def get(self, wallet_id, account_id): ro, code = self.limit_access() if ro: return ro, code try: if not wallet_id: return make_bad_request_response(APIError.WRONG_API) wallet = Wallet.query.filter_by(id=wallet_id).first() if not wallet: return make_bad_request_response(APIError.WALLET_NOT_FOUND) user_id = self.get_user_id() is_user_wallet_admin = user_id == wallet.admin membership_record = WalletMember.query.filter_by( wallet_id=wallet_id, user_id=user_id) if not is_user_wallet_admin and not membership_record: return make_bad_request_response(APIError.ACCESS_DENIED) if account_id is None: accounts = Account.query.filter_by(wallet_id=wallet_id).all() data = [] for account in accounts: data.append(AccountAPI.get_data(account, wallet)) response_object = default_response_object() response_object['data'] = data return make_success_response(response_object, 200) else: account = Account.query.filter_by(id=account_id).first() if not account: return make_bad_request_response( APIError.ACCOUNT_NOT_FOUND) response_object = default_response_object() response_object['data'] = AccountAPI.get_data(account, wallet) return make_success_response(response_object, 200) except Exception: return make_bad_request_response(APIError.UNKNOWN_EXCEPTION)
def get(self, user_id): ro, code = self.limit_access() if ro: return ro, code try: if user_id is None: filter_email = request.args.get('filter[email]') if filter_email is not None: users = User.query.filter_by(email=filter_email).all() else: users = User.query.order_by(User.id.asc()).all() response_object = default_response_object() data = [] for user in users: data.append(UserAPI.get_data(user)) response_object['data'] = data response_object['links'] = { 'self': url_for('users.user_api', _method='GET') } return make_success_response(response_object, 200) else: user = User.query.filter_by(id=user_id).first() if not user: return make_not_found_response( APIError.USER_DOES_NOT_EXIST) response_object = default_response_object() response_object['data'] = UserAPI.get_data(user) return make_success_response(response_object, 200) except Exception: return make_internal_server_error_response( APIError.UNKNOWN_EXCEPTION)
def post(self): ro, code = self.limit_access() if ro: return ro, code try: post_data = request.get_json() if not post_data: return make_bad_request_response(APIError.NOT_JSON) data = post_data.get('data') if not data: return make_bad_request_response(APIError.WRONG_API) the_type = data.get('type') if not the_type or the_type != 'wallets': return make_bad_request_response(APIError.WRONG_API) attributes = data.get('attributes') if not attributes: return make_bad_request_response(APIError.WRONG_API) name = attributes.get('name') if not name: return make_bad_request_response(APIError.WRONG_API) notes = attributes.get('notes') if not notes: notes = '' user_id = self.get_user_id() user = User.query.filter_by(id=user_id).first() wallet = Wallet(admin=user_id, name=name, notes=notes) db.session.add(wallet) db.session.commit() response_object = default_response_object() response_object['data'] = WalletAPI.get_data(wallet=wallet, minimal=True) return make_success_response(response_object, 201) except Exception: return make_internal_server_error_response( APIError.UNKNOWN_EXCEPTION)
def delete(self, wallet_id, account_id): ro, code = self.limit_access() if ro: return ro, code try: if not wallet_id: return make_bad_request_response(APIError.WRONG_API) wallet = Wallet.query.filter_by(id=wallet_id).first() if not wallet: return make_bad_request_response(APIError.WALLET_NOT_FOUND) user_id = self.get_user_id() is_user_wallet_admin = user_id == wallet.admin membership_record = WalletMember.query.filter_by( wallet_id=wallet_id, user_id=user_id) if not is_user_wallet_admin and not membership_record: return make_bad_request_response(APIError.ACCESS_DENIED) account = Account.query.filter_by(id=account_id).first() if not account: return make_bad_request_response(APIError.ACCOUNT_NOT_FOUND) db.session.delete(account) db.session.commit() response_object = default_response_object() return make_success_response(response_object, 200) except Exception: return make_internal_server_error_response( APIError.UNKNOWN_EXCEPTION)
