def patch_booking_by_token(token):
email = request.args.get('email', None)
offer_id = dehumanize(request.args.get('offer_id', None))
booking_token_upper_case = token.upper()
booking = booking_queries.find_by(booking_token_upper_case, email,
offer_id)
if current_user.is_authenticated:
ensure_current_user_has_rights(
RightsType.editor,
booking.stock.resolvedOffer.venue.managingOffererId)
else:
check_email_and_offer_id_for_anonymous_user(email, offer_id)
check_booking_is_usable(booking)
if check_is_activation_booking(booking):
activate_user(booking.user)
send_activation_notification_email(booking.user, send_raw_email)
booking.isUsed = True
booking.dateUsed = datetime.utcnow()
PcObject.save(booking)
return '', 204
def deactivate_venue_offers(venueId):
venue = load_or_404(Venue, venueId)
ensure_current_user_has_rights(RightsType.editor, venue.managingOffererId)
offers = venue.offers
deactivated_offers = update_is_active_status(offers, False)
PcObject.save(*deactivated_offers)
return jsonify([as_dict(offer, includes=OFFER_INCLUDES) for offer in deactivated_offers]), 200
def delete_event_occurence(id):
eo = load_or_404(EventOccurence, id)
ensure_current_user_has_rights(app.model.RightsType.editor,
eo.venue.managingOffererId)
#TODO: S'il y a des réservations il faut envoyer des mails !
#TODO: Interdire la suppression d'évenements passés
return delete(eo, request.json)
def edit_venue(venueId):
venue = load_or_404(Venue, venueId)
ensure_current_user_has_rights(app.model.RightsType.editor,
venue.managingOffererId)
update(venue, request.json)
app.model.PcObject.check_and_save(venue)
return jsonify(venue._asdict(include=VENUES_INCLUDES)), 200
def edit_venue(venueId):
venue = load_or_404(Venue, venueId)
check_valid_edition(request, venue)
validate_coordinates(request.json.get('latitude', None), request.json.get('longitude', None))
ensure_current_user_has_rights(RightsType.editor, venue.managingOffererId)
venue.populate_from_dict(request.json)
save_venue(venue)
return jsonify(as_dict(venue, includes=VENUE_INCLUDES)), 200
def create_event_occurence():
print('request.json', request.json)
eo = EventOccurence(from_dict=request.json)
venue = load_or_404(Venue, request.json['venueId'])
ensure_current_user_has_rights(app.model.RightsType.editor,
venue.managingOffererId)
app.model.PcObject.check_and_save(eo)
return jsonify(eo._asdict()), 201
def edit_event_occurence(id):
eo = load_or_404(EventOccurence, id)
ensure_current_user_has_rights(app.model.RightsType.editor,
eo.venue.managingOffererId)
update(eo, request.json)
#TODO: Si changement d'horaires et qu'il y a des réservations il faut envoyer des mails !
