Exemple #1
0
def add_lot():
    """
    POST create new lot
    :return:
    """
    if request.method == 'POST':

        new_lot = Lot(owner=request.oauth.user)
        form_data = None

        try:
            if hasattr(request,
                       'data') and request.content_type == 'application/json':
                form_data = json.loads(request.data)
            elif 'multipart/form-data' in request.content_type:
                form_data = request.form
            else:
                db.session.rollback()
                raise InvalidUsage('Incorrect content type.', status_code=500)
        except:
            db.session.rollback()
            raise InvalidUsage('Get post data error.', status_code=500)

        new_lot = lot_edit(new_lot, form_data=form_data)

        db.session.add(new_lot)
        db.session.commit()

        new_lot = Lot.query.get(new_lot.id)
        return jsonify(new_lot.serialize)
Exemple #2
0
    def wrapper(*args, **kwargs):

        if request.oauth.user.admin_user != 1:
            raise InvalidUsage('Just admin user can do this.', status_code=403)
        elif request.oauth.user.admin_user != 1:
            raise InvalidUsage('Just admin user can do this.', status_code=403)

        return function(*args, **kwargs)
Exemple #3
0
def publish_lot(lot_id):
    lot = Lot.query.get(lot_id)
    if lot.published:
        raise InvalidUsage('Lot already published', status_code=400)

    try:
        lot.published = True
        db.session.commit()
        return jsonify(dict(success=True, message='ok'))
    except:
        raise InvalidUsage('Wrong input data', status_code=400)
Exemple #4
0
def edit_category(category_id=None):
    """
    operations with category PUT DELETE POST
    :param category_id:
    :return:
    """

    category = Category.query.get(category_id)
    form_data = None

    if request.method != 'DELETE':
        try:
            if hasattr(request,
                       'data') and request.content_type == 'application/json':
                form_data = json.loads(request.data)
            elif 'multipart/form-data' in request.content_type:
                form_data = request.form
            else:
                raise InvalidUsage('Incorrect content type.', status_code=500)
        except:
            raise InvalidUsage('Get post data error.', status_code=500)

    if request.method == 'PUT':
        category = category_edit(category, form_data=form_data)
        db.session.add(category)
        db.session.commit()

        category = Category.query.get(category.id)
        return jsonify(category.serialize)

    elif request.method == 'DELETE':
        count_lots = Lot.query.filter_by(category_id=category.id).count()
        count_sub_category = Category.query.filter_by(
            parent_id=category.id).count()
        if count_sub_category == 0 and count_lots == 0:
            db.session.delete(category)
            db.session.commit()
            return jsonify(dict(success=True))
        else:
            return jsonify(
                dict(success=False,
                     message='lots or other categories refer on it'))

    elif request.method == 'POST':
        new_category = Category(user=request.oauth.user)
        new_category.parent_id = category.id
        new_category = category_edit(new_category, form_data=form_data)
        db.session.add(new_category)
        db.session.commit()

        new_category = Category.query.get(new_category.id)
        return jsonify(new_category.serialize)
Exemple #5
0
def get_lots_by_page():
    """
    get lots per pages
    :param page:
    :return:
    """
    category = None
    category_obj = None

    if request and 'category' in request.args:
        try:
            category = int(request.args.get('category', None))
        except (TypeError, ValueError):
            raise InvalidUsage('You can not access to this lot',
                               status_code=404)

        from lucky_club.api.categories.models import Category
        category_obj = Category.query.get(category)

    if category and category_obj:
        lots_pages = Lot.query.filter(((Lot.finished == True) | (Lot.published == True)) & (Lot.deleted == False) & (Lot.category_id == category)) \
            .paginate(error_out=False)
    else:
        lots_pages = Lot.query.filter(((Lot.finished == True) | (Lot.published == True)) & (Lot.deleted == False)) \
            .paginate(error_out=False)

