def get(self, **kwargs): """ Returns all unconfirmed entities for the requesting user ordered by te creation date beginning with the latest. :return: List of all confirmed entitites wrapped in `data` attribute. """ areas = dbs.query(Area).filter(or_(Area.confirmed == False, Area.confirmed == None)).filter( or_(kwargs['user'].id == Area.original_author_id, kwargs['user'].administrator == True, kwargs['user'].moderator == True)).all() crags = dbs.query(Crag).filter(or_(Crag.confirmed == False, Crag.confirmed == None)).filter( or_(kwargs['user'].id == Crag.original_author_id, kwargs['user'].administrator == True, kwargs['user'].moderator == True)).all() blocks = dbs.query(Block).filter(or_(Block.confirmed == False, Block.confirmed == None)).filter( or_(kwargs['user'].id == Block.original_author_id, kwargs['user'].administrator == True, kwargs['user'].moderator == True)).all() boulders = dbs.query(Boulder).filter(or_(Boulder.confirmed == False, Boulder.confirmed == None)).filter( or_(kwargs['user'].id == Boulder.original_author_id, kwargs['user'].administrator == True, kwargs['user'].moderator == True)).all() areas.extend(crags) areas.extend(blocks) areas.extend(boulders) unconfirmed = sorted(areas, key=lambda x: x.time_created, reverse=True) unconfirmed_marshalled = marshal(unconfirmed, fields, envelope='data') for entity in unconfirmed_marshalled['data']: if entity['grade'] is None: entity.pop('grade', None) return unconfirmed_marshalled
def put(self, id, **kwargs): parsed_args = boulder_parser.parse_args() boulder = dbs.query(Boulder).filter(Boulder.id == id).first() if not boulder: abort(404, message="(Code 071) Boulder {} doesn't exist".format(id)) if parsed_args['confirmed'] and not (kwargs['user'].administrator or kwargs['user'].moderator): abort(401, message="(Code 054) Unauthorized!") elif parsed_args['confirmed']: boulder.confirmed = True if not (parsed_args['grade'] == "leicht" or parsed_args['grade'] == "mittel" or parsed_args[ 'grade'] == "schwer"): parsed_args['grade'] = parsed_args['grade'].upper() if parsed_args['grade'] not in grades: abort(400, message="(Code 060) Field 'grade' has to be a valid Vermin, Fontainebleau or " "NB scale (leicht, mittel, schwer) grade!") boulder.name = parsed_args['name'] boulder.block_id = parsed_args['block_id'] boulder.grade = parsed_args['grade'] boulder.rock_type = parsed_args['rock_type'] boulder.rock_texture = parsed_args['rock_texture'] boulder.height = parsed_args['height'] boulder.beta = parsed_args['beta'] boulder.landing_area = parsed_args['landing_area'] boulder.first_ascent_athlete = parsed_args['first_ascent_athlete'] boulder.first_ascent_date = parsed_args['first_ascent_date'] dbs.add(boulder) dbs.commit() return boulder, 201
def get(self, id): user = dbs.query(User).filter(User.id == id).first() if not user: abort(404, message="(Code 001) User {} doesn't exist".format(id)) if user.birthday: user.birthday = datetime.combine(user.birthday, datetime.min.time()) # Can't marshall date, only datetime return user
def put(self, id, **kwargs): parsed_args = promotion_parser.parse_args() user = dbs.query(User).filter(User.id == id).first() if not user: abort(404, message="(Code 037) User {} doesn't exist".format(id)) if parsed_args['promoteToAdmin']: if user.administrator: abort(404, message="(Code 040) User is already an administrator!") else: if kwargs['user'].administrator: user.administrator = True user.moderator = True else: abort(401, message="(Code 038) Unauthorized!") if parsed_args['promoteToMod']: if user.administrator: abort(404, message="(Code 041) User is already an administrator!") elif user.moderator: abort(404, message="(Code 042) User is already a moderator!") else: if kwargs['user'].moderator or kwargs['user'].administrator: user.moderator = True else: abort(401, message="(Code 039) Unauthorized!") dbs.add(user) dbs.commit() return user, 201
def delete(self, id, **kwargs): comment = dbs.query(Comment).filter(Comment.id == id).first() if not comment: abort(404, message="(Code 066) Comment {} doesn't exist".format(id)) if not (comment.author_id == kwargs["user"].id or kwargs["user"].administrator): abort(401, message="(Code 067) Unauthorized".format(id)) dbs.delete(comment) dbs.commit() return {}, 204
def delete(self, id, **kwargs): if kwargs['protected_action_permission'] != 'delete': abort(401, message='(Code 025) Wrong permissions!') user = dbs.query(User).filter(User.id == id).first() if not user: abort(404, message="(Code 002) User {} doesn't exist".format(id)) dbs.delete(user) dbs.commit() return {}, 204