#TODO: Interdire la modification d'évenements passés
app.model.PcObject.check_and_save(eo)
return jsonify(eo._asdict(include=VENUES_INCLUDES)), 200
def patch_offerer(offererId):
ensure_current_user_has_rights(RightsType.admin, dehumanize(offererId))
data = request.json
check_valid_edition(data)
offerer = Offerer.query.filter_by(id=dehumanize(offererId)).first()
offerer.populate_from_dict(data, skipped_keys=['validationToken'])
recommendations = find_all_recommendations_for_offerer(offerer)
invalidate_recommendations_if_deactivating_object(data, recommendations)
PcObject.save(offerer)
return jsonify(get_dict_offerer(offerer)), 200
def update_mediation(mediation_id):
mediation = load_or_404(Mediation, mediation_id)
ensure_current_user_has_rights(RightsType.editor,
mediation.offer.venue.managingOffererId)
mediation = Mediation.query.filter_by(id=dehumanize(mediation_id)).first()
data = request.json
mediation.populate_from_dict(data)
invalidate_recommendations_if_deactivating_object(
data, mediation.recommendations)
PcObject.save(mediation)
return jsonify(as_dict(mediation, includes=MEDIATION_INCLUDES)), 200
def edit_stock(stock_id):
stock_data = request.json
query = Stock.queryNotSoftDeleted().filter_by(id=dehumanize(stock_id))
stock = query.first_or_404()
check_offer_is_editable(stock.offer)
check_dates_are_allowed_on_existing_stock(stock_data, stock.offer)
offerer_id = stock.resolvedOffer.venue.managingOffererId
ensure_current_user_has_rights(RightsType.editor, offerer_id)
stock.populate_from_dict(stock_data)
PcObject.save(stock)
return jsonify(as_dict(stock)), 200
def create_mediation():
check_thumb_in_request(files=request.files, form=request.form)
offerer_id = dehumanize(request.form['offererId'])
offer_id = dehumanize(request.form['offerId'])
credit = request.form.get('credit')
ensure_current_user_has_rights(RightsType.editor, offerer_id)
mediation = create_new_mediation(offer_id, offerer_id, current_user,
credit)
thumb = read_thumb(files=request.files, form=request.form)
check_thumb_quality(thumb)
PcObject.save(mediation)
save_thumb(mediation, thumb, 0, crop=_get_crop(request.form))
return jsonify(as_dict(mediation)), 201
def create_stock():
request_data = request.json
check_request_has_offer_id(request_data)
offer_id = dehumanize(request_data.get('offerId', None))
offer = find_offer_by_id(offer_id)
check_offer_is_editable(offer)
check_dates_are_allowed_on_new_stock(request_data, offer)
offerer = offerer_queries.get_by_offer_id(offer_id)
ensure_current_user_has_rights(RightsType.editor, offerer.id)
new_stock = Stock(from_dict=request_data)
PcObject.save(new_stock)
return jsonify(as_dict(new_stock)), 201
def post_storage_file(collectionName, id, index):
model_name = inflect_engine.singular_noun(collectionName.title(), 1)
if model_name not in GENERIC_STORAGE_MODEL_NAMES:
return jsonify({'text': 'upload is not authorized for this model'}), 400
model = getattr(models, model_name)
entity = model.query.filter_by(id=dehumanize(id)).first_or_404()
if model_name == 'Mediation':
offerer_id = entity.offer.venue.managingOffererId
ensure_current_user_has_rights(RightsType.editor, offerer_id)
save_thumb(entity, request.files['file'].read(), int(index))
return jsonify(as_dict(entity)), 200
def patch_offer(id):
thing_or_event_dict = request.json
check_valid_edition(request.json)
offer = offer_queries.find_offer_by_id(dehumanize(id))
if not offer:
raise ResourceNotFound
ensure_current_user_has_rights(RightsType.editor,
offer.venue.managingOffererId)
check_offer_is_editable(offer)
offer.populate_from_dict(request.json)
offer.update_with_product_data(thing_or_event_dict)
PcObject.save(offer)
if 'isActive' in request.json and not request.json['isActive']:
invalidate_recommendations(offer)
return jsonify(as_dict(offer, includes=OFFER_INCLUDES)), 200
def delete_stock(id):
stock = load_or_404(Stock, id)
check_offer_is_editable(stock.offer)
offerer_id = stock.resolvedOffer.venue.managingOffererId
ensure_current_user_has_rights(RightsType.editor, offerer_id)
bookings = delete_stock_and_cancel_bookings(stock)
if bookings:
try:
send_batch_cancellation_emails_to_users(bookings, send_raw_email)
send_batch_cancellation_email_to_offerer(bookings, 'stock',
send_raw_email)
except MailServiceException as e:
app.logger.error('Mail service failure', e)
PcObject.save(stock, *bookings)
return jsonify(as_dict(stock)), 200
def check_rights_to_get_bookings_csv(user, venue_id=None, offer_id=None):
if venue_id:
venue = find_by_id(venue_id)
if venue is None:
api_errors = ApiErrors()
api_errors.add_error('venueId', "Ce lieu n'existe pas.")