def post(self, wallet_id): ro, code = self.limit_access() if ro: return ro, code try: if wallet_id is None: return make_bad_request_response(APIError.WRONG_API) user_id = self.get_user_id() wallet = Wallet.query.filter_by(id=wallet_id).first() if not wallet: return make_bad_request_response(APIError.WALLET_NOT_FOUND) if user_id != wallet.admin: return make_bad_request_response(APIError.ACCESS_DENIED) post_data = request.get_json() if not post_data: return make_bad_request_response(APIError.NOT_JSON) data = post_data.get('data') if not data: return make_bad_request_response(APIError.WRONG_API) data_type = data.get('type') if not data_type or data_type != 'walletMembers': return make_bad_request_response(APIError.WRONG_API) relationships = data.get('relationships') if not relationships: return make_bad_request_response(APIError.WRONG_API) member_data = relationships.get('member') if not member_data: return make_bad_request_response(APIError.WRONG_API) member_type = member_data.get('type') if not member_type or member_type != 'users': return make_bad_request_response(APIError.WRONG_API) member_id = member_data.get('id') if not member_id: return make_bad_request_response(APIError.WRONG_API) member = User.query.filter_by(id=member_id).first() if not member: return make_bad_request_response(APIError.USER_DOES_NOT_EXIST) if member_id == wallet.admin: return make_conflict_response( APIError.WALLET_ADMIN_CAN_NOT_BE_MEMBER) membership_record = WalletMember.query.filter_by( user_id=member_id, wallet_id=wallet_id).first() if membership_record: return make_conflict_response( APIError.WALLET_MEMBER_ALREADY_EXIST) wallet_member = WalletMember(user_id=member_id, wallet_id=wallet_id) db.session.add(wallet_member) db.session.commit() response_object = default_response_object() response_object['data'] = WalletMemberAPI.get_data(wallet=wallet, user=member) return make_success_response(response_object, 201) except Exception: return make_bad_request_response(APIError.UNKNOWN_EXCEPTION)
def post(self): post_data = request.get_json() if not post_data: return make_bad_request_response(APIError.NOT_JSON) data = post_data.get('data') if not data: return make_bad_request_response(APIError.WRONG_API) the_type = data.get('type') if not the_type or the_type != 'auth': return make_bad_request_response(APIError.WRONG_API) attributes = data.get('attributes') if not attributes: return make_bad_request_response(APIError.WRONG_API) email = attributes.get('email') first_name = attributes.get('firstName') last_name = attributes.get('lastName') password = attributes.get('password') if (not email or not is_email_valid(email)) or ( not first_name or not first_name.strip()) or ( not last_name or not last_name.strip()) or (not password or not password.strip()): return make_bad_request_response(APIError.WRONG_API) user = User.query.filter_by(email=email).first() if not user: try: admin = User.query.count() == 0 user = User(email=email, first_name=first_name, last_name=last_name, password=password, admin=admin) db.session.add(user) db.session.commit() auth_token = User.encode_auth_token(user.id) token = Token(auth_token.decode(), user.id) db.session.add(token) db.session.commit() response_object = default_response_object() response_object['data'] = { 'type': 'auth', 'attributes': { 'token': auth_token.decode() }, 'links': { 'self': url_for('auth.register_api') } } return make_success_response(response_object, 201) except Exception: return make_internal_server_error_response( APIError.UNKNOWN_EXCEPTION) else: return make_conflict_response(APIError.USER_ALREADY_EXISTS)
def get(self, currency_id): ro, code = self.limit_access() if ro: return ro, code try: if currency_id is None: currencies=Currency.query.all() data=[] for currency in currencies: data.append(CurrencyAPI.get_data(currency)) response_object=default_response_object() response_object['data']=data return make_success_response(response_object, 200) else: currency=Currency.query.filter_by(id=currency_id).first() if not currency: return make_bad_request_response(APIError.CURRENCY_NOT_FOUND) response_object=default_response_object() response_object['data']=CurrencyAPI.get_data(currency) return make_success_response(response_object, 200) except Exception: return make_bad_request_response(APIError.UNKNOWN_EXCEPTION)
def patch(self, user_id): ro, code = self.limit_access() if ro: return ro, code try: if not self.auth.user.admin and self.auth.user.id != user_id: return make_unauthorized_response(APIError.ACCESS_DENIED) user = User.query.filter_by(id=user_id).first() if not user: return make_not_found_response(APIError.USER_DOES_NOT_EXIST) post_data = request.get_json() if not post_data: return make_bad_request_response(APIError.NOT_JSON) data = post_data.get('data') if not data: return make_bad_request_response(APIError.WRONG_API) data_type = data.get('type') if not data_type or data_type != 'users': return make_bad_request_response(APIError.WRONG_API) data_id = data.get('id') if not data_id or data_id != user_id: return make_bad_request_response(APIError.WRONG_API) attributes = data.get('attributes') if not attributes: return make_bad_request_response(APIError.WRONG_API) email = attributes.get('email') first_name = attributes.get('firstName') last_name = attributes.get('lastName') password = attributes.get('password') admin = attributes.get('admin') if email and is_email_valid(email): user.email = email if first_name and first_name.strip(): user.first_name = first_name if last_name and last_name.strip(): user.last_name = last_name if password and password.strip(): user.password = User.get_password_hash(password) if admin is not None: if self.auth.user.admin: user.admin = admin else: return make_unauthorized_response(APIError.ACCESS_DENIED) db.session.commit() response_object = default_response_object() response_object['data'] = UserAPI.get_data(user) return make_success_response(response_object, 200) except Exception: return make_internal_server_error_response( APIError.UNKNOWN_EXCEPTION)
def delete(self, wallet_id): ro, code = self.limit_access() if ro: return ro, code try: if wallet_id is None: return make_bad_request_response(APIError.WRONG_API) user_id = self.get_user_id() wallet = Wallet.query.filter_by(id=wallet_id).first() if not wallet: return make_bad_request_response(APIError.WALLET_NOT_FOUND) if user_id != wallet.admin: return make_bad_request_response(APIError.ACCESS_DENIED) post_data = request.get_json() if not post_data: return make_bad_request_response(APIError.NOT_JSON) data = post_data.get('data') if not data: return make_bad_request_response(APIError.WRONG_API) data_type = data.get('type') if not data_type or data_type != 'walletMembers': return make_bad_request_response(APIError.WRONG_API) relationships = data.get('relationships') if not relationships: return make_bad_request_response(APIError.WRONG_API) member_data = relationships.get('member') if not member_data: return make_bad_request_response(APIError.WRONG_API) member_type = member_data.get('type') if not member_type or member_type != 'users': return make_bad_request_response(APIError.WRONG_API) member_id = member_data.get('id') if not member_id: return make_bad_request_response(APIError.WRONG_API) membership_record = WalletMember.query.filter_by( user_id=member_id, wallet_id=wallet_id).first() if not membership_record: return make_bad_request_response( APIError.WALLET_MEMBER_NOT_FOUND) db.session.delete(membership_record) db.session.commit() respons_object = default_response_object() return make_success_response(respons_object, 200) except (error): print(error) return make_bad_request_response(APIError.UNKNOWN_EXCEPTION)
def delete(self, user_id): ro, code = self.limit_access() if ro: return ro, code try: if not self.auth.user.admin: return make_unauthorized_response(APIError.ACCESS_DENIED) user = User.query.filter_by(id=user_id).first() if not user: return make_not_found_response(APIError.USER_DOES_NOT_EXIST) db.session.delete(user) db.session.commit() response_object = default_response_object() return make_success_response(response_object, 200) except Exception: return make_internal_server_error_response( APIError.UNKNOWN_EXCEPTION)
def post(self): post_data = request.get_json() if not post_data: return make_bad_request_response(APIError.NOT_JSON) data = post_data.get('data') if not data: return make_bad_request_response(APIError.WRONG_API) the_type = data.get('type') if not the_type or the_type != 'auth': return make_bad_request_response(APIError.WRONG_API) attributes = data.get('attributes') if not attributes: return make_bad_request_response(APIError.WRONG_API) email = attributes.get('email') password = attributes.get('password') if not email or not password: return make_bad_request_response(APIError.WRONG_API) try: user = User.query.filter_by(email=email).first() if not user: return make_not_found_response(APIError.USER_DOES_NOT_EXIST) if not bcrypt.check_password_hash(user.password, password): return make_forbidden_response(APIError.WRONG_PASSWORD) auth_token = User.encode_auth_token(user.id) if auth_token: token = Token(auth_token.decode(), user.id) db.session.add(token) db.session.commit() response_object = default_response_object() response_object['data'] = { 'type': 'auth', 'attributes': { 'token': auth_token.decode() }, 'links': { 'self': url_for('auth.login_api') } } return make_success_response(response_object, 200) except Exception: return make_internal_server_error_response( APIError.UNKNOWN_EXCEPTION)
