Exemple #1
0
def remove_user(user_id):
    session_id = auth.check_token(request.headers.get('session'))
    if not session_id:
        return "Unauthorized request: Bad session token", 401

    user_sess = User.find_id(session_id)
    if not user_sess:
        return "Session token not found", 404

    if (not session_id == user_id) and (not user_sess.type == "organizer"):
        return "Unauthorized request: You don't have permission for this action", 401

    user = User.find_id(user_id)
    if not user:
        return "User not found", 404

    user.delete()

    return 'User deleted'
Exemple #2
0
def update_user(user_id):
    session_id = auth.check_token(request.headers.get('session'))
    if not session_id:
        return "Unauthorized request: Bad session token", 401

    user_sess = User.find_id(session_id)
    if not user_sess:
        return "Session token not found", 404

    if (not session_id == user_id) and (not user_sess.type == "organizer"):
        return "Unauthorized request: You don't have permission for this action", 401

    user = User.find_id(user_id)
    if not user:
        return "User not found", 404

    hadError = False
    for key, value in request.get_json().items():
        if key == "password":
            setattr(user, key,
                    bcrypt.hashpw(value.encode('utf-8'), bcrypt.gensalt()))
        elif not key.startswith(
                '_'
        ) and not key == "id" and not key == "type" and value != "":  # Some security
            setattr(user, key, value)

    if not user.complete and not hadError:
        user.completion_token = None
        user.complete = True

    try:
        user.save()
    except Exception as e:
        print("ERROR SAVING USER OBJECT", str(e))
        print(user.to_dict())
        return json.dumps({
            'error': True,
            'message': "Validation error: " + str(e)
        }), 400, jsonType

    return user.to_json()
Exemple #3
0
def request_upload(upload_location):
    filetype = request.args.get("filetype")
    filesize = request.args.get("filesize")

    if filetype not in ['png', 'jpg', 'jpeg', 'gif', 'pdf']:
        return "Invalid filetype", 400

    # TODO: Check filesize

    if upload_location not in ["event", "user", "project"]:
        return "Invalid upload location", 400

    token = request.headers.get('session')

    user_id = sessions.get('session:' + token)

    if not user_id:
        return "Session invalid", 40

    user = User.find_id(user_id)
    if not user:
        return "Session invalid", 401

    if upload_location == "event" and user.type != "organizer":
        return "You don't have permission to upload", 401

    upload_policy = SharedAccessPolicy(
        AccessPolicy(
            start=(
                datetime.datetime.utcnow() -
                datetime.timedelta(minutes=15)).strftime("%Y-%m-%dT%H:%M:%SZ"),
            expiry=(
                datetime.datetime.utcnow() +
                datetime.timedelta(minutes=15)).strftime("%Y-%m-%dT%H:%M:%SZ"),
            permission=BlobSharedAccessPermissions.WRITE,
        ))
    destination_url = upload_location + "/" + create_filename(
    ) + '.' + filetype

    # TODO: fix "Incorrect Padding" exception on this line
    upload_token = azure_storage.generate_shared_access_signature(
        container_name='user-files',
        blob_name=destination_url,
        shared_access_policy=upload_policy,
    )

    print("Created Destination Url " + destination_url)
    print("Created upload token " + upload_token)
    return json.dumps({
        "upload_url": files_url + destination_url + "?" + upload_token,
        "file_url": files_url + destination_url
    }), 200, jsonType
Exemple #4
0
def find_user_events(user_id):
    user = User.find_id(user_id)
    if not user:
        return "User not found", 404

    result = {"upcoming": [], "attended": []}
    for evt in user.events:
        if evt.start_date > datetime.now():
            result['upcoming'].append(evt.to_dict())
        else:
            result['attended'].append(evt.to_dict())

    return json.dumps(result), 200, jsonType
Exemple #5
0
def retrieve_user():
    token = request.headers.get('session')

    user_id = sessions.get('session:' + token)

    if not user_id:
        return "Session invalid", 401

    user = User.find_id(user_id)
    if not user:
        return "Session invalid", 401

    return user.to_json()
Exemple #6
0
def unregister(event_id):
    user_id = auth.check_token(request.headers.get('session'))
    if not user_id:
        return "Unauthorized request: Bad session token", 401

    user = User.find_id(user_id)
    if not user:
        return "Unauthorized request: User doesn't have permission", 401

    event = Event.find_event(event_id)
    if not event:
        return "Event not found", 404
    if event in user.events:
        user.events.remove(event)
    user.save()

    return json.dumps({"status": "removed"}), 200, jsonType
Exemple #7
0
def create_project():
    user_id = auth.check_token(request.headers.get('session'))
    if not user_id:
        return "Unauthorized request: Bad session token", 401

    user = User.find_id(user_id)
    if not user:
        return "User not found", 404

    project = Project()

    event_id = request.json.get('event')
    if not event_id:
        return "Event is required", 400
    event = Event.find_event(event_id)
    if not event:
        return "Event not found", 404
    if not (event in user.events or event.id in user.events):
        return "User not attending event", 400

