def create_order(): user = current_user # You can not check is user is not None because user is LocalProxy even when no authenticated # to check if the user is authenticated we may do hasattr user_id = user.id if hasattr(user, 'id') else None address_id = request.json.get('address_id', None) if address_id is not None: # reusing address, the user has to be authenticated and owning that address address = Address.query.filter_by(id=address_id, user_id=user_id).first() if address is None: return get_error_response('Permission Denied, you can not use this address', 401) else: first_name = request.json.get('first_name', None) last_name = request.json.get('last_name', None) zip_code = request.json.get('zip_code', None) street_address = request.json.get('address', None) country = request.json.get('address', None) city = request.json.get('address', None) if user_id is not None: if first_name is None: first_name = user.first_name if last_name is None: last_name = user.last_name address = Address(first_name=first_name, last_name=last_name, city=city, country=country, street_address=street_address, zip_code=zip_code, ) if hasattr(user, 'id'): address.user_id = user.id db.session.add(address) db.session.flush() # we would need the address.id so let's save the address to the db to have the id import faker fake = faker.Faker() order = Order(order_status=0, tracking_number=fake.uuid4(), address_id=address.id) cart_items = request.json.get('cart_items') product_ids = [ci['id'] for ci in cart_items] products = db.session.query(Product).filter(Product.id.in_(product_ids)).all() if len(products) != len(cart_items): return get_error_response('Error, make sure all products you want to order are still available') for index, product in enumerate(products): order.order_items.append(OrderItem(price=product.price, quantity=cart_items[index]['quantity'], product=product, name=product.name, slug=product.slug, user_id=user_id)) db.session.add(order) db.session.commit() return get_success_response('Order created successfully', data=order.get_summary(include_order_items=True), status_code=200)
def destroy_comment(comment_id): comment = Comment.query.get(comment_id) if comment is None: return get_error_response('Comment not found', status_code=404) if current_user.is_admin() or comment.user_id == current_user.id: db.session.delete(comment) db.session.commit() return get_success_response('Comment deleted successfully') else: return get_error_response( 'Permission denied, you can not delete this comment', status_code=401)
def unfollow_user(username): user = current_identity following = User.query.filter_by(username=username).options(load_only('id')).first() if not hasattr(following, 'id'): return get_error_response('Permission denied, This user does not exist') user_subscription = UserSubscription.query.filter_by(following_id=following.id, follower_id=user.id).first() if user_subscription is not None: db.session.delete(user_subscription) db.session.commit() return get_success_response('You are now not following %s' % username) else: return get_error_response('Permission denied, You are not following this user')
def destroy_comment(id): todo = Todo.query.get(id) if todo is None: return get_error_response(messages='not found', status_code=404) db.session.delete(todo) db.session.commit() return '', 204
def order_details(order_id): order = Order.query.get(order_id) user = current_user if order.user_id is user.id or user.is_admin(): return jsonify(order.get_summary(include_order_items=True)), 200 else: return get_error_response('Access denied, this does not belong to you', status_code=401)
def update(product_slug): name = request.json.get('name') description = request.json.get('description') stock = request.json.get('stock') price = request.json.get('price') if not (name and description and price and stock and price): return jsonify( get_error_response( 'You must provide a name, description, stock and price')) product = Product.query.filter_by(slug=product_slug).first() if product is None: return get_error_response(messages='not found', status_code=404) product.name = name product.description = description product.price = price product.body = stock tags_input = request.json.get('tags') categories_input = request.json.get('categories') tags = [] categories = [] if categories_input: for category in categories_input: categories.append( get_or_create( db.session, Category, {'description': category.get('description', None)}, name=category['name'])[0]) if tags_input: for tag in tags_input: tags.append( get_or_create(db.session, Tag, {'description': tag.get('description')}, name=tag['name'])[0]) product.tags = tags product.categories = categories db.session.commit() response = {'full_messages': ['Product updated successfully']} response.update(ProductDetailsSerializer(product).data) return jsonify(response)
def unlike(article_slug): user = current_identity article = Article.query.filter_by(slug=article_slug).options(load_only('id', 'title')).first() like = Like.query.filter_by(article_id=article.id, user_id=user.id).first() if like is not None: db.session.delete(like) db.session.commit() return get_success_response('You have just successfully disliked the article: %s' % article.title) else: return get_error_response('Permission denied, You are not liking this article')
def follow_user(username): user = current_identity following = User.query.filter_by(username=username).options(load_only('id')).first() if not hasattr(following, 'username'): return get_error_response('Permission denied, This user does not exist') if following.id == user.id: return get_error_response('Permission denied, You can not follow yourself') user_subscription = UserSubscription.query.filter_by(following_id=following.id, follower_id=user.id).first() if user_subscription is None: if following.is_admin_or_author(): user_subscription = UserSubscription(following_id=following.id, follower_id=user.id) db.session.add(user_subscription) db.session.commit() return get_success_response('You are now following %s' % username) else: return get_error_response('Permission denied, You can not follow a non author user') else: return get_error_response('Permission denied, You already following this user')
