def replace_user_filters(user_id):
"""
:Route: PUT /<user_id>/filter?filter=now&filter=popular
:Description: Replaces all filters for a single user with id `user_id`. New filters passed by query parameter are validated.
:param user_id: The unique ID of a specific user
:type user_id: int
:param filter: An optional query component/parameter that takes a list of values. Passed in values are validated as filters before being added.
:type filter: str or None
:return: Success/error message
:Requires: Admin permissions
"""
new_filters = request.args.getlist('filter')
# Check that user exists
user = user_utils.get_user(user_id)
if not user:
return "No such user with id " + str(user_id) + " found!"
valid_filters = [f for f in new_filters if user_utils.is_valid_filter(f)]
users_collection.update({'account.id': str(user_id)},
{'$set': {
'app.filters': valid_filters
}})
return "Replaced filters for user with id " + str(user_id)
def deactivate_user(user_id):
"""
:Route: PUT /deactivate/<user_id>
:Description: Deactivates a user with id `user_id` without deleting user from database. A user with an activated account can log in. Otherwise account is rejected/suspended from use.
:param user_id: The unique ID of a specific user
:type user_id: int
:return: Success/error message
:Requires: Admin permissions
"""
# Check if user exists in collection
user = user_utils.get_user(user_id)
if user:
# Update status to inactive
user['account']['is_active'] = False
user['account']['time_updated'] = datetime.now().strftime(
'%Y-%m-%d %H:%M:%S')
# Update database entry
users_collection.replace_one({"account.id": str(user_id)}, user.copy())
return "Deactivated user with id " + str(user_id) + "!"
return "No such user with id " + str(user_id) + " found!"
def facebook_authorized(resp):
if resp is None:
return "Access denied: reason=%s error=%s" % (
request.args["error_reason"],
request.args["error_description"]
)
session['oauth_token'] = (resp['access_token'], '')
session['expires'] = resp['expires_in']
print("Token expires in " + str(resp['expires_in']))
# me = facebook_oauth.get("/me")
# return str(me.data)
me = facebook_oauth.get('/me?fields=id,name,first_name,last_name,email,picture')
userID = me.data['id']
userName = me.data['name']
accessToken = resp['access_token']
# If user exists in collection, logs them in
# Otherwise, registers new user and logs them in
# TODO get email if we can
fb_user = user_utils.get_user(userID)
if not fb_user:
user_utils.add_user(userID, userName, me.data['first_name'], me.data['last_name'])
user = User(userID)
login_user(user)
return "Successfully registered new user!"
else:
users.update_user(userID)
user = User(userID, fb_user['account']['is_active'], fb_user['account']['is_admin'])
login_user(user)
return "Successfully logged in with Facebook!"
def get_current_user():
if not current_user.is_authenticated:
return "No user is logged in!"
user = user_utils.get_user(current_user.get_id())
if user:
return jsonify(user)
return "Could not get current user!"
def get_current_user():
if not current_user.is_authenticated:
return jsonify({})
user = user_utils.get_user(current_user.get_id())
if user:
return jsonify(user)
# Could not get current user
return jsonify({})
def remove_user(user_id):
"""
:Route: DELETE /<user_id>
:Description: Removes a user with id `user_id`. User information stored in a different database.
:param user_id: The unique ID of a specific user
:type user_id: int
:return: Success/error message
:Requires: Admin permissions
"""
# Check that user exists to remove
user = user_utils.get_user(user_id)
if not user:
return "No such user with id " + str(user_id) + " found!"
# Delete user from OG database
users_collection.find_one_and_delete({'account.id': str(user_id)})
# Check that user was successfully deleted from collection
if user_utils.get_user(user_id):
return "User with id " + str(
user_id) + " was not deleted successfully!"
# Insert to database for deleted users
user['account']['time_deleted'] = datetime.now().strftime(
'%Y-%m-%d %H:%M:%S')
dead_users_collection.insert_one(user)
if dead_users_collection.find_one({'account.id': str(user_id)},
{'_id': False}):
return "User was successfully removed from the database and saved to past users!"
else:
return "User with id " + str(
user_id
) + " was successfully deleted (but not saved to past users)!"
def add_user_filters(user_id):
"""
:Route: POST /<user_id>/filter?filter=now&filter=popular
:Description: Add new filters for a single user with id `user_id`. New filters passed by query parameter are validated. Only new filters are added, aka no duplicates are inserted.
:param user_id: The unique ID of a specific user
:type user_id: int
:param filter: An optional query component/parameter that takes a list of values. Passed in values are validated as filters before being added.
