def query(self, view_kwargs):
"""
query method for Attendees List
:param view_kwargs:
:return:
"""
query_ = self.session.query(TicketHolder)
if view_kwargs.get('order_identifier'):
order = safe_query_kwargs(
Order, view_kwargs, 'order_identifier', 'identifier',
)
if not has_access('is_registrar', event_id=order.event_id) and not has_access(
'is_user_itself', user_id=order.user_id
):
raise ForbiddenError({'source': ''}, 'Access Forbidden')
query_ = query_.join(Order).filter(Order.id == order.id)
if view_kwargs.get('ticket_id'):
ticket = safe_query_kwargs(Ticket, view_kwargs, 'ticket_id')
# if not has_access('is_registrar', event_id=ticket.event_id):
# raise ForbiddenError({'source': ''}, 'Access Forbidden')
query_ = query_.join(Ticket).filter(Ticket.id == ticket.id)
if view_kwargs.get('user_id'):
user = safe_query_kwargs(User, view_kwargs, 'user_id')
if not has_access('is_user_itself', user_id=user.id):
raise ForbiddenError({'source': ''}, 'Access Forbidden')
query_ = query_.join(User, User.email == TicketHolder.email).filter(
User.id == user.id
)
query_ = event_query(query_, view_kwargs, permission='is_registrar')
return query_
def before_get_object(self, view_kwargs):
"""
before get method to get the resource id for fetching details
:param view_kwargs:
:return:
"""
if view_kwargs.get('attendee_id'):
attendee = safe_query_kwargs(TicketHolder, view_kwargs,
'attendee_id')
view_kwargs['id'] = attendee.order.id
if view_kwargs.get('order_identifier'):
order = safe_query_kwargs(Order, view_kwargs, 'order_identifier',
'identifier')
view_kwargs['id'] = order.id
elif view_kwargs.get('id'):
order = safe_query_by_id(Order, view_kwargs['id'])
if not has_access(
'is_coorganizer_or_user_itself',
event_id=order.event_id,
user_id=order.user_id,
):
raise ForbiddenError(
{'source': ''},
'You can only access your orders or your event\'s orders')
# expire the initializing order if time limit is over.
set_expiry_for_order(order)
def before_get_object(self, view_kwargs):
"""
before get method to get the resource id to fetch details
:param view_kwargs:
:return:
"""
if view_kwargs.get('event_identifier'):
event = safe_query_kwargs(Event, view_kwargs, 'event_identifier',
'identifier')
view_kwargs['event_id'] = event.id
if view_kwargs.get('event_id'):
event = safe_query_kwargs(Event, view_kwargs, 'event_id')
if event.event_sub_topic_id:
view_kwargs['id'] = event.event_sub_topic_id
else:
view_kwargs['id'] = None
if view_kwargs.get('custom_placeholder_id'):
custom_placeholder = safe_query_kwargs(
CustomPlaceholder,
view_kwargs,
'custom_placeholder_id',
)
if custom_placeholder.event_sub_topic_id:
view_kwargs['id'] = custom_placeholder.event_sub_topic_id
else:
view_kwargs['id'] = None
def before_get_object(self, view_kwargs):
if view_kwargs.get('event_identifier'):
event = safe_query_kwargs(Event, view_kwargs, 'event_identifier',
'identifier')
view_kwargs['event_id'] = event.id
if view_kwargs.get('event_id'):
event = safe_query_kwargs(Event, view_kwargs, 'event_id')
view_kwargs['id'] = event.group_id
if view_kwargs.get('users_groups_roles_id') is not None:
users_groups_role = safe_query_kwargs(
UsersGroupsRoles,
view_kwargs,
'users_groups_roles_id',
)
view_kwargs['id'] = users_groups_role.role_id
if view_kwargs.get('user_follow_group_id') is not None:
user_follow_group = safe_query_kwargs(
UserFollowGroup,
view_kwargs,
'user_follow_group_id',
)
view_kwargs['id'] = user_follow_group.group_id
def before_get_object(self, view_kwargs):
if view_kwargs.get('room_id'):
room = safe_query_kwargs(Microlocation, view_kwargs, 'room_id')
view_kwargs['id'] = room.video_stream and room.video_stream.id
if view_kwargs.get('event_identifier'):
event = safe_query_kwargs(Event, view_kwargs, 'event_identifier',
'identifier')
view_kwargs['event_id'] = event.id
if view_kwargs.get('event_id'):
video_stream = safe_query_kwargs(VideoStream, view_kwargs,
'event_id', 'event_id')
view_kwargs['id'] = video_stream.id
if view_kwargs.get('video_stream_moderator_id'):
moderator = safe_query_kwargs(VideoStreamModerator, view_kwargs,
'video_stream_moderator_id')
view_kwargs['id'] = moderator.video_stream_id