    return jsonify(total_objects=lots_pages.total,
                   total_pages=lots_pages.pages,
                   page=lots_pages.page,
                   objects=[c.serialize for c in lots_pages.items],
                   has_next=lots_pages.has_next,
                   has_prev=lots_pages.has_prev)
Exemple #6
0
def delete_attach(attachment_id):
    """
    lot operations
    :param attachment_id:
    :return:
    """
    attachment = Attachment.query.get(attachment_id)
    lot = attachment.lot
    if lot.owner_id == request.oauth.user.id or request.oauth.user.admin_user == 1:
        if lot and not lot.published and not lot.deleted and not lot.finished:
            db.session.delete(attachment)
            db.session.commit()
            return jsonify(dict(success=True))
        else:
            raise InvalidUsage('you can not edit unpublished lot',
                               status_code=400)
    else:
        raise InvalidUsage('do not have permissions', status_code=400)
Exemple #7
0
    def wrapper(*args, **kwargs):

        from lucky_club.api.lots.models import Lot
        lot = Lot.query.get(kwargs['lot_id'])

        if lot and lot.published == True:
            return function(*args, **kwargs)
        else:
            raise InvalidUsage('lot does not published yes', status_code=400)
Exemple #8
0
    def wrapper(*args, **kwargs):

        from lucky_club.api.lots.models import Lot
        lot = Lot.query.get(kwargs['lot_id'])

        if lot and lot.deleted == False and lot.finished == False:
            return function(*args, **kwargs)
        else:
            raise InvalidUsage('You can not edit finished ot deleted lot', status_code=400)
Exemple #9
0
def recommend_lot(lot_id):
    lot = Lot.query.get(lot_id)

    try:
        lot.recommend = not lot.recommend
        db.session.commit()
        return jsonify(dict(success=True, message='ok'))
    except:
        raise InvalidUsage('Wrong input data', status_code=400)
Exemple #10
0
    def wrapper(*args, **kwargs):

        from lucky_club.api.lots.models import Lot
        lot = Lot.query.get(kwargs['lot_id'])

        if lot and (lot.owner_id == request.oauth.user.id or request.oauth.user.admin_user == 1):
            return function(*args, **kwargs)
        else:
            raise InvalidUsage('You do not have permissions to edit object', status_code=403)
Exemple #11
0
    def wrapper(*args, **kwargs):

        from lucky_club.api.lots.models import Lot
        lot = Lot.query.get(kwargs['lot_id'])

        if lot:
            return function(*args, **kwargs)
        else:
            raise InvalidUsage('Lot does not exists', status_code=404)
Exemple #12
0
    def wrapper(*args, **kwargs):

        from lucky_club.api.categories.models import Category
        category = Category.query.get(kwargs['category_id'])

        if category:
            return function(*args, **kwargs)
        else:
            raise InvalidUsage('Category does not exists', status_code=404)
Exemple #13
0
    def _usergetter(self, username, password, client, request, *args, **kwargs):
        if not hasattr(request, 'jwt_token'):
            raise InvalidUsage('wrong parameter', status_code=500)

        jwt_token = request.jwt_token

        if self.app.config['TESTING']:
            try:
                token = jwt.decode(jwt_token, 'secret', algorithms=['HS256'])
            except Exception:
                raise InvalidUsage('JWT token decode problem', status_code=500)
        else:
            try:
                token = self.parse_key(token_data=jwt_token, app=self.app)
            except ExpiredSignatureError:
                raise InvalidUsage('Token expired', status_code=500)

        account = User.query.filter_by(firebase_user_id=token['sub']).one_or_none()
        if account is None:
            account = User(firebase_user_id=token['sub'])
            account.email = token['email']
            account.email_verified = token['email_verified']
            account.name = token.get('name')
            account.photo_url = token.get('picture')

            # TODO change in prod system
            # account.admin_user = 1
            account.admin_user = 0
            db.session.add(account)

            from lucky_club.api.profile.models import Profile
            profile = Profile(user=account, screen_name = account.name)
            db.session.add(profile)

            from lucky_club.api.account.models import Account
            bank_account = Account(user=account)
            db.session.add(bank_account)

            db.session.commit()

        if account and account.blocked == 1:
            raise InvalidUsage('Access denied', status_code=403)

        return account
Exemple #14
0
def leave_lot(lot_id):
    """
    get lot pictures
    :param lot_id:
    :return:
    """
    lot = Lot.query.get(lot_id)

    if lot.finished or lot.deleted:
        raise InvalidUsage('You can not leave lot.', status_code=400)

