コード例 #1
0
def user_details_update():

    #TODO: separate to a validation class
    if request.get_json() is None:
        return ru.http_unsupported_media_type()

    if request.get_json().get('email') is None:
        return ru.http_bad_gateway(message="Email must not be empty")

    if not vu.is_valid_email(request.get_json().get('email')):
        return ru.http_bad_gateway(message="Email is invalid")

    if request.get_json().get('first_name') is None:
        return ru.http_bad_gateway(message="First name must not be empty")

    if request.get_json().get('last_name') is None:
        return ru.http_bad_gateway(message="Last name must not be empty")

    if request.get_json().get('role') is None:
        return ru.http_bad_gateway(message="Role must not be empty")

    if request.get_json().get('role') not in role_values:
        return ru.http_bad_gateway(message="Role value is not valid")

    if request.headers.get('authorization') is None:
        return ru.http_unauthorized()

    auth = request.headers.get('authorization').split(' ')

    if not vu.is_valid_bearer(auth):
        return ru.http_unauthorized(message="Invalid Bearer Authentication")

    token = UserToken.is_valid_token(auth[1])

    if token is None:
        return ru.http_unauthorized(message="Invalid token")

    if token.is_blocked or token.is_expired:
        return ru.http_forbidden()

    if User.is_existing_email_for_update_by_id(
            token.user,
            request.get_json().get('email')):
        return ru.http_conflict(message="Email is already existing")

    user = User.find_by_id(token.user)

    if user is None:
        return ru.http_forbidden()

    if not User.update_user_by_id(
            user.id,
            email=request.get_json().get('email'),
            first_name=request.get_json().get('first_name'),
            last_name=request.get_json().get('last_name'),
            role=user.role):
        ru.http_conflict(message="Failed to update the resource")

    return ru.http_success(message="Successful updated")
コード例 #2
0
def user_password_update_for_admin(uid):

    #TODO: separate to a validation class
    if request.get_json() is None:
        return ru.http_unsupported_media_type()

    #TODO: improve validation for password
    if request.get_json().get('password') is None:
        return ru.http_bad_gateway(message="Password must not be empty")

    if len(request.get_json().get('password')) < 8:
        return ru.http_bad_gateway(
            message="Password must be a minimum of 8 characters")

    if request.headers.get('authorization') is None:
        return ru.http_unauthorized()

    auth = request.headers.get('authorization').split(' ')

    if not vu.is_valid_bearer(auth):
        return ru.http_unauthorized(message="Invalid Bearer Authentication")

    token = UserToken.is_valid_token(auth[1])

    if token is None:
        return ru.http_unauthorized(message="Invalid token")

    if token.is_blocked or token.is_expired:
        return ru.http_forbidden()

    user = User.find_by_id(token.user)

    if user is None:
        return ru.http_forbidden()

    if not user.is_admin:
        return ru.http_forbidden()

    if not User.update_user_password_by_uid(
            uid, User.generate_password(request.get_json().get('password'))):
        ru.http_conflict(message="Failed to update the resource")

    return ru.http_success(message="Successful updated password")
コード例 #3
0
def user_login():

    #TODO: separate to a validation class
    if request.get_json() is None:
        return ru.http_unsupported_media_type()

    if request.get_json().get('email') is None:
        return ru.http_bad_gateway()

    if not vu.is_valid_email(request.get_json().get('email')):
        return ru.http_bad_gateway()

    #TODO: improve validation for password
    if request.get_json().get('password') is None:
        return ru.http_bad_gateway()

    if len(request.get_json().get('password')) < 8:
        return ru.http_bad_gateway(
            message="Password must be a minimum of 8 characters")

    user = User.is_valid_user(request.get_json().get('email'),
                              request.get_json().get('password'))

    if user is None:
        return ru.http_unauthorized(message="Email and password is not valid")

    token = UserToken.generate_token()
    if UserToken.create_token(user=user.id, token=token):
        ru.http_conflict(message="Failed to create a user token")

    return ru.http_success(
        meta={
            'uid': user.uid,
            'token': token,
            'role': role_values_reverse.get(user.role),
            'first_name': user.first_name,
            'last_name': user.last_name
        })
コード例 #4
0
def user_registration_for_admin():

