def generate_and_validate_order_number(generate_order_number):
order_number = generate_order_number()
order = OrderModel.find_by_ur_code(order_number)
while order:
order_number = generate_order_number()
order = OrderModel.find_by_ur_code(order_number)
return order_number
def order_delete(order_id):
order = OrderModel.find_by_id(order_id)
if order:
order.delete_from_db()
return redirect(url_for("order.order_list"))
def put(self):
data = self.order_parser.parse_args()
order = OrderModel.find_by_ur_code(data["ur_code"])
if not order:
return {
"message":
"order with ur_code{} doen not exist.".format(data['ur_code'])
}, 404
# only admin and staff(post owner) are allowed to modify existing orders.
identity = get_jwt_identity()
if identity["auth_level"] == "admin" or (
identity["auth_level"] == "staff"
and identity["id"] == order.staff_id):
order.name = data['order_name']
order.staff_id = data['staff_id']
order.user_id = data['user_id']
order.save_to_db()
return {"message": "order info updated succesfully."}, 200
else:
return {
"message": "unauthorized access for modififying order."
}, 500
def delete(self):
data = self.order_parser.parse_args()
order = OrderModel.find_by_ur_code(data['ur_code'])
if not order:
return {
"message":
"order with ur_code{} doen not exist.".format(data['ur_code'])
}, 404
# only admin and staff(post owner) are allowed to modify existing orders.
identity = get_jwt_identity()
if identity["auth_level"] == "admin" or (
identity["auth_level"] == "staff"
and identity["id"] == order.staff_id):
try:
order.delete_from_db()
return {"message": "order deleted succesfully."}, 200
except:
return {"message": "something went wrong."}
else:
return {
"message": "unauthorized access for modififying order."
}, 500
def post_create(order_id):
order = OrderModel.find_by_id(order_id)
form = PostCreateForm()
if form.validate_on_submit():
post = TrackingModel(message=form.message.data,
order_id=order_id,
staff_id=form.staff_id.data,
user_id=form.user_id.data)
post.save_to_db()
if form.attachment.data:
storage_filename = save_attachment(form.attachment.data, post.id)
attachment = AttachmentModel(attachment_name=storage_filename,
track_log_id=post.id)
attachment.save_to_db()
return redirect(url_for("order.order_info", order_id=order_id))
if is_user(current_user):
form.staff_id.data = order.staff_id
form.user_id.data = current_user.id
else:
form.user_id.data = order.user_id
form.staff_id.data = current_user.id
return render_template("post_create.html", form=form)
def order_check_status():
form = OrderCheckStatusByNumberForm()
if form.validate_on_submit():
order = OrderModel.find_by_ur_code(form.order_number.data)
if order:
return redirect(url_for("order.order_info", order_id=order.id))
return render_template("order_check_status.html", form=form)
def order_info(order_id):
order = OrderModel.find_by_id(order_id)
page = request.args.get("page", 1, type=int)
posts = TrackingModel.find_by_order_id(order_id).paginate(page=page,
per_page=10)
return render_template("order_info.html", order=order, posts=posts)
def order_list():
page = request.args.get("page", 1, type=int)
if is_admin(current_user):
orders = OrderModel.find_all().paginate(page=page, per_page=5)
elif is_company_admin(current_user):
orders = OrderModel.find_by_company(current_user.company).paginate(
page=page, per_page=5)
# orders=OrderModel.find_by_company_id(current_user.company_id).paginate(page=page, per_page=5)
elif is_staff(current_user):
orders = OrderModel.find_by_staff_id(current_user.id).paginate(
page=page, per_page=5)
elif is_user(current_user):
orders = OrderModel.find_by_user_id(current_user.id).paginate(
page=page, per_page=5)
return render_template("order_list.html", orders=orders)
def order_check_status_qrcode():
form = OrderCheckStatusByQRCodeForm()
if form.validate_on_submit():
decoded_data = decode_qrcode(form.qrcode_img.data)
order = OrderModel.find_by_ur_code(decoded_data)
if order:
return redirect(url_for("order.order_info", order_id=order.id))
return render_template("order_check_status.html", form=form)
def index():
search_method = request.args.get("search_method",
"by_order_number",
type=str)
if search_method == "by_order_number":
form = OrderCheckStatusByNumberForm()
if form.validate_on_submit():
order = OrderModel.find_by_ur_code(form.order_number.data)
if order:
return redirect(url_for("order.order_info", order_id=order.id))
else:
form = OrderCheckStatusByQRCodeForm()
if form.validate_on_submit():
decoded_data = decode_qrcode(form.qrcode_img.data)
order = OrderModel.find_by_ur_code(decoded_data)
if order:
return redirect(url_for("order.order_info", order_id=order.id))
return render_template("home.html", form=form, search_method=search_method)
def order_create():
if is_user(current_user):
return render_error_page_unauthorized_access()
form = OrderCreateForm()
if form.validate_on_submit():
order = OrderModel(ur_code=form.ur_code.data,
name=form.name.data,
staff_id=form.staff_id.data)
order.save_to_db()
return redirect(url_for("order.order_info", order_id=order.id))
order_number = generate_and_validate_order_number(generate_order_number)
generate_qrcode(order_number)
form.ur_code.data = order_number
form.staff_id.data = current_user.id
extension = ".jpg"
return render_template("order_create.html", form=form, extension=extension)
def order_update(order_id):
order = OrderModel.find_by_id(order_id)
form = OrderUpdateForm()
if form.validate_on_submit():
order.name = form.name.data
order.staff_id = form.staff_id.data
order.save_to_db()
return redirect(url_for("order.order_info", order_id=order.id))
form.name.data = order.name
form.staff_id.data = order.staff_id
return render_template("order_update.html", form=form)
def post(self):
data = self.order_parser.parse_args()
order = OrderModel.find_by_ur_code(data["ur_code"])
identity = get_jwt_identity()
# only admin and staff members are allowed to post new orders.
if identity["auth_level"] == "user":
return {
"message": "unauthorized access, user cannot create order."
}, 500
if order:
return {
"message":
"order with ur_code {} already exists.".format(data["ur_code"])
}, 400
order = OrderModel(data["ur_code"], data["order_name"],
data["staff_id"])
order.save_to_db()
return {"message": "order created succesfully."}, 200
def post(self):
data = self.order_parser.parse_args()
order = OrderModel.find_by_ur_code(data["ur_code"])
if not order:
return {
"message":
"order with ur_code{} doen not exist.".format(data['ur_code'])
}, 404
# TODO
# if staff:
# TODO
# if user:
# if with full permission
return order.json(), 200
def validate_qrcode_img(self, qrcode_img):
decoded_data = decode_qrcode(qrcode_img.data)
if not isinstance(decoded_data, str):
raise ValidationError("unable to read the QR Code")
if not OrderModel.find_by_ur_code(decoded_data):
raise ValidationError("no order found, please try again.")
def validate_order_number(self, order_number):
if not OrderModel.find_by_ur_code(order_number.data):
raise ValidationError("no order found, please try again.")
def check_ur_code(self, ur_code):
if OrderModel.find_by_ur_code(ur_code):
raise ValidationError("Sorry, that Order Number already exists.")