def mutate(self, info, name, longitude, latitude, days_hours, food_items):
# get authentication token from request header
auth_token = get_token_from_header()
# return unauthorized if token is not present
if not auth_token:
abort(401, 'A valid token must be included')
# get the user_id from the token
user_id = get_user_id_from_token(auth_token)
# create and insert entry in database
try:
truck = FoodTruck(name=name,
longitude=longitude,
latitude=latitude,
days_hours=days_hours,
food_items=food_items,
user_id=user_id)
db.session.add(truck)
db.session.commit()
current_app.logger.info(
'successfully inserted food truck entry with id %d',
truck.uuid)
return CreateFoodTruck(food_truck=truck)
except SQLAlchemyError as e:
db.session.rollback()
current_app.logger.error(
'error inserting food truck entry (%s, %d, %d, %s, %s): %s',
name, latitude, longitude, days_hours, food_items, e)
abort(500, 'Error creating resource')
def mutate(self, info, truck_id):
# get authentication token from request header
auth_token = get_token_from_header()
# return unauthorized if token is not present
if not auth_token:
abort(401, 'A valid token must be included')
# get the user_id from the token
user_id = get_user_id_from_token(auth_token)
# delete truck with id if it exists
try:
truck = FoodTruck.query.filter_by(uuid=truck_id).first()
if truck:
if truck.user_id == user_id or User.is_admin(user_id):
FoodTruck.query.filter_by(uuid=truck_id).delete()
db.session.commit()
current_app.logger.info(
'successfully deleted food truck entry id %d',
truck_id)
return DeleteFoodTruck(food_truck=truck)
else:
abort(401, 'Not authorized to modify this resource')
else:
return DeleteFoodTruck(food_truck=truck)
except SQLAlchemyError as e:
db.session.rollback()
current_app.logger.error(
'error deleting food truck entry id %d: %s', truck_id, e)
abort(500, 'Error deleting resource with id {}'.format(truck_id))
def get(self):
"""
GET /auth/user endpoint returns user details if authenticated
Parameters:
-
Returns:
str: JSON representation of user details
"""
# get authentication token from request header
auth_token = get_token_from_header()
# token must be present
if auth_token:
# get user id from token payload
user_id = get_user_id_from_token(auth_token)
try:
# get user details from database
user = User.query.filter_by(id=user_id).first()
return make_response(jsonify(user.serialize()), 200)
except Exception as e:
current_app.logger.error('Error getting user details: %s', e)
abort(500, 'Error getting user details')
# if no token is present, return unsuccessful response
else:
abort(401, 'A valid token must be included')
def mutate(self, info, truck_id, name, longitude, latitude, days_hours,
food_items):
# get authentication token from request header
auth_token = get_token_from_header()
# return unauthorized if token is not present
if not auth_token:
abort(401, 'A valid token must be included')
# get the user_id from the token
user_id = get_user_id_from_token(auth_token)
# fetch truck by id and update or create if it does not exist
try:
truck = FoodTruck.query.filter_by(uuid=truck_id).first()
# truck does not exist, so it is created
if truck is None:
truck = FoodTruck(name=name,
longitude=longitude,
latitude=latitude,
days_hours=days_hours,
food_items=food_items,
user_id=user_id)
truck.uuid = truck_id
db.session.add(truck)
# truck exists, so it is updated
else:
if truck.user_id == user_id or User.is_admin(user_id):
truck.name = name
truck.longitude = longitude
truck.latitude = latitude
truck.days_hours = days_hours
truck.food_items = food_items
else:
abort(401, 'Not authorized to modify this resource')
# commit changes to database
db.session.commit()
current_app.logger.info(
'successfully updated food truck entry id %d', truck_id)
return UpdateFoodTruck(food_truck=truck)
except SQLAlchemyError as e:
db.session.rollback()
current_app.logger.error(
'error updating food truck entry id %d: %s', truck_id, e)
abort(500, 'Error updating resource with id {}'.format(truck_id))
def delete(self, truck_id):
"""
DELETE /foodtrucks/<id> endpoint deletes /foodtrucks resource with specific id
Parameters:
truck_id (int): id of truck to query
Returns:
str: JSON response with success message
"""
# get authentication token from request header
auth_token = get_token_from_header()
# return unauthorized if token is not present
if not auth_token:
abort(401, 'A valid token must be included')
# get the user_id from the token
user_id = get_user_id_from_token(auth_token)
# delete truck with id if it exists
try:
truck = FoodTruck.query.filter_by(uuid=truck_id).first()
if truck:
if truck.user_id == user_id or User.is_admin(user_id):
FoodTruck.query.filter_by(uuid=truck_id).delete()
db.session.commit()
current_app.logger.info(
'successfully deleted food truck entry id %d',
truck_id)
return make_response(jsonify({'message': 'Entry deleted'}),
200)
else:
abort(401, 'Not authorized to modify this resource')
else:
return make_response(jsonify({'message': 'Entry deleted'}),
200)
except SQLAlchemyError as e:
db.session.rollback()
current_app.logger.error(
'error deleting food truck entry id %d: %s', truck_id, e)
abort(500, 'Error deleting resource with id {}'.format(truck_id))
def post(self):
"""
POST /foodtrucks endpoint creates a /foodtrucks resource
The request must include JSON data specifying the field values of the resource.