:type filter: str or None
:return: Success/error message
:Requires: Admin permissions
"""
new_filters = request.args.getlist('filter')
# Check that user exists
user = user_utils.get_user(user_id)
if not user:
return "No such user with id " + str(user_id) + " found!"
# Get user filters
updated = False
added_filters = []
old_filters = user['app']['filters']
# Ignore filters already in filters list
for new_f in [f for f in new_filters if f not in old_filters]:
# Check that filter is valid and then add to filters list
if user_utils.is_valid_filter(new_f):
added_filters.append(new_f)
updated = True
if updated:
users_collection.update(
{'account.id': str(user_id)},
{'$push': {
'app.filters': {
'$each': added_filters
}
}})
return "Added specified filters for user with id " + str(user_id)
return "No filters specified to add to user with id " + str(user_id)
def user_events():
if current_user.is_authenticated:
currID = current_user.get_id()
user = user_utils.get_user(currID)
if not user:
return "Could not get current user!"
eventID = request.args.get('eid')
if request.method == 'POST':
# POST
return user_utils.add_favorite(currID, eventID)
elif request.method == 'DELETE':
# DELETE
return user_utils.remove_favorite(currID, eventID)
else:
# GET or anything else
return jsonify(user['app']['favorites'])
return redirect(url_for('auth.login'))
def add_user_past_events(user_id):
"""
:Route: POST /<user_id>/past?past_event=event_id&past_event=event_id
:Description: Add new past events for a single user with id `user_id`. Only unique events are added, aka no duplicates are inserted.
:param user_id: The unique ID of a specific user
:type user_id: int
:param past_event: An optional query component/parameter that takes a list of values. Passed in values are int event IDs which uniquely identify an event.
:type past_event: int or None
:return: Success/error message
:Requires: Admin permissions
"""
new_past_events = request.args.getlist('past_event')
# Check that user exists
user = user_utils.get_user(user_id)
if not user:
return "No such user with id " + str(user_id) + " found!"
# Get user past events
updated = False
added_events = []
old_past_events = user['app']['past_events']
# Ignore past events already in past events list
for new_f in [f for f in new_past_events if f not in old_past_events]:
added_events.append(new_f)
updated = True
if updated:
users_collection.update(
{'account.id': str(user_id)},
{'$push': {
'app.past_events': {
'$each': added_events
}
}})
return "Added specified past events for user with id " + str(user_id)
return "No past events specified to add to user with id " + str(user_id)
def get_user_by_id(user_id):
"""
:Route: GET /<user_id>
:Description: Gets single user with id `user_id`
:param user_id: The unique ID of a specific user
:type user_id: int
:return: JSON of specific user info
:Requires: Admin permissions
"""
# Check that user exists
user = user_utils.get_user(user_id)
if user:
return jsonify(user)
return "No such user with id " + str(user_id) + " found!"
def remove_user_past_events(user_id):
"""
:Route: DELETE /<user_id>/past?past_event=event_id&past_event=event_id
:Description: Remove past events for a single user with id `user_id`. If no past events are specified, all of the user's past events are removed.
:param user_id: The unique ID of a specific user
:type user_id: int
:param past_event: An optional query component/parameter that takes a list of values. Passed in values are int event IDs which uniquely identify an event.
:type past_event: int or None
:return: Success/error message
:Requires: Admin permissions
"""
remove_past_events = request.args.getlist('past_event')
# Check that user exists
user = user_utils.get_user(user_id)
if not user:
return "No such user with id " + str(user_id) + " found!"
# If no past events specified, remove all past events from the user
if not remove_past_events:
users_collection.update({'account.id': str(user_id)},
{'$set': {
'app.past_events': []
}})
return "Removed all past events for user with id " + str(user_id)
# Otherwise remove only the past events specified
users_collection.update(
{'account.id': str(user_id)},
{'$pull': {
'app.past_events': {
'$in': remove_past_events
}
}})
return "Removed specified past events for user with id " + str(user_id)
def remove_user_filters(user_id):
"""
:Route: DELETE /<user_id>/filter?filter=now&filter=popular
:Description: Remove filters for a single user with id `user_id`. Filters to remove are passed by query parameter. If no filters are specified, all of the user's filters are removed.
:param user_id: The unique ID of a specific user
:type user_id: int
:param filter: An optional query component/parameter that takes a list of values.
:type filter: str or None
:return: Success/error message
:Requires: Admin permissions
"""
remove_filters = request.args.getlist('filter')
# Check that user exists
user = user_utils.get_user(user_id)
if not user:
return "No such user with id " + str(user_id) + " found!"