    #TODO: separate to a validation class
    if request.get_json() is None:
        return ru.http_unsupported_media_type()

    if request.get_json().get('email') is None:
        return ru.http_bad_gateway(message="Email must not be empty")

    if not vu.is_valid_email(request.get_json().get('email')):
        return ru.http_bad_gateway(message="Email is invalid")

    #TODO: improve validation for password
    if request.get_json().get('password') is None:
        return ru.http_bad_gateway(message="Password must not be empty")

    if len(request.get_json().get('password')) < 8:
        return ru.http_bad_gateway(
            message="Password must be a minimum of 8 characters")

    if request.get_json().get('first_name') is None:
        return ru.http_bad_gateway(message="First name must not be empty")

    if request.get_json().get('last_name') is None:
        return ru.http_bad_gateway(message="Last name must not be empty")

    if request.get_json().get('role') is None:
        return ru.http_bad_gateway(message="Role must not be empty")

    if request.get_json().get('role') not in role_values:
        return ru.http_bad_gateway(message="Role value is not valid")

    if request.headers.get('authorization') is None:
        return ru.http_unauthorized()

    auth = request.headers.get('authorization').split(' ')

    if not vu.is_valid_bearer(auth):
        return ru.http_unauthorized(message="Invalid Bearer Authentication")

    token = UserToken.is_valid_token(auth[1])

    if token is None:
        return ru.http_unauthorized(message="Invalid token")

    if token.is_blocked or token.is_expired:
        return ru.http_forbidden()

    if User.is_existing_email(request.get_json().get('email')):
        return ru.http_conflict(message="Email is already existing")

    user = User.find_by_id(token.user)

    if user is None:
        return ru.http_forbidden()

    if not user.is_admin:
        return ru.http_forbidden()

    if not User.create_user(
            email=request.get_json().get('email'),
            password=User.generate_password(
                request.get_json().get('password')),
            uid=User.generate_uid(),
            first_name=request.get_json().get('first_name'),
            last_name=request.get_json().get('last_name'),
            role=role_values.get(request.get_json().get('role')),
            #status default = 2 for the meantime when there is no email validation yet
            status=1):
        ru.http_conflict(message="Failed to create the resource")

    return ru.http_created()
コード例 #5
0
def submit_to_finance_manager_by_manager(id):
    #TODO: separate to a validation class
    if request.get_json() is None:
        return ru.http_unsupported_media_type()

    finance_manager_id = None
    if 'approver' not in request.get_json():
        return ru.http_bad_gateway(
            message="Approver is required in the request")
    else:
        if request.get_json().get('approver') is None:
            pass
        else:
            finance_manager = User.find_by_uid(
                request.get_json().get('approver'))
            if finance_manager is None:
                return ru.http_bad_gateway(message="Invalid manager")

            if not finance_manager.is_finance_manager:
                return ru.http_bad_gateway(message="Invalid manager")

            finance_manager_id = finance_manager.id

    auth = request.headers.get('authorization').split(' ')

    if not vu.is_valid_bearer(auth):
        return ru.http_unauthorized(message="Invalid Bearer Authentication")

    token = UserToken.is_valid_token(auth[1])

    if token is None:
        return ru.http_unauthorized(message="Invalid token")

    if token.is_blocked or token.is_expired:
        return ru.http_forbidden()

    user = User.find_by_id(token.user)

    if user is None:
        return ru.http_forbidden()

    if user.is_manager:
        travel = db.session.query(Travel).join(
            TravelApproval, TravelApproval.travel == Travel.id).filter(
                TravelApproval.approver == user.id, TravelApproval.status == 2,
                Travel.id == id).first()

        if travel is None:
            return ru.http_conflict(message="No travel available for update")

        ta = db.session.query(TravelApproval).filter(
            travel.id == TravelApproval.travel).order_by(
                desc(TravelApproval.id)).limit(1).first()

        if ta is None:
            return ru.http_conflict(message="No data available for update")

