators = (api.has_permission('is_admin'), )
schema = TicketFeesSchema
data_layer = {'session': db.session, 'model': TicketFees}
class EventsRolePermissionList(ResourceList):
"""
List Events Role Permission
"""
decorators = (api.has_permission('is_admin', methods="GET"), )
methods = ['GET']
schema = EventsRolePermissionSchema
data_layer = {'session': db.session, 'model': Permission}
class AttendeeRelationshipOptional(ResourceRelationship):
"""
Attendee Relationship(Optional)
"""
decorators = (api.has_permission('is_user_itself', fetch="user_id", fetch_as="id", model=TicketHolder),)
schema = AttendeeSchema
data_layer = {'session': db.session,
'model': TicketHolder}
class UserList(ResourceList):
schema = UserSchema
decorators = (
api.has_permission('auth_required', methods="GET"),
)
data_layer = {'session': db.session,
'model': User}
class SessionRelationshipOptional(ResourceRelationship):
"""
Session Relationship
"""
schema = SessionSchema
decorators = (api.has_permission('is_speaker_for_session', methods="PATCH,DELETE"),)
data_layer = {'session': db.session, 'model': Session}
class ServiceList(ResourceList):
"""
List all services i.e. microlocation, session, speaker, track, sponsor
"""
decorators = (api.has_permission('is_admin', methods="GET"), )
methods = ['GET']
schema = ServiceSchema
data_layer = {'session': db.session, 'model': Service}
class EventTopicRelationship(ResourceRelationship):
"""
Event topic Relationship
"""
decorators = (api.has_permission('is_admin', methods="PATCH,DELETE"), )
schema = EventTopicSchema
data_layer = {'session': db.session, 'model': EventTopic}
class ServiceDetail(ResourceDetail):
"""
service detail by id
"""
decorators = (api.has_permission('is_admin', methods="PATCH"), )
schema = ServiceSchema
methods = ['GET', 'PATCH']
data_layer = {'session': db.session, 'model': Service}
class RoleList(ResourceList):
"""
List and create role
"""
decorators = (api.has_permission('is_admin', methods="POST"),)
schema = RoleSchema
data_layer = {'session': db.session, 'model': Role}
class CustomSystemRoleRelationship(ResourceRelationship):
"""
Custom System Role Relationship
"""
decorators = (api.has_permission('is_admin', methods="PATCH,DELETE"),)
schema = CustomSystemRoleSchema
data_layer = {'session': db.session,
'model': CustomSysRole}
class RoleInviteDetail(ResourceDetail):
"""
Role invite detail by id
"""
def before_update_object(self, role_invite, data, view_kwargs):
"""
Method to edit object
:param role_invite:
:param data:
:param view_kwargs:
:return:
"""
user = User.query.filter_by(email=role_invite.email).first()
if user:
if not has_access(
'is_organizer',
event_id=role_invite.event_id) and not has_access(
'is_user_itself', user_id=user.id):
raise UnprocessableEntityError(
{'source': ''},
"Status can be updated only by event organizer or user hiself",
)
if ('role_name' in data and data['role_name'] == 'owner'
and not has_access('is_owner', event_id=data['event'])):
raise ForbiddenError({'source': ''}, 'Owner access is required.')
if not user and not has_access('is_organizer',
event_id=role_invite.event_id):
raise UnprocessableEntityError({'source': ''},
"User not registered")
if not has_access('is_organizer', event_id=role_invite.event_id) and (
len(list(data.keys())) > 1 or 'status' not in data):
raise UnprocessableEntityError({'source': ''},
"You can only change your status")
if data.get('deleted_at'):
if role_invite.role_name == 'owner' and not has_access(
'is_owner', event_id=role_invite.event_id):
raise ForbiddenError({'source': ''},
'Owner access is required.')
if role_invite.role_name != 'owner' and not has_access(
'is_organizer', event_id=role_invite.event_id):
raise ForbiddenError({'source': ''},
'Organizer access is required.')
