def get(self, **kwargs):
"""
Returns all unconfirmed entities for the requesting user ordered by te creation date beginning with the latest.
:return: List of all confirmed entitites wrapped in `data` attribute.
"""
areas = dbs.query(Area).filter(or_(Area.confirmed == False, Area.confirmed == None)).filter(
or_(kwargs['user'].id == Area.original_author_id, kwargs['user'].administrator == True,
kwargs['user'].moderator == True)).all()
crags = dbs.query(Crag).filter(or_(Crag.confirmed == False, Crag.confirmed == None)).filter(
or_(kwargs['user'].id == Crag.original_author_id, kwargs['user'].administrator == True,
kwargs['user'].moderator == True)).all()
blocks = dbs.query(Block).filter(or_(Block.confirmed == False, Block.confirmed == None)).filter(
or_(kwargs['user'].id == Block.original_author_id, kwargs['user'].administrator == True,
kwargs['user'].moderator == True)).all()
boulders = dbs.query(Boulder).filter(or_(Boulder.confirmed == False, Boulder.confirmed == None)).filter(
or_(kwargs['user'].id == Boulder.original_author_id, kwargs['user'].administrator == True,
kwargs['user'].moderator == True)).all()
areas.extend(crags)
areas.extend(blocks)
areas.extend(boulders)
unconfirmed = sorted(areas, key=lambda x: x.time_created, reverse=True)
unconfirmed_marshalled = marshal(unconfirmed, fields, envelope='data')
for entity in unconfirmed_marshalled['data']:
if entity['grade'] is None:
entity.pop('grade', None)
return unconfirmed_marshalled
def put(self, id, **kwargs):
parsed_args = boulder_parser.parse_args()
boulder = dbs.query(Boulder).filter(Boulder.id == id).first()
if not boulder:
abort(404, message="(Code 071) Boulder {} doesn't exist".format(id))
if parsed_args['confirmed'] and not (kwargs['user'].administrator or kwargs['user'].moderator):
abort(401, message="(Code 054) Unauthorized!")
elif parsed_args['confirmed']:
boulder.confirmed = True
if not (parsed_args['grade'] == "leicht" or parsed_args['grade'] == "mittel" or parsed_args[
'grade'] == "schwer"):
parsed_args['grade'] = parsed_args['grade'].upper()
if parsed_args['grade'] not in grades:
abort(400, message="(Code 060) Field 'grade' has to be a valid Vermin, Fontainebleau or "
"NB scale (leicht, mittel, schwer) grade!")
boulder.name = parsed_args['name']
boulder.block_id = parsed_args['block_id']
boulder.grade = parsed_args['grade']
boulder.rock_type = parsed_args['rock_type']
boulder.rock_texture = parsed_args['rock_texture']
boulder.height = parsed_args['height']
boulder.beta = parsed_args['beta']
boulder.landing_area = parsed_args['landing_area']
boulder.first_ascent_athlete = parsed_args['first_ascent_athlete']
boulder.first_ascent_date = parsed_args['first_ascent_date']
dbs.add(boulder)
dbs.commit()
return boulder, 201
def get(self, id):
user = dbs.query(User).filter(User.id == id).first()
if not user:
abort(404, message="(Code 001) User {} doesn't exist".format(id))
if user.birthday:
user.birthday = datetime.combine(user.birthday, datetime.min.time()) # Can't marshall date, only datetime
return user
def put(self, id, **kwargs):
parsed_args = promotion_parser.parse_args()
user = dbs.query(User).filter(User.id == id).first()
if not user:
abort(404, message="(Code 037) User {} doesn't exist".format(id))
if parsed_args['promoteToAdmin']:
if user.administrator:
abort(404, message="(Code 040) User is already an administrator!")
else:
if kwargs['user'].administrator:
user.administrator = True
user.moderator = True
else:
abort(401, message="(Code 038) Unauthorized!")
if parsed_args['promoteToMod']:
if user.administrator:
abort(404, message="(Code 041) User is already an administrator!")
