def validate_event(user, modules, data):
if not user.can_create_event():
raise ForbiddenException({'source': ''}, "Please verify your Email")
elif data.get('is_ticketing_enabled', True) and not modules.ticket_include:
raise ForbiddenException(
{'source': '/data/attributes/is-ticketing-enabled'},
"Ticketing is not enabled in the system")
if data.get('can_pay_by_paypal', False) or data.get('can_pay_by_cheque', False) or \
data.get('can_pay_by_bank', False) or data.get('can_pay_by_stripe', False):
if not modules.payment_include:
raise ForbiddenException({'source': ''},
"Payment is not enabled in the system")
if data.get('is_donation_enabled', False) and not modules.donation_include:
raise ForbiddenException(
{'source': '/data/attributes/is-donation-enabled'},
"Donation is not enabled in the system")
if data.get('state', None) == 'published' and not user.can_publish_event():
raise ForbiddenException({'source': ''},
"Only verified accounts can publish events")
if not data.get('is_event_online') and data.get('state', None) == 'published' \
and not data.get('location_name', None):
raise ConflictException({'pointer': '/data/attributes/location-name'},
"Location is required to publish the event")
if data.get('location_name', None) and data.get('is_event_online'):
raise ConflictException({'pointer': '/data/attributes/location-name'},
"Online Event does not have any locaton")
if data.get('searchable_location_name') and data.get('is_event_online'):
raise ConflictException(
{'pointer': '/data/attributes/searchable-location-name'},
"Online Event does not have any locaton")
def before_create_object(self, data, view_kwargs):
"""
before create object method for AccessCodeListPost Class
:param data:
:param view_kwargs:
:return:
"""
if data.get('tickets', None):
for ticket in data['tickets']:
# Ensuring that the ticket exists and is hidden.
try:
ticket_object = (self.session.query(Ticket).filter_by(
id=int(ticket), deleted_at=None).one())
if not ticket_object.is_hidden:
raise ConflictException(
{'pointer': '/data/relationships/tickets'},
"Ticket with id {} is public.".format(ticket) +
" Access code cannot be applied to public tickets",
)
except NoResultFound:
raise ConflictException(
{'pointer': '/data/relationships/tickets'},
"Ticket with id {} does not exists".format(
str(ticket)),
)
def configure_paypal():
"""
Configure the paypal sdk
:return: Credentials
"""
settings = get_settings()
# Use Sandbox by default.
paypal_mode = settings.get('paypal_mode',
'live' if (settings['app_environment'] == Environment.PRODUCTION) else 'sandbox')
paypal_key = None
if paypal_mode == 'sandbox':
paypal_key = 'paypal_sandbox'
elif paypal_mode == 'live':
paypal_key = 'paypal'
if not paypal_key:
raise ConflictException({'pointer': ''}, "Paypal Mode must be 'live' or 'sandbox'")
paypal_client = settings.get('{}_client'.format(paypal_key), None)
paypal_secret = settings.get('{}_secret'.format(paypal_key), None)
if not paypal_client or not paypal_secret:
raise ConflictException({'pointer': ''}, "Payments through Paypal have not been configured on the platform")
paypalrestsdk.configure({
"mode": paypal_mode,
"client_id": paypal_client,
"client_secret": paypal_secret})
def before_create_object(self, data, view_kwargs):
"""
before create object method for OrderListPost Class
:param data:
:param view_kwargs:
:return:
"""
for ticket_holder in data['ticket_holders']:
# Ensuring that the attendee exists and doesn't have an associated order.
try:
ticket_holder_object = self.session.query(
TicketHolder).filter_by(id=int(ticket_holder),
deleted_at=None).one()
if ticket_holder_object.order_id:
raise ConflictException(
{'pointer': '/data/relationships/attendees'},
"Order already exists for attendee with id {}".format(
str(ticket_holder)))
except NoResultFound:
raise ConflictException(
{'pointer': '/data/relationships/attendees'},
"Attendee with id {} does not exists".format(
str(ticket_holder)))
if data.get('cancel_note'):
del data['cancel_note']
if data.get('payment_mode') != 'free' and not data.get('amount'):
raise ConflictException({'pointer': '/data/attributes/amount'},
"Amount cannot be null for a paid order")
if not data.get('amount'):
data['amount'] = 0
# Apply discount only if the user is not event admin
if data.get('discount') and not has_access('is_coorganizer',
event_id=data['event']):
discount_code = safe_query_without_soft_deleted_entries(
self, DiscountCode, 'id', data['discount'], 'discount_code_id')
if not discount_code.is_active:
raise UnprocessableEntity({'source': 'discount_code_id'},
"Inactive Discount Code")
else:
now = datetime.utcnow()
valid_from = datetime.strptime(discount_code.valid_from,
'%Y-%m-%d %H:%M:%S')
valid_till = datetime.strptime(discount_code.valid_till,
'%Y-%m-%d %H:%M:%S')
if not (valid_from <= now <= valid_till):
raise UnprocessableEntity({'source': 'discount_code_id'},
"Inactive Discount Code")
if not TicketingManager.match_discount_quantity(
discount_code, data['ticket_holders']):
raise UnprocessableEntity({'source': 'discount_code_id'},
'Discount Usage Exceeded')
if discount_code.event.id != data[
'event'] and discount_code.user_for == TICKET:
raise UnprocessableEntity({'source': 'discount_code_id'},
"Invalid Discount Code")
def before_post(self, args, kwargs, data=None):
"""
before post method to verify if the event location is provided before publishing the event
and checks that the user is verified
:param args:
:param kwargs:
:param data:
:return:
"""
user = User.query.filter_by(id=kwargs['user_id']).first()
modules = Module.query.first()
if data.get('is_ticketing_enabled',
False) and not modules.ticket_include:
raise ForbiddenException(
{'source': '/data/attributes/is-ticketing-enabled'},
"Ticketing is not enabled in the system")
if data.get('can_pay_by_paypal', False) or data.get('can_pay_by_cheque', False) or \
data.get('can_pay_by_bank', False) or data.get('can_pay_by_stripe', False):
if not modules.payment_include:
raise ForbiddenException(
{'source': ''}, "Payment is not enabled in the system")
if data.get('is_donation_enabled',
False) and not modules.donation_include:
raise ForbiddenException(
{'source': '/data/attributes/is-donation-enabled'},
"Donation is not enabled in the system")
if not user.can_create_event():
raise ForbiddenException(
{'source': ''}, "Only verified accounts can create events")
if data.get('state',
None) == 'published' and not user.can_publish_event():
raise ForbiddenException(
{'source': ''}, "Only verified accounts can publish events")
if not data.get('is_event_online') and data.get('state', None) == 'published' \
and not data.get('location_name', None):
raise ConflictException(
{'pointer': '/data/attributes/location-name'},
"Location is required to publish the event")
if data.get('location_name', None) and data.get('is_event_online'):
raise ConflictException(
{'pointer': '/data/attributes/location-name'},
"Online Event does not have any locaton")
if data.get('searchable_location_name') and data.get(
'is_event_online'):
raise ConflictException(
{'pointer': '/data/attributes/searchable-location-name'},
"Online Event does not have any locaton")
def test_exceptions(self):
"""Check ExceptionsHelper: exceptions types"""
# Unprocessable Entity Exception
with self.assertRaises(UnprocessableEntity):
raise UnprocessableEntity(
{'pointer': '/data/attributes/min-quantity'},
"min-quantity should be less than max-quantity")
# Conflict Exception
with self.assertRaises(ConflictException):
raise ConflictException({'pointer': '/data/attributes/email'},
"Email already exists")
# Authentication Required Exception
with self.assertRaises(AuthenticationRequired):
raise AuthenticationRequired({'source': ''},
"Authentication Required")
# Forbidden Exception
with self.assertRaises(ForbiddenException):
raise ForbiddenException({'source': ''}, "Access Forbidden")
# Method Not Allowed Exception
with self.assertRaises(MethodNotAllowed):
raise MethodNotAllowed({'source': ''}, "Method Not Allowed")
def before_post(self, args, kwargs, data):
"""
before post method to check for required relationship and proper permission
:param args:
:param kwargs:
:param data:
:return:
"""
require_relationship(['event'], data)
if not has_access('is_coorganizer', event_id=data['event']):
raise ObjectNotFound({'parameter': 'event_id'},
"Event: {} not found".format(data['event']))
if get_count(
db.session.query(Ticket.id).filter_by(name=data['name'],
event_id=int(
data['event']),
deleted_at=None)) > 0:
raise ConflictException({'pointer': '/data/attributes/name'},
"Ticket already exists")
if get_count(
db.session.query(Event).filter_by(
id=int(data['event']), is_ticketing_enabled=False)) > 0:
raise MethodNotAllowed({'parameter': 'event_id'},
"Ticketing is disabled for this Event")
def before_update_object(self, event, data, view_kwargs):
"""
method to save image urls before updating event object
:param event:
:param data:
:param view_kwargs:
:return:
"""
# TODO: Create an asynchronous celery task for this
# if data.get('original_image_url') and data['original_image_url'] != event.original_image_url:
# try:
# uploaded_images = create_save_image_sizes(data['original_image_url'], 'event-image', event.id)
# except (urllib.error.HTTPError, urllib.error.URLError):
# raise UnprocessableEntity(
# {'source': 'attributes/original-image-url'}, 'Invalid Image URL'
# )
# data['original_image_url'] = uploaded_images['original_image_url']
# data['large_image_url'] = uploaded_images['large_image_url']
# data['thumbnail_image_url'] = uploaded_images['thumbnail_image_url']
# data['icon_image_url'] = uploaded_images['icon_image_url']
if has_access(
'is_admin') and data.get('deleted_at') != event.deleted_at:
event.deleted_at = data.get('deleted_at')
if 'is_event_online' not in data and event.is_event_online \
or 'is_event_online' in data and not data['is_event_online']:
if data.get('state', None) == 'published' and not data.get(
'location_name', None):
raise ConflictException(
{'pointer': '/data/attributes/location-name'},
"Location is required to publish the event")
def before_create_object(self, data, view_kwargs):
"""
method to check if stripe authorization object already exists for an event.
Raises ConflictException if it already exists.
If it doesn't, then uses the StripePaymentManager to get the other credentials from Stripe.
:param data:
:param view_kwargs:
:return:
"""
try:
self.session.query(StripeAuthorization).filter_by(
event_id=data['event'], deleted_at=None).one()
except NoResultFound:
credentials = StripePaymentsManager\
.get_event_organizer_credentials_from_stripe(data['stripe_auth_code'])
if 'error' in credentials:
raise UnprocessableEntity(
{'pointer': '/data/stripe_auth_code'},
credentials['error_description'])
data['stripe_secret_key'] = credentials['access_token']
data['stripe_refresh_token'] = credentials['refresh_token']
data['stripe_publishable_key'] = credentials[
'stripe_publishable_key']
data['stripe_user_id'] = credentials['stripe_user_id']
else:
raise ConflictException(
{'pointer': '/data/relationships/event'},
"Stripe Authorization already exists for this event")
def decide_schema(self, json_data):
"""To decide discount code schema based on posted data.
:param json_data:
:return:"""
used_for = json_data['data']['attributes'].get('used-for')
try:
discount = (
db.session.query(DiscountCode)
.filter_by(id=int(json_data['data']['id']))
.one()
)
except NoResultFound:
raise ObjectNotFound({'parameter': '{id}'}, "DiscountCode: not found")
if not used_for:
used_for = discount.used_for
elif used_for != discount.used_for:
raise ConflictException(
{'pointer': '/data/attributes/used-for'},
"Cannot modify discount code usage type",
)
if used_for == 'ticket':
self.schema = DiscountCodeSchemaTicket
elif used_for == 'event':
self.schema = DiscountCodeSchemaEvent
def create_payment(order, return_url, cancel_url):
"""
Create payment for an order
:param order: Order to create payment for.
:param return_url: return url for the payment.
:param cancel_url: cancel_url for the payment.
:return: request_id or the error message along with an indicator.
"""
if (not order.event.paypal_email) or order.event.paypal_email == '':
raise ConflictException({'pointer': ''}, "Payments through Paypal hasn't been configured for the event")
PayPalPaymentsManager.configure_paypal()
payment = paypalrestsdk.Payment({
"intent": "sale",
"payer": {"payment_method": "paypal"},
"redirect_urls": {
"return_url": return_url,
"cancel_url": cancel_url},
"transactions": [{
"amount": {
"total": int(order.amount),
"currency": order.event.payment_currency
},
"payee": {
"email": order.event.paypal_email
}
}]
})
if payment.create():
return True, payment.id
else:
return False, payment.error
def configure_paypal():
"""
Configure the paypal sdk
:return: Credentials
"""
# Use Sandbox by default.
settings = get_settings()
paypal_mode = 'sandbox'
paypal_client = settings.get('paypal_sandbox_client', None)
paypal_secret = settings.get('paypal_sandbox_secret', None)
# Switch to production if paypal_mode is production.
if settings['paypal_mode'] == Environment.PRODUCTION:
paypal_mode = 'live'
paypal_client = settings.get('paypal_client', None)
paypal_secret = settings.get('paypal_secret', None)
if not paypal_client or not paypal_secret:
raise ConflictException({
'pointer': ''
}, "Payments through Paypal hasn't been configured on the platform"
)
paypalrestsdk.configure({
"mode": paypal_mode,
"client_id": paypal_client,
"client_secret": paypal_secret
})
def before_update_object(self, event, data, view_kwargs):
"""
method to save image urls before updating event object
:param event:
:param data:
:param view_kwargs:
:return:
"""
if has_access(
'is_admin') and data.get('deleted_at') != event.deleted_at:
if len(event.orders) != 0:
raise ForbiddenException(
{'source': ''},
"Event associated with orders cannot be deleted")
else:
event.deleted_at = data.get('deleted_at')
if 'is_event_online' not in data and event.is_event_online \
or 'is_event_online' in data and not data['is_event_online']:
if data.get('state', None) == 'published' and not data.get(
'location_name', None):
raise ConflictException(
{'pointer': '/data/attributes/location-name'},
"Location is required to publish the event")
if data.get('original_image_url') and data[
'original_image_url'] != event.original_image_url:
start_image_resizing_tasks(event, data['original_image_url'])
def create_onsite_attendees_for_order(data):
"""
Creates on site ticket holders for an order and adds it into the request data.
:param data: data initially passed in the POST request for order.
:return:
"""
on_site_tickets = data.get('on_site_tickets')
if not on_site_tickets:
raise UnprocessableEntity(
{'pointer': 'data/attributes/on_site_tickets'},
'on_site_tickets info missing')
data['ticket_holders'] = []
for on_site_ticket in on_site_tickets:
ticket_id = on_site_ticket['id']
quantity = int(on_site_ticket['quantity'])
ticket = safe_query_without_soft_deleted_entries(
db, Ticket, 'id', ticket_id, 'ticket_id')
ticket_sold_count = get_count(
db.session.query(TicketHolder.id).filter_by(ticket_id=int(
ticket.id),
deleted_at=None))
# Check if the ticket is already sold out or not.
if ticket_sold_count + quantity > ticket.quantity:
# delete the already created attendees.
for holder in data['ticket_holders']:
ticket_holder = (db.session.query(TicketHolder).filter(
id == int(holder)).one())
db.session.delete(ticket_holder)
try:
db.session.commit()
except Exception:
logging.exception('DB Exception!')
db.session.rollback()
raise ConflictException(
{'pointer': '/data/attributes/on_site_tickets'},
"Ticket with id: {} already sold out. You can buy at most {} tickets"
.format(ticket_id, ticket.quantity - ticket_sold_count),
)
for _ in range(1, quantity):
ticket_holder = TicketHolder(
firstname='onsite',
lastname='attendee',
email='*****@*****.**',
ticket_id=ticket.id,
event_id=data.get('event'),
)
save_to_db(ticket_holder)
data['ticket_holders'].append(ticket_holder.id)
# delete from the data.
del data['on_site_tickets']
def capture_payment(order_invoice, currency=None, credentials=None):
"""
Capture payments through stripe.
:param order_invoice: Order to be charged for
:param currency: Currency of the order amount.
:param credentials: Stripe credentials.
:return: charge/None depending on success/failure.
