def delete_user(request, user_id):
"""
Delete an user
:param request:
:param user_id:
:return: Httreponse
"""
if not request:
abort(400)
if not check_user_permission(user_id):
error = {
'error':
'Action interdite: Tentative d\'action sur un compte non identifié'
}
return HttpResponse(403).custom(error)
user = session.query(User).filter(User.id == user_id).first()
if not user:
return HttpResponse(403).error(ErrorCode.USER_NFIND)
try:
session.begin()
session.query(User).filter(User.id == user_id).delete()
session.commit()
except Exception as e:
session.rollback()
session.flush()
return HttpResponse(500).error(ErrorCode.DB_ERROR, e)
return HttpResponse(202).success(SuccessCode.USER_DELETED)
def update_user(request, user_id):
if not request:
abort(400)
user = session.query(User).filter(User.id == user_id).first()
if not user:
return HttpResponse(403).error(ErrorCode.USER_NFIND)
infos = request.json
verification = check_user_infos(infos)
if verification is not None:
return HttpResponse(403).error(verification)
if 'mail' in infos:
existing = session.query(User).filter(
User.mail == infos['mail']).first()
if existing:
return HttpResponse(403).error(ErrorCode.MAIL_USED)
if 'password' in infos:
hashed = get_hashed_password(infos['password'])
infos['password'] = hashed
infos['date_update'] = datetime.datetime.now()
try:
session.begin()
session.query(User).filter(User.id == user_id).update(infos)
session.commit()
except Exception as e:
session.rollback()
session.flush()
return HttpResponse(500).error(ErrorCode.DB_ERROR, e)
return HttpResponse(202).success(SuccessCode.USER_UPDATED)
def get_user(request):
if not request:
abort(400)
if 'mail' in request.args:
user = session.query(User).filter(
User.mail == request.args['mail']).first()
if not user:
return HttpResponse(403).error(ErrorCode.USER_NFIND)
res = {'user': to_dict(user)}
return HttpResponse().custom(res)
users = session.query(User).filter()
res = {'users': [to_dict(x) for x in users]}
return HttpResponse().custom(res)
def get_products(request, product_id):
if not request:
abort(400)
products = session.query(Product).filter(Product.id == product_id).first()
if not products:
return HttpResponse(403).error(ErrorCode.PRODUCT_NFIND)
product = requests.get(urlopenfoodfact.format(products.id_ean))
return HttpResponse(200).custom({
'success': 'On a retrouvé le produit.',
'position': products.position,
'expiration_date': products.expiration_date,
'id_ean': products.id_ean,
'informations': product.json()
})
def delete_products(request, product_id):
"""
Delete a product
:param request:
:param product_id:
:return:
"""
if not request:
abort(400)
product = session.query(Product).filter(Product.id == product_id).first()
if not product:
return HttpResponse(403).error(ErrorCode.PRODUCT_NFIND)
try:
session.begin()
session.query(Product).filter(Product.id == product_id).delete()
session.commit()
except Exception as e:
session.rollback()
session.flush()
return HttpResponse(500).error(ErrorCode.DB_ERROR, e)
return HttpResponse(202).success(SuccessCode.PRODUCT_DELETED)
def post_product(request, id_user=None):
if not request:
abort(400)
if id_user is None:
id_user = 1
try:
datetime.datetime.strptime(request.json['expiration_date'], "%Y-%m-%d")
except ValueError:
return HttpResponse(400).custom({
"errors": {
"expiration_date":
"'{}' is not of type 'date'".format(
request.json['expiration_date'])
},
"message":
"Input payload validation failed"
})
if request.json['id_rfid'] < 0:
return HttpResponse(403).error(ErrorCode.ID_RFID_NOK)
product = requests.get(urlopenfoodfact.format(
request.json['id_ean'])).json()
if not "product" in product:
return HttpResponse(403).error(ErrorCode.UNK)
name = product['product']['product_name_fr'][:100]
name_gen = product['product']['generic_name_fr'][:100]
try:
created_product = create_product(request.json, id_user)
except Exception as e:
return HttpResponse(407).error(ErrorCode.ID_RFID_NOK, e)
return HttpResponse(201).success(SuccessCode.PRODUCT_CREATED,
{'id': created_product.id})
def create_user(request):
if not request:
abort(400)
verification = check_user_infos(request.json)
if verification is not None:
return HttpResponse(403).error(verification)
existing = session.query(User).filter(
User.mail == request.json['mail']).first()
if existing:
return HttpResponse(403).error(ErrorCode.MAIL_USED)
hashed = get_hashed_password(request.json['password'])
new_user = User(date_insert=datetime.datetime.now(),
date_update=datetime.datetime.now(),
is_active=1,
status=0,
gender=request.json['gender'],
lastname=request.json['lastname'],
firstname=request.json['firstname'],
mail=request.json['mail'],
password=hashed,
country=request.json['country'],
town=request.json['town'],
street=request.json['street'],
street_number=request.json['street_number'],
region=request.json['region'],
postal_code=request.json['postal_code'])
try:
session.begin()
session.add(new_user)
session.commit()
except Exception as e:
session.rollback()
session.flush()
return HttpResponse(500).error(ErrorCode.DB_ERROR, e)
app_id = session.query(AuthApplication).filter(
AuthApplication.project_id == "arlex-ccevqe").first().id
access_token = AccessToken(app_id=app_id,
type='bearer',
token=uuid.uuid4().hex[:35],
date_insert=datetime.datetime.now(),
id_user=new_user.id,
expiration_date=datetime.datetime.now() +
datetime.timedelta(weeks=2),
is_enable=1,
scopes="user")
try:
session.begin()
session.add(access_token)
session.commit()
except Exception as e:
session.rollback()
session.flush()
return HttpResponse(500).error(ErrorCode.DB_ERROR, e)
refresh_token = RefreshToken(
app_id=app_id,
date_insert=datetime.datetime.now(),
token=uuid.uuid4().hex[:35],
is_enable=True,
access_token_id=access_token.id,
)
try:
session.begin()
session.add(refresh_token)
session.commit()
except Exception as e:
session.rollback()
session.flush()
return HttpResponse(500).error(ErrorCode.DB_ERROR, e)
return HttpResponse(201).success(
SuccessCode.USER_CREATED, {
'id': new_user.id,
'access_token': access_token.token,
'refresh_token': refresh_token.token
})