        #if not submitted
        if ta.status != 2:
            return ru.http_conflict(message="Data is not available for update")

        if ta.approver != user.id:
            return ru.http_conflict(
                message="Data is not available for update of the user")

        TravelApproval.create(status=1,
                              travel=travel.id,
                              sender=user.id,
                              approver=finance_manager_id)

        return ru.http_success()
    else:
        return ru.http_forbidden(
            message='Role is not allowed to access this resource')
コード例 #6
0
def approve_record_by_manager(id):
    #TODO: separate to a validation class
    if request.get_json() is None:
        return ru.http_unsupported_media_type()

    if request.get_json().get('status') is None:
        return ru.http_bad_gateway(message="Status is required")

    if status_values.get(
            request.get_json().get('status')) is None or status_values.get(
                request.get_json().get('status')) not in (2, 3):
        return ru.http_bad_gateway(message="Status is invalid")

    auth = request.headers.get('authorization').split(' ')

    if not vu.is_valid_bearer(auth):
        return ru.http_unauthorized(message="Invalid Bearer Authentication")

    token = UserToken.is_valid_token(auth[1])

    if token is None:
        return ru.http_unauthorized(message="Invalid token")

    if token.is_blocked or token.is_expired:
        return ru.http_forbidden()

    user = User.find_by_id(token.user)

    if user is None:
        return ru.http_forbidden()

    if user.is_manager:
        travel = db.session.query(Travel).join(
            TravelApproval, TravelApproval.travel == Travel.id).filter(
                TravelApproval.approver == user.id, TravelApproval.status == 1,
                Travel.id == id).first()

        if travel is None:
            return ru.http_conflict(message="No travel available for update")

        ta = db.session.query(TravelApproval).filter(
            travel.id == TravelApproval.travel).order_by(
                desc(TravelApproval.id)).limit(1).first()

        if ta is None:
            return ru.http_conflict(message="No data available for update")

        #if not submitted
        if ta.status != 1:
            return ru.http_conflict(message="Data is not available for update")

        if ta.approver != user.id:
            return ru.http_conflict(
                message="Data is not available for update of the user")

        ta.status = status_values.get(request.get_json().get('status'))
        db.session.commit()

        return ru.http_success()
    else:
        return ru.http_forbidden(
            message='Role is not allowed to access this resource')
コード例 #7
0
def create_travel_record():
    #TODO: separate to a validation class
    if request.get_json() is None:
        return ru.http_unsupported_media_type()

    if 'description' not in request.get_json():
        return ru.http_bad_gateway(
            message="Description is required in the request")

    if 'start_date' not in request.get_json():
        return ru.http_bad_gateway(
            message="Start date is required in the request")
    else:
        if request.get_json().get('start_date') is None:
            pass
        else:
            if not vu.is_valid_datetime_string(
                    request.get_json().get('start_date')):
                return ru.http_bad_gateway(
                    message="Start date must be in format YYYY-MM-DD")

    if 'end_date' not in request.get_json():
        return ru.http_bad_gateway(
            message="End date is required in the request")
    else:
        if request.get_json().get('end_date') is None:
            pass
        else:
            if not vu.is_valid_datetime_string(
                    request.get_json().get('end_date')):
                return ru.http_bad_gateway(
                    message="End date must be in format YYYY-MM-DD")

            if request.get_json().get('start_date') > request.get_json().get(
                    'end_date'):
                return ru.http_bad_gateway(
                    message=
                    "End date must be greater than or equal to start date")

    if 'mode' not in request.get_json():
        return ru.http_bad_gateway(message="Mode is required in the request")

    if 'ticket_cost' not in request.get_json():
        return ru.http_bad_gateway(
            message="Ticket cost is required in the request")
    else:
        if request.get_json().get('ticket_cost') is None:
            pass
        else:
            if not (type(request.get_json().get('ticket_cost')) == int
                    or type(request.get_json().get('ticket_cost')) == float):
                return ru.http_bad_gateway(
                    message="Ticket cost must be numeric")

