Esempio n. 1
0
    def post(self, account_number):
        parser = reqparse.RequestParser()
        parser.add_argument('sessionUserID')
        args = parser.parse_args()
        sessionUserID = args['sessionUserID']

        response = requests.get(f"{api_url}/accounts/{account_number}")
        if response.status_code == 404:
            return (response.json())
        isActive = response.json()['IsActive']
        query = ''
        if isActive == 'True':
            if response.json()['Balance'] == 0:
                query = f"""UPDATE Accounts SET IsActive = 0 WHERE AccountNumber = {account_number}"""
            else:
                return Helper.CustomResponse(
                    406, 'Balance must be $0.00 to be deactivated')
        else:
            query = f"""UPDATE Accounts SET IsActive = 1 WHERE AccountNumber = {account_number}"""

        try:
            engine.execute(query)
        except Exception as e:
            print(e)
            return Helper.CustomResponse(500, 'SQL Error')
        user = response.json()['id']
        if isActive == 'True':
            message = f"Account deactivated"
            custom_response = Helper.CustomResponse(200, message)
            data = {
                'SessionUserID': sessionUserID,
                'UserID': response.json()['id'],
                'AccountNumber': response.json()['AccountNumber'],
                'Amount': 0,
                'Event': message
            }
            requests.post(f"{api_url}/events/create", json=data)
            return custom_response
        else:
            message = f"Account activated!"
            custom_response = Helper.CustomResponse(200, message)
            data = {
                'SessionUserID': sessionUserID,
                'UserID': response.json()['id'],
                'AccountNumber': response.json()['AccountNumber'],
                'Amount': 0,
                'Event': message
            }
            requests.post(f"{api_url}/events/create", json=data)
            return custom_response
Esempio n. 2
0
    def get(self):
        ##### optional url query parameters
        args = {
            'id':
            request.args.get('id'),
            'username':
            request.args.get('username'),
            'usertype':
            request.args.get('usertype'),
            'firstname':
            request.args.get('firstname'),
            'lastname':
            request.args.get('lastname'),
            'email':
            request.args.get('email'),
            'is_active':
            request.args.get('is_active'),
            'is_password_expired':
            request.args.get('is_password_expired'),
            'password_expiration_date':
            request.args.get('password_expiration_date'),
        }

        params = 'where '
        for key, value in args.items():
            if value != None:
                params += f"{key} = '{value}' and "
        if params == 'where ':
            params = ''
        else:
            params = params[0:len(params) - 4]
        #####

        query = f"SELECT * FROM Users {params} ORDER BY id ASC"
        try:
            resultproxy = engine.execute(query)
        except:
            return Helper.CustomResponse(500, 'SQL ERROR')
        d, a = {}, []
        for rowproxy in resultproxy:
            # rowproxy.items() returns an array like [(key0, value0), (key1, value1)]
            for column, value in rowproxy.items():
                # build up the dictionary
                temp = str(value).split()
                value = temp[0]
                d = {**d, **{column: value}}
            a.append(d)
        if not a:
            abort(Helper.CustomResponse(404, 'no users found'))
        return a
Esempio n. 3
0
    def post(self):
        parser = reqparse.RequestParser()
        parser.add_argument('action')
        parser.add_argument('journal_id')
        parser.add_argument('form')
        parser.add_argument('sessionUserID')
        args = parser.parse_args()
        action = args['action']
        journal_ID = args['journal_id']
        formDict = Helper.ParseArgs(args['form'])
        sessionUserID = args['sessionUserID']
        query = f"""UPDATE JournalEntries SET Status = '{action}', Message = '{formDict['message']}' WHERE Journal_ID = {journal_ID}"""

        try:
            engine.execute(query)
        except Exception as e:
            print(e)
            return Helper.CustomResponse(500, 'SQL Error')

        journalEntryDict = requests.get(
            f"{api_url}/journals?Journal_ID={journal_ID}").json()
        srcAccountDict = requests.get(
            f"{api_url}/accounts/{journalEntryDict[0]['SourceAccountNumber']}"
        ).json()
        destAccountDict = requests.get(
            f"{api_url}/accounts/{journalEntryDict[0]['DestAccountNumber']}"
        ).json()

        message = f"Journal Entry {action}"
        data = {
            'SessionUserID': sessionUserID,
            'UserID': srcAccountDict['id'],
            'AccountNumber': srcAccountDict['AccountNumber'],
            'Event': message,
            'Amount': 0
        }
        requests.post(f"{api_url}/events/create", json=data)

        message = f"Journal Entry {action}"
        data = {
            'SessionUserID': sessionUserID,
            'UserID': destAccountDict['id'],
            'AccountNumber': destAccountDict['AccountNumber'],
            'Event': message,
            'Amount': 0
        }
        requests.post(f"{api_url}/events/create", json=data)

