def remove_user(user_id): session_id = auth.check_token(request.headers.get('session')) if not session_id: return "Unauthorized request: Bad session token", 401 user_sess = User.find_id(session_id) if not user_sess: return "Session token not found", 404 if (not session_id == user_id) and (not user_sess.type == "organizer"): return "Unauthorized request: You don't have permission for this action", 401 user = User.find_id(user_id) if not user: return "User not found", 404 user.delete() return 'User deleted'
def update_user(user_id): session_id = auth.check_token(request.headers.get('session')) if not session_id: return "Unauthorized request: Bad session token", 401 user_sess = User.find_id(session_id) if not user_sess: return "Session token not found", 404 if (not session_id == user_id) and (not user_sess.type == "organizer"): return "Unauthorized request: You don't have permission for this action", 401 user = User.find_id(user_id) if not user: return "User not found", 404 hadError = False for key, value in request.get_json().items(): if key == "password": setattr(user, key, bcrypt.hashpw(value.encode('utf-8'), bcrypt.gensalt())) elif not key.startswith( '_' ) and not key == "id" and not key == "type" and value != "": # Some security setattr(user, key, value) if not user.complete and not hadError: user.completion_token = None user.complete = True try: user.save() except Exception as e: print("ERROR SAVING USER OBJECT", str(e)) print(user.to_dict()) return json.dumps({ 'error': True, 'message': "Validation error: " + str(e) }), 400, jsonType return user.to_json()
def request_upload(upload_location): filetype = request.args.get("filetype") filesize = request.args.get("filesize") if filetype not in ['png', 'jpg', 'jpeg', 'gif', 'pdf']: return "Invalid filetype", 400 # TODO: Check filesize if upload_location not in ["event", "user", "project"]: return "Invalid upload location", 400 token = request.headers.get('session') user_id = sessions.get('session:' + token) if not user_id: return "Session invalid", 40 user = User.find_id(user_id) if not user: return "Session invalid", 401 if upload_location == "event" and user.type != "organizer": return "You don't have permission to upload", 401 upload_policy = SharedAccessPolicy( AccessPolicy( start=( datetime.datetime.utcnow() - datetime.timedelta(minutes=15)).strftime("%Y-%m-%dT%H:%M:%SZ"), expiry=( datetime.datetime.utcnow() + datetime.timedelta(minutes=15)).strftime("%Y-%m-%dT%H:%M:%SZ"), permission=BlobSharedAccessPermissions.WRITE, )) destination_url = upload_location + "/" + create_filename( ) + '.' + filetype # TODO: fix "Incorrect Padding" exception on this line upload_token = azure_storage.generate_shared_access_signature( container_name='user-files', blob_name=destination_url, shared_access_policy=upload_policy, ) print("Created Destination Url " + destination_url) print("Created upload token " + upload_token) return json.dumps({ "upload_url": files_url + destination_url + "?" + upload_token, "file_url": files_url + destination_url }), 200, jsonType
def find_user_events(user_id): user = User.find_id(user_id) if not user: return "User not found", 404 result = {"upcoming": [], "attended": []} for evt in user.events: if evt.start_date > datetime.now(): result['upcoming'].append(evt.to_dict()) else: result['attended'].append(evt.to_dict()) return json.dumps(result), 200, jsonType
def retrieve_user(): token = request.headers.get('session') user_id = sessions.get('session:' + token) if not user_id: return "Session invalid", 401 user = User.find_id(user_id) if not user: return "Session invalid", 401 return user.to_json()
def unregister(event_id): user_id = auth.check_token(request.headers.get('session')) if not user_id: return "Unauthorized request: Bad session token", 401 user = User.find_id(user_id) if not user: return "Unauthorized request: User doesn't have permission", 401 event = Event.find_event(event_id) if not event: return "Event not found", 404 if event in user.events: user.events.remove(event) user.save() return json.dumps({"status": "removed"}), 200, jsonType
def create_project(): user_id = auth.check_token(request.headers.get('session')) if not user_id: return "Unauthorized request: Bad session token", 401 user = User.find_id(user_id) if not user: return "User not found", 404 project = Project() event_id = request.json.get('event') if not event_id: return "Event is required", 400 event = Event.find_event(event_id) if not event: return "Event not found", 404 if not (event in user.events or event.id in user.events): return "User not attending event", 400 teammate_email = request.json.get('teammate') # A team is required if not teammate_email: return "Teammate email is required", 400 teammate = User.objects(email=teammate_email).first() if not teammate: return "Teammate not found", 404 if not (event in teammate.events or event.id in teammate.events): return "Teammate not registered for event", 400 project.name = request.json.get('name') project.description = request.json.get('description') project.image = request.json.get('image') project.event = event project.team = [] project.team.append(user) project.team.append(teammate) project.save() if not project.id: return 'Error creating project', 500 return project.select_related(max_depth=1).to_json()