raise api_errors
ensure_current_user_has_rights(user=user,
rights=RightsType.editor,
offerer_id=venue.managingOffererId)
if offer_id:
venue = find_by_offer_id(offer_id)
if venue is None:
api_errors = ApiErrors()
api_errors.add_error('offerId', "Cette offre n'existe pas.")
raise api_errors
ensure_current_user_has_rights(user=user,
rights=RightsType.editor,
offerer_id=venue.managingOffererId)
def post_offer():
venue_id = request.json.get('venueId')
check_has_venue_id(venue_id)
venue = load_or_raise_error(Venue, venue_id)
ensure_current_user_has_rights(RightsType.editor, venue.managingOffererId)
product_id = dehumanize(request.json.get('productId'))
if product_id:
offer = initialize_offer_from_product_id(product_id)
else:
offer_type_name = request.json.get('type')
check_offer_type_is_valid(offer_type_name)
offer = fill_offer_with_new_data(request.json, current_user)
offer.product.owningOfferer = venue.managingOfferer
offer.venue = venue
offer.bookingEmail = request.json.get('bookingEmail', None)
PcObject.save(offer)
send_offer_creation_notification_to_administration(offer, current_user,
PRO_URL, send_raw_email)
return jsonify(as_dict(offer, includes=OFFER_INCLUDES)), 201
def create_mediation():
# TODO: Allow to receive a URL from request.form['thumb']
# save_thumb already does it so it should be easy, but I can't make it ...
if 'thumb' not in request.files\
or request.files['thumb'].filename == '':
e = ApiErrors()
e.addError('thumb', "Vous devez fournir une image d'accroche")
return jsonify(e.errors), 400
thumb = request.files['thumb']
filename_parts = thumb.filename.rsplit('.', 1)
if len(filename_parts)<2\
or filename_parts[1].lower() not in ALLOWED_EXTENSIONS:
e = ApiErrors()
e.addError('thumb', "Ce format d'image n'est pas autorisé")
return jsonify(e.errors), 400
offererId = dehumanize(request.form['offererId'])
ensure_current_user_has_rights(RightsType.editor, offererId)
new_mediation = Mediation()
new_mediation.author = current_user
new_mediation.eventId = dehumanize(request.form['eventId'])
new_mediation.offererId = offererId
app.model.PcObject.check_and_save(new_mediation)
if 'croppingRect[x]' in request.form:
crop = [
float(request.form['croppingRect[x]']),
float(request.form['croppingRect[y]']),
float(request.form['croppingRect[height]'])
]
else:
crop = None
new_mediation.save_thumb(thumb.read(), 0, crop=crop)
return jsonify(new_mediation), 201
def check_user_has_rights_for_query(offerer_id, venue, venue_id):
if venue_id:
ensure_current_user_has_rights(RightsType.editor,
venue.managingOffererId)
elif offerer_id:
ensure_current_user_has_rights(RightsType.editor, offerer_id)
def get_venue(venueId):
venue = load_or_404(Venue, venueId)
ensure_current_user_has_rights(RightsType.editor, venue.managingOffererId)
return jsonify(as_dict(venue, includes=VENUE_INCLUDES)), 200
def get_offerer(id):
ensure_current_user_has_rights(RightsType.editor, dehumanize(id))
offerer = load_or_404(Offerer, id)
return jsonify(get_dict_offerer(offerer)), 200
def delete_mediation(id):
mediation = load_or_404(Mediation, id)
ensure_current_user_has_rights(RightsType.editor, mediation.offererId)
return delete(mediation)
def delete_venue_provider(id):
vp = load_or_404(VenueProvider, id)
ensure_current_user_has_rights(app.model.RightsType.editor,
vp.venue.managingOffererId)
# TODO: should we also delete all the associated events/things...?
return delete(vp)