"""
if not credentials:
credentials = StripePaymentsManager.get_credentials(order_invoice.event)
if not credentials:
raise ConflictException({'pointer': ''},
'Stripe credentials not found for the event.')
stripe.api_key = credentials['SECRET_KEY']
if not currency:
currency = order_invoice.event.payment_currency
if not currency or currency == "":
currency = "USD"
try:
customer = stripe.Customer.create(
email=order_invoice.user.email,
source=order_invoice.stripe_token
)
charge = stripe.Charge.create(
customer=customer.id,
amount=int(order_invoice.amount * 100),
currency=currency.lower(),
metadata={
'order_id': order_invoice.id,
'event': order_invoice.event.name,
'user_id': order_invoice.user_id,
'event_id': order_invoice.event_id
},
description=order_invoice.event.name
)
return charge
except Exception as e:
raise ConflictException({'pointer': ''}, str(e))
def before_create_object(self, data, view_kwargs):
"""
method to check if there is an existing user with same email which is received in data to create a new user
:param data:
:param view_kwargs:
:return:
"""
if db.session.query(
User.id).filter_by(email=data['email']).scalar() is not None:
raise ConflictException({'pointer': '/data/attributes/email'},
"Email already exists")
def before_delete_object(self, order, view_kwargs):
"""
method to check for proper permissions for deleting
:param order:
:param view_kwargs:
:return:
"""
if not has_access('is_coorganizer', event_id=order.event.id):
raise ForbiddenException({'source': ''}, 'Access Forbidden')
elif order.amount and order.amount > 0 and (order.status == 'completed' or order.status == 'placed'):
raise ConflictException({'source': ''}, 'You cannot delete a placed/completed paid order.')
def before_update_object(self, user, data, view_kwargs):
# TODO: Make a celery task for this
# if data.get('avatar_url') and data['original_image_url'] != user.original_image_url:
# try:
# uploaded_images = create_save_image_sizes(data['original_image_url'], 'speaker-image', user.id)
# except (urllib.error.HTTPError, urllib.error.URLError):
# raise UnprocessableEntity(
# {'source': 'attributes/original-image-url'}, 'Invalid Image URL'
# )
# data['original_image_url'] = uploaded_images['original_image_url']
# data['small_image_url'] = uploaded_images['thumbnail_image_url']
# data['thumbnail_image_url'] = uploaded_images['thumbnail_image_url']
# data['icon_image_url'] = uploaded_images['icon_image_url']
if data.get('deleted_at') != user.deleted_at:
if has_access('is_user_itself', user_id=user.id) or has_access('is_admin'):
if data.get('deleted_at'):
if len(user.events) != 0:
raise ForbiddenException({'source': ''}, "Users associated with events cannot be deleted")
elif len(user.orders) != 0:
raise ForbiddenException({'source': ''}, "Users associated with orders cannot be deleted")
else:
modify_email_for_user_to_be_deleted(user)
else:
modify_email_for_user_to_be_restored(user)
data['email'] = user.email
user.deleted_at = data.get('deleted_at')
else:
raise ForbiddenException({'source': ''}, "You are not authorized to update this information.")