            if request.get_json().get('ticket_cost') < 0:
                return ru.http_bad_gateway(
                    message="Ticket cost must greater than or equal to 0")

    if 'home_airport_cost' not in request.get_json():
        return ru.http_bad_gateway(
            message="Home airport cost is required in the request")
    else:
        if request.get_json().get('home_airport_cost') is None:
            pass
        else:
            if not (type(request.get_json().get('home_airport_cost')) == int
                    or type(
                        request.get_json().get('home_airport_cost')) == float):
                return ru.http_bad_gateway(
                    message="Home airport cost must be numeric")

            if request.get_json().get('home_airport_cost') < 0:
                return ru.http_bad_gateway(
                    message="Home cost must greater than or equal to 0")

    if 'destination_airport_cost' not in request.get_json():
        return ru.http_bad_gateway(
            message="Destination airport cost is required in the request")
    else:
        if request.get_json().get('destination_airport_cost') is None:
            pass
        else:
            if not (type(
                    request.get_json().get('destination_airport_cost')) == int
                    or type(request.get_json().get('destination_airport_cost'))
                    == float):
                return ru.http_bad_gateway(
                    message="Destination aiport cost must be numeric")

            if request.get_json().get('destination_airport_cost') < 0:
                return ru.http_bad_gateway(
                    message="Home cost must greater than or equal to 0")

    if 'hotel_cost' not in request.get_json():
        return ru.http_bad_gateway(
            message="Hotel cost is required in the request")
    else:
        if request.get_json().get('hotel_cost') is None:
            pass
        else:
            if not (type(request.get_json().get('hotel_cost')) == int
                    or type(request.get_json().get('hotel_cost')) == float):
                return ru.http_bad_gateway(
                    message="Hotel cost must be numeric")

            if request.get_json().get('hotel_cost') < 0:
                return ru.http_bad_gateway(
                    message="Hotel cost must greater than or equal to 0")

    if 'local_conveyance' not in request.get_json():
        return ru.http_bad_gateway(
            message="Local conveyance is required in the request")
    else:
        if request.get_json().get('local_conveyance') is None:
            pass
        else:
            if not (type(request.get_json().get('local_conveyance')) == int or
                    type(request.get_json().get('local_conveyance')) == float):
                return ru.http_bad_gateway(
                    message="Local conveyance cost must be numeric")

            if request.get_json().get('local_conveyance') < 0:
                return ru.http_bad_gateway(
                    message="Local conveyance must greater than or equal to 0")

    manager_id = None
    if 'approver' not in request.get_json():
        return ru.http_bad_gateway(
            message="Approver is required in the request")
    else:
        if request.get_json().get('approver') is None:
            pass
        else:
            manager = User.find_by_uid(request.get_json().get('approver'))
            if manager is None:
                return ru.http_bad_gateway(message="Invalid manager")

            if not manager.is_manager:
                return ru.http_bad_gateway(message="Invalid manager")

            manager_id = manager.id

    auth = request.headers.get('authorization').split(' ')

    if not vu.is_valid_bearer(auth):
        return ru.http_unauthorized(message="Invalid Bearer Authentication")

    token = UserToken.is_valid_token(auth[1])

    if token is None:
        return ru.http_unauthorized(message="Invalid token")

    if token.is_blocked or token.is_expired:
        return ru.http_forbidden()

    user = User.find_by_id(token.user)

    if user is None:
        return ru.http_forbidden()

    is_submitted = 1
    if for_values.get(request.args.get('for')) is not None:
        is_submitted = for_values.get(request.args.get('for'))

    if is_submitted == 1:
        if manager_id is None:
            return ru.http_conflict(
                message="Manager must be required when submitting for approval"
            )

    if user.is_employee:
        travel = Travel.create_with_return(
            description=request.get_json().get('description'),
            start_date=request.get_json().get('start_date'),
            end_date=request.get_json().get('end_date'),
            mode=request.get_json().get('mode'),
            ticket_cost=request.get_json().get('ticket_cost'),
            home_airport_cab_cost=request.get_json().get('home_airport_cost'),
            dest_airport_cab_cost=request.get_json().get(
                'destination_airport_cost'),
            hotel_cost=request.get_json().get('hotel_cost'),
            local_conveyance=request.get_json().get('local_conveyance'),
            owner=user.id,
        )