if view_kwargs.get('video_recording_id'):
video_recording = safe_query_kwargs(
VideoRecording,
view_kwargs,
'video_recording_id',
)
view_kwargs['id'] = video_recording.video_stream_id
def before_get_object(self, view_kwargs):
"""
before get method to get the resource id for fetching details
:param view_kwargs:
:return:
"""
if view_kwargs.get('role_invite_id') is not None:
role_invite = safe_query_kwargs(RoleInvite, view_kwargs,
'role_invite_id')
view_kwargs['id'] = role_invite.role_id
if view_kwargs.get('users_events_roles_id') is not None:
users_events_role = safe_query_kwargs(
UsersEventsRoles,
view_kwargs,
'users_events_roles_id',
)
view_kwargs['id'] = users_events_role.role_id
if view_kwargs.get('users_groups_roles_id') is not None:
users_groups_role = safe_query_kwargs(
UsersGroupsRoles,
view_kwargs,
'users_groups_roles_id',
)
view_kwargs['id'] = users_groups_role.role_id
def query(self, view_kwargs):
"""
query method for speakers list class
:param view_kwargs:
:return:
"""
query_ = self.session.query(Speaker)
query_ = event_query(query_, view_kwargs)
if view_kwargs.get('user_id'):
user = safe_query_kwargs(User, view_kwargs, 'user_id')
query_ = query_.join(User).filter(User.id == user.id)
if view_kwargs.get('session_id'):
session = safe_query_kwargs(Session, view_kwargs, 'session_id')
# session-speaker :: many-to-many relationship
query_ = Speaker.query.filter(Speaker.sessions.any(id=session.id))
if 'Authorization' in request.headers and not has_access(
'is_coorganizer', event_id=session.event_id):
if not has_access('is_session_self_submitted',
session_id=session.id):
query_ = query_.filter(Session.state == "approved"
or Session.state == "accepted")
return query_
def query(self, view_kwargs):
"""
query method for SessionList class
:param view_kwargs:
:return:
"""
query_ = self.session.query(Session)
if view_kwargs.get('track_id') is not None:
track = safe_query_kwargs(Track, view_kwargs, 'track_id')
query_ = query_.join(Track).filter(Track.id == track.id)
if view_kwargs.get('session_type_id') is not None:
session_type = safe_query_kwargs(SessionType, view_kwargs,
'session_type_id')
query_ = query_.join(SessionType).filter(
SessionType.id == session_type.id)
if view_kwargs.get('microlocation_id') is not None:
microlocation = safe_query_kwargs(
Microlocation,
view_kwargs,
'microlocation_id',
)
query_ = query_.join(Microlocation).filter(
Microlocation.id == microlocation.id)
if view_kwargs.get('user_id') is not None:
user = safe_query_kwargs(User, view_kwargs, 'user_id')
query_ = (query_.join(User).join(Speaker).filter(
(User.id == user.id
or Session.speakers.any(Speaker.user_id == user.id))))
query_ = event_query(query_, view_kwargs)
if view_kwargs.get('speaker_id'):
speaker = safe_query_kwargs(Speaker, view_kwargs, 'speaker_id')
# session-speaker :: many-to-many relationship
query_ = Session.query.filter(Session.speakers.any(id=speaker.id))
return query_
def before_get_object(self, view_kwargs):
"""
before get method to get the resource id for fetching details
:param view_kwargs:
:return:
"""
if view_kwargs.get('event_identifier'):
event = safe_query_kwargs(Event, view_kwargs, 'event_identifier',
'identifier')
view_kwargs['event_id'] = event.id
if view_kwargs.get('event_id'):
event = safe_query_kwargs(Event, view_kwargs, 'event_id')
if event.event_topic_id:
view_kwargs['id'] = event.event_topic_id
else:
view_kwargs['id'] = None
if view_kwargs.get('event_sub_topic_id'):
event_sub_topic = safe_query_kwargs(
EventSubTopic,
view_kwargs,
'event_sub_topic_id',
)
if event_sub_topic.event_topic_id:
view_kwargs['id'] = event_sub_topic.event_topic_id
else:
view_kwargs['id'] = None
def event_query(
query_,
view_kwargs,
event_id='event_id',
event_identifier='event_identifier',
permission=None,
restrict=False,
):
"""
Queries the event according to 'event_id' and 'event_identifier' and joins for the query
For draft events, a 404 is raised
If the user is not logged in or does not have required permissions, 403 is raised
For a draft event, unless the user is organizer+ or has access to the passed permission,
404 will always be raised, regardless of restrict being True or not.