def remove_project(project_id): session_id = auth.check_token(request.headers.get('session')) if not session_id: return "Unauthorized request: Bad session token", 401 user_sess = User.find_id(session_id) if not user_sess: return "Session token not found", 404 project = Project.find_id(project_id) if not project: return "Project not found", 404 if not (user_sess in project.team or user_sess.type == "organizer"): return "Unauthorized request: You don't have permission for this action", 401 project.delete() return 'Project deleted'
def update_project(project_id): session_id = auth.check_token(request.headers.get('session')) if not session_id: return "Unauthorized request: Bad session token", 401 user_sess = User.find_id(session_id) if not user_sess: return "Session token not found", 404 project = Project.find_id(project_id) if not project: return "Project not found", 404 for key, value in request.get_json().items(): if not key.startswith('_'): # Some security setattr(project, key, value) project.save() return project.to_json()
def checkout(event_id): user_id = auth.check_token(request.headers.get('session')) if not user_id: return "Unauthorized request: Bad session token", 401 user = Organizer.find_id(user_id) if not user: return "Unauthorized request: User doesn't have permission", 401 event = Event.find_event(event_id) if not event: return "Event not found", 404 attendee = User.find_id(request.json['attendee_id']) if not attendee: return "Attendee not found", 404 if event in attendee.checkins: attendee.checkins.remove(event) attendee.save() return json.dumps({"status": "removed"}), 200, jsonType
def all_scheduleitems(event_id): user_id = auth.check_token( request.headers.get('session') ) if not user_id: return "Unauthorized request: Bad session token", 401 user = User.find_id( user_id ) if not user: return "User not found", 404 event = Event.find_event( event_id ) if not event: return "Event not found", 404 attended_ids = [ evt.id for evt in user.events ] if not (event.id in attended_ids or user.type == "organizer"): return "Unauthorized request: User doesn't have permission" schedule = [] for s in event.schedule: schedule.append(s.to_dict()) return json.dumps( schedule ), 200, jsonType
def get_post(event_id, post_id): user_id = auth.check_token(request.headers.get('session')) if not user_id: return "Unauthorized request: Bad session token", 401 user = User.find_id(user_id) if not user: return "User not found", 404 event = Event.find_event(event_id) if not event: return "Event not found", 404 attended_ids = [evt.id for evt in user.events] if not (event.id in attended_ids or user.type == "organizer"): return "Unauthorized request: User doesn't have permission" post = Post.find_id(post_id) if not post: return "Post not found", 404 return post.to_json()
def all_posts(event_id): user_id = auth.check_token(request.headers.get('session')) if not user_id: return "Unauthorized request: Bad session token", 401 user = User.find_id(user_id) if not user: return "User not found", 404 event = Event.find_event(event_id) if not event: return "Event not found", 404 attended_ids = [evt.id for evt in user.events] if not (event.id in attended_ids or user.type == "organizer"): return "Unauthorized request: User doesn't have permission" posts = [] for p in Post.objects(event=event): posts.append(p.to_dict()) return json.dumps(posts), 200, jsonType
}), 400, jsonType elif price > 0: print("price > 0") return json.dumps({ "status": "failed", "reason": "payment", "message": "This event costs $%s." % price }), 400, jsonType else: print("user account exists") user_id = auth.check_token(request.headers.get('session')) if not user_id: return "Unauthorized request: Bad session token", 401 user = User.find_id(user_id) if not user: return "Unauthorized request: User doesn't have permission", 401 if user.type == "organizers": return "Organizers can't register for an event", 400 if (event.registration_end < datetime.now()): return json.dumps({ "status": "failed", "reason": "closed", "message": "Registration for this event has ended." }), 200, jsonType if event in user.events: return json.dumps({ "status":
def find_user(user_id): user = User.find_id(user_id) if not user: return "User not found", 404 return user.to_json()