    participant = Participants.query.filter_by(
        lot_id=lot_id, participant_id=request.oauth.user.id).first()
    if not participant:
        raise InvalidUsage('You are not participant.', status_code=400)

    db.session.delete(participant)
    db.session.commit()

    return jsonify(dict(success=True, message='ok'))
Exemple #15
0
def un_publish_lot(lot_id):
    lot = Lot.query.get(lot_id)

    if not lot.published:
        raise InvalidUsage('Lot does not published yet', status_code=400)

    count_members = Participants.query.filter_by(lot_id=lot.id).count()
    if count_members == 0:
        lot.published = False
        db.session.commit()
        return jsonify(dict(success=True))
Exemple #16
0
def get_lot_by_id(lot_id):
    """
    lot operations
    :param lot_id:
    :return:
    """

    lot = Lot.query.get(lot_id)
    if lot.deleted:
        raise InvalidUsage('You can not access to this lot', status_code=403)

    return jsonify(lot.serialize)
Exemple #17
0
def add_message(lot_id):
    """
    get lot pictures
    :param lot_id:
    :return:
    """
    if request.method == 'POST':

        new_message = Messages(user=request.oauth.user, lot_id=lot_id)
        form_data = None

        try:
            if hasattr(request,
                       'data') and request.content_type == 'application/json':
                form_data = json.loads(request.data)
            elif 'multipart/form-data' in request.content_type:
                form_data = request.form
            else:
                db.session.rollback()
                raise InvalidUsage('Incorrect content type.', status_code=500)
        except:
            db.session.rollback()
            raise InvalidUsage('Get post data error.', status_code=500)

        try:
            if 'message' not in form_data or not form_data['message'].strip():
                db.session.rollback()
                raise InvalidUsage('Field name is empty', status_code=400)
            message = form_data['message']
            new_message.message = message
        except:
            db.session.rollback()
            raise InvalidUsage('Wrong input data', status_code=400)

        db.session.add(new_message)
        db.session.commit()

        new_message = Messages.query.get(new_message.id)
        return jsonify(new_message.serialize)
Exemple #18
0
def category_edit(category, form_data):
    from flask_uploads import UploadNotAllowed
    from lucky_club.lucky_club import uploaded_photos

    try:
        if 'file' in request.files:
            file = request.files['file']

            if file.filename == '':
                db.session.rollback()
                raise InvalidUsage('Input file.', status_code=500)

            if not is_ascii(file.filename):
                name, ext = os.path.splitext(file.filename)
                name = "1" + ext
                file.filename = name

            filename = uploaded_photos.save(file)
            category.picture_file = filename

    except UploadNotAllowed:
        db.session.rollback()
        raise InvalidUsage('The upload was not allowed', status_code=500)
    else:
        if 'name' not in form_data or not form_data['name'].strip():
            db.session.rollback()
            raise InvalidUsage('Field name is empty', status_code=400)
        name = form_data['name']
        category.name = name

        if 'description' not in form_data or not form_data[
                'description'].strip():
            db.session.rollback()
            raise InvalidUsage('Field description is empty', status_code=400)
        description = form_data['description']
        category.description = description

    return category
Exemple #19
0
def get_messages(lot_id):
    """
    get lot pictures
    :param lot_id:
    :return:
    """

    lot = Lot.query.get(lot_id)

    if (lot.finished or lot.published) and not lot.deleted:
        messages = Messages.query.filter_by(lot_id=lot_id).all()
        return jsonify(messages=[c.serialize for c in messages])
    else:
        raise InvalidUsage('You can not access to this lot', status_code=403)
Exemple #20
0
def edit_lot(lot_id):
    edited_lot = Lot.query.get(lot_id)

    if edited_lot.published:
        raise InvalidUsage('You can not edit published lot.', status_code=403)

    try:
        if hasattr(request,
                   'data') and request.content_type == 'application/json':
            form_data = json.loads(request.data)
        elif 'multipart/form-data' in request.content_type:
            form_data = request.form
        else:
            raise InvalidUsage('Incorrect content type.', status_code=500)
    except:
        raise InvalidUsage('Get post data error.', status_code=500)

    if request.method == 'PUT':
        edited_lot = lot_edit(edited_lot, form_data=form_data)
        db.session.commit()