def delete(self, wallet_id): ro, code = self.limit_access() if ro: return ro, code try: if not wallet_id: return make_bad_request_response(APIError.WRONG_API) wallet = Wallet.query.filter_by(id=wallet_id).first() if not wallet: return make_bad_request_response(APIError.WALLET_NOT_FOUND) user_id = self.get_user_id() if wallet.admin != user_id: return make_forbidden_response(APIError.ACCESS_DENIED) db.session.delete(wallet) db.session.commit() response_object = default_response_object() return make_success_response(response_object, 200) except Exception: return make_internal_server_error_response( APIError.UNKNOWN_EXCEPTION)
def post(self): ro, code = self.limit_access() if ro: return ro, code try: token = Token.query.filter_by(token=str(self.auth.token)).first() if token: token.blacklist() db.session.commit() response_object = default_response_object() response_object['data'] = { 'type': 'auth', 'links': { 'self': url_for('auth.logout_api') } } return make_success_response(response_object, 200) except Exception: return make_internal_server_error_response( APIError.UNKNOWN_EXCEPTION)
def delete(self, currency_id): ro, code = self.limit_access() if ro: return ro, code try: if currency_id is None: return make_bad_request_response(APIError.WRONG_API) user_id=self.get_user_id() user=User.query.filter_by(id=user_id).first() if user.admin == False: return make_bad_request_response(APIError.ACCESS_DENIED) currency=Currency.query.filter_by(id=currency_id).first() if not currency: return make_bad_request_response(APIError.CURRENCY_NOT_FOUND) db.session.delete(currency) db.session.commit() response_object = default_response_object() return make_success_response(response_object, 200) except Exception: return make_bad_request_response(APIError.UNKNOWN_EXCEPTION)
def get(self): ro, code = self.limit_access() if ro: return ro, code response_object = default_response_object() response_object['data'] = { 'type': 'index', 'relationships': { 'user': { 'data': UserAPI.get_data(self.auth.user, minimal=True) } }, 'links': { 'self': url_for('index.versioned_api') } } if self.auth.user.admin: response_object['data']['relationships']['users'] = { 'links': url_for('users.user_api', _method='GET') } return make_success_response(response_object, 200)
def post(self): ro, code = self.limit_access() if ro: return ro, code try: user_id=self.get_user_id() user=User.query.filter_by(id=user_id).first() if user.admin == False: return make_bad_request_response(APIError.ACCESS_DENIED) post_data=request.get_json() if not post_data: return make_bad_request_response(APIError.NOT_JSON) data=post_data.get('data') if not data: return make_bad_request_response(APIError.WRONG_API) data_type=data.get('type') if not data_type or data_type != 'currencies': return make_bad_request_response(APIError.WRONG_API) attributes=data.get('attributes') if not attributes: return make_bad_request_response(APIError.WRONG_API) code=attributes.get('code') name=attributes.get('name') if not code or not name: return make_bad_request_response(APIError.WRONG_API) currency_record=Currency.query.filter_by(code=code).first() if currency_record: return make_conflict_response(APIError.CURRENCY_ALREADY_EXIST) new_currency=Currency( code=code, name=name ) db.session.add(new_currency) db.session.commit() response_object=default_response_object() response_object['data']=CurrencyAPI.get_data(new_currency) return make_success_response(response_object, 201) except Exception: return make_bad_request_response(APIError.UNKNOWN_EXCEPTION)
def post(self, wallet_id): ro, code = self.limit_access() if ro: return ro, code try: if not wallet_id: return make_bad_request_response(APIError.WRONG_API) wallet = Wallet.query.filter_by(id=wallet_id).first() if not wallet: return make_bad_request_response(APIError.WALLET_NOT_FOUND) user_id = self.get_user_id() is_user_wallet_admin = user_id == wallet.admin membership_record = WalletMember.query.filter_by( wallet_id=wallet_id, user_id=user_id) if not is_user_wallet_admin and not membership_record: return make_bad_request_response(APIError.ACCESS_DENIED) post_data = request.get_json() if not post_data: return make_bad_request_response(APIError.NOT_JSON) data = post_data.get('data') if not data: return make_bad_request_response(APIError.WRONG_API) data_type = data.get('type') if not data_type or data_type != 'tags': return make_bad_request_response(APIError.WRONG_API) attributes = data.get('attributes') if not attributes: return make_bad_request_response(APIError.WRONG_API) name = attributes.get('name') if not name: return make_bad_request_response(APIError.WRONG_API) tag = Tag(wallet_id=wallet_id, name=name) db.session.add(tag) db.session.commit() response_object = default_response_object() response_object['data'] = TagAPI.get_data(tag, wallet) return make_success_response(response_object, 201) except Exception: return make_bad_request_response(APIError.UNKNOWN_EXCEPTION)
