class SingleCar(Resource): @jwt_required @marshal_with(CarModel.get_marshaller()) def get(self, id): car = CarModel.find_by_id(id) if not car: abort(404, message=CAR_DOESNT_EXIST) return car, 200 @jwt_required @marshal_with(CarModel.get_marshaller()) def put(self, id): data = parser.parse_args() car = CarModel.find_by_id(id) if not car: abort(404, message=CAR_DOESNT_EXIST) car.name = data['name'] car.make = data['make'] car.model = data['model'] car.persist() return car, 200 @jwt_required @marshal_with(SimpleMessage.get_marshaller()) def delete(self, id): try: CarModel.delete_by_id(id) except NoData: abort(404, message=CAR_DOESNT_EXIST) return SimpleMessage(CAR_DELETED), 200
def post(self): data = invitation_parser.parse_args() user = UserModel.find_by_username(data['user']) community = CommunityModel.find_by_id(data['community']) if not user: abort(404, message=USER_DOESNT_EXIST) if not community: abort(404, message=COMMUNIY_DOESNT_EXIST) if user in community.users: abort(400, message=USER_ALREADY_INVITED) new_community_user_link = CommunityUserLinkModel( user_id=user.id, community_id=community.id, invitation_accepted=False, is_owner=False) try: new_community_user_link.persist() return SimpleMessage(COMMUNIY_INVITATION_SENT), 200 except: abort(500, message=INTERNAL_SERVER_ERROR)
class MarkCommunityAsFavourite(Resource): @jwt_required @marshal_with(SimpleMessage.get_marshaller()) def put(self, community_id): user = UserModel.find_by_username(get_jwt_identity()) community_user_links = CommunityUserLinkModel.find_by_user(user.id) faved_community_cul = next((cul for cul in community_user_links if cul.community.id == community_id), None) if not faved_community_cul: abort(404, message=COMMUNIY_DOESNT_EXIST) if user not in faved_community_cul.community.users: abort(401, message=UNAUTHORIZED) try: for cul in community_user_links: cul.is_favourite = False cul.add_to_session() faved_community_cul.is_favourite = True faved_community_cul.add_to_session() db.session.commit() return SimpleMessage(COMMUNITY_MARKED_AS_FAVOURITE), 200 except: abort(500, message=INTERNAL_SERVER_ERROR)
class SingleCommunity(Resource): @jwt_required @marshal_with(CommunityModel.get_detailed_marshaller()) def get(self, id): user = UserModel.find_by_username(get_jwt_identity()) community = CommunityModel.find_by_id(id) if not community: abort(404, message=COMMUNIY_DOESNT_EXIST) if user not in community.users: abort(401, message=UNAUTHORIZED) is_owner = CommunityUserLinkModel.find_by_user_and_community( user.id, community.id).is_owner community.is_deletable = is_owner community.is_editable = is_owner return community, 200 @jwt_required @marshal_with(CommunityModel.get_marshaller()) def put(self, id): data = put_parser.parse_args() community = CommunityModel.find_by_id(id) if not community: abort(404, message=COMMUNIY_DOESNT_EXIST) community.name = data['name'] community.persist() return community, 200 @jwt_required @marshal_with(SimpleMessage.get_marshaller()) def delete(self, id): user = UserModel.find_by_username(get_jwt_identity()) try: link = CommunityUserLinkModel.find_by_user_and_community( user.id, id) if not link or not link.is_owner: abort(401, message=UNAUTHORIZED) except NoData: abort(404, message=COMMUNIY_DOESNT_EXIST) all_links = CommunityUserLinkModel.find_by_community(id) for link in all_links: link.delete() try: CommunityModel.delete_by_id(id) except NoData: abort(404, message=COMMUNIY_DOESNT_EXIST) return SimpleMessage(COMMUNIY_DELETED), 200