def like_article(article_slug): user = current_identity article = Article.query.filter_by(slug=article_slug).options(load_only('id', 'title')).first() if Like.query.filter_by(article_id=article.id, user_id=user.id).count() == 0: like = Like(article_id=article.id, user_id=user.id) db.session.add(like) db.session.commit() return get_success_response('You are now liking %s' % article.title) else: return get_error_response('Permission denied, You already liked this article')
def update_comment(comment_id): comment = Comment.query.get_or_404(comment_id) if comment is None: return get_error_response(messages='not found', status_code=404) content = request.json.get('content') if content: comment.content = content db.session.commit() return get_success_response(data=CommentDetailsSerializer(comment).data, messages='Comment updated successfully')
def update_comment(id): todo = Todo.query.get(id) if todo is None: return get_error_response(messages='not found', status_code=404) todo.title = request.json.get('title') description = request.json.get('description', None) if description is not None: todo.description = description todo.completed = request.json.get('completed') db.session.commit() return jsonify(TodoDetailsSerializer(todo).data), 200
def update_comment(comment_id): # comment = Comment.query.get_or_404(comment_id) comment = Comment.query.get(comment_id) if comment is None: return get_error_response(messages='not found', status_code=404) if current_user.is_admin() or comment.user_id == current_user.id: content = request.json.get('content') rating = request.json.get('rating') if content: comment.content = content if rating: comment.rating = rating db.session.commit() return get_success_response( data=CommentDetailsSerializer(comment).data, messages='Comment updated successfully') else: return get_error_response( 'Permission denied, you can not update this comment', status_code=401)
def create_tag(): if current_user.is_not_admin(): return jsonify( get_error_response('Permission denied, you must be admin', status_code=401)) name = request.form.get('name') description = request.form.get('description') tag = Tag(name=name, description=description) if 'images[]' in request.files: for image in request.files.getlist('images[]'): if image and validate_file_upload(image.filename): filename = secure_filename(image.filename) dir_path = app.config['IMAGES_LOCATION'] dir_path = os.path.join((os.path.join(dir_path, 'tags'))) if not os.path.exists(dir_path): os.makedirs(dir_path) file_path = os.path.join(dir_path, filename) image.save(file_path) file_path = file_path.replace( app.config['IMAGES_LOCATION'].rsplit(os.sep, 2)[0], '') if image.content_length == 0: file_size = image.content_length else: file_size = os.stat(file_path).st_size ti = TagImage(file_path=file_path, file_name=filename, original_name=image.filename, file_size=file_size) tag.images.append(ti) db.session.add(tag) db.session.commit() return get_success_response(data=tag.get_summary(), messages='Tag created successfully')
def update_article(article_slug): article = Article.query.filter_by(slug=article_slug).first() if article is None: return get_error_response(messages='not found', status_code=404) title = request.json.get('title') if title: article.title = title description = request.json.get('description') if description: article.description = description body = request.json.get('body') if body: article.body = body tags_input = request.json.get('tags') categories_input = request.json.get('categories') tags = [] categories = [] if categories_input: for category in categories_input: categories.append( get_or_create(db.session, Category, {'description': category.get('description', None)}, name=category['name'])[0]) if tags_input: for tag in tags_input: tags.append(get_or_create(db.session, Tag, {'description': tag.get('description')}, name=tag['name'])[0]) article.tags = tags article.categories = categories db.session.commit() response = {'full_messages': ['Article updated successfully']} response.update(ArticleDetailsSerializer(article).data) return jsonify(response)
def create(): if current_user.is_not_admin(): return jsonify( get_error_response('Permission denied, you must be admin', status_code=401)) product_name = request.form.get('name') description = request.form.get('description') price = request.form.get('price') stock = request.form.get('stock') tags = [] categories = [] for header_key in list(request.form.keys()): if 'tags[' in header_key: name = header_key[header_key.find("[") + 1:header_key.find("]")] description = request.form[header_key] tags.append( get_or_create(db.session, Tag, {'description': description}, name=name)[0]) if header_key.startswith('categories['): result = re.search('\[(.*?)\]', header_key) if len(result.groups()) == 1: name = result.group(1) description = request.form[header_key] categories.append( get_or_create(db.session, Category, {'description': description}, name=name)[0]) product = Product(name=product_name, description=description, price=price, stock=stock, tags=tags, categories=categories) if 'images[]' in request.files: for image in request.files.getlist('images[]'): if image and validate_file_upload(image.filename): filename = secure_filename(image.filename) dir_path = app.config['IMAGES_LOCATION'] dir_path = os.path.join((os.path.join(dir_path, 'products'))) if not os.path.exists(dir_path): os.makedirs(dir_path) file_path = os.path.join(dir_path, filename) image.save(file_path) file_path = file_path.replace( app.config['IMAGES_LOCATION'].rsplit(os.sep, 2)[0], '') if image.content_length == 0: file_size = image.content_length else: file_size = os.stat(file_path).st_size product_image = ProductImage(file_path=file_path, file_name=filename, original_name=image.filename, file_size=file_size) product.images.append(product_image) db.session.add(product) db.session.commit() response = {'full_messages': ['Product created successfully']} response.update(ProductDetailsSerializer(product).data) return jsonify(response)