        edited_lot = Lot.query.get(edited_lot.id)
        return jsonify(edited_lot.serialize)
Exemple #21
0
def get_users_lot_by_id(lot_id):
    """
    lot operations
    :param lot_id:
    :return:
    """
    lot = Lot.query.get(lot_id)
    if lot.owner_id == request.oauth.user.id or request.oauth.user.admin_user == 1:
        return jsonify(lot.serialize)
    else:
        if (lot.finished or lot.published) and not lot.deleted:
            return jsonify(lot.serialize)
        else:
            raise InvalidUsage('You can not access to this lot',
                               status_code=403)
Exemple #22
0
def finished_lot(lot_id):
    """
    lot operations
    :param lot_id:
    :return:
    """
    edited_lot = Lot.query.get(lot_id)

    if edited_lot.deleted or not edited_lot.published:
        raise InvalidUsage('Unappropriated operation with not deleted lot',
                           status_code=400)

    if request.method == 'POST':
        edited_lot.finished = True
        db.session.commit()
        return jsonify(dict(success=True))
Exemple #23
0
def join_lot(lot_id):
    """
    get lot pictures
    :param lot_id:
    :return:
    """
    participant = Participants.query.filter_by(
        lot_id=lot_id, participant_id=request.oauth.user.id).first()
    if participant:
        raise InvalidUsage('You are already participant.', status_code=400)

    participant = Participants(lot_id=lot_id,
                               participant_id=request.oauth.user.id)
    db.session.add(participant)
    db.session.commit()

    return jsonify(dict(success=True, message='ok'))
Exemple #24
0
def lot_edit(edited_lot, form_data):
    try:
        if 'name' not in form_data or not form_data['name'].strip():
            db.session.rollback()
            raise InvalidUsage('Field name is empty', status_code=400)
        name = form_data['name']
        edited_lot.name = name

        if 'description' not in form_data or not form_data[
                'description'].strip():
            db.session.rollback()
            raise InvalidUsage('Field description is empty', status_code=400)
        description = form_data['description']
        edited_lot.description = description

        if 'full_description' not in form_data or not form_data[
                'full_description'].strip():
            db.session.rollback()
            raise InvalidUsage('Field full_description is empty',
                               status_code=400)
        full_description = form_data['full_description']
        edited_lot.full_description = full_description

        if 'category_id' not in form_data:
            db.session.rollback()
            raise InvalidUsage('Field category is empty', status_code=400)
        category = form_data['category_id']
        edited_lot.category_id = int(category)

        if 'count_participants' not in form_data:
            db.session.rollback()
            raise InvalidUsage('Field count_participants is empty',
                               status_code=400)
        count_participants = form_data['count_participants']
        edited_lot.count_participants = int(count_participants)

        if 'price' not in form_data:
            db.session.rollback()
            raise InvalidUsage('Field price is empty', status_code=400)
        price = form_data['price']
        edited_lot.price = float(price)
    except:
        db.session.rollback()
        raise InvalidUsage('Wrong input data', status_code=400)

    return edited_lot
Exemple #25
0
def set_favorite(lot_id):
    """
    get lot pictures
    :param lot_id:
    :return:
    """
    try:
        favorite = Favorite.query.filter_by(
            lot_id=lot_id, user_id=request.oauth.user.id).first()
        if favorite:
            db.session.delete(favorite)
            db.session.commit()
        else:
            favorite = Favorite(lot_id=lot_id, user_id=request.oauth.user.id)
            db.session.add(favorite)
            db.session.commit()
        return jsonify(dict(success=True, message='ok'))
    except:
        raise InvalidUsage('Something went wrong.', status_code=500)
Exemple #26
0
def get_user_info(user_id):
    profile = Profile.query.get(user_id)
    if profile:
        jsonify(profile.serialize)
    else:
        raise InvalidUsage('Can not find user.', status_code=404)
Exemple #27
0
 def wrapped_f(*args, **kwargs):
     if methods and request.method in methods and request.oauth.user.admin_user != 1:
         raise InvalidUsage('Just admin user can do this.', status_code=403)
     elif not methods and request.oauth.user.admin_user != 1:
         raise InvalidUsage('Just admin user can do this.', status_code=403)
     return f(*args, **kwargs)
Exemple #28
0
def me():
    profile = None
    try:
        profile = Profile.query.filter_by(user=request.oauth.user).first()
    except:
        raise InvalidUsage('Get profile error', status_code=500)