def post(self): jti = get_raw_jwt()['jti'] try: revoked_token = RevokedTokenModel(jti=jti) revoked_token.persist() return SimpleMessage(ACCESS_TOKEN_REVOKED), 200 except: abort(500, message=INTERNAL_SERVER_ERROR)
class SingleCommunityInvitation(Resource): @jwt_required @marshal_with(SimpleMessage.get_marshaller()) def put(self, community_id): user = UserModel.find_by_username(get_jwt_identity()) invitation = CommunityUserLinkModel.find_by_user_and_community( user.id, community_id) if not invitation: abort(404, message=COMMUNITY_INVITATION_DOESNT_EXIST) if invitation.invitation_accepted: abort(400, message=COMMUNITY_INVITATION_ALREADY_ACCEPTED) if invitation.user_id != user.id: abort(401, message=UNAUTHORIZED_TO_ACCEPT_COMMUNITY_INVITATION) invitation.invitation_accepted = True invitation.persist() assure_favourite_community(user.id) return SimpleMessage(COMMUNITY_INVITATION_ACCEPTED), 200 @jwt_required @marshal_with(SimpleMessage.get_marshaller()) def delete(self, community_id): user = UserModel.find_by_username(get_jwt_identity()) invitation = CommunityUserLinkModel.find_by_user_and_community( user.id, community_id) if not invitation: abort(404, message=COMMUNITY_INVITATION_DOESNT_EXIST) if invitation.user_id != user.id: abort(401, message=NOT_AUTHORIZED_TO_REMOVE_USER_FROM_COMMUNITY) if invitation.invitation_accepted and not invitation.is_owner: invitation.delete() return SimpleMessage(COMMUNIY_LEFT_SUCCESSFULLY), 200 if invitation.invitation_accepted and invitation.is_owner: CommunityModel.delete_by_id(invitation.community.id) return SimpleMessage(COMMUNIY_LEFT_AND_DELETED) invitation.delete() return SimpleMessage(COMMUNITY_INVITATION_DECLINED), 200
class UserLogoutAccess(Resource): @jwt_required @marshal_with(SimpleMessage.get_marshaller()) def post(self): jti = get_raw_jwt()['jti'] try: revoked_token = RevokedTokenModel(jti=jti) revoked_token.persist() return SimpleMessage(ACCESS_TOKEN_REVOKED), 200 except: abort(500, message=INTERNAL_SERVER_ERROR)
def delete(self, community_id): user = UserModel.find_by_username(get_jwt_identity()) invitation = CommunityUserLinkModel.find_by_user_and_community( user.id, community_id) if not invitation: abort(404, message=COMMUNITY_INVITATION_DOESNT_EXIST) if invitation.user_id != user.id: abort(401, message=NOT_AUTHORIZED_TO_REMOVE_USER_FROM_COMMUNITY) if invitation.invitation_accepted and not invitation.is_owner: invitation.delete() return SimpleMessage(COMMUNIY_LEFT_SUCCESSFULLY), 200 if invitation.invitation_accepted and invitation.is_owner: CommunityModel.delete_by_id(invitation.community.id) return SimpleMessage(COMMUNIY_LEFT_AND_DELETED) invitation.delete() return SimpleMessage(COMMUNITY_INVITATION_DECLINED), 200
def put(self): password_parser = reqparse.RequestParser() password_parser.add_argument('old_password', help='This field cannot be blank', required=True, type=str) password_parser.add_argument('new_password', help='This field cannot be blank', required=True, type=str) data = password_parser.parse_args() user = UserModel.find_by_username(get_jwt_identity()) if UserModel.verify_hash(data['old_password'], user.password): if len(data['new_password']) < 8: abort(400, message=PASSWORD_TOO_SHORT) user.password = UserModel.generate_hash(data['new_password']) user.persist() return SimpleMessage(PASSWORD_CHANGED), 201 else: abort(401, message=OLD_PASSWORD_INCORRECT)