    teammate_email = request.json.get('teammate')  # A team is required
    if not teammate_email:
        return "Teammate email is required", 400
    teammate = User.objects(email=teammate_email).first()
    if not teammate:
        return "Teammate not found", 404
    if not (event in teammate.events or event.id in teammate.events):
        return "Teammate not registered for event", 400

    project.name = request.json.get('name')
    project.description = request.json.get('description')
    project.image = request.json.get('image')

    project.event = event
    project.team = []
    project.team.append(user)
    project.team.append(teammate)

    project.save()

    if not project.id:
        return 'Error creating project', 500

    return project.select_related(max_depth=1).to_json()
Exemple #8
0
def remove_project(project_id):
    session_id = auth.check_token(request.headers.get('session'))
    if not session_id:
        return "Unauthorized request: Bad session token", 401

    user_sess = User.find_id(session_id)
    if not user_sess:
        return "Session token not found", 404

    project = Project.find_id(project_id)
    if not project:
        return "Project not found", 404

    if not (user_sess in project.team or user_sess.type == "organizer"):
        return "Unauthorized request: You don't have permission for this action", 401

    project.delete()

    return 'Project deleted'
Exemple #9
0
def update_project(project_id):
    session_id = auth.check_token(request.headers.get('session'))
    if not session_id:
        return "Unauthorized request: Bad session token", 401

    user_sess = User.find_id(session_id)
    if not user_sess:
        return "Session token not found", 404

    project = Project.find_id(project_id)
    if not project:
        return "Project not found", 404

    for key, value in request.get_json().items():
        if not key.startswith('_'):  # Some security
            setattr(project, key, value)

    project.save()

    return project.to_json()
Exemple #10
0
def checkout(event_id):
    user_id = auth.check_token(request.headers.get('session'))
    if not user_id:
        return "Unauthorized request: Bad session token", 401

    user = Organizer.find_id(user_id)
    if not user:
        return "Unauthorized request: User doesn't have permission", 401

    event = Event.find_event(event_id)
    if not event:
        return "Event not found", 404

    attendee = User.find_id(request.json['attendee_id'])
    if not attendee:
        return "Attendee not found", 404

    if event in attendee.checkins:
        attendee.checkins.remove(event)
    attendee.save()

    return json.dumps({"status": "removed"}), 200, jsonType
Exemple #11
0
def all_scheduleitems(event_id):
    user_id = auth.check_token( request.headers.get('session') )
    if not user_id:
        return "Unauthorized request: Bad session token", 401

    user = User.find_id( user_id )
    if not user:
        return "User not found", 404

    event = Event.find_event( event_id )
    if not event:
        return "Event not found", 404

    attended_ids = [ evt.id for evt in user.events ]

    if not (event.id in attended_ids or user.type == "organizer"):
        return "Unauthorized request: User doesn't have permission"

    schedule = []
    for s in event.schedule:
        schedule.append(s.to_dict())

    return json.dumps( schedule ), 200, jsonType
Exemple #12
0
def get_post(event_id, post_id):
    user_id = auth.check_token(request.headers.get('session'))
    if not user_id:
        return "Unauthorized request: Bad session token", 401

    user = User.find_id(user_id)
    if not user:
        return "User not found", 404

    event = Event.find_event(event_id)
    if not event:
        return "Event not found", 404

    attended_ids = [evt.id for evt in user.events]

    if not (event.id in attended_ids or user.type == "organizer"):
        return "Unauthorized request: User doesn't have permission"

    post = Post.find_id(post_id)
    if not post:
        return "Post not found", 404

    return post.to_json()
Exemple #13
0
def all_posts(event_id):
    user_id = auth.check_token(request.headers.get('session'))
    if not user_id:
        return "Unauthorized request: Bad session token", 401

    user = User.find_id(user_id)
    if not user:
        return "User not found", 404

    event = Event.find_event(event_id)
    if not event:
        return "Event not found", 404

    attended_ids = [evt.id for evt in user.events]

    if not (event.id in attended_ids or user.type == "organizer"):
        return "Unauthorized request: User doesn't have permission"

    posts = []
    for p in Post.objects(event=event):
        posts.append(p.to_dict())

    return json.dumps(posts), 200, jsonType
Exemple #14
0
                }), 400, jsonType

        elif price > 0:
            print("price > 0")
            return json.dumps({
                "status": "failed",
                "reason": "payment",
                "message": "This event costs $%s." % price
            }), 400, jsonType
    else:
        print("user account exists")
        user_id = auth.check_token(request.headers.get('session'))
        if not user_id:
            return "Unauthorized request: Bad session token", 401

        user = User.find_id(user_id)
        if not user:
            return "Unauthorized request: User doesn't have permission", 401
        if user.type == "organizers":
            return "Organizers can't register for an event", 400

    if (event.registration_end < datetime.now()):
        return json.dumps({
            "status": "failed",
            "reason": "closed",
            "message": "Registration for this event has ended."
        }), 200, jsonType

    if event in user.events:
        return json.dumps({
            "status":
Exemple #15
0
def find_user(user_id):
    user = User.find_id(user_id)
    if not user:
        return "User not found", 404

    return user.to_json()