        return Helper.CustomResponse(200, f"Journal Entry {action}")
Esempio n. 4
0
 def get(self):
     query = "SELECT COUNT(EventID) from Events"
     try:
         resultProxy = engine.execute(query)
     except Exception as e:
         print(e)
         return Helper.CustomResponse(500, 'SQL Error')
     for rowProxy in resultProxy:
         return rowProxy[0]
Esempio n. 5
0
 def post(self):
     content = request.get_json()
     creationDateTime = datetime.now().strftime('%Y-%m-%d %H:%M:%S')
     eventID = requests.get(f"{api_url}/events/count").json()
     query = f"""INSERT INTO Events VALUES ({eventID}, {content['SessionUserID']}, {content['UserID']}, {content['AccountNumber']}, '{content['Event']}', {content['Amount']}, '{creationDateTime}')"""
     try:
         engine.execute(query)
     except Exception as e:
         print(e)
         return Helper.CustomResponse(500, 'SQL Error')
Esempio n. 6
0
    def post(self, user_id):
        parser = reqparse.RequestParser()
        parser.add_argument('form')
        parser.add_argument('sessionUserID')
        parser.add_argument('userID')
        args = parser.parse_args()
        formDict = Helper.ParseArgs(args['form'])
        sessionUserID = args['sessionUserID']
        userID = args['userID']

        currentPassword = formDict['currentPassword']
        newPassword = formDict['newPassword']
        sqlCurrentPassword = requests.get(
            f"{api_url}/users/{user_id}").json()[0]['hashed_password']
        previousPasswords = requests.get(
            f"{api_url}/users/{user_id}/get_passwords").json()

        if (check_password_hash(sqlCurrentPassword, currentPassword) == False):
            response = Helper.CustomResponse(401,
                                             'Incorrect current password!')
            return response
        for entry in previousPasswords:
            if check_password_hash(entry['password'], newPassword):
                response = Helper.CustomResponse(
                    406, 'New password has been used before!')
                return response
        newPassword = generate_password_hash(newPassword)
        engine.execute(
            f"""UPDATE Users SET hashed_password = '******' WHERE id = {user_id}; INSERT INTO Passwords (id, password) VALUES ({user_id}, '{newPassword}');"""
        )

        message = "User Password Updated"
        data = {
            'SessionUserID': sessionUserID,
            'UserID': userID,
            'AccountNumber': 0,
            'Amount': 0,
            'Event': message
        }
        requests.post(f"{api_url}/events/create", json=data)

        response = Helper.CustomResponse(200, 'Password has been updated!')
        return response
Esempio n. 7
0
 def get(self):
     resultproxy = engine.execute(
         f"SELECT * FROM Events ORDER BY EventID DESC")
     d, a = {}, []
     for rowproxy in resultproxy:
         # rowproxy.items() returns an array like [(key0, value0), (key1, value1)]
         for column, value in rowproxy.items():
             # build up the dictionary
             d = {**d, **{column: value}}
         a.append(d)
     if not a:
         abort(Helper.CustomResponse(404, 'no events found'))
     return a
Esempio n. 8
0
 def get(self):
     resultproxy = engine.execute(f"SELECT * FROM Users ORDER BY id ASC")
     d, a = {}, []
     for rowproxy in resultproxy:
         # rowproxy.items() returns an array like [(key0, value0), (key1, value1)]
         for column, value in rowproxy.items():
             # build up the dictionary
             temp = str(value).split()
             value = temp[0]
             d = {**d, **{column: value}}
         a.append(d)
     if not a:
         abort(Helper.CustomResponse(404, 'no users found'))
     return a
Esempio n. 9
0
    def get(self):
        ##### optional url query parameters
        args = {
            'Journal_ID': request.args.get('Journal_ID'),
            'RequestorUserID': request.args.get('RequestorUserID'),
            'SourceAccountNumber': request.args.get('SourceAccountNumber'),
            'DestAccountNumber': request.args.get('DestAccountNumber'),
            'Status': request.args.get('Status'),
            'Credits': request.args.get('Credits'),
            'Message': request.args.get('Message'),
            'Timestamp': request.args.get('Timestamp'),
            'StartDate': request.args.get('StartDate'),
            'EndDate': request.args.get('EndDate')
        }

        startDate = datetime.strptime('2000-01-01 00:00:00',
                                      '%Y-%m-%d %H:%M:%S')
        endDate = datetime.strptime('2100-12-31 23:59:59', '%Y-%m-%d %H:%M:%S')
        params = 'where '
        for key, value in args.items():
            if value != None:
                if key == 'StartDate':
                    startDate = value
                elif key == 'EndDate':
                    endDate = value
                else:
                    params += f"{key} = '{value}' and "
        params += f"TimeStamp BETWEEN '{startDate}' AND '{endDate}'"
        if params == 'where ':
            params = ''
        #####