def put(self, id, **kwargs): parsed_args = parser.parse_args() comment = dbs.query(Comment).filter(Comment.id == id).first() if not comment: abort(404, message="(Code 068) Comment {} doesn't exist".format(id)) if not (comment.author_id == kwargs["user"].id): abort(401, message="(Code 069) Unauthorized".format(id)) comment.text = parsed_args["text"] dbs.add(comment) dbs.commit() return comment, 201
def post(self, **kwargs): parsed_args = boulder_grading_parser.parse_args() former_grading = dbs.query(BoulderGrading).filter(BoulderGrading.user_id == kwargs['user'].id, BoulderGrading.boulder_id == parsed_args[ 'boulder_id']).first() if former_grading: dbs.delete(former_grading) boulder = dbs.query(Boulder).filter(Boulder.id == parsed_args['boulder_id']).first() if not boulder: abort(404, message="(Code 073) Boulder doesn't exist!") if not boulder.confirmed: abort(400, message="(Code 074) Cannot suggest a grade for an unconfirmed boulder!") if parsed_args['grade'] not in fb_scale + v_scale: abort(400, message="(Code 075) Field 'grade' has to be a valid Vermin or Fontainebleau grade!") grading = BoulderGrading(boulder_id=parsed_args['boulder_id'], grade=parsed_args['grade'], user_id=kwargs['user'].id) dbs.add(grading) dbs.commit() return None, 201
def delete(self, id, **kwargs): boulder = dbs.query(Boulder).filter(Boulder.id == id).first() if not boulder: abort(404, message="(Code 033) Boulder {} doesn't exist".format(id)) if boulder.confirmed and not (kwargs['user'].administrator or kwargs['user'].moderator): abort(401, message="(Code 052) Unauthorized!") if not boulder.confirmed and not (kwargs['user'].id == boulder.original_author_id or kwargs['user'].administrator or kwargs['user'].moderator): abort(401, message="(Code 053) Unauthorized!") dbs.delete(boulder) dbs.commit() return {}, 204
def delete(self, id, **kwargs): crag = dbs.query(Crag).filter(Crag.id == id).first() if not crag: abort(404, message="(Code 035) Crag {} doesn't exist".format(id)) if crag.confirmed and not (kwargs['user'].administrator or kwargs['user'].moderator): abort(401, message="(Code 046) Unauthorized!") if not crag.confirmed and not (kwargs['user'].id == crag.original_author_id or kwargs['user'].administrator or kwargs['user'].moderator): abort(401, message="(Code 047) Unauthorized!") dbs.delete(crag) dbs.commit() return {}, 204
def delete(self, id, **kwargs): block = dbs.query(Block).filter(Block.id == id).first() if not block: abort(404, message="(Code 031) Block {} doesn't exist".format(id)) if block.confirmed and not (kwargs['user'].administrator or kwargs['user'].moderator): abort(401, message="(Code 049) Unauthorized!") if not block.confirmed and not (kwargs['user'].id == block.original_author_id or kwargs['user'].administrator or kwargs['user'].moderator): abort(401, message="(Code 050) Unauthorized!") dbs.delete(block) dbs.commit() return {}, 204
def delete(self, id, **kwargs): area = dbs.query(Area).filter(Area.id == id).first() if not area: abort(404, message="(Code 029) Area {} doesn't exist".format(id)) if area.confirmed and not (kwargs["user"].administrator or kwargs["user"].moderator): abort(401, message="(Code 043) Unauthorized!") if not area.confirmed and not ( kwargs["user"].id == area.original_author_id or kwargs["user"].administrator or kwargs["user"].moderator ): abort(401, message="(Code 044) Unauthorized!") dbs.delete(area) dbs.commit() return {}, 204
def post(self, **kwargs): parsed_args = parser.parse_args() entity = dbs.query(Entity).filter(Entity.id == parsed_args["entity_id"]).first() if not entity: abort(404, message="(Code 061) Entity doesn't exist!") if not entity.confirmed: abort(400, message="(Code 062) Cannot comment on an unconfirmed entity!") if parsed_args["parent_id"]: parent_comment = dbs.query(Comment).filter(Comment.id == parsed_args["parent_id"]).first() if not parent_comment: abort(400, message="(Code 063) Parent comment doesn't exist!") if parent_comment.parent_id: abort(400, message="(Code 064) Maximal discussion depth is one!") comment = Comment( entity_id=parsed_args["entity_id"], author_id=kwargs["user"].id, parent_id=parsed_args["parent_id"], text=parsed_args["text"], ) dbs.add(comment) dbs.commit() return comment, 201
def output(self, key, obj): try: data = fields.to_marshallable_type(obj) entity = dbs.query(Entity).filter(Entity.id == data["id"]).filter(Entity.confirmed).first() if not entity: raise fields.MarshallingException() endpoint = entity.type o = urlparse(url_for(endpoint, _external=self.absolute, **data)) if self.absolute: scheme = self.scheme if self.scheme is not None else o.scheme return urlunparse((scheme, o.netloc, o.path, "", "", "")) return urlunparse(("", "", o.path, "", "", "")) except TypeError as te: raise fields.MarshallingException(te)