Returns:
str: JSON representation of the created resource
"""
# get authentication token from request header
auth_token = get_token_from_header()
# return unauthorized if token is not present
if not auth_token:
abort(401, 'A valid token must be included')
# get the user_id from the token
user_id = get_user_id_from_token(auth_token)
# get the POST data
post_data = request.get_json()
# validate JSON request
if not post_data:
abort(400, 'Request must be JSON mimetype')
if not 'name' in post_data or type(post_data['name']) != str:
abort(400, "invalid or missing 'name' field")
if not 'longitude' in post_data or type(
post_data['longitude']) != float:
abort(400, "invalid or missing 'longitude' field")
if not 'latitude' in post_data or type(post_data['latitude']) != float:
abort(400, "invalid or missing 'latitude' field")
if not 'days_hours' in post_data or type(
post_data['days_hours']) != str:
abort(400, "invalid or missing 'dayshours' field")
if not 'food_items' in post_data or type(
post_data['food_items']) != str:
abort(400, "invalid or missing'food_items' field")
# extract values from request
name = post_data['name']
longitude = post_data['longitude']
latitude = post_data['latitude']
days_hours = post_data['days_hours']
food_items = post_data['food_items']
# create and insert entry in database
try:
truck = FoodTruck(name=name,
longitude=longitude,
latitude=latitude,
days_hours=days_hours,
food_items=food_items,
user_id=user_id)
db.session.add(truck)
db.session.commit()
current_app.logger.info(
'successfully inserted food truck entry with id %d',
truck.uuid)
return make_response(jsonify(truck.serialize()), 201)
except SQLAlchemyError as e:
db.session.rollback()
current_app.logger.error(
'error inserting food truck entry (%s, %d, %d, %s, %s): %s',
name, latitude, longitude, days_hours, food_items, e)
abort(500, 'Error creating resource')
def put(self, truck_id):
"""
PUT /foodtrucks/<id> endpoint updates or creates /foodtrucks resource with specific id
The request must include JSON data specifying the field values of the updated resource.
Parameters:
truck_id (int): id of truck to query
Returns:
str: JSON representation of updated or created resource
"""
# get authentication token from request header
auth_token = get_token_from_header()
# return unauthorized if token is not present
if not auth_token:
abort(401, 'A valid token must be included')
# get the user_id from the token
user_id = get_user_id_from_token(auth_token)
# get the POST data
post_data = request.get_json()
# validate JSON request
if not post_data:
abort(400, 'Request must be JSON mimetype')
if not 'name' in post_data or type(post_data['name']) != str:
abort(400, "invalid or missing 'name' field")
if not 'longitude' in post_data or type(
post_data['longitude']) != float:
abort(400, "invalid or missing 'longitude' field")
if not 'latitude' in post_data or type(post_data['latitude']) != float:
abort(400, "invalid or missing 'latitude' field")
if not 'days_hours' in post_data or type(
post_data['days_hours']) != str:
abort(400, "invalid or missing 'dayshours' field")
if not 'food_items' in post_data or type(
post_data['food_items']) != str:
abort(400, "invalid or missing 'food_items' field")
# extract values from request
name = post_data['name']
longitude = post_data['longitude']
latitude = post_data['latitude']
days_hours = post_data['days_hours']
food_items = post_data['food_items']
# fetch truck by id and update or create if it does not exist
try:
truck = FoodTruck.query.filter_by(uuid=truck_id).first()
# truck does not exist, so it is created
if truck is None:
truck = FoodTruck(name=name,
longitude=longitude,
latitude=latitude,
days_hours=days_hours,
food_items=food_items,
user_id=user_id)
truck.uuid = truck_id
db.session.add(truck)
# truck exists, so it is updated
else:
if truck.user_id == user_id or User.is_admin(user_id):
truck.name = name
truck.longitude = longitude
truck.latitude = latitude
truck.days_hours = days_hours
truck.food_items = food_items
else:
abort(401, 'Not authorized to modify this resource')
# commit changes to database
db.session.commit()
current_app.logger.info(
'successfully updated food truck entry id %d', truck_id)
return make_response(jsonify(truck.serialize()), 200)
except SQLAlchemyError as e:
db.session.rollback()
current_app.logger.error(
'error updating food truck entry id %d: %s', truck_id, e)
abort(500, 'Error updating resource with id {}'.format(truck_id))