elif user.moderator:
abort(404, message="(Code 042) User is already a moderator!")
else:
if kwargs['user'].moderator or kwargs['user'].administrator:
user.moderator = True
else:
abort(401, message="(Code 039) Unauthorized!")
dbs.add(user)
dbs.commit()
return user, 201
def delete(self, id, **kwargs):
comment = dbs.query(Comment).filter(Comment.id == id).first()
if not comment:
abort(404, message="(Code 066) Comment {} doesn't exist".format(id))
if not (comment.author_id == kwargs["user"].id or kwargs["user"].administrator):
abort(401, message="(Code 067) Unauthorized".format(id))
dbs.delete(comment)
dbs.commit()
return {}, 204
def delete(self, id, **kwargs):
if kwargs['protected_action_permission'] != 'delete':
abort(401, message='(Code 025) Wrong permissions!')
user = dbs.query(User).filter(User.id == id).first()
if not user:
abort(404, message="(Code 002) User {} doesn't exist".format(id))
dbs.delete(user)
dbs.commit()
return {}, 204
def put(self, id, **kwargs):
parsed_args = parser.parse_args()
comment = dbs.query(Comment).filter(Comment.id == id).first()
if not comment:
abort(404, message="(Code 068) Comment {} doesn't exist".format(id))
if not (comment.author_id == kwargs["user"].id):
abort(401, message="(Code 069) Unauthorized".format(id))
comment.text = parsed_args["text"]
dbs.add(comment)
dbs.commit()
return comment, 201
def post(self, **kwargs):
parsed_args = boulder_grading_parser.parse_args()
former_grading = dbs.query(BoulderGrading).filter(BoulderGrading.user_id == kwargs['user'].id,
BoulderGrading.boulder_id == parsed_args[
'boulder_id']).first()
if former_grading:
dbs.delete(former_grading)
boulder = dbs.query(Boulder).filter(Boulder.id == parsed_args['boulder_id']).first()
if not boulder:
abort(404, message="(Code 073) Boulder doesn't exist!")
if not boulder.confirmed:
abort(400, message="(Code 074) Cannot suggest a grade for an unconfirmed boulder!")
if parsed_args['grade'] not in fb_scale + v_scale:
abort(400, message="(Code 075) Field 'grade' has to be a valid Vermin or Fontainebleau grade!")
grading = BoulderGrading(boulder_id=parsed_args['boulder_id'],
grade=parsed_args['grade'],
user_id=kwargs['user'].id)
dbs.add(grading)
dbs.commit()
return None, 201
def delete(self, id, **kwargs):
boulder = dbs.query(Boulder).filter(Boulder.id == id).first()
if not boulder:
abort(404, message="(Code 033) Boulder {} doesn't exist".format(id))
if boulder.confirmed and not (kwargs['user'].administrator or kwargs['user'].moderator):
abort(401, message="(Code 052) Unauthorized!")
if not boulder.confirmed and not (kwargs['user'].id == boulder.original_author_id or
kwargs['user'].administrator or kwargs['user'].moderator):
abort(401, message="(Code 053) Unauthorized!")
dbs.delete(boulder)
dbs.commit()
return {}, 204
def delete(self, id, **kwargs):
crag = dbs.query(Crag).filter(Crag.id == id).first()
if not crag:
abort(404, message="(Code 035) Crag {} doesn't exist".format(id))
if crag.confirmed and not (kwargs['user'].administrator or kwargs['user'].moderator):
abort(401, message="(Code 046) Unauthorized!")
if not crag.confirmed and not (kwargs['user'].id == crag.original_author_id or
kwargs['user'].administrator or kwargs['user'].moderator):
abort(401, message="(Code 047) Unauthorized!")
dbs.delete(crag)
dbs.commit()
return {}, 204
def delete(self, id, **kwargs):
block = dbs.query(Block).filter(Block.id == id).first()
if not block:
abort(404, message="(Code 031) Block {} doesn't exist".format(id))
if block.confirmed and not (kwargs['user'].administrator or kwargs['user'].moderator):
abort(401, message="(Code 049) Unauthorized!")
if not block.confirmed and not (kwargs['user'].id == block.original_author_id or
kwargs['user'].administrator or kwargs['user'].moderator):
abort(401, message="(Code 050) Unauthorized!")
dbs.delete(block)
dbs.commit()
return {}, 204
def delete(self, id, **kwargs):
area = dbs.query(Area).filter(Area.id == id).first()
if not area:
abort(404, message="(Code 029) Area {} doesn't exist".format(id))
if area.confirmed and not (kwargs["user"].administrator or kwargs["user"].moderator):
abort(401, message="(Code 043) Unauthorized!")
if not area.confirmed and not (
kwargs["user"].id == area.original_author_id or kwargs["user"].administrator or kwargs["user"].moderator
):
abort(401, message="(Code 044) Unauthorized!")
dbs.delete(area)
dbs.commit()
return {}, 204
def post(self, **kwargs):
parsed_args = parser.parse_args()
entity = dbs.query(Entity).filter(Entity.id == parsed_args["entity_id"]).first()
if not entity:
abort(404, message="(Code 061) Entity doesn't exist!")
if not entity.confirmed:
abort(400, message="(Code 062) Cannot comment on an unconfirmed entity!")
if parsed_args["parent_id"]:
parent_comment = dbs.query(Comment).filter(Comment.id == parsed_args["parent_id"]).first()
if not parent_comment:
abort(400, message="(Code 063) Parent comment doesn't exist!")
if parent_comment.parent_id:
abort(400, message="(Code 064) Maximal discussion depth is one!")
comment = Comment(
entity_id=parsed_args["entity_id"],
author_id=kwargs["user"].id,
parent_id=parsed_args["parent_id"],
text=parsed_args["text"],
)
dbs.add(comment)
dbs.commit()
return comment, 201
def output(self, key, obj):
try:
data = fields.to_marshallable_type(obj)
entity = dbs.query(Entity).filter(Entity.id == data["id"]).filter(Entity.confirmed).first()
if not entity:
raise fields.MarshallingException()
endpoint = entity.type
o = urlparse(url_for(endpoint, _external=self.absolute, **data))
if self.absolute:
scheme = self.scheme if self.scheme is not None else o.scheme
return urlunparse((scheme, o.netloc, o.path, "", "", ""))
return urlunparse(("", "", o.path, "", "", ""))
except TypeError as te:
raise fields.MarshallingException(te)
def put(self, id, **kwargs):
parsed_args = area_parser.parse_args()
area = dbs.query(Area).filter(Area.id == id).first()
if not area:
abort(404, message="(Code 079) Area {} doesn't exist".format(id))
if parsed_args["confirmed"] and not (kwargs["user"].administrator or kwargs["user"].moderator):
abort(401, message="(Code 045) Unauthorized!")
elif parsed_args["confirmed"]:
area.confirmed = True
area.name = parsed_args["name"]
area.description = parsed_args["description"]
dbs.add(area)
dbs.commit()
return area, 201
def put(self, id, **kwargs):
parsed_args = parser.parse_args()
if not (parsed_args['nickname'] or (parsed_args['firstname'] and parsed_args['lastname'])):
abort(400, message="(Code 003) Either a nickname or a firstname and lastname need to be given!")
if not re.match(r"[^@]+@[^@]+\.[^@]+", parsed_args['email']):
abort(400, message="(Code 004) Email field is invalid!")
if not parsed_args['sex'] in sexes:
abort(400, message="(Code 027) Invalid sex!")
user = dbs.query(User).filter(User.id == id).first()
if not user:
abort(404, message="(Code 080) User {} doesn't exist".format(id))
if kwargs['user'].email != user.email:
abort(401, message="(Code 005) Unauthorized!")
