def post(self): title = request.form.get('title', None) latitude = request.form.get('latitude', None) longitude = request.form.get('longitude', None) friends = request.form.getlist('friends[]') content = request.form.get('content', None) school_id = request.form.get('school_id', None) # Create capsule data capsule = CapsuleModel( user_id=token_load_with_auth(request.headers['Authorization'])['user_id'], latitude=latitude, longitude=longitude, title=title, content=content, school_id=school_id, ) # Add Capsule data db.session.add(capsule) db.session.commit() _capsule = CapsuleModel.query.order_by(CapsuleModel.id.desc()).first() _capsule_id = _capsule.id for friend in friends: print(friend) user_capsule = UserCapsuleModel( capsule_id=_capsule_id, user_id=get_user_with_email(friend).id ) db.session.add(user_capsule) db.session.commit() user_info = get_user_with_id(token_load_with_auth(request.headers['Authorization'])['user_id'], ) # Save to UserActivities table print('_capsule.title: ', _capsule.title[2:]) user_activities = UserActivitiesModel( user_id=user_info.id, content='%(user_name)s이 새로운 타임캡슐인 %(capsule_name)s을 만들었습니다!'% { 'user_name': user_info.name, 'capsule_name': _capsule.title[2:] } ) db.session.add(user_activities) db.session.commit() return serialize_capsule(_capsule), status.HTTP_201_CREATED
def delete(self, prefix): try: if prefix == 'me': user_id = token_load_with_auth( request.headers['Authorization'])['user_id'] else: user_id = int(prefix) user_query = UserModel.query \ .filter(UserModel.id == user_id) if token_is_auth(request.headers['Authorization'], user_id): if user_query.count(): token_delete_all(user_id) user = user_query.first() db.session.delete(user) db.session.commit() return None, status.HTTP_200_OK else: return "The user does not exist.", status.HTTP_404_NOT_FOUND else: return "You don't have permission.", status.HTTP_401_UNAUTHORIZED except ValueError: return "Prefix can only be me or a number.", status.HTTP_400_BAD_REQUEST
def get(self, prefix): page = request.args.get('page', 0, type=int) limit = request.args.get('limit', 10, type=int) order = request.args.get('order', 'desc') try: if prefix == 'me': user_id = token_load_with_auth(request.headers['Authorization'])['user_id'] else: user_id = int(prefix) if token_is_auth(request.headers['Authorization'], user_id): _return = { 'paging': { 'previous': '%s%s?page=%d&limit=%d&order=%s' % ( DEFAULT_URL, request.path, page if page < 1 else page - 1, limit, order ), 'next': '%s%s?page=%d&limit=%d&order=%s' % ( DEFAULT_URL, request.path, page + 1, limit, order ) }, 'data': [] } histories = get_login_histories(user_id, order, page, limit) for history in histories: _return['data'].append(serialize_login_history(history)) return _return, status.HTTP_200_OK else: return "You don't have permission.", status.HTTP_401_UNAUTHORIZED except ValueError: return "Prefix can only be me or a number.", status.HTTP_400_BAD_REQUEST
def post(self): title = request.form.get('title', None) content = request.form.get('content', None) latitude = request.form.get('latitude', None) longitude = request.form.get('longitude', None) print('longitude :', longitude) user_id = token_load_with_auth(request.headers['Authorization'])['user_id'] form = timelineValidate.PostForm(request.form) if form.validate(): post = TimelineModel( user_id=user_id, title=title, content=content, latitude=latitude, longitude=longitude ) db.session.add(post) db.session.commit() return None, status.HTTP_201_CREATED for field, errors in form.errors.items(): for error in errors: _return = { 'message': error, 'field': getattr(form, field).label.text } print(_return) return _return, status.HTTP_400_BAD_REQUEST
def delete(self, prefix): try: if prefix == 'me': user_id = token_load_with_auth(request.headers['Authorization'])['user_id'] else: user_id = int(prefix) user_query = UserModel.query \ .filter(UserModel.id == user_id) if token_is_auth(request.headers['Authorization'], user_id): if user_query.count(): token_delete_all(user_id) user = user_query.first() db.session.delete(user) db.session.commit() return None, status.HTTP_200_OK else: return "The user does not exist.", status.HTTP_404_NOT_FOUND else: return "You don't have permission.", status.HTTP_401_UNAUTHORIZED except ValueError: return "Prefix can only be me or a number.", status.HTTP_400_BAD_REQUEST
def get(self, prefix): try: if prefix == 'me': user_id = token_load_with_auth(request.headers['Authorization'])['user_id'] else: user_id = int(prefix) if token_is_auth(request.headers['Authorization'], user_id): user = get_user(user_id) return serialize_user(user), status.HTTP_200_OK else: return "You don't have permission.", status.HTTP_401_UNAUTHORIZED except ValueError: return "Prefix can only be me or a number.", status.HTTP_400_BAD_REQUEST
def post(self, prefix): try: school_id = int(prefix) user_id = token_load_with_auth(request.headers['Authorization'])['user_id'] school = get_school(school_id) if school is not None: admission_year = request.form.get('admission_year', None) graduation_year = request.form.get('graduation_year', None) form = schoolValidate.AddSchoolForm(request.form) if form.validate(): user_schools = get_user_school(user_id) for user_school in user_schools: if user_school.school_id == school_id: return "The school you have already entered.", status.HTTP_400_BAD_REQUEST user_school = UserSchoolModel( user_id=user_id, school_id=school_id, admission_year=admission_year, graduation_year=graduation_year ) db.session.add(user_school) db.session.commit() return None, status.HTTP_200_OK for field, errors in form.errors.items(): for error in errors: _return = { 'message': error, 'field': getattