def new_role():
name = request.get_json().get('name')
description = request.get_json().get('description')
if not name or not description:
return bad_request('Please provide name & description')
role_group_id = request.get_json().get('role_group_id')
role_group_name = request.get_json().get('role_group_name')
if not role_group_id and not role_group_name:
return bad_request('Please provide role group id or name')
role_group = None
if role_group_id:
role_group = RoleGroup.get_by(id=role_group_id)
elif role_group_name:
role_group = RoleGroup.get_by(name=role_group_name)
if not role_group:
return bad_request('Please provide a valid role group id or name')
try:
new_item = Role(name=name, description=description)
new_item.role_group = role_group
db.session.add(new_item)
db.session.commit()
except IntegrityError:
db.session.rollback()
return bad_request('Already in DB')
response = {
'data': {
'url': url_for('.get_role', item_id=new_item.id, _external=True),
'message': 'created',
}
}
current_app.logger.info('New role created %s', new_item)
return jsonify(response), 201
def new_transaction():
data = request.get_json()
# 400: bad request check
if data is None:
return errors.bad_request('expected json data in body')
required = ['file_hash', 'author_key', 'signature']
if not all(k in data for k in required):
return errors.bad_request(
'missing values, must provide file_hash, author_key, signature')
# check if txn already exists in blockchain
file = File.query.filter_by(file_hash=data['file_hash']).first()
if file is not None:
return errors.error_response(403, 'file already exists')
# check if txn already exists in txn pool
for txn in blockchain.transaction_pool:
if data['file_hash'] == txn.file_hash:
return errors.error_response(
403, 'file in transaction pool, wait for block to be mined')
blockchain.add_transaction(data)
respone = {'message': 'Transaction will be added to Block #{}'.format(
blockchain.current_block.index + 1
)}
return jsonify(respone), 201
def create_thread():
app.logger.debug(f'Receive request: {request.data}')
request_data = request.get_json() or {}
if 'forum_id' not in request_data:
bad_request('must include a forum_id')
all_column_names = Thread.__table__.columns.keys()
insert_data = {
k: v
for k, v in request_data.items() if k in all_column_names
}
insert_data['creator_id'] = token_auth.current_user().id
insert_data['creation_timestamp'] = datetime.utcnow()
insert_data['deleted'] = False
insert_data_list = [(k, v) for k, v in insert_data.items()]
insert_thread_query = f"""
INSERT INTO thread
({', '.join([k for k, v in insert_data_list])})
VALUES ({', '.join([f"'{v}'" for k, v in insert_data_list])})
RETURNING thread.id
"""
query_result = database.session.execute(insert_thread_query)
database.session.commit()
new_thread_id = [r for r in query_result][0][0]
response = jsonify({'thread_id': new_thread_id})
response.status_code = 201
response.headers['Location'] = url_for('get_thread',
thread_id=new_thread_id)
return response
def create_user():
app.logger.debug(f'Receive request: {request.data}')
data = request.get_json() or {}
if 'username' not in data or 'email' not in data or 'password' not in data:
return bad_request('must include username, email and password fields')
name_query = A_USER_QUERY_TEMPLATE.format('username', data['username'])
query_result_proxy = database.session.execute(name_query)
query_result = [r for r in query_result_proxy]
if query_result:
return bad_request('please use a different username')
user = Users()
user.from_dict(data, new_user=True)
insert_command = f"""
INSERT INTO users (username, email, common_name, password_hash)
VALUES (
'{user.username}', '{user.email}', '{user.common_name}',
'{user.password_hash}'
)
RETURNING users.id
"""
query_result = database.session.execute(insert_command)
database.session.commit()
new_user_id = [r for r in query_result][0][0]
response = jsonify({'user_id': new_user_id})
response.status_code = 201
response.headers['Location'] = url_for('get_user', user_id=new_user_id)
return response
def create_project():
data = request.get_json() or {}
project_name = data.get('project_name')
owner_name = data.get('owner_name')
if not project_name or not owner_name:
return bad_request('must include project name or owner_name')
if Project.query.filter_by(project_name=project_name).first():
return bad_request('please use a different project name')
if not User.query.filter_by(username=owner_name).first():
return bad_request('owner does not exist')
project = Project(project_name=project_name, owner_name=owner_name)
db.session.add(project)
session_commit()
project = Project.query.filter_by(project_name=project_name).first()
if not project:
return bad_request('create project fail')
# project.add_user(g.current_user)
# admins = User.admins_list()
# if admins:
# for admin in admins:
# project.add_user(admin)
# session_commit()
data = project.to_dict()
response = trueReturn(data, 'create project successfully')
# response.status_code = 201
return response
def create_forum():
app.logger.debug(f'Receive request: {request.data}')
request_data = request.get_json() or {}
if 'name' not in request_data or 'short_name' not in request_data:
return bad_request('must include name amd short_name fields')
for unique_field_name in ['name', 'short_name']:
forum_query = A_FORUM_QUERY_TEMPLATE.format(
unique_field_name,
request_data[unique_field_name],
)
query_result_proxy = database.session.execute(forum_query)
query_result = [r for r in query_result_proxy]
if query_result:
return bad_request(f'please use a different {unique_field_name}')
creator_id = token_auth.current_user().id
insert_command = f"""
INSERT INTO forum (name, short_name, creator_id)
VALUES (
'{request_data['name']}', '{request_data['short_name']}', '{creator_id}'
)
RETURNING forum.id
"""
query_result = database.session.execute(insert_command)
database.session.commit()
new_forum_id = [r for r in query_result][0][0]
response = jsonify({'forum_id': new_forum_id})
response.status_code = 201
response.headers['Location'] = url_for('get_forum', forum_id=new_forum_id)
return response
def edit_role_group(item_id):
new_name = request.get_json().get('name')
new_description = request.get_json().get('description')
if not new_name or not new_description:
return bad_request('Please provide new name or new description')
role_group = RoleGroup.get_by(id=item_id)
if not role_group:
return not_found('item not found')
try:
role_group.name = new_name
role_group.description = new_description
db.session.commit()
except IntegrityError:
db.session.rollback()
return bad_request('already in DB')
response = {
'data': {
'url': url_for('.get_role_group', item_id=role_group.id,
_external=True),
}
}
return jsonify(response)
def put(self, id):
"""
Edit the name of a bucketlist [PUT]
Args:
id :the bucketlist identiier
Returns:
a dictionary of the bucketlist updated
"""
args = self.reqparse.parse_args()
bucketlist = Bucketlist.query.filter_by(id=id,
created_by=g.user.id).first()
name = args['name']
if not bucketlist:
return ({'message': 'bucketlist does not exist.'}, 404)
else:
if name == bucketlist.name:
return ({'message': 'Cannot update with same name.'}, 409)
if name:
if bucketlist.created_by == g.user.id:
bucketlist.name = name
db.session.add(bucketlist)
db.session.commit()
return ({
'message': 'Update was successfull',
'bucketlist': marshal(bucketlist, bucketlist_field)
}, 200)
else:
return errors.bad_request(' Unauthorised')
else:
return errors.bad_request('No value provided!')
def api_view(request, user):
try:
data = json.loads(request.data.decode('utf-8'))
except json.JSONDecodeError:
return bad_json()
# validate fields
if 'model' not in data:
return bad_request("No `model` prodivded in request")
model = data['model']
if 'n' in data:
try:
n = int(data['n'])
except ValueError:
return bad_request("Value given for `n` is not valid: " +
str(data['n']))
if n < 1:
return bad_request("Value given for `n` is less than 1")
else:
n = 1
if 'refresh' in data:
refresh = data['refresh']
if type(refresh) is not bool:
return bad_request("Value given for `refresh` is not valid: " +
str(refresh))
else:
refresh = True
# do transaction
record = json.dumps({'model': model, 'n': n})
last_trans = Transaction.query.filter_by(request=record, user=user).first()
if refresh or last_trans is None:
# TODO deal with bad model
data_out, cost = jg.generate(model, n)
response = json.dumps(data_out)
transaction = Transaction(user=user,
cost=cost,
request=record,
response=response,
time=datetime.now())
else:
response = last_trans.response
transaction = Transaction(user=user,
cost=last_trans.cost,
request=record,
response=last_trans.response,
time=datetime.now())
db.session.add(transaction)
db.session.commit()
return response
def update_client(id):
"""Update the client by id"""
client = Client.query.get(id)
if not client:
return bad_request(404)
name = request.json.get("name", '')
if not name:
return bad_request(405)
client.name = name
client.save()
return jsonify(client.to_dict()), 200
def update_category(id):
"""Update the category by id"""
category = Category.query.get(id)
if not category:
return bad_request(404)
name = request.json.get("name", '')
if not name:
return bad_request(405)
category.name = name
category.save()
return jsonify(category.to_dict()), 200
def update_client(client_id):
"""Updates data about client by id"""
client = Client.query.get_or_404(client_id)
data = request.get_json() or {}
if 'address' in data and data['address'] != client.address and \
Client.query.filter_by(address=data['address']).first():
return bad_request('please use a different address')
if 'email' in data and data['email'] != client.email and \
Client.query.filter_by(email=data['email']).first():
return bad_request('please use a different email address')
client.from_dict(data, new_user=False)
db.session.commit()
return jsonify(client.to_dict())
def add_user():
request_data = request.get_json()
if not request_data:
return bad_request("No input data provided")
try:
data = UserSchema().load(request_data)
except ValidationError as err:
return error_response(422, err.messages)
email = data.get('email')
password = data.get('password')
firstname = data.get('firstname')
lastname = data.get('lastname')
username = data.get('username') or \
f'{firstname}{lastname}_{int(random()*1e6)}'
try:
# check for existing user
user_email = User.find_by_identity(data.get('email'))
user_username = User.find_by_identity(data.get('username'))
if user_email is None and user_username is None:
# add new user to db
user = User()
user.firstname = firstname
user.lastname = lastname
user.username = username
user.email = email
user.password = password
user.bio = data.get('bio')
user.is_active = data.get('is_active') or False
user.is_admin = data.get('is_admin') or False
user.save()
response = jsonify({
'message': 'Successfully added new user.',
})
response.status_code = 201
response.headers['Location'] = url_for(
'users.get_user', id=user.id)
return response
else:
return bad_request('Sorry. That user already exists.')
# handle errors
except (exc.IntegrityError, ValueError):
db.session.rollback()
return error_response(500, 'Something went wrong, please try again.')
def create_registering_user():
data = request.args.to_dict() or {}
if 'error' in data:
return bad_request('Error: ' + data['error'])
try:
user_uuid = uuid.UUID(data['state']).hex # Check for UUID validity
except (ValueError, KeyError):
return bad_request('Must include correct UUID in the state')
RegisteringUser.query.filter_by(uuid=user_uuid).delete()
db.session.commit()
registering_user = RegisteringUser(uuid=user_uuid, auth_code=data['code'])
db.session.add(registering_user)
db.session.commit()
return redirect(url_for('static', filename='close.html'))
def create_user():
data = request.get_json() or {}
if 'username' not in data or 'vulgo' not in data or 'password' not in data:
return bad_request('must include username, vulgo and password fields')
if User.query.filter_by(username=data['username']).first():
return bad_request('please use a different username')
user = User()
user.from_dict(data, new_user=True)
db.session.add(user)
db.session.commit()
response = jsonify(user.to_dict())
response.status_code = 201
response.headers['Location'] = url_for('get_user', id=user.id)
return response
def get_project_info():
project_id = request.args.get('project_id', type=int)
if not project_id:
return bad_request('must include project id')
project = g.current_user.followed_projects().filter_by(
id=project_id).first()
if not project:
return bad_request('%s is not the member of project %d' %
(g.current_user.username, project_id))
data = project.to_dict()
response = trueReturn(data, 'Success')
return response
def register():
""" View function which handles users registration.