        if travel is None:
            return ru.http_conflict(
                message="Failed to save your travel details")
        else:
            ta = TravelApproval.create(travel=travel.id,
                                       sender=user.id,
                                       approver=manager_id,
                                       status=is_submitted)

            if not ta:
                return ru.http_conflict(
                    message="Failed to save your travel approval details")

        return ru.http_created(message="successfully created")
    else:
        return ru.http_forbidden(
            message='Role is not allowed to create a travel record')
コード例 #8
0
def update_travel_record(id):
    #TODO: separate to a validation class
    if request.get_json() is None:
        return ru.http_unsupported_media_type()

    if 'description' not in request.get_json():
        return ru.http_bad_gateway(
            message="Description is required in the request")

    if 'start_date' not in request.get_json():
        return ru.http_bad_gateway(
            message="Start date is required in the request")
    else:
        if request.get_json().get('start_date') is None:
            pass
        else:
            if not vu.is_valid_datetime_string(
                    request.get_json().get('start_date')):
                return ru.http_bad_gateway(
                    message="Start date must be in format YYYY-MM-DD")

    if 'end_date' not in request.get_json():
        return ru.http_bad_gateway(
            message="End date is required in the request")
    else:
        if request.get_json().get('end_date') is None:
            pass
        else:
            if not vu.is_valid_datetime_string(
                    request.get_json().get('end_date')):
                return ru.http_bad_gateway(
                    message="End date must be in format YYYY-MM-DD")

            if request.get_json().get('start_date') > request.get_json().get(
                    'end_date'):
                return ru.http_bad_gateway(
                    message=
                    "End date must be greater than or equal to start date")

    if 'mode' not in request.get_json():
        return ru.http_bad_gateway(message="Mode is required in the request")

    if 'ticket_cost' not in request.get_json():
        return ru.http_bad_gateway(
            message="Ticket cost is required in the request")
    else:
        if request.get_json().get('ticket_cost') is None:
            pass
        else:
            if not (type(request.get_json().get('ticket_cost')) == int
                    or type(request.get_json().get('ticket_cost')) == float):
                return ru.http_bad_gateway(
                    message="Ticket cost must be numeric")

            if request.get_json().get('ticket_cost') < 0:
                return ru.http_bad_gateway(
                    message="Ticket cost must greater than or equal to 0")

    if 'home_airport_cost' not in request.get_json():
        return ru.http_bad_gateway(
            message="Home airport cost is required in the request")
    else:
        if request.get_json().get('home_airport_cost') is None:
            pass
        else:
            if not (type(request.get_json().get('home_airport_cost')) == int
                    or type(
                        request.get_json().get('home_airport_cost')) == float):
                return ru.http_bad_gateway(
                    message="Home airport cost must be numeric")

            if request.get_json().get('home_airport_cost') < 0:
                return ru.http_bad_gateway(
                    message="Home airport cost must greater than or equal to 0"
                )

    if 'destination_airport_cost' not in request.get_json():
        return ru.http_bad_gateway(
            message="Destination airport cost is required in the request")
    else:
        if request.get_json().get('destination_airport_cost') is None:
            pass
        else:
            if not (type(
                    request.get_json().get('destination_airport_cost')) == int
                    or type(request.get_json().get('destination_airport_cost'))
                    == float):
                return ru.http_bad_gateway(
                    message="Destination aiport cost must be numeric")

            if request.get_json().get('destination_airport_cost') < 0:
                return ru.http_bad_gateway(
                    message=
                    "Destination airport cost must greater than or equal to 0")

    if 'hotel_cost' not in request.get_json():
        return ru.http_bad_gateway(
            message="Hotel cost is required in the request")
    else:
        if request.get_json().get('hotel_cost') is None:
            pass
        else:
            if not (type(request.get_json().get('hotel_cost')) == int
                    or type(request.get_json().get('hotel_cost')) == float):
                return ru.http_bad_gateway(
                    message="Hotel cost must be numeric")