def get(self): from project.server.users.views import UserAPI ro, code = self.limit_access() if ro: return ro, code response_object = default_response_object() response_object['data'] = { 'type': 'auth', 'attributes': { 'token': self.auth.token }, 'relationships': { 'user': { 'data': UserAPI.get_data(self.auth.user, minimal=True) } }, 'links': { 'self': url_for('auth.status_api') } } return make_success_response(response_object, 200)
def get(self, wallet_id): ro, code = self.limit_access() if ro: return ro, code try: if wallet_id is None: user_id = self.get_user_id() wallets = Wallet.query.filter_by(admin=user_id).all() membership_records = WalletMember.query.filter_by( user_id=user_id).all() for membership_record in membership_records: wallets.append( Wallet.query.filter_by( id=membership_record.wallet_id).first()) response_object = default_response_object() data = [] for wallet in wallets: wallet_admin = User.query.filter_by( id=wallet.admin).first() wallet_members = WalletMember.query.filter_by( wallet_id=wallet.id).all() members = [] for wallet_member in wallet_members: members.append( User.query.filter_by( id=wallet_member.user_id).first()) wallet_accounts = Account.query.filter_by( wallet_id=wallet.id).all() data.append( WalletAPI.get_data(wallet, members, wallet_accounts, wallet_admin)) response_object['data'] = data response_object['link'] = { 'self': url_for('wallets.wallet_api', _method='GET') } return make_success_response(response_object, 200) else: wallet = Wallet.query.filter_by(id=wallet_id).first() if not wallet: return make_not_found_response(APIError.WALLET_NOT_FOUND) user_id = self.get_user_id() user = User.query.filter_by(id=user_id).first() isUserAdmin = wallet.admin == user_id membership_record = WalletMember.query.filter_by( wallet_id=wallet_id, user_id=user_id).first() if isUserAdmin == False and not membership_record: return make_forbidden_response(APIError.ACCESS_DENIED) wallet_members = WalletMember.query.filter_by( wallet_id=wallet.id).all() members = [] for wallet_member in wallet_members: members.append( User.query.filter_by(id=wallet_member.user_id).first()) wallet_accounts = Account.query.filter_by( wallet_id=wallet.id).all() response_object = default_response_object() response_object['data'] = WalletAPI.get_data( wallet=wallet, members=members, accounts=wallet_accounts, admin=user) return make_success_response(response_object, 200) except Exception: return make_internal_server_error_response( APIError.UNKNOWN_EXCEPTION)
def post(self, wallet_id): ro, code = self.limit_access() if ro: return ro, code try: if not wallet_id: return make_bad_request_response(APIError.WRONG_API) post_data = request.get_json() if not post_data: return make_bad_request_response(APIError.NOT_JSON) data = post_data.get('data') if not data: return make_bad_request_response(APIError.WRONG_API) the_type = data.get('type') if not the_type or the_type != 'accounts': return make_bad_request_response(APIError.WRONG_API) attributes = data.get('attributes') if not attributes: return make_bad_request_response(APIError.WRONG_API) name = attributes.get('name') if not name: return make_bad_request_response(APIError.WRONG_API) notes = attributes.get('notes') if not notes: notes = '' relationships = data.get('relationships') if not relationships: return make_bad_request_response(APIError.WRONG_API) currency_data = relationships.get('currency') if not currency_data: return make_bad_request_response(APIError.WRONG_API) currency_type = currency_data.get('type') if not currency_type or currency_type != 'currencies': return make_bad_request_response(APIError.WRONG_API) currency_id = currency_data.get('id') if not currency_id: return make_bad_request_response(APIError.WRONG_API) user_id = self.get_user_id() wallet = Wallet.query.filter_by(id=wallet_id).first() if not wallet: return make_bad_request_response(APIError.WALLET_NOT_FOUND) if wallet.admin != user_id: return make_bad_request_response(APIError.ACCESS_DENIED) currency = Currency.query.filter_by(id=currency_id).first() if not currency: return make_bad_request_response(APIError.CURRENCY_NOT_FOUND) account = Account(wallet_id=wallet_id, currency_id=currency_id, name=name, notes=notes) db.session.add(account) db.session.commit() response_object = default_response_object() response_object['data'] = AccountAPI.get_data(account=account, wallet=wallet, minimal=False) return make_success_response(response_object, 201) except (error): print(error) return make_internal_server_error_response( APIError.UNKNOWN_EXCEPTION)