    if request.method == 'GET':
        try:
            return jsonify(profile.serialize)
        except:
            raise InvalidUsage('Get profile error', status_code=500)
    elif request.method == 'PUT':

        form_data = None
        try:
            if hasattr(request,
                       'data') and request.content_type == 'application/json':
                form_data = json.loads(request.data)
            elif 'multipart/form-data' in request.content_type:
                form_data = request.form
            else:
                raise InvalidUsage('Incorrect content type.', status_code=500)
        except:
            raise InvalidUsage('Cannot get input data.', status_code=500)

        from flask_uploads import UploadNotAllowed
        from lucky_club.lucky_club import uploaded_photos

        try:
            if 'file' in request.files:
                file = request.files['file']

                if file.filename == '':
                    raise InvalidUsage('Input file.', status_code=500)

                from pytils.translit import translify

                if not is_ascii(file.filename):
                    name, ext = os.path.splitext(file.filename)
                    name = "1" + ext
                    file.filename = name

                # file.filename = translify(file.filename)
                filename = uploaded_photos.save(file)
                profile.photo_file_name = filename

        except UploadNotAllowed:
            raise InvalidUsage('The upload was not allowed', status_code=500)
        else:
            if 'first_name' in form_data:
                first_name = form_data['first_name']
                profile.first_name = first_name

            if 'screen_name' in form_data:
                screen_name = form_data['screen_name']
                profile.screen_name = screen_name

            if 'last_name' in form_data:
                last_name = form_data['last_name']
                profile.last_name = last_name

            if 'email' in form_data:
                email = form_data['email']
                profile.email = email

            if 'bank_card' in form_data:
                bank_card = form_data['bank_card']
                profile.bank_card = bank_card

            if 'phone' in form_data:
                phone = form_data['phone']
                profile.phone = phone

            db.session.commit()

        profile = Profile.query.filter_by(user=profile.user).first()
        return jsonify(profile.serialize)

    else:
        raise InvalidUsage('Method does not support.', status_code=405)
Exemple #29
0
def add_attach(lot_id):
    """
    POST create new lot
    :return:
    """
    lot = Lot.query.get(lot_id)

    if lot.published or lot.deleted or lot.finished:
        raise InvalidUsage('Lot already published, deleted or finished',
                           status_code=400)

    if request.method == 'POST':

        new_attach = Attachment(user=request.oauth.user, lot_id=lot_id)

        try:
            if hasattr(request,
                       'data') and request.content_type == 'application/json':
                form_data = json.loads(request.data)
            elif 'multipart/form-data' in request.content_type:
                form_data = request.form
            else:
                db.session.rollback()
                raise InvalidUsage('Incorrect content type.', status_code=500)
        except:
            db.session.rollback()
            raise InvalidUsage('Get post data error.', status_code=500)

        from flask_uploads import UploadNotAllowed
        from lucky_club.lucky_club import uploaded_photos

        try:
            if 'file' in request.files:
                file = request.files['file']

                if file.filename == '':
                    db.session.rollback()
                    raise InvalidUsage('Input file.', status_code=500)

                if not is_ascii(file.filename):
                    name, ext = os.path.splitext(file.filename)
                    name = "1" + ext
                    file.filename = name

                filename = uploaded_photos.save(file)
                new_attach.picture = filename

        except UploadNotAllowed:
            db.session.rollback()
            raise InvalidUsage('The upload was not allowed', status_code=500)
        else:
            if 'description' not in form_data or not form_data[
                    'description'].strip():
                db.session.rollback()
                raise InvalidUsage('Field description is empty',
                                   status_code=400)
            description = form_data['description']
            new_attach.description = description

        db.session.add(new_attach)
        db.session.commit()

        new_attach = Attachment.query.get(new_attach.id)
        return jsonify(new_attach.serialize)
Exemple #30
0
def error_by_oauth():
    raise InvalidUsage('There occurs an error.', status_code=500)