For a published event, if restrict is False, the query will allowed.
If restrict is True, then the passed permission or co-organizer access will be enforced.
If the permission passes, query will be allowed, otherwise, a 403 will be thrown
:param event_id: String representing event_id in the view_kwargs
:param event_identifier: String representing event_identifier in the view_kwargs
:param query_: Query object
:param view_kwargs: view_kwargs from the API
:param permission: the name of the permission to be applied as a string. Default: is_coorganizer
:return:
"""
permission = permission or 'is_coorganizer_endpoint_related_to_event'
event = None
if view_kwargs.get(event_id):
event = safe_query_kwargs(Event, view_kwargs, event_id)
elif view_kwargs.get(event_identifier):
event = safe_query_kwargs(Event, view_kwargs, event_identifier,
'identifier')
if event:
forbidden = not is_logged_in() or not has_access(permission,
event_id=event.id)
if event.state != 'published' and forbidden:
raise ObjectNotFound(
{'parameter': event_id},
f"Event: {event.id} not found",
)
if restrict and forbidden:
raise ForbiddenError(
{'parameter': event_id},
f"You don't have access to event {event.id}",
)
query_ = query_.join(Event).filter(Event.id == event.id)
return query_
def query(self, view_kwargs):
"""
query method for resource list
:param view_kwargs:
:return:
"""
if is_logged_in():
verify_jwt_in_request()
if current_user.is_super_admin or current_user.is_admin:
query_ = self.session.query(Ticket)
elif view_kwargs.get('event_id') and has_access(
'is_organizer', event_id=view_kwargs['event_id']):
query_ = self.session.query(Ticket)
else:
query_ = self.session.query(Ticket).filter_by(is_hidden=False)
else:
query_ = self.session.query(Ticket).filter_by(is_hidden=False)
if view_kwargs.get('ticket_tag_id'):
ticket_tag = safe_query_kwargs(TicketTag, view_kwargs,
'ticket_tag_id')
query_ = query_.join(ticket_tags_table).filter_by(
ticket_tag_id=ticket_tag.id)
query_ = event_query(query_, view_kwargs)
if view_kwargs.get('access_code_id'):
access_code = safe_query_kwargs(AccessCode, view_kwargs,
'access_code_id')
# access_code - ticket :: many-to-many relationship
query_ = Ticket.query.filter(
Ticket.access_codes.any(id=access_code.id))
if view_kwargs.get('discount_code_id'):
discount_code = safe_query_kwargs(
DiscountCode,
view_kwargs,
'discount_code_id',
)
# discount_code - ticket :: many-to-many relationship
query_ = Ticket.query.filter(
Ticket.discount_codes.any(id=discount_code.id))
if view_kwargs.get('order_identifier'):
order = safe_query_kwargs(Order, view_kwargs, 'order_identifier',
'identifier')
ticket_ids = []
for ticket in order.tickets:
ticket_ids.append(ticket.id)
query_ = query_.filter(Ticket.id.in_(tuple(ticket_ids)))
return query_
def query(self, view_kwargs):
query_ = UserFollowGroup.query
if view_kwargs.get('user_id') is not None:
user = safe_query_kwargs(User, view_kwargs, 'user_id')
if user != current_user or not is_logged_in():
raise ForbiddenError({'pointer': 'user_id'})
query_ = query_.filter_by(user_id=user.id)
elif view_kwargs.get('group_id') is not None:
group = safe_query_kwargs(Group, view_kwargs, 'group_id')
query_ = query_.filter_by(group_id=group.id)
return query_
def before_get_object(self, view_kwargs):
"""
before get method to get the tax id to fetch details
:param view_kwargs:
:return:
"""
event = None
if view_kwargs.get('event_id'):
event = safe_query_kwargs(Event, view_kwargs, 'event_id')
elif view_kwargs.get('event_identifier'):
event = safe_query_kwargs(Event, view_kwargs, 'event_identifier',
'identifier')
if event:
tax = safe_query(Tax, 'event_id', event.id, 'event_id')
view_kwargs['id'] = tax.id
def before_get_object(self, view_kwargs):
"""
method to get id of stripe authorization related to an event
:param view_kwargs:
:return:
"""
if view_kwargs.get('event_identifier'):
event = safe_query_kwargs(Event, view_kwargs, 'event_identifier',