user.firstname = parsed_args['firstname']
user.lastname = parsed_args['lastname']
user.nickname = parsed_args['nickname']
user.size = parsed_args['size']
user.sex = parsed_args['sex']
user.birthday = datetime.strptime(parsed_args['birthday'], '%Y-%m-%d') if parsed_args[
'birthday'] else None
if user.email != parsed_args['email']: # Changing the email address needs special permissions
if kwargs['protected_action_permission'] != 'put':
abort(401, message='(Code 006) Unauthorized!')
else:
user.email = parsed_args['email']
generate_refreshed_jwt = True
else:
generate_refreshed_jwt = False
if parsed_args['password']: # So does changing the password
if kwargs['protected_action_permission'] != 'put':
abort(401, message='(Code 007) Unauthorized!')
else:
user.password = parsed_args['password']
dbs.add(user)
dbs.commit()
if user.birthday:
user.birthday = datetime.combine(user.birthday, datetime.min.time()) # Can't marshall date, only datetime
marshalled_response = marshal(user, user_fields, envelope='data')
# When email changed, the login JWT is now invalid and a new one has to be sent
if generate_refreshed_jwt:
marshalled_response['refreshedJWT'] = get_login_jwt(user.email)
return marshalled_response, 201
def verify_pw(username, password):
"""
Checks if the given user exists and if the given password matches.
:param username: The users username.
:param password: The users password.
:return: True is no error occured.
"""
user = dbs.query(User).filter(User.email == username).first()
if not user:
abort(401, message="(Code 011) Wrong email address and password combination!")
if user.password != password:
abort(401, message="(Code 012) Wrong email address and password combination!")
g.user = user
return True
def put(self, id, **kwargs):
parsed_args = crag_parser.parse_args()
crag = dbs.query(Crag).filter(Crag.id == id).first()
if not crag:
abort(404, message="(Code 070) Crag {} doesn't exist".format(id))
if parsed_args['confirmed'] and not (kwargs['user'].administrator or kwargs['user'].moderator):
abort(401, message="(Code 048) Unauthorized!")
elif parsed_args['confirmed']:
crag.confirmed = True
crag.name = parsed_args['name']
crag.area_id = parsed_args['area_id']
crag.description = parsed_args['description']
crag.description = parsed_args['latitude']
crag.description = parsed_args['longitude']
dbs.add(crag)
dbs.commit()
return crag, 201
def put(self, id, **kwargs):
parsed_args = block_parser.parse_args()
block = dbs.query(Block).filter(Block.id == id).first()
if not block:
abort(404, message="(Code 072) Block {} doesn't exist".format(id))
if parsed_args['confirmed'] and not (kwargs['user'].administrator or kwargs['user'].moderator):
abort(401, message="(Code 051) Unauthorized!")
elif parsed_args['confirmed']:
block.confirmed = True
block.name = parsed_args['name']
block.crag_id = parsed_args['crag_id']
block.description = parsed_args['description']
block.latitude = parsed_args['latitude']
block.longitude = parsed_args['longitude']
dbs.add(block)
dbs.commit()
return block, 201
def wrapper(*args, **kwargs):
if not request.headers.get("loginJWT"):
abort(401, message="(Code 013) No login token provided!")
try:
payload = jwt.decode(request.headers.get("loginJWT"), app.config["JWT_SECRET"], issuer="eifelstats")
except jwt.ExpiredSignatureError:
abort(401, message="(Code 014) Token has expired!")
except jwt.InvalidIssuerError:
abort(401, message="(Code 015) Invalid token issuer!")
except jwt.InvalidIssuedAtError:
abort(401, message="(Code 016) Token issuedAt time is in the future!")
except jwt.InvalidTokenError:
abort(401, message="(Code 017) Token invalid!")
user = dbs.query(User).filter(User.email == payload["user"]).first()
if not user:
abort(401, message="(Code 018) Invalid token audience!")
kwargs["user"] = user
return f(*args, **kwargs)
def get_login_jwt(username):
"""
Creates and returns a login JWT for the specified user.
The token is valid for seven days.
:param username: The username for which to create the token.
:return: The created JWT.