def delete(self, community_id, id): tour = TourModel.find_by_id(id) user = UserModel.find_by_username(get_jwt_identity()) if not tour: abort(404, message=TOUR_NOT_FOUND) if not user.id == tour.owner.id: abort(401, message=UNAUTHORIZED) try: TourModel.delete_by_id(id) except NoData: abort(404, message=TOUR_NOT_FOUND) return SimpleMessage(TOUR_DELETED), 200
def post(self): parser = reqparse.RequestParser() parser.add_argument('identification', help='This field cannot be blank', required=True, type=str) data = parser.parse_args() user = UserModel.find_by_username(data['identification']) if not user: user = UserModel.find_by_email(data['identification']) if not user: abort(401, message=USER_NOT_FOUND) try: user.reset_password_hash = uuid4() user.reset_password_hash_created = datetime.now() user.persist() send_forgot_password_email(user) return SimpleMessage(RESET_PASSWORD_MAIL_SENT), 200 except: abort(500, message=INTERNAL_SERVER_ERROR)
def delete(self, task_id): task: TaskModel = TaskModel.find_by_id(task_id) if not task: abort(400, message=TASK_DOESNT_EXIST) community_member_ids = [m.id for m in task.community.users] user = UserModel.find_by_username(get_jwt_identity()) if user.id not in community_member_ids: abort(401, message=UNAUTHORIZED) try: task.delete_by_id(task_id) return SimpleMessage(TASK_DELETED), 200 except: abort(500, message=INTERNAL_SERVER_ERROR)
def delete(self, event_id): event: EventModel = EventModel.find_by_id(event_id) if not event: abort(404, message=EVENT_DOESNT_EXIST) community_member_ids = [m.id for m in event.community.users] user = UserModel.find_by_username(get_jwt_identity()) if user.id not in community_member_ids: abort(401, message=UNAUTHORIZED) try: event.delete_by_id(event_id) return SimpleMessage(EVENT_DELETED), 200 except: abort(500, message=INTERNAL_SERVER_ERROR)
def put(self, community_id): user = UserModel.find_by_username(get_jwt_identity()) invitation = CommunityUserLinkModel.find_by_user_and_community( user.id, community_id) if not invitation: abort(404, message=COMMUNITY_INVITATION_DOESNT_EXIST) if invitation.invitation_accepted: abort(400, message=COMMUNITY_INVITATION_ALREADY_ACCEPTED) if invitation.user_id != user.id: abort(401, message=UNAUTHORIZED_TO_ACCEPT_COMMUNITY_INVITATION) invitation.invitation_accepted = True invitation.persist() assure_favourite_community(user.id) return SimpleMessage(COMMUNITY_INVITATION_ACCEPTED), 200
def delete(self, community_id, id): refuel = RefuelModel.find_by_id(id) if not refuel: abort(404, message=REFUEL_DOESNT_EXIST) user = UserModel.find_by_username(get_jwt_identity()) if not user.id == refuel.owner.id: abort(401, message=UNAUTHORIZED) if not refuel.is_open: abort(401, message=CANNOT_DELETE_A_REFUEL_THAT_IS_PART_OF_A_PAYOFF) try: RefuelModel.delete_by_id(id) except NoData: abort(404, message=REFUEL_DOESNT_EXIST) return SimpleMessage(REFUEL_DELETED), 200
def delete(self, id): user = UserModel.find_by_username(get_jwt_identity()) try: link = CommunityUserLinkModel.find_by_user_and_community( user.id, id) if not link or not link.is_owner: abort(401, message=UNAUTHORIZED) except NoData: abort(404, message=COMMUNIY_DOESNT_EXIST) all_links = CommunityUserLinkModel.find_by_community(id) for link in all_links: link.delete() try: CommunityModel.delete_by_id(id) except NoData: abort(404, message=COMMUNIY_DOESNT_EXIST) return SimpleMessage(COMMUNIY_DELETED), 200
