def add_super_company_user():
first_company = CompanyModel.find_by_name("OneSteward")
if not first_company:
first_company = CompanyModel("OneSteward", "*****@*****.**",
"555-555-5555")
first_company.save_to_db()
first_staff = StaffModel.find_by_name("admin")
if not first_staff:
first_staff = StaffModel("admin", "admin",
generate_password_hash("admin_password"),
first_company.id)
first_staff.save_to_db()
first_user = UserModel.find_by_name("NA")
if not first_user:
first_user = UserModel(generate_password_hash("admin_password"),
name="NA",
email="NA",
phone="")
first_user.save_to_db()
def staff_info():
page = request.args.get("page", 1, type=int)
if is_user(current_user):
return render_error_page_unauthorized_access()
if is_admin(current_user):
staffs= StaffModel.find_all()
elif is_company_admin(current_user) or is_staff(current_user):
staffs= StaffModel.find_by_company_id(current_user.company_id)
staffs = staffs.paginate(page=page, per_page=5)
return render_template("staff_info.html", staffs=staffs)
def post(self):
data = self.staff_parser.parse_args()
staff = StaffModel.find_by_name(data["username"])
if staff:
return {
"message":
"a staff with the username '{}' already exists".format(
data["username"])
}, 400
staff = StaffModel(data["username"],
generate_password_hash(data["password"]),
data["company_id"])
staff.save_to_db()
return {"message": "staff created successfully."}, 200
def load_user(user_id):
role = user_id.split("_")[0]
_id = user_id.split("_")[1]
if role == "staff":
return StaffModel.find_by_id(int(_id))
if role == "user":
return UserModel.find_by_id(int(_id))
def login():
form = AuthLogin()
if form.validate_on_submit():
user = UserModel.find_by_name(form.username.data)
staff = StaffModel.find_by_name(form.username.data)
if staff and check_password_hash(staff.password_hash,
form.password.data):
login_user(staff)
elif user and check_password_hash(user.password_hash,
form.password.data):
login_user(user)
else:
return render_error_page_wrong_password()
next = request.args.get("next")
if not next:
next = url_for("web.index")
# solve admin login redirect to account bug
if staff and staff.role == 'admin':
next = url_for("web.index")
return redirect(next)
return render_template("login.html", form=form)
def staff_close_account(staff_id):
staff = StaffModel.find_by_id(staff_id)
staff.delete_from_db()
return redirect(url_for("staff.staff_info"))
def post(self):
data = self.staff_parser.parse_args()
staff = StaffModel.find_by_name(data["username"])
if not staff:
return {
"message":
"staff with username '{}' doesn't exist.".format(
data["username"])
}, 404
return staff.json(), 200
def delete(self):
data = self.staff_parser.parse_args()
staff = StaffModel.find_by_name(data["username"])
if not staff:
return {
"message":
"staff with username '{}' doesn't exist.".format(
data["username"])
}, 404
staff.delete_from_db()
return {"message": "staff deleted."}, 200
def staff_register():
if is_user(current_user) or is_staff(current_user):
return render_error_page_unauthorized_access()
form = StaffCreateForm()
if form.validate_on_submit():
if is_company_admin(current_user) and current_user.company_id !=form.company_id.data:
return render_error_page_unauthorized_access()
try:
staff = StaffModel(
form.username.data,
form.role.data,
generate_password_hash(form.password.data),
form.company_id.data)
staff.save_to_db()
except:
return {"message":"something went wrong"}
return redirect(url_for("staff.staff_info"))
return render_template("staff_register.html", form = form)
def put(self):
data = self.staff_parser.parse_args()
staff = StaffModel.find_by_name(data["username"])
if not staff:
return {
"message":
"staff with username '{}' doesn't exist.".format(
data["username"])
}, 404
staff.company_id = data["company_id"]
try:
staff.save_to_db()
except:
{"message": "something went wrong."}, 500
return {"message": "staff info updated succesfully."}, 200
def staff_update(staff_id):
staff = StaffModel.find_by_id(staff_id)
form = StaffUpdateForm()
if form.validate_on_submit():
staff.role = form.role.data
staff.password_hash = generate_password_hash(form.password.data)
staff.company_id = form.company_id.data
staff.save_to_db()
return redirect(url_for("staff.staff_info"))
form.role.data = staff.role
form.company_id.data = staff.company_id
return render_template("staff_update.html", form=form, staff=staff)
def post(self):
data = self.company_parser.parse_args()
company = CompanyModel.find_by_name(data["company_name"])
if not company:
return {
"message":
"company name: {} not found".format(data["company_name"])
}, 404
# auth group: admin and staff of the company
identity = get_jwt_identity()
if identity["auth_level"] == "user":
return {"message": "unauthorized access."}, 500
if identity["auth_level"] == "staff":
staff = StaffModel.find_by_id(identity["id"])
if not staff.company_id == company.id:
return {"message": "unauthorized access."}, 500
return company.json(), 200
def post(self):
data = self.staff_parser.parse_args()
staff = StaffModel.find_by_name(data["username"])
if not staff:
return {"message": "username does not exist."}, 404
if check_password_hash(staff.password_hash, data["password"]):
role = "admin" if staff.id == 1 else "staff"
identity = {
"auth_level": role,
"company": staff.company_id,
"id": staff.id
}
access_token = create_access_token(identity=identity, fresh=True)
refresh_token = create_refresh_token(identity=identity)
return {
"message": "Logged in as {}".format(staff.name),
"access_token": access_token,
"refresh_token": refresh_token
}
else:
return {"message": "wrong credentials."}
def validate_username(self, field):
if StaffModel.find_by_name(field.data):
raise ValidationError("your username has been registered already.")
def validate_username(self, username):
if (not UserModel.find_by_name(username.data)) and (
not StaffModel.find_by_name(username.data)):
raise ValidationError("username doesn't exist.")