'identifier')
view_kwargs['event_id'] = event.id
if view_kwargs.get('event_id'):
stripe_authorization = safe_query_kwargs(StripeAuthorization,
view_kwargs, 'event_id',
'event_id')
view_kwargs['id'] = stripe_authorization.id
def before_get_object(self, view_kwargs):
"""
before get method
:param view_kwargs:
:return:
"""
event = None
if view_kwargs.get('event_id'):
event = safe_query_kwargs(Event, view_kwargs, 'event_id')
elif view_kwargs.get('event_identifier'):
event = safe_query_kwargs(Event, view_kwargs, 'event_identifier',
'identifier')
if event:
feedback = safe_query(Feedback, 'event_id', event.id, 'event_id')
view_kwargs['id'] = feedback.id
class VideoStreamModeratorList(ResourceList):
def before_post(self, args, kwargs, data):
require_relationship(['video_stream'], data)
stream = safe_query_kwargs(VideoStream, data, 'video_stream')
if not has_access('is_coorganizer', event_id=stream.event_id):
raise ForbiddenError({'pointer': 'user_id'},
'Co-Organizer access required')
def after_create_object(self, video_stream_moderator, data, view_kwargs):
send_email_to_moderator(video_stream_moderator)
def query(self, view_kwargs):
query_ = self.session.query(VideoStreamModerator)
if user_id := view_kwargs.get('user_id'):
if current_user.id != int(user_id):
raise ForbiddenError({'pointer': 'user_id'},
"Cannot access other user's data")
user = safe_query_kwargs(User, view_kwargs, 'user_id')
query_ = query_.filter_by(email=user.email)
elif view_kwargs.get('video_stream_id'):
stream = safe_query_kwargs(VideoStream, view_kwargs,
'video_stream_id')
if not has_access('is_coorganizer', event_id=stream.event_id):
raise ForbiddenError({'pointer': 'user_id'},
'Co-Organizer access required')
query_ = query_.filter_by(
video_stream_id=view_kwargs['video_stream_id'])
def query(self, view_kwargs):
"""
query method for event invoice list
:param view_kwargs:
:return:
"""
query_ = self.session.query(EventInvoice)
query_ = event_query(query_, view_kwargs)
if view_kwargs.get('user_id'):
user = safe_query_kwargs(User, view_kwargs, 'user_id')
query_ = query_.join(User).filter(User.id == user.id)
if view_kwargs.get('discount_code_id'):
discount_code = safe_query_kwargs(
DiscountCode, view_kwargs, 'discount_code_id',
)
query_ = query_.join(DiscountCode).filter(DiscountCode.id == discount_code.id)
return query_
def query(self, view_kwargs):
query_ = self.session.query(VideoStreamModerator)
if user_id := view_kwargs.get('user_id'):
if current_user.id != int(user_id):
raise ForbiddenError({'pointer': 'user_id'},
"Cannot access other user's data")
user = safe_query_kwargs(User, view_kwargs, 'user_id')
query_ = query_.filter_by(email=user.email)
def before_get_object(self, view_kwargs):
if view_kwargs.get('video_stream_id'):
video_stream = safe_query_kwargs(
VideoStream,
view_kwargs,
'video_stream_id',
)
view_kwargs['id'] = video_stream.id
def before_get(self, args, kwargs):
if kwargs.get('notification_action_id'):
notification_action = safe_query_kwargs(
NotificationAction,
kwargs,
'notification_action_id',
)
kwargs['id'] = notification_action.notification_id
def get_id(view_kwargs):
"""
method to get the resource id for fetching details
:param view_kwargs:
:return:
"""
if view_kwargs.get('event_identifier') is not None:
event = safe_query_kwargs(Event, view_kwargs, 'event_identifier', 'identifier')
if event.id is not None:
view_kwargs['event_id'] = event.id
if view_kwargs.get('event_id') is not None:
stripe_authorization = safe_query_kwargs(
StripeAuthorization, view_kwargs, 'event_id', 'event_id'
)
view_kwargs['id'] = stripe_authorization.id
return view_kwargs
def query(self, view_kwargs):
query_ = SpeakerInvite.query
if view_kwargs.get('session_id'):
session = safe_query_kwargs(Session, view_kwargs, 'session_id')
if not has_access('is_speaker_for_session', id=session.id):
raise ForbiddenError({'source': ''},
'Speaker access is required.')