decorators = (api.has_permission(
'is_organizer',
methods="DELETE",
fetch="event_id",
fetch_as="event_id",
model=RoleInvite,
), )
schema = RoleInviteSchema
data_layer = {
'session': db.session,
'model': RoleInvite,
'methods': {
'before_update_object': before_update_object
},
}
class TicketRelationshipOptional(ResourceRelationship):
"""
Tickets Relationship (Optional)
"""
decorators = (api.has_permission('is_coorganizer', fetch='event_id',
fetch_as="event_id", model=Ticket, methods="PATCH,DELETE"),)
schema = TicketSchema
data_layer = {'session': db.session,
'model': Ticket}
class NotificationRelationship(ResourceRelationship):
"""
Notification Relationship
"""
decorators = (api.has_permission('is_user_itself', fetch="user_id", model=Notification),)
schema = NotificationSchema
methods = ['GET', 'PATCH']
data_layer = {'session': db.session,
'model': Notification}
class EmailNotificationListAdmin(ResourceList):
"""
List and create email notifications
"""
methods = ['GET', ]
schema = EmailNotificationSchema
decorators = (api.has_permission('is_admin'),)
data_layer = {'session': db.session,
'model': EmailNotification}
class EventSubTopicRelationshipRequired(ResourceRelationship):
"""
Event sub topic Relationship
"""
decorators = (api.has_permission('is_admin', methods="PATCH"), )
methods = ['GET', 'PATCH']
schema = EventSubTopicSchema
data_layer = {'session': db.session, 'model': EventSubTopic}
class VideoChannelListPost(ResourceList):
methods = ['POST']
decorators = (api.has_permission('is_admin', methods="POST"), )
schema = VideoChannelSchema
data_layer = {
'session': db.session,
'model': VideoChannel,
}
class NotificationActionList(ResourceList):
"""
List all the Notification-actions
"""
decorators = (api.has_permission('is_admin'), )
methods = ['GET']
schema = NotificationSchema
data_layer = {'session': db.session, 'model': Notification}
class AdminSalesFeesList(ResourceList):
"""
Resource for sales fees and revenue
"""
methods = ['GET']
decorators = (api.has_permission('is_admin'), )
schema = AdminSalesFeesSchema
data_layer = {'model': Event, 'session': db.session}
class MailDetail(ResourceDetail):
"""
Mail detail by id
"""
methods = ['GET']
schema = MailSchema
decorators = (api.has_permission('is_admin'), )
data_layer = {'session': db.session, 'model': Mail}
class MailList(ResourceList):
"""
List and create mails
"""
decorators = (api.has_permission('is_admin'), )
methods = ['GET']
schema = MailSchema
data_layer = {'session': db.session, 'model': Mail}
class MicrolocationRelationshipOptional(ResourceRelationship):
"""
Microlocation Relationship
"""
decorators = (api.has_permission('is_coorganizer', methods="PATCH,DELETE", fetch="event_id", fetch_as="event_id",
model=Microlocation),)
schema = MicrolocationSchema
data_layer = {'session': db.session,
'model': Microlocation}
class SpeakerRelationshipOptional(ResourceRelationship):
"""
Speaker Relationship class
"""
decorators = (api.has_permission('is_coorganizer_or_user_itself', methods="PATCH,DELETE", fetch="event_id",
fetch_as="event_id", model=Speaker),)
schema = SpeakerSchema
data_layer = {'session': db.session,
'model': Speaker}
class GeokretList(ResourceList):
def query(self, view_kwargs):
"""Filter geokrety"""
query_ = self.session.query(Geokret)
# /users/<int:owner_id>/geokrety-owned
if view_kwargs.get('owner_id') is not None:
safe_query(self, User, 'id', view_kwargs['owner_id'], 'owner_id')
query_ = query_.filter_by(owner_id=view_kwargs['owner_id'])
# /users/<int:holder_id>/geokrety-held
if view_kwargs.get('holder_id') is not None:
safe_query(self, User, 'id', view_kwargs['holder_id'], 'holder_id')
query_ = query_.filter_by(holder_id=view_kwargs['holder_id'])
# /geokrety-types/<int:geokrety_type_id>/geokrety
if view_kwargs.get('geokrety_type_id') is not None:
if view_kwargs['geokrety_type_id'] < 0 or view_kwargs[
'geokrety_type_id'] > GEOKRETY_TYPES_COUNT:
raise ObjectNotFound(
{'parameter': '{}'.format(parameter_name)},
"{}: {} not found".format(model.__name__, value))
query_ = query_.filter_by(
type=str(view_kwargs['geokrety_type_id']))
return query_
def before_marshmallow(self, args, kwargs):
if current_identity:
# Is admin?
if has_access('is_admin', user_id=current_identity.id):
self.schema = GeokretSchema
# List owned geokret
if kwargs.get('owner_id') is not None and kwargs.get(
'owner_id') == current_identity.id:
self.schema = GeokretSchema
# List held geokret
if kwargs.get('holder_id') is not None and kwargs.get(
'holder_id') == current_identity.id:
self.schema = GeokretSchema
def post(self, *args, **kwargs):
self.schema = GeokretSchema
return super(GeokretList, self).post(args, kwargs)
current_identity = current_identity
schema = GeokretSchemaPublic
decorators = (api.has_permission('auth_required', methods="POST"), )
data_layer = {
'session': db.session,
'model': Geokret,
'methods': {
'query': query,
}
}
class AdminSalesInvoicesList(ResourceList):
"""
Resource for sales invoices
"""
methods = ['GET']
decorators = (api.has_permission('is_admin'),)
schema = AdminSalesInvoicesSchema
data_layer = {'model': EventInvoice, 'session': db.session}
class SessionTypeRelationshipOptional(ResourceRelationship):
"""
SessionType Relationship
"""
decorators = (api.has_permission('is_coorganizer', methods="PATCH,DELETE", fetch="event_id", fetch_as="event_id",
model=SessionType),)
schema = SessionTypeSchema
data_layer = {'session': db.session,
'model': SessionType}