:param username: registered username.
:param password: user password.
:param email: user email.
:param role: role name for new user.
:return: a JSON with user token & email confirmation URL.
"""
username = request.json.get('username')
password = request.json.get('password')
email = request.json.get('email')
role_name = request.json.get('role')
if not username or not password or not email or not role_name:
return bad_request('Invalid parameters')
role = Role.get_by(name=role_name)
if not role:
return bad_request('Use a valid role please.')
try:
user = User(email=email, username=username, password=password,
login_count=0)
user.roles.append(role)
db.session.add(user)
db.session.commit()
except IntegrityError:
db.session.rollback()
return bad_request('Please use another username/email')
expiration = current_app.config.get('SESSION_TTL')
token = user.generate_auth_token(expiration=expiration)
email_token = user.generate_email_token(expiration=expiration*5)
celery_email(subject='Confirm Your Account', recipients=[user.email, ],
countdown=5, template='confirm_account',
username=username,
email_token=email_token.decode('utf-8'),
application=current_app.config.get('PROJECT_NAME').upper(),
)
response = {
'data': {
'token': token.decode('utf-8'),
'confirm_email_url': url_for('auth.confirm_email',
email_token=email_token,
_external=True),
'expiration': expiration,
}
}
current_app.logger.info('New user created %s', user)
return jsonify(response), 201
def create_post():
app.logger.debug(f'Receive request: {request.data}')
request_data = request.get_json() or {}
obligatory_fields = ['text', 'thread_id']
for field_name in obligatory_fields:
if field_name not in request_data:
return bad_request(f'must include the field "{field_name}"')
post_text = request_data['text']
thread_id = request_data['thread_id']
author_id = token_auth.current_user().id
insert_post_query = f"""
INSERT INTO post (text, creation_timestamp, user_id, thread_id,
deleted, deleted_by_thread)
VALUES ('{post_text}', '{datetime.utcnow()}', '{author_id}', '{thread_id}',
FALSE, FALSE)
RETURNING post.id
"""
query_result = database.session.execute(insert_post_query)
database.session.commit()
new_post_id = [r for r in query_result][0][0]
response = jsonify({'post_id': new_post_id})
response.status_code = 201
response.headers['Location'] = url_for('get_post', post_id=new_post_id)
return response
def change_my_username():
new_username = request.get_json().get('username')
if not new_username:
return bad_request('Please provide username')
if not User.is_valid_username(new_username):
return bad_request('not valid username')
g.current_user.username = new_username
db.session.commit()
response = {
'data': {
'message': 'updated',
}
}
return jsonify(response)
def signin(
) -> Union[Tuple[Response, int, Dict[str, str]], Response, Tuple[str, int]]:
""" Login user """
try:
if not request.json or not 'email_id' in request.json \
or not 'password' in request.json:
return bad_request('Email_id and/or password is missing!')
email = request.json.get('email_id')
password = request.json.get('password')
user = db.session.query(User).filter_by(email=email).first()
if user:
if bcrypt.check_password_hash(user.password, password):
auth_token = user.encode_auth_token(user.id)
responseObj = {
'status': 'Success',
'message': 'Successfull login.',
'auth_token': auth_token.decode('utf-8')
}
return jsonify(responseObj), 201, {
'Content-Type': 'application/json'
}
else:
return redirect("signup", code=303)
except Exception as ex:
print(ex)
return 'try again', 401
def signup() -> Union[Tuple[Response, int, Dict[str, str]], Tuple[str, int]]:
""" Signup new user """
try:
if not request.json or not 'email_id' in request.json \
or not 'password' in request.json:
return bad_request('Email_id and/or password is missing!')
email = request.json.get('email_id')
password = request.json.get('password')
user = User(email=email, password=password)
db.session.add(user)
db.session.commit()
auth_token = user.encode_auth_token(user.id)
responseObj = {
'status': 'Success',
'message': 'Successfully signed up.',
'auth_token': auth_token.decode('utf-8')
}
return jsonify(responseObj), 201, {'Content-Type': 'application/json'}
except Exception as ex:
print(ex)
return 'try again', 401
def receive_object():
#extract request data or none
data = request.get_json() or {}
#check if required fields exist (auth_token, and item_token)
if 'auth_token' not in data or 'item_token' not in data:
return bad_request('Auth token and item token must be included')
#authorise user from token
user = User.check_auth_token(data['auth_token'])
#check if user is authorised and is ssame as item's recipient
if not user:
return error_response(401, 'User not authorised.')