        query = f"""select JournalEntries.*, src.AccountName as SourceAccountName, dest.AccountName as DestAccountName
                    from JournalEntries
                    inner join Accounts src on JournalEntries.SourceAccountNumber=src.AccountNumber
                    inner join Accounts dest on JournalEntries.DestAccountNumber=dest.AccountNumber
                    {params}"""

        resultproxy = engine.execute(query)
        d, a = {}, []
        for rowproxy in resultproxy:
            # rowproxy.items() returns an array like [(key0, value0), (key1, value1)]
            for column, value in rowproxy.items():
                # build up the dictionary
                d = {**d, **{column: value}}

            a.append(d)
        if not a:
            abort(Helper.CustomResponse(404, 'no journals found'))
        return a
Esempio n. 10
0
 def get(self, account_number):
     resultproxy = engine.execute(
         f"SELECT * FROM Accounts where AccountNumber = {account_number} ORDER BY id ASC"
     )
     d = {}
     for rowproxy in resultproxy:
         # rowproxy.items() returns an array like [(key0, value0), (key1, value1)]
         for column, value in rowproxy.items():
             # build up the dictionary
             d = {**d, **{column: value}}
     if not d:
         abort(
             Helper.CustomResponse(
                 404, 'account not found with provided account number'))
     return d
Esempio n. 11
0
 def get(self, user_id):
     resultproxy = engine.execute(
         f"select * from Users where id = {user_id}")
     d, a = {}, []
     for rowproxy in resultproxy:
         # rowproxy.items() returns an array like [(key0, value0), (key1, value1)]
         for column, value in rowproxy.items():
             # build up the dictionary
             temp = str(value).split()
             value = temp[0]
             d = {**d, **{column: value}}
         a.append(d)
     if not a:
         abort(Helper.CustomResponse(404,
                                     'user not found with provided id'))
     return a
Esempio n. 12
0
    def post(self, account_number):
        parser = reqparse.RequestParser()
        parser.add_argument('form')
        parser.add_argument('sessionUserID')
        parser.add_argument('userID')
        args = parser.parse_args()
        formDict = Helper.ParseArgs(args['form'])
        sessionUserID = args['sessionUserID']
        userID = args['userID']

        accountName = formDict['accountName']
        accountDesc = formDict['accountDesc']
        normalSide = formDict['normalSide']
        category = formDict['category']
        subcategory = formDict['subcategory']
        accountOrder = formDict['accountOrder']
        comment = formDict['comment']

        query = f"""UPDATE Accounts SET AccountName = '{accountName}', AccountDesc = '{accountDesc}', NormalSide = '{normalSide}', Category = '{category}', Subcategory = '{subcategory}', AccountOrder = {accountOrder}, Comment = '{comment}' WHERE AccountNumber = {account_number}"""

        try:
            engine.execute(query)
        except Exception as e:
            print(e)
            return Response("SQL Error",
                            status=500,
                            mimetype='application/json')

        message = f"Account updated"
        data = {
            'SessionUserID': sessionUserID,
            'UserID': userID,
            'AccountNumber': account_number,
            'Amount': 0,
            'Event': message
        }
        requests.post(f"{api_url}/events/create", json=data)

        response = Helper.CustomResponse(200, 'Account Edited Successfully!')
        return response
Esempio n. 13
0
    def post(self, username):
        parser = reqparse.RequestParser()
        parser.add_argument('form')
        parser.add_argument('sessionUserID')
        args = parser.parse_args()
        formDict = Helper.ParseArgs(args['form'])
        sessionUserID = args['sessionUserID']

        if formDict['accountHolderUsername'] != None:
            user = formDict['accountHolderUsername']
        else:
            user = username
        response = requests.get(f"{api_url}/users/{user}")
        if response.status_code == 404:
            return (response.json())
        user = response.json()[0]
        id = user['id']
        accountName = formDict['accountName']
        accountDesc = formDict['accountDesc']
        normalSide = formDict['normalSide']
        category = formDict['category']
        subcategory = 'None'
        balance = 0
        creationDate = datetime.now().strftime('%Y-%m-%d %H:%M:%S')
        accountOrder = 1
        statement = 'None'
        comment = 'None'
        accountNumber = Helper.GenerateAccountNumber(api_url)
        isActive = 1

        response = Helper.CheckForDuplicateAccountName(id, accountName,
                                                       api_url)
        if response.status_code != 200:
            return response

        query = f"""INSERT INTO Accounts VALUES ({id}, '{accountName}', {accountNumber}, '{accountDesc}', '{normalSide}',
                                                            '{category}', '{subcategory}', {balance}, '{creationDate}', {accountOrder},
                                                            '{statement}', '{comment}', {isActive})"""
        try:
            engine.execute(query)
        except Exception as e:
            print(e)
            return Response("SQL Error",
                            status=500,
                            mimetype='application/json')