users_email = data.get('email', None)
if users_email is not None:
users_email = users_email.strip()
if users_email is not None and users_email != user.email:
try:
db.session.query(User).filter_by(email=users_email).one()
except NoResultFound:
verify_fresh_jwt_in_request()
view_kwargs['email_changed'] = user.email
else:
raise ConflictException({'pointer': '/data/attributes/email'}, "Email already exists")
if has_access('is_super_admin') and data.get('is_admin') and data.get('is_admin') != user.is_admin:
user.is_admin = not user.is_admin
if has_access('is_admin') and ('is_sales_admin' in data) and data.get('is_sales_admin') != user.is_sales_admin:
user.is_sales_admin = not user.is_sales_admin
if has_access('is_admin') and ('us_marketer' in data) and data.get('is_marketer') != user.is_marketer:
user.is_marketer = not user.is_marketer
if data.get('avatar_url'):
start_image_resizing_tasks(user, data['avatar_url'])
def before_create_object(self, data, view_kwargs):
"""
method to check if tax object already exists for an event
:param data:
:param view_kwargs:
:return:
"""
if self.session.query(Tax).filter_by(event_id=data['event'],
deleted_at=None).first():
raise ConflictException({'pointer': '/data/relationships/event'},
"Tax already exists for this event")
def before_patch(self, args, kwargs, data=None):
"""
before patch method to verify if admin enables the donations in system
:param args:
:param kwargs:
:param data:
:return:
"""
if data.get('donation_include'):
raise ConflictException(
{'pointer': '/data/attributes/donation-include'},
"No donation support in the system")
def before_post(self, args, kwargs, data):
"""
Before post method to check for required relationship and proper permissions
:param args:
:param kwargs:
:param data:
:return:
"""
require_relationship(['ticket', 'event'], data)
ticket = (
db.session.query(Ticket)
.filter_by(id=int(data['ticket']), deleted_at=None)
.first()
)
if ticket is None:
raise UnprocessableEntity(
{'pointer': '/data/relationships/ticket'}, "Invalid Ticket"
)
if ticket.event_id != int(data['event']):
raise UnprocessableEntity(
{'pointer': '/data/relationships/ticket'},
"Ticket belongs to a different Event",
)
# Check if the ticket is already sold out or not.
if get_sold_and_reserved_tickets_count(ticket.event_id) >= ticket.quantity:
raise ConflictException(
{'pointer': '/data/attributes/ticket_id'}, "Ticket already sold out"
)
if 'device_name_checkin' in data and data['device_name_checkin'] is not None:
if 'is_checked_in' not in data or not data['is_checked_in']:
raise UnprocessableEntity(
{'pointer': '/data/attributes/device_name_checkin'},
"Attendee needs to be checked in first",
)
elif 'checkin_times' not in data or data['checkin_times'] is None:
raise UnprocessableEntity(
{'pointer': '/data/attributes/device_name_checkin'},
"Check in Times missing",
)
elif len(data['checkin_times'].split(",")) != len(
data['device_name_checkin'].split(",")
):
raise UnprocessableEntity(
{'pointer': '/data/attributes/device_name_checkin'},
"Check in Times missing for the corresponding device name",
)
if 'checkin_times' in data:
if 'device_name_checkin' not in data or data['device_name_checkin'] is None:
data['device_name_checkin'] = '-'
def before_create_object(self, data, view_kwargs):
"""
method to check if there is an existing user with same email which is received in data to create a new user
and if the password is at least 8 characters long
:param data:
:param view_kwargs:
:return:
"""
if len(data['password']) < 8:
raise UnprocessableEntity({'source': '/data/attributes/password'},
'Password should be at least 8 characters long')
if db.session.query(User.id).filter_by(email=data['email'].strip()).scalar() is not None:
raise ConflictException({'pointer': '/data/attributes/email'}, "Email already exists")
def before_create_object(self, data, view_kwargs):
"""
method to check if stripe authorization object alredy exists for an event
:param data:
:param view_kwargs:
:return:
"""
try:
self.session.query(StripeAuthorization).filter_by(event_id=data['event']).one()
except NoResultFound:
pass
else:
raise ConflictException({'pointer': '/data/relationships/event'},
"Stripe Authorization already exists for this event")
def before_create_object(self, data, view_kwargs):
"""
method to check if speaker calls object already exists for an event
:param data:
:param view_kwargs:
:return:
"""
try:
self.session.query(SpeakersCall).filter_by(event_id=data['event'], deleted_at=None).one()
except NoResultFound:
pass
else:
raise ConflictException({'pointer': '/data/relationships/event'},
"Speakers Call already exists for this event")
def decide_schema(self, json_data):
"""To decide discount code schema based on posted data.