def put(self, id, **kwargs): parsed_args = area_parser.parse_args() area = dbs.query(Area).filter(Area.id == id).first() if not area: abort(404, message="(Code 079) Area {} doesn't exist".format(id)) if parsed_args["confirmed"] and not (kwargs["user"].administrator or kwargs["user"].moderator): abort(401, message="(Code 045) Unauthorized!") elif parsed_args["confirmed"]: area.confirmed = True area.name = parsed_args["name"] area.description = parsed_args["description"] dbs.add(area) dbs.commit() return area, 201
def put(self, id, **kwargs): parsed_args = parser.parse_args() if not (parsed_args['nickname'] or (parsed_args['firstname'] and parsed_args['lastname'])): abort(400, message="(Code 003) Either a nickname or a firstname and lastname need to be given!") if not re.match(r"[^@]+@[^@]+\.[^@]+", parsed_args['email']): abort(400, message="(Code 004) Email field is invalid!") if not parsed_args['sex'] in sexes: abort(400, message="(Code 027) Invalid sex!") user = dbs.query(User).filter(User.id == id).first() if not user: abort(404, message="(Code 080) User {} doesn't exist".format(id)) if kwargs['user'].email != user.email: abort(401, message="(Code 005) Unauthorized!") user.firstname = parsed_args['firstname'] user.lastname = parsed_args['lastname'] user.nickname = parsed_args['nickname'] user.size = parsed_args['size'] user.sex = parsed_args['sex'] user.birthday = datetime.strptime(parsed_args['birthday'], '%Y-%m-%d') if parsed_args[ 'birthday'] else None if user.email != parsed_args['email']: # Changing the email address needs special permissions if kwargs['protected_action_permission'] != 'put': abort(401, message='(Code 006) Unauthorized!') else: user.email = parsed_args['email'] generate_refreshed_jwt = True else: generate_refreshed_jwt = False if parsed_args['password']: # So does changing the password if kwargs['protected_action_permission'] != 'put': abort(401, message='(Code 007) Unauthorized!') else: user.password = parsed_args['password'] dbs.add(user) dbs.commit() if user.birthday: user.birthday = datetime.combine(user.birthday, datetime.min.time()) # Can't marshall date, only datetime marshalled_response = marshal(user, user_fields, envelope='data') # When email changed, the login JWT is now invalid and a new one has to be sent if generate_refreshed_jwt: marshalled_response['refreshedJWT'] = get_login_jwt(user.email) return marshalled_response, 201
def verify_pw(username, password): """ Checks if the given user exists and if the given password matches. :param username: The users username. :param password: The users password. :return: True is no error occured. """ user = dbs.query(User).filter(User.email == username).first() if not user: abort(401, message="(Code 011) Wrong email address and password combination!") if user.password != password: abort(401, message="(Code 012) Wrong email address and password combination!") g.user = user return True
def put(self, id, **kwargs): parsed_args = crag_parser.parse_args() crag = dbs.query(Crag).filter(Crag.id == id).first() if not crag: abort(404, message="(Code 070) Crag {} doesn't exist".format(id)) if parsed_args['confirmed'] and not (kwargs['user'].administrator or kwargs['user'].moderator): abort(401, message="(Code 048) Unauthorized!") elif parsed_args['confirmed']: crag.confirmed = True crag.name = parsed_args['name'] crag.area_id = parsed_args['area_id'] crag.description = parsed_args['description'] crag.description = parsed_args['latitude'] crag.description = parsed_args['longitude'] dbs.add(crag) dbs.commit() return crag, 201
def put(self, id, **kwargs): parsed_args = block_parser.parse_args() block = dbs.query(Block).filter(Block.id == id).first() if not block: abort(404, message="(Code 072) Block {} doesn't exist".format(id)) if parsed_args['confirmed'] and not (kwargs['user'].administrator or kwargs['user'].moderator): abort(401, message="(Code 051) Unauthorized!") elif parsed_args['confirmed']: block.confirmed = True block.name = parsed_args['name'] block.crag_id = parsed_args['crag_id'] block.description = parsed_args['description'] block.latitude = parsed_args['latitude'] block.longitude = parsed_args['longitude'] dbs.add(block) dbs.commit() return block, 201
