def patch(self, user_resource_id):
user_to_edit = users.get(user_resource_id)
if user_to_edit is None:
raise NotFound('User not found.')
user_id = get_jwt_identity()
if user_to_edit.id != user_id:
raise BadRequest('You cannot edit profile of other person.')
data: Dict = request.get_json()
if data is None:
raise InvalidPayload
attributes = {
'first_name', 'last_name', 'phone', 'street', 'zip_code', 'city',
'country', 'date_of_birth'
}
if not any(data.get(attribute) for attribute in attributes):
raise InvalidPayload
try:
users.update(user_to_edit, attributes, data)
except (TypeError, ValueError) as e:
raise BadRequest(str(e))
return {'message': 'Profile successfully modified.'}
def post(self, product_id):
data = request.get_json()
product = products.get(product_id)
if product is None:
raise NotFound('Product not found.')
user_id = get_jwt_identity()
user = users.get(user_id)
if products.get_product_rating_by_user(product, user) is not None:
raise BadRequest('This user already rated this product.')
rating = data.get('rating')
if rating is None:
raise InvalidPayload
if not isinstance(rating, int):
raise ProductRatingError
if not (1 <= rating <= 5):
raise ProductRatingError
products.add_rating(product, user, rating)
return {
'message': 'Rating was successfully added.'
}, status.HTTP_201_CREATED
def get(self, user_resource_id):
user_to_get = users.get(user_resource_id)
if user_to_get is None:
raise NotFound('User not found.')
user_id = get_jwt_identity()
if user_to_get.id != user_id:
raise BadRequest('You cannot get user profile of other person.')
return user_to_get
def decorated_function(*args, **kwargs):
if get_jwt_identity() is None:
return f(*args, **kwargs)
user = users.get(get_jwt_identity())
if user is None:
raise AuthenticationFailed
if not user.active:
raise UserNotActive
return f(*args, **kwargs)
def test_update_not_existing_user_profile(client: FlaskClient):
user = users.add(
User(email='*****@*****.**',
password='******',
first_name='Tibor',
last_name='Mikita',
phone='+421111222333',
street='Kosicka',
zip_code='06601',
city='Humenne',
country=Country.SK,
date_of_birth=datetime.date(1994, 5, 25)))
user.active = True
r = client.post('/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json')
payload = r.json
access_token = payload['access_token']
not_existing_user_id = 99
not_existing_user = users.get(not_existing_user_id)
assert not_existing_user is None
r = client.patch(f'/api/users/{not_existing_user_id}',
data=json.dumps({
'city': 'Medzilaborce',
'street': 'Bratislavska',
'zip_code': '99999',
'phone': '+420999999999'
}),
content_type='application/json',
headers={'Authorization': f'Bearer {access_token}'})
payload = r.json
assert r.status_code == status.HTTP_404_NOT_FOUND
assert payload['message'] == 'User not found.'
def test_update_user_profile_transaction(client: FlaskClient):
user = users.add(
User(email='*****@*****.**',
password='******',
first_name='Tibor',
last_name='Mikita',
phone='+421111222333',
street='Kosicka',
zip_code='06601',
city='Humenne',
country=Country.SK,
date_of_birth=datetime.date(1994, 5, 25)))
user.active = True
r = client.post('/api/auth/login',
data=json.dumps({
'email': '*****@*****.**',
'password': '******'
}),
content_type='application/json')
payload = r.json
access_token = payload['access_token']
assert user.first_name == 'Tibor'
r = client.patch(f'/api/users/{user.id}',
data=json.dumps({
'city': 'Presov',
'phone': '0999999999'
}),
content_type='application/json',
headers={'Authorization': f'Bearer {access_token}'})
payload = r.json
assert r.status_code == status.HTTP_400_BAD_REQUEST
assert 'Phone must have format' in payload['message']
user_after_update = users.get(user.id)
assert user_after_update.city == 'Humenne'
def delete(self, product_id):
product = products.get(product_id)
if product is None:
raise NotFound('Product not found.')
user_id = get_jwt_identity()
user = users.get(user_id)
rating = products.get_product_rating_by_user(product, user)
if rating is None:
raise NotFound('Rating not found.')
products.delete_rating(product, user)
return {
'message': 'Rating was successfully deleted.'
}, status.HTTP_200_OK
def decorated_function(*args, **kwargs):
user_id = get_jwt_identity()
if users.get(user_id).role != UserRole.ADMIN and users.get(
user_id).role != UserRole.WORKER:
raise PermissionDenied
return f(*args, **kwargs)