def put(self, meal_id: str) -> Response:
"""
PUT request method for updating a meal document.
JSON Web Token is required.
Admin-level access is required.
"""
is_admin = Users.objects.get(id=get_jwt_identity()).access.admin
if is_admin:
data = request.get_json()
try: # validate the passed field values
Meals(**data).validate()
except (FieldDoesNotExist, TypeError, ValidationError,
NotUniqueError, DuplicateKeyError):
return wrong_value()
try:
updated_meal = Meals.objects.get(id=meal_id)
# if new value for the field is not given, don't change it
updated_meal.update(
set__name=data.get('name', updated_meal.name),
set__description=data.get('description',
updated_meal.description),
set__price=data.get('price', updated_meal.price),
set__image_url=data.get('image_url',
updated_meal.image_url))
output = f'Successfully updated meal {meal_id}'
return jsonify({'result': output})
except (DoesNotExist, ValidationError):
output = f'No meal with id={meal_id}'
return jsonify({'result': output})
except NotUniqueError:
return wrong_value()
else:
return forbidden()
def post(self) -> Response:
"""
POST request method for creating a new meal document.
JSON Web Token is required.
Admin-level access is required.
"""
# check if user is admin
is_admin = Users.objects.get(id=get_jwt_identity()).access.admin
if is_admin:
data = request.get_json()
try: # validate the passed field values
Meals(**data).validate()
except (FieldDoesNotExist, TypeError, ValidationError):
return wrong_value()
try:
new_meal = Meals(**data)
new_meal.save()
output = {'new_meal_id': str(new_meal.id)}
except NotUniqueError:
output = 'Meal with this name already exists.'
except AttributeError:
output = 'Could not get new meal\'s ID.'
return jsonify({'result': output})
else:
return forbidden()
def delete(self, user_id: str) :
authorized: bool = Users.objects.get(id=get_jwt_identity()).access.admin
if authorized:
output = Meals.objects(id=user_id).delete()
return jsonify({'result': output})
else:
return forbidden()
def get(self):
authorized: bool = Users.objects.get(
id=get_jwt_identity()).access.admin
if authorized:
output = Users.objects()
return jsonify({'result': output})
else:
return forbidden()
def delete(self, user_id: str) -> Response:
# DELETE response method for deleting user.
authorized: bool = Users.objects.get(
id=get_jwt_identity()).access.admin
if authorized:
output = Users.objects(id=user_id).delete()
return jsonify({'result': output})
else:
return forbidden()
def post(self):
authorized : bool = Users.objects.get(id=get_jwt_identity()).access.admin
if authorized:
data = request.get_json()
post_user = Meals(**data).save()
output = {'id': str(post_user.id)}
return jsonify({'result': output})
else:
return forbidden()
def get(self, user_id: str) -> Response:
# GET response method for acquiring single user data.
authorized: bool = Users.objects.get(
id=get_jwt_identity()).access.admin
if authorized:
output = Users.objects.get(id=user_id)
return jsonify({'result': output})
else:
return forbidden()
def put(self, user_id: str):
authorized: bool = Users.objects.get(
id=get_jwt_identity()).access.admin
if authorized:
data = request.get_json()
put_user = Users.objects(id=user_id).update(**data)
output = {'id': str(put_user.id)}
return jsonify({'result': output})
else:
return forbidden()
def put(self, user_id: str) -> Response:
"""
PUT request method for updating a certain user document.
JSON Web Token is required.
Admin-level access is required or logged in user should be the requested user.
"""
is_admin = Users.objects.get(id=get_jwt_identity()).access.admin
# check if requested user is the same as logged in user
is_logged_in_user = get_jwt_identity() == user_id
if is_admin or is_logged_in_user:
data = request.get_json()
try: # validate the passed field values
Users(**data).validate()
except (FieldDoesNotExist, TypeError, ValidationError,
NotUniqueError, DuplicateKeyError):
return wrong_value()
try:
updated_user = Users.objects.get(id=user_id)
# preventing change of email or password
if data['email'] != updated_user.email or \
not updated_user.check_pwd_hash(data['password']):
output = 'Update rejected: change of email or password is not allowed.'
resp = jsonify({'result': output})
resp.status_code = 400
return resp
# retrieve referenced Meals documents and add
# their reference to fav_meals list (overwrites old list)
if data.get('fav_meals') is not None:
try:
fav_meals_list = [
Meals.objects.get(__raw__=meal)
for meal in data['fav_meals']
]
updated_user.update(set__fav_meals=fav_meals_list)
except (OperationFailure, DoesNotExist, ValueError):
return wrong_value()
# if new value for the field is not given, don't change it
updated_user.update(
set__name=data.get('name', updated_user.name))
# grant admin access to the user (only existing admin can do it)
if data.get('access') is not None:
if data['access']['admin']:
if is_admin:
updated_user.update(set__access=data.get(
'access', updated_user.access))
else:
return not_admin()
output = f'Successfully updated user {user_id}'
except (DoesNotExist, ValidationError):
output = f'No user with id={user_id}'
return jsonify({'result': output})
else:
return forbidden()
def get(self) -> Response:
"""
GET request method for retrieving all user documents.