def wrapper(*args, **kwargs): if not request.headers.get("loginJWT"): abort(401, message="(Code 013) No login token provided!") try: payload = jwt.decode(request.headers.get("loginJWT"), app.config["JWT_SECRET"], issuer="eifelstats") except jwt.ExpiredSignatureError: abort(401, message="(Code 014) Token has expired!") except jwt.InvalidIssuerError: abort(401, message="(Code 015) Invalid token issuer!") except jwt.InvalidIssuedAtError: abort(401, message="(Code 016) Token issuedAt time is in the future!") except jwt.InvalidTokenError: abort(401, message="(Code 017) Token invalid!") user = dbs.query(User).filter(User.email == payload["user"]).first() if not user: abort(401, message="(Code 018) Invalid token audience!") kwargs["user"] = user return f(*args, **kwargs)
def get_login_jwt(username): """ Creates and returns a login JWT for the specified user. The token is valid for seven days. :param username: The username for which to create the token. :return: The created JWT. """ user = g.get("user", None) if user is None: user = dbs.query(User).filter(User.email == username).first() payload = { "exp": datetime.utcnow() + timedelta(days=7), "iss": "eifelstats", "iat": datetime.utcnow(), "user": username, "admin": user.administrator, "mod": user.moderator, } return jwt.encode(payload, app.config["JWT_SECRET"], algorithm="HS256")
def wrapper(*args, **kwargs): user_id = request.url.split("/")[-1] user = dbs.query(User).filter(User.id == user_id).first() if request.headers.get("paJWT"): try: payload = jwt.decode( request.headers.get("paJWT"), app.config["JWT_SECRET"], issuer="eifelstats", audience=user.email ) except jwt.ExpiredSignatureError: abort(401, message="(Code 019) Token has expired!") except jwt.InvalidAudienceError: abort(401, message="(Code 020) Invalid token audience!") except jwt.InvalidIssuerError: abort(401, message="(Code 021) Invalid token issuer!") except jwt.InvalidIssuedAtError: abort(401, message="(Code 022) Token issuedAt time is in the future!") except jwt.InvalidTokenError: abort(401, message="(Code 023) Token invalid!") kwargs["protected_action_permission"] = payload["act"] else: kwargs["protected_action_permission"] = "none" return f(*args, **kwargs)
def post(self): parsed_args = parser.parse_args() # If there is not admin in the system yet, an admin can be created this way. This will only work for the first # admin in the system! is_admin = False if parsed_args['installAdmin']: if not dbs.query(User).filter(User.administrator).all(): is_admin = True else: abort(401, message="(Code 036) Falsely attempted to create initial administrator!") if not (parsed_args['nickname'] or (parsed_args['firstname'] and parsed_args['lastname'])): abort(400, message="(Code 008) Either a nickname or a firstname and lastname need to be given!") if not re.match(r"[^@]+@[^@]+\.[^@]+", parsed_args['email']): abort(400, message="(Code 009) Email field is invalid!") if not parsed_args['password']: abort(400, message="(Code 010) Password cannot be blank!") if not parsed_args['sex'] in sexes: abort(400, message="(Code 026) Invalid sex!") birthday = datetime.strptime(parsed_args['birthday'], '%Y-%m-%d') if parsed_args[ 'birthday'] else None user = User(firstname=parsed_args['firstname'], lastname=parsed_args['lastname'], nickname=parsed_args['nickname'], birthday=birthday, size=parsed_args['size'], sex=parsed_args['sex'], email=parsed_args['email'], password=parsed_args['password'], administrator=is_admin, moderator=is_admin) dbs.add(user) dbs.commit() if user.birthday: user.birthday = datetime.combine(user.birthday, datetime.min.time()) # Can't marshall date, only datetime return user, 201
def get(self, id): crag = dbs.query(Crag).filter(Crag.id == id).filter(Crag.confirmed).first() if not crag: abort(404, message="(Code 034) Crag {} doesn't exist".format(id)) return crag
def get(self, id): boulder = dbs.query(Boulder).filter(Boulder.id == id).filter(Boulder.confirmed).first() if not boulder: abort(404, message="(Code 032) Boulder {} doesn't exist".format(id)) return boulder
def get(self): comments = dbs.query(Comment).all() return comments
def get(self, id): comment = dbs.query(Comment).filter(Comment.id == id).first() if not comment: abort(404, message="(Code 065) Comment {} doesn't exist".format(id)) return comment
def get(self, id): comments = dbs.query(Comment).filter(Comment.entity_id == id, Comment.parent_id == None).all() return comments
def get(self): crags = dbs.query(Crag).filter(Crag.confirmed).all() return crags
def get(self): boulders = dbs.query(Boulder).filter(Boulder.confirmed).all() return boulders