query_ = query_.filter_by(session_id=session.id)
elif view_kwargs.get('event_id'):
event = safe_query_kwargs(Event, view_kwargs, 'event_id')
query_ = query_.filter_by(event_id=event.id)
elif not has_access('is_admin'):
raise ForbiddenError({'pointer': 'user_id'},
'Admin Access Required')
return query_
def query(self, view_kwargs):
query_ = self.session.query(VideoStream)
if view_kwargs.get('room_id'):
room = safe_query_kwargs(Microlocation, view_kwargs, 'room_id')
query_ = query_.join(Microlocation).filter(
Microlocation.id == room.id)
return query_
def before_get(self, args, kwargs):
if is_logged_in() and has_access('is_admin'):
self.schema = VideoChannelSchema
else:
self.schema = VideoChannelSchemaPublic
if kwargs.get('video_stream_id'):
stream = safe_query_kwargs(VideoStream, kwargs, 'video_stream_id')
kwargs['id'] = stream.channel_id
def query(self, view_kwargs):
"""
query method for Discount Code List
:param view_kwargs:
:return:
"""
query_ = self.session.query(DiscountCode)
# user can only access his/her discount codes.
if view_kwargs.get('user_id'):
if has_access('is_user_itself', user_id=view_kwargs['user_id']):
user = safe_query_kwargs(User, view_kwargs, 'user_id')
query_ = query_.join(User).filter(User.id == user.id)
else:
raise ForbiddenError({'source': ''}, 'You are not authorized')
if view_kwargs.get('event_identifier'):
event = safe_query_kwargs(
Event,
view_kwargs,
'event_identifier',
'identifier',
)
view_kwargs['event_id'] = event.id
# event co-organizer access required for discount codes under an event.
if view_kwargs.get('event_id'):
if has_access('is_coorganizer', event_id=view_kwargs['event_id']):
self.schema = DiscountCodeSchemaTicket
query_ = query_.filter_by(event_id=view_kwargs['event_id'])
else:
raise ForbiddenError({'source': ''},
'Event organizer access required')
# discount_code - ticket :: many-to-many relationship
if view_kwargs.get('ticket_id'):
ticket = safe_query_kwargs(Ticket, view_kwargs, 'ticket_id')
if not has_access('is_coorganizer', event_id=ticket.event_id):
raise ForbiddenError({'source': ''},
'Event organizer access required')
self.schema = DiscountCodeSchemaTicket
query_ = query_.filter(DiscountCode.tickets.any(id=ticket.id))
return query_
def before_get_object(self, view_kwargs):
"""
before get method to get the resource id to fetch details
:param view_kwargs:
:return:
"""
if view_kwargs.get('identifier'):
event = safe_query_kwargs(Event, view_kwargs, 'identifier',
'identifier')
view_kwargs['id'] = event.id
def set_event_id(model, identifier, kwargs, attr='event_id', column_name='id'):
if kwargs.get('id'): # ID already set
return
if kwargs.get(identifier) is None:
return
item = safe_query_kwargs(model,
kwargs,
identifier,
column_name=column_name)
kwargs['id'] = getattr(item, attr, None)
def before_create_object(self, data, view_kwargs):
"""
method to create object before post
:param data:
:param view_kwargs:
:return:
"""
if view_kwargs.get('user_id') is not None:
user = safe_query_kwargs(User, view_kwargs, 'user_id')
data['user_id'] = user.id
def before_get_object(self, view_kwargs):
"""
before get method to get the resource id for fetching details
:param view_kwargs:
:return:
"""
if view_kwargs.get('event_invoice_identifier'):
event_invoice = safe_query_kwargs(EventInvoice, view_kwargs,
'event_invoice_identifier',
'identifier')
view_kwargs['id'] = event_invoice.id
def query(self, view_kwargs):
"""
query method for Notifications list
:param view_kwargs:
:return:
"""
query_ = self.session.query(Notification)
if view_kwargs.get('user_id'):
user = safe_query_kwargs(User, view_kwargs, 'user_id')
query_ = query_.join(User).filter(User.id == user.id)
return query_