JSON Web Token is required.
Admin-level access is required.
"""
is_admin = Users.objects.get(id=get_jwt_identity()).access.admin
if is_admin:
output = Users.objects.exclude('password')
return jsonify({'result': output})
else:
return forbidden()
def post(self) -> Response:
# POST response method for creating user.
authorized: bool = Users.objects.get(
id=get_jwt_identity()).access.admin
if authorized:
data = request.get_json()
post_user = Users(**data).save()
output = {'id': str(post_user.id)}
return jsonify({'result': output})
else:
return forbidden()
def delete(self) -> Response:
"""
DELETE response method for deleting all users.
JSON Web Token is required.
Authorization is required: Access(admin=true)
:return: JSON object
"""
authorized: bool = user.objects.get(id=get_jwt_identity()).access.admin
if authorized:
output = user.objects.delete()
return jsonify({'result': output})
else:
return forbidden()
def get(self, user_id: str) -> Response:
"""
GET response method for acquiring single user data.
JSON Web Token is required.
Authorization is required: Access(admin=true) or UserId = get_jwt_identity()
:return: JSON object
"""
authorized: bool = user.objects.get(id=get_jwt_identity()).access.admin
if authorized:
output = user.objects.get(id=user_id)
return jsonify({'result': output})
else:
return forbidden()
def delete(self, user_id: str) -> Response:
"""
DELETE response method for deleting single product.
JSON Web Token is required.
Authorization is required: Access(admin=true)
:return: JSON object
"""
#authorized: bool = Products.objects.get(id=get_jwt_identity()).access.admin
if True:
output = Products.objects(id=user_id).delete()
return jsonify({'result': output})
else:
return forbidden()
def post(self) -> Response:
"""
POST response method for creating product.
JSON Web Token is required.
Authorization is required: Access(admin=true)
:return: JSON object
"""
#authorized: bool = Products.objects.get(id=get_jwt_identity()).access.admin
if True:
data = request.get_json()
post_user = Products(**data).save()
output = {'id': str(post_user.id)}
return jsonify({'result': output})
else:
return forbidden()
def put(self, user_id: str) -> Response:
"""
PUT response method for updating a user.
JSON Web Token is required.
Authorization is required: Access(admin=true) or UserId = get_jwt_identity()
:return: JSON object
"""
authorized: bool = user.objects.get(id=get_jwt_identity()).access.admin
if authorized:
data = request.get_json()
put_user = user.objects(id=user_id).update(**data)
output = {'id': str(put_user.id)}
return jsonify({'result': output})
else:
return forbidden()
def delete(self, meal_id: str) -> Response:
"""
DELETE request method for deleting a meal document.
JSON Web Token is required.
Admin-level access is required.
"""
is_admin = Users.objects.get(id=get_jwt_identity()).access.admin
if is_admin:
try:
Meals.objects.get(id=meal_id).delete()
output = f'Successfully deleted meal {meal_id}'
return jsonify({'result': output})
except (DoesNotExist, ValidationError):
output = f'No meal with id={meal_id}'
return jsonify({'result': output})
else:
return forbidden()
def get(self, user_id: str) -> Response:
"""
GET request method for retrieving a certain user document.
JSON Web Token is required.
Admin-level access is required or logged in user should be the requested user.
"""
is_admin = Users.objects.get(id=get_jwt_identity()).access.admin
# check if requested user is the same as logged in user
is_logged_in_user = get_jwt_identity() == user_id
if is_admin or is_logged_in_user:
try:
output = Users.objects.exclude('password').get(id=user_id)
return jsonify({'result': output})
except (DoesNotExist, ValidationError):
output = f'No user with id={user_id}'
return jsonify({'result': output})
else:
return forbidden()
def post(self) -> Response:
"""
POST request method for creating a new user document.
JSON Web Token is required.
Admin-level access is required.
"""
is_admin = Users.objects.get(id=get_jwt_identity()).access.admin
if is_admin:
data = request.get_json()
try: # validate the passed field values
Users(**data).validate()
except (FieldDoesNotExist, TypeError, ValidationError):
return wrong_value()
try:
# retrieve referenced Meals documents and add
# their reference to fav_meals list
fav_meals_list = []
if data.get('fav_meals') is not None:
fav_meals_list = [
Meals.objects.get(__raw__=meal)
for meal in data['fav_meals']
]
# create a new user with the given data
new_user = Users(email=data.get('email'),
password=data.get('password'),
name=data.get('name'),
fav_meals=fav_meals_list,
access=data.get('access'))
new_user.save()
output = {'new_user_id': str(new_user.id)}
except (OperationFailure, DoesNotExist, ValueError):
return wrong_value()
except NotUniqueError:
output = 'User with this email already exists'
except AttributeError:
output = 'Could not get new user\'s ID.'
return jsonify({'result': output})
else:
return forbidden()