"""
user = g.get("user", None)
if user is None:
user = dbs.query(User).filter(User.email == username).first()
payload = {
"exp": datetime.utcnow() + timedelta(days=7),
"iss": "eifelstats",
"iat": datetime.utcnow(),
"user": username,
"admin": user.administrator,
"mod": user.moderator,
}
return jwt.encode(payload, app.config["JWT_SECRET"], algorithm="HS256")
def wrapper(*args, **kwargs):
user_id = request.url.split("/")[-1]
user = dbs.query(User).filter(User.id == user_id).first()
if request.headers.get("paJWT"):
try:
payload = jwt.decode(
request.headers.get("paJWT"), app.config["JWT_SECRET"], issuer="eifelstats", audience=user.email
)
except jwt.ExpiredSignatureError:
abort(401, message="(Code 019) Token has expired!")
except jwt.InvalidAudienceError:
abort(401, message="(Code 020) Invalid token audience!")
except jwt.InvalidIssuerError:
abort(401, message="(Code 021) Invalid token issuer!")
except jwt.InvalidIssuedAtError:
abort(401, message="(Code 022) Token issuedAt time is in the future!")
except jwt.InvalidTokenError:
abort(401, message="(Code 023) Token invalid!")
kwargs["protected_action_permission"] = payload["act"]
else:
kwargs["protected_action_permission"] = "none"
return f(*args, **kwargs)
def post(self):
parsed_args = parser.parse_args()
# If there is not admin in the system yet, an admin can be created this way. This will only work for the first
# admin in the system!
is_admin = False
if parsed_args['installAdmin']:
if not dbs.query(User).filter(User.administrator).all():
is_admin = True
else:
abort(401, message="(Code 036) Falsely attempted to create initial administrator!")
if not (parsed_args['nickname'] or (parsed_args['firstname'] and parsed_args['lastname'])):
abort(400, message="(Code 008) Either a nickname or a firstname and lastname need to be given!")
if not re.match(r"[^@]+@[^@]+\.[^@]+", parsed_args['email']):
abort(400, message="(Code 009) Email field is invalid!")
if not parsed_args['password']:
abort(400, message="(Code 010) Password cannot be blank!")
if not parsed_args['sex'] in sexes:
abort(400, message="(Code 026) Invalid sex!")
birthday = datetime.strptime(parsed_args['birthday'], '%Y-%m-%d') if parsed_args[
'birthday'] else None
user = User(firstname=parsed_args['firstname'],
lastname=parsed_args['lastname'],
nickname=parsed_args['nickname'],
birthday=birthday,
size=parsed_args['size'],
sex=parsed_args['sex'],
email=parsed_args['email'],
password=parsed_args['password'],
administrator=is_admin,
moderator=is_admin)
dbs.add(user)
dbs.commit()
if user.birthday:
user.birthday = datetime.combine(user.birthday, datetime.min.time()) # Can't marshall date, only datetime
return user, 201
def get(self, id):
crag = dbs.query(Crag).filter(Crag.id == id).filter(Crag.confirmed).first()
if not crag:
abort(404, message="(Code 034) Crag {} doesn't exist".format(id))
return crag
def get(self, id):
boulder = dbs.query(Boulder).filter(Boulder.id == id).filter(Boulder.confirmed).first()
if not boulder:
abort(404, message="(Code 032) Boulder {} doesn't exist".format(id))
return boulder
def get(self):
comments = dbs.query(Comment).all()
return comments
def get(self, id):
comment = dbs.query(Comment).filter(Comment.id == id).first()
if not comment:
abort(404, message="(Code 065) Comment {} doesn't exist".format(id))
return comment
def get(self, id):
comments = dbs.query(Comment).filter(Comment.entity_id == id, Comment.parent_id == None).all()
return comments
def get(self):
crags = dbs.query(Crag).filter(Crag.confirmed).all()
return crags
def get(self):
boulders = dbs.query(Boulder).filter(Boulder.confirmed).all()
return boulders
