def accept_invite(): token = request.json['data']['token'] try: role_invite = RoleInvite.query.filter_by(hash=token).one() except NoResultFound: return NotFoundError({'source': ''}, 'Role Invite Not Found').respond() else: try: user = User.query.filter_by(email=role_invite.email).first() except NoResultFound: return NotFoundError({'source': ''}, 'User corresponding to role invite not Found').respond() try: role = Role.query.filter_by(name=role_invite.role_name).first() except NoResultFound: return NotFoundError({'source': ''}, 'Role corresponding to role invite not Found').respond() event = Event.query.filter_by(id=role_invite.event_id).first() uer = UsersEventsRoles.query.filter_by(user=user).filter_by( event=event).filter_by(role=role).first() if not uer: role_invite.status = "accepted" save_to_db(role_invite, 'Role Invite Accepted') uer = UsersEventsRoles(user, event, role) save_to_db(uer, 'User Event Role Created') if not user.is_verified: user.is_verified = True save_to_db(user, 'User verified') return jsonify({ "email": user.email, "event": role_invite.event_id, "name": user.fullname if user.fullname else None })
def reject_invite(speaker_invite_id): try: speaker_invite = SpeakerInvite.query.filter_by( id=speaker_invite_id).one() except NoResultFound: raise NotFoundError({'source': ''}, 'Speaker Invite Not Found') else: if not current_user.email == speaker_invite.email: raise ForbiddenError({'source': ''}, 'Invitee access is required.') elif speaker_invite.status == 'accepted': raise ConflictError( {'pointer': '/data/status'}, 'Accepted speaker invite can not be rejected.', ) elif speaker_invite.status == 'rejected': raise ConflictError( {'pointer': '/data/status'}, 'Speaker invite is already rejected.', ) try: speaker_invite.status = 'rejected' save_to_db(speaker_invite, {'speaker invite rejected'}) except Exception: raise UnprocessableEntityError( {'source': ''}, 'error while rejecting speaker invite.') return jsonify( success=True, message="Speaker invite rejected successfully", )
def is_owner(view, view_args, view_kwargs, *args, **kwargs): """ Allows GeoKret owner access to private resources of owned GeoKrety. Otherwise the user can only access public resource. """ user = current_identity if user.is_admin: return view(*view_args, **view_kwargs) try: geokret = Geokret.query.filter( Geokret.id == kwargs['geokret_id']).one() except NoResultFound: return NotFoundError({ 'parameter': 'geokret_id' }, 'Geokret not found.').respond() if geokret.owner_id == user.id: return view(*view_args, **view_kwargs) return ForbiddenError({'source': ''}, 'Access denied.').respond()
def page_not_found(e): if request_wants_json(): error = NotFoundError() return json.dumps(error.to_dict()), getattr(error, 'code', 404) return render_template('404.html'), 404