:param json_data:
:return:"""
used_for = json_data['data']['attributes'].get('used-for')
if used_for in ('event', 'ticket'):
if used_for == 'event':
self.schema = DiscountCodeSchemaEvent
elif used_for == 'ticket':
self.schema = DiscountCodeSchemaTicket
else:
raise ConflictException(
{'pointer': '/data/attributes/used-for'},
"used-for attribute is required and should be equal to 'ticket' or 'event' to create discount code")
def test_exceptions(self):
# Unprocessable Entity Exception
with self.assertRaises(UnprocessableEntity):
raise UnprocessableEntity(
{'pointer': '/data/attributes/min-quantity'},
"min-quantity should be less than max-quantity")
# Conflict Exception
with self.assertRaises(ConflictException):
raise ConflictException({'pointer': '/data/attributes/email'},
"Email already exists")
# Forbidden Exception
with self.assertRaises(ForbiddenException):
raise ForbiddenException({'source': ''}, "Access Forbidden")
def before_create_object(self, data, view_kwargs):
"""
method to check if speaker calls object already exists for an event
:param data:
:param view_kwargs:
:return:
"""
try:
speakers_call = self.session.query(SpeakersCall).filter_by(event_id=data['event'], deleted_at=None).one()
event = speakers_call.event
if speakers_call.starts_at > event.starts_at or speakers_call.ends_at > event.starts_at:
raise ForbiddenException({'source': ''}, "Speakers call date can\'t be after the event start date")
except NoResultFound:
pass
else:
raise ConflictException({'pointer': '/data/relationships/event'},
"Speakers Call already exists for this event")
def before_update_object(self, user, data, view_kwargs):
# TODO: Make a celery task for this
# if data.get('avatar_url') and data['original_image_url'] != user.original_image_url:
# try:
# uploaded_images = create_save_image_sizes(data['original_image_url'], 'speaker-image', user.id)
# except (urllib.error.HTTPError, urllib.error.URLError):
# raise UnprocessableEntity(
# {'source': 'attributes/original-image-url'}, 'Invalid Image URL'
# )
# data['original_image_url'] = uploaded_images['original_image_url']
# data['small_image_url'] = uploaded_images['thumbnail_image_url']
# data['thumbnail_image_url'] = uploaded_images['thumbnail_image_url']
# data['icon_image_url'] = uploaded_images['icon_image_url']
users_email = data.get('email', None)
if users_email is not None:
users_email = users_email.strip()
if has_access(
'is_admin') and data.get('deleted_at') != user.deleted_at:
user.deleted_at = data.get('deleted_at')
if users_email is not None and users_email != user.email:
try:
db.session.query(User).filter_by(email=users_email).one()
except NoResultFound:
view_kwargs['email_changed'] = user.email
else:
raise ConflictException({'pointer': '/data/attributes/email'},
"Email already exists")
if has_access('is_super_admin') and data.get(
'is_admin') and data.get('is_admin') != user.is_admin:
user.is_admin = not user.is_admin
if has_access('is_admin') and (
'is_sales_admin'
in data) and data.get('is_sales_admin') != user.is_sales_admin:
user.is_sales_admin = not user.is_sales_admin
if has_access('is_admin') and (
'us_marketer'
in data) and data.get('is_marketer') != user.is_marketer:
user.is_marketer = not user.is_marketer
if data.get('avatar_url'):
start_image_resizing_tasks(user, data['avatar_url'])
def before_post(self, args, kwargs, data):
"""
before post method to check for required relationship and proper permission
:param args:
:param kwargs:
:param data:
:return:
"""
require_relationship(['event'], data)
if 'Authorization' in request.headers:
_jwt_required(app.config['JWT_DEFAULT_REALM'])
else:
raise ForbiddenException({'source': ''}, 'Only Authorized Users can favourite an event')
data['user'] = current_user.id
user_favourite_event = UserFavouriteEvent.query.filter_by(
user=current_user, event_id=int(data['event'])).first()
if user_favourite_event:
raise ConflictException({'pointer': '/data/relationships/event'}, "Event already favourited")
def before_post(self, args, kwargs, data):
"""
before post method to check for required relationship and proper permission
:param args:
:param kwargs:
:param data:
:return:
"""
require_relationship(['event'], data)
if 'Authorization' in request.headers:
verify_jwt_in_request()
else:
raise ForbiddenException(
{'source': ''}, 'Only Authorized Users can favourite an event')
data['user'] = current_user.id
user_favourite_event = find_user_favourite_event_by_id(
event_id=data['event'])
if user_favourite_event:
raise ConflictException({'pointer': '/data/relationships/event'},
"Event already favourited")