#get required item
recipient, item = Item.decode_item_token(data['item_token'])
#check if item and recipient were found
if item and recipient:
#if user is same as item's recipient
if recipient is user:
item.owner = user
db.session.commit()
#create response
response = jsonify(
{'message': "Object was succesfully transfered."})
response.status_code = 200
return response
else:
return error_response(403, 'Resource is forbidden.')
else:
return error_response(404, 'Item not found.')
def send_object():
#extract request data or none
data = request.get_json() or {}
#check if required fields exist
if 'token' not in data or 'id' not in data or 'login' not in data:
return bad_request('Token, id and login fields must be included')
#get required item
item = Item.query.get(data['id'])
#check if the recipient exists
recipient = User.query.filter_by(login=data['login']).first()
if not item or not recipient:
return error_response(404, "Item or recipient doesn't exist.")
#get user from token
user = User.check_auth_token(data['token'])
#check if user was found and if he is owner of the item
if user and user is item.owner:
response = jsonify({
'message':
'Item token generated.',
'item_token':
item.generate_item_token(data['login']).decode(),
})
response.status_code = 200
return response
else:
return error_response(403, 'Please log in.')
def create_feature():
"""Create a feature"""
feature_dict = request.get_json(silent=True)
if not feature_dict:
return bad_request(405)
try:
target_date = datetime.strptime(
feature_dict.get('target_date', '')[0:10], "%Y-%m-%d")
feature_dict['target_date'] = target_date
feature = Feature(**feature_dict)
except:
print("Error has occured.")
else:
feature.save()
return jsonify(feature.to_dict()), 201
return bad_request(405)
def update_trip(trip_id):
trip = Trip.query.get_or_404(trip_id)
if (not trip.status == "ONGOING") and (not trip.status == "PANIC"):
return bad_request('Cannot update ' + trip.status + ' trips.')
data = request.get_json(silent=True) or {}
trip.update_from_dictionary(data)
db.session.commit()
return jsonify(trip.to_dictionary())
def create_category():
"""Create a category"""
name = request.json.get("name", '')
if not name:
return bad_request(405)
category = Category(name=name)
category.save()
return jsonify(category.to_dict()), 201
def update_feature(id):
"""Update the feature by id"""
feature = Feature.query.get(id) # filter_by(Feature.id=id).first()
if not feature:
return bad_request(404)
try:
feature_dict = request.get_json(silent=True)
target_date = datetime.strptime(
feature_dict.get('target_date', '')[0:10], "%Y-%m-%d")
feature_dict['target_date'] = target_date
feature.__init__(**feature_dict)
feature.save()
except:
print("Cannot update the feature_dict")
else:
return jsonify(feature.to_dict()), 200
return bad_request(405)
def create_client():
"""Create a client"""
name = request.json.get("name", '')
if not name:
return bad_request(405)
client = Client(name=name)
client.save()
return jsonify(client.to_dict()), 201
def remove_role_from_user(item_id, role_name):
user = User.get_by(id=item_id)
if not user:
return not_found('user not found')
if role_name not in user.list_roles_names():
return bad_request('user does not has that role')
if not user.remove_role(role_name):
if len(user.roles) == 1:
return bad_request('user only has that role! cannot be removed')
else:
return not_found('not valid role name')
response = {
'data': {
'message': 'Role successfully removed from User.'
}
}
return jsonify(response), 204
def image():
data = request.files['file'] or None
if data is None:
return bad_request('must include image')
results = process_image(data)
response = jsonify(results)
response.status_code = 201
return response