class SingleRefuel(Resource): @jwt_required @marshal_with(RefuelModel.get_marshaller()) def get(self, community_id, id): user = UserModel.find_by_username(get_jwt_identity()) refuel = RefuelModel.find_by_id(id) if not refuel: abort(404, message=REFUEL_DOESNT_EXIST) if user.id not in [u.id for u in refuel.community.users]: abort(401, message=UNAUTHORIZED) return refuel, 200 @jwt_required @marshal_with(RefuelModel.get_marshaller()) def put(self, community_id, id): data = parser.parse_args() refuel = RefuelModel.find_by_id(id) user = UserModel.find_by_username(get_jwt_identity()) if not refuel: abort(404, message=REFUEL_DOESNT_EXIST) if not user.id == refuel.owner.id: abort(401, message=UNAUTHORIZED) if not refuel.community.id == community_id: abort(400, message=CANT_CHANGE_REFUEL_COMMUNITY) refuel.costs = round(data['costs'], 2) refuel.liters = data['liters'] refuel.gas_station_name = data['gas_station_name'] refuel.persist() return refuel, 200 @jwt_required @marshal_with(SimpleMessage.get_marshaller()) def delete(self, community_id, id): refuel = RefuelModel.find_by_id(id) if not refuel: abort(404, message=REFUEL_DOESNT_EXIST) user = UserModel.find_by_username(get_jwt_identity()) if not user.id == refuel.owner.id: abort(401, message=UNAUTHORIZED) if not refuel.is_open: abort(401, message=CANNOT_DELETE_A_REFUEL_THAT_IS_PART_OF_A_PAYOFF) try: RefuelModel.delete_by_id(id) except NoData: abort(404, message=REFUEL_DOESNT_EXIST) return SimpleMessage(REFUEL_DELETED), 200
def delete(self, id): try: CarModel.delete_by_id(id) except NoData: abort(404, message=CAR_DOESNT_EXIST) return SimpleMessage(CAR_DELETED), 200
class SingleTour(Resource): @jwt_required @marshal_with(TourModel.get_marshaller()) def put(self, community_id, id): data = edit_tour_parser.parse_args() tour = TourModel.find_by_id(id) user = UserModel.find_by_username(get_jwt_identity()) community: CommunityModel = CommunityModel.find_by_id(community_id) community_member_ids = [m.id for m in community.users] if not tour: abort(404, message=TOUR_NOT_FOUND) if not user.id == tour.owner.id: abort(401, message=UNAUTHORIZED) passengers = [] if data['passengers']: for passenger_id in set(data['passengers']): if passenger_id not in community_member_ids: abort(400, message=PASSENGERS_MUST_BE_COMMUNITY_MEMBERS) else: passengers.append([u for u in community.users if u.id == passenger_id][0]) tour.comment = data['comment'] tour.parking_position = data['parking_position'] if not tour.is_open: abort(400, message=CANNOT_UPDATE_SENSITIVE_TOUR_DATA_WHEN_TOUR_IS_ALREADY_PAYED_FOR) else: if data['end_km'] <= data['start_km']: abort(400, message=END_KM_MUST_BE_GREATER_START_KM) tour.end_km = data['end_km'] tour.start_km = data['start_km'] tour.passengers = passengers tour.persist() return tour, 200 @jwt_required @marshal_with(SimpleMessage.get_marshaller()) def delete(self, community_id, id): tour = TourModel.find_by_id(id) user = UserModel.find_by_username(get_jwt_identity()) if not tour: abort(404, message=TOUR_NOT_FOUND) if not user.id == tour.owner.id: abort(401, message=UNAUTHORIZED) try: TourModel.delete_by_id(id) except NoData: abort(404, message=TOUR_NOT_FOUND) return SimpleMessage(TOUR_DELETED), 200 @jwt_required @marshal_with(TourModel.get_marshaller()) def get(self, community_id, id): tour = TourModel.find_by_id(id) user = UserModel.find_by_username(get_jwt_identity()) if not tour: abort(404, message=TOUR_NOT_FOUND) if user.id not in [u.id for u in tour.community.users]: abort(401, message=UNAUTHORIZED) return tour, 200