# If no filters specified, remove all filters from the user
if not remove_filters:
users_collection.update({'account.id': str(user_id)},
{'$set': {
'app.filters': []
}})
return "Removed all filters for user with id " + str(user_id)
# Otherwise remove only the filters specified
users_collection.update(
{'account.id': str(user_id)},
{'$pull': {
'app.filters': {
'$in': remove_filters
}
}})
return "Removed specified filters for user with id " + str(user_id)
def get_user_past_events(user_id):
"""
:Route: GET /<user_id>/past
:Description: Gets all past events for a single user with id `user_id`
:param user_id: The unique ID of a specific user
:type user_id: int
:return: JSON of specific user's past events
:Requires: Admin permissions
"""
# Check that user exists
user = user_utils.get_user(user_id)
if not user:
return "No such user with id " + str(user_id) + " found!"
# Get user filters
return jsonify({'filters': user['app']['past_events']})
def google_authorized(resp):
next = request.args.get('next')
if resp is None:
return "Access denied: reason=%s error=%s" % (
request.args["error_reason"],
request.args["error_description"]
)
session['oauth_token'] = (resp['access_token'], '')
session['expires'] = resp['expires_in']
print("Token expires in " + str(resp['expires_in']))
me = google_oauth.get('userinfo')
print(me.data)
userID = me.data['id']
userName = me.data['name'].title()
accessToken = resp['access_token']
email = me.data['email']
domain = email.split('@')[1]
if domain != 'ucla.edu' and domain != 'g.ucla.edu':
return "Invalid email. UCLA email required."
# If user exists in collection, logs them in
# Otherwise, registers new user and logs them in
# TODO get email if we can
g_user = user_utils.get_user(userID)
if not g_user:
# Successfully registered new user
user_utils.add_user(userID, userName, me.data['given_name'].title(), me.data['family_name'].title(), me.data['email'])
user = User(userID)
login_user(user)
return "Successfully registered new user" if next == None else redirect(next)
else:
# Successfully logged in
users.update_user(userID)
user = User(userID, g_user['account']['is_active'], g_user['account']['is_admin'])
login_user(user)
return "Successfully logged in" if next == None else redirect(next)
def update_user(user_id):
"""
:Route: PUT /<user_id>?active=false&admin=true&password=str&first_name=Katrina&last_name=Wijaya&[email protected]
:Description: Updates user with id `user_id`. Updates any optional fields that are set as query parameters.
:param user_id: The int ID of a specific user
:type user_id: int
:param active: An optional query component/parameter to update whether or not a user is active. If true, user has an activated account that they can log in to, otherwise account will be rejected/suspended from use
:type active: boolean or None
:param admin: An optional query component/parameter to update whether or not a user has admin permissions. All admins have same permissions so maybe should create a super admin.
:type admin: boolean or None
:param password: An optional query component/parameter to update the password for a user. TODO: actually supporting passwords/salting/hashing.
:type password: str or None
:param first_name: An optional query component/parameter to update the user's first name. Does not modify full name stored in database.
:type first_name: str or None
:param last_name: An optional query component/parameter to update the user's last name. Does not modify full name stored in database.
:type last_name: str or None
:param email: An optional query component/parameter to update the user's email. TODO: email verification.
:type email: str or None
:return: JSON of updated user or an error message
:Requires: Admin permissions
"""
active = request.args.get('active')
admin = request.args.get('admin')
password = request.args.get('password')
first_name = request.args.get('first_name')
last_name = request.args.get('last_name')
email = request.args.get('email')
# Check if user already exists in collection
user = user_utils.get_user(user_id)
if user:
# Update access/update/login time (in UTC I think)
user['account']['time_updated'] = datetime.now().strftime(
'%Y-%m-%d %H:%M:%S')
# Update all fields as passed in via optional parameters
if active and active.lower() == "true":
user['account']['is_active'] = True
if active and active.lower() == "false":
user['account']['is_active'] = False
if admin and admin.lower() == "true":
user['account']['is_admin'] = True
if admin and admin.lower() == "false":
user['account']['is_admin'] = False
if password:
user['account'][
'password_hash'] = password # TODO: implement hashing/salting/do this better
if first_name: user['personal_info']['first_name'] = first_name
if last_name: user['personal_info']['last_name'] = last_name
if email: user['personal_info']['email'] = email
# Update database entry
users_collection.replace_one({"account.id": str(user_id)}, user.copy())
return jsonify(user_utils.get_user(user_id))
return "No such user with id " + str(user_id) + " found!"
def user_loader(user_id):
db_user = user_utils.get_user(user_id)
if db_user:
return User(db_user['account']['id'], db_user['account']['is_active'], db_user['account']['is_admin'])
return None