            if request.get_json().get('hotel_cost') < 0:
                return ru.http_bad_gateway(
                    message="Hotel cost must greater than or equal to 0")

    if 'local_conveyance' not in request.get_json():
        return ru.http_bad_gateway(
            message="Local conveyance is required in the request")
    else:
        if request.get_json().get('local_conveyance') is None:
            pass
        else:
            if not (type(request.get_json().get('local_conveyance')) == int or
                    type(request.get_json().get('local_conveyance')) == float):
                return ru.http_bad_gateway(
                    message="Local conveyance cost must be numeric")

            if request.get_json().get('local_conveyance') < 0:
                return ru.http_bad_gateway(
                    message="Local conveyance must greater than or equal to 0")

    manager_id = None
    if 'approver' not in request.get_json():
        return ru.http_bad_gateway(
            message="Approver is required in the request")
    else:
        if request.get_json().get('approver') is None:
            pass
        else:
            manager = User.find_by_uid(request.get_json().get('approver'))
            if manager is None:
                return ru.http_bad_gateway(message="Invalid manager")

            if not manager.is_manager:
                return ru.http_bad_gateway(message="Invalid manager")

            manager_id = manager.id

    auth = request.headers.get('authorization').split(' ')

    if not vu.is_valid_bearer(auth):
        return ru.http_unauthorized(message="Invalid Bearer Authentication")

    token = UserToken.is_valid_token(auth[1])

    if token is None:
        return ru.http_unauthorized(message="Invalid token")

    if token.is_blocked or token.is_expired:
        return ru.http_forbidden()

    user = User.find_by_id(token.user)

    if user is None:
        return ru.http_forbidden()

    is_submitted = 1
    if for_values.get(request.args.get('for')) is not None:
        is_submitted = for_values.get(request.args.get('for'))

    if is_submitted == 1:
        if manager_id is None:
            return ru.http_conflict(
                message="Manager must be required when submitting for approval"
            )

    if user.is_employee:
        sub = db.session.query(
            TravelApproval.id).filter(TravelApproval.travel == id).order_by(
                desc(TravelApproval.id)).limit(1)

        query = db.session.query(Travel, TravelApproval).join(
            TravelApproval, TravelApproval.travel == Travel.id,
            isouter=False).join(User,
                                TravelApproval.approver == User.id,
                                isouter=True).filter(
                                    Travel.owner == user.id, Travel.id == id,
                                    TravelApproval.id == sub).first()

        print(query)

        if query is None:
            return ru.http_bad_gateway(
                message="The data is not available for update")

        if query[1] is not None:
            if query[1].status != 0 or query[1].sender != user.id:
                return ru.http_conflict(
                    message="The data is not available for update")

        if query is None:
            return ru.http_conflict(
                message="Failed to update your travel details")

        query[0].description = request.get_json().get('description'),
        query[0].start_date = request.get_json().get('start_date'),
        query[0].end_date = request.get_json().get('end_date'),
        query[0].mode = request.get_json().get('mode'),
        query[0].ticket_cost = request.get_json().get('ticket_cost'),
        query[0].home_airport_cab_cost = request.get_json().get(
            'home_airport_cost'),
        query[0].dest_airport_cab_cost = request.get_json().get(
            'destination_airport_cost'),
        query[0].hotel_cost = request.get_json().get('hotel_cost'),
        query[0].local_conveyance = request.get_json().get('local_conveyance'),

        if query[1] is None:
            ta = TravelApproval.create(travel=query[0].id,
                                       sender=user.id,
                                       approver=manager_id,
                                       status=is_submitted)
        else:
            query[1].travel = query[0].id
            query[1].sender = user.id
            query[1].approver = manager_id
            query[1].status = is_submitted

        db.session.commit()

        return ru.http_created(message="successfully updated")
    else:
        return ru.http_forbidden(
            message='Role is not allowed to update a travel record')