        message = f"Account created"
        data = {
            'SessionUserID': sessionUserID,
            'UserID': id,
            'AccountNumber': accountNumber,
            'Amount': 0,
            'Event': message
        }
        requests.post(f"{api_url}/events/create", json=data)

        email = user['email']
        msg = Message('Account Creation Notice', recipients=[email])
        msg.body = f"Hello,\nThank you for opening a {category} account with us!"
        mail.send(msg)

        response = Helper.CustomResponse(200, 'Account Created!')
        return response
Esempio n. 14
0
    def post(self):
        parser = reqparse.RequestParser()
        parser.add_argument('form')
        parser.add_argument('sessionUserID')
        parser.add_argument('file')
        args = parser.parse_args()
        formDict = json.loads(args['form'])
        response1 = requests.get(
            f"{api_url}/accounts/{formDict['SourceAccountNumber']}")
        response2 = requests.get(
            f"{api_url}/accounts/{formDict['DestAccountNumber']}")
        if response1.status_code == 404:
            abort(
                Helper.CustomResponse(404,
                                      'Source Account number does not exist.'))
        if response2.status_code == 404:
            abort(
                Helper.CustomResponse(
                    404, 'Destination Account number does not exist.'))
        if response1.json()['AccountNumber'] == response2.json(
        )['AccountNumber']:
            abort(
                Helper.CustomResponse(400,
                                      'Account numbers cannot be the same.'))
        response = requests.get(f"{api_url}/journals")
        if response.status_code == 404:
            Journal_ID = 0
        else:
            Journal_ID = len(requests.get(f"{api_url}/journals").json())
        RequestorUserID = args['sessionUserID']
        fileURL = args['file']
        if (fileURL == ''):
            fileURL = None
        Status = 'pending'
        message = formDict['Comment']
        if (message == ''):
            message = 'No Message provided'
        timestamp = datetime.now().strftime('%Y-%m-%d %H:%M:%S')
        query = f"""INSERT INTO JournalEntries VALUES ({Journal_ID}, {RequestorUserID}, {formDict['SourceAccountNumber']}, {formDict['DestAccountNumber']},
                                                '{Status}', '{formDict['Debits']}', '{formDict['Credits']}', '{message}', '{timestamp}', '{fileURL}')"""

        query2 = f"UPDATE Accounts SET Balance = Balance - {formDict['Credits']} WHERE AccountNumber = {formDict['SourceAccountNumber']};"

        query3 = f"UPDATE Accounts SET Balance = Balance + {formDict['Debits']} WHERE AccountNumber = {formDict['DestAccountNumber']};"
        #expense or revenue transactions will affect the retained earnings account, other types of transactions will be normal
        if (formDict['TypeOfAcc'] == 'Expense or Revenue'):
            query4 = f"UPDATE Accounts SET Balance = Balance - {formDict['Credits']} WHERE Subcategory ='Retained Earnings';"
            try:
                engine.execute(query4)
            except Exception as e:
                print(e)
                return Helper.CustomResponse(500, 'SQL Error')

        try:
            engine.execute(query)
            engine.execute(query2)
            engine.execute(query3)
        except Exception as e:
            print(e)
            return Helper.CustomResponse(500, 'SQL Error')

        srcUserID = response1.json()['id']
        destUserID = response2.json()['id']
        creditsList = Helper.buildFloatArrayFromCommaDelimitedString(
            formDict['Credits'])
        debitsList = Helper.buildFloatArrayFromCommaDelimitedString(
            formDict['Debits'])

        message = f"Journal Entry Created"
        data = {
            'SessionUserID': RequestorUserID,
            'UserID': srcUserID,
            'AccountNumber': formDict['SourceAccountNumber'],
            'Event': message,
            'Amount': -sum(creditsList)
        }
        requests.post(f"{api_url}/events/create", json=data)

        message = f"Journal Entry Created"
        data = {
            'SessionUserID': RequestorUserID,
            'UserID': destUserID,
            'AccountNumber': formDict['DestAccountNumber'],
            'Event': message,
            'Amount': sum(debitsList)
        }
        requests.post(f"{api_url}/events/create", json=data)

        response = requests.get(f"{api_url}/users?usertype=manager")
        emailDictList = response.json()
        emails = []
        for entry in emailDictList:
            emails.append(entry['email'])

        for email in emails:
            msg = Message('New Journal Created', recipients=[email])
            msg.body = f"Hello,\nA new journal entry has been created and is awaiting your approval"
            mail.send(msg)

        return Helper.CustomResponse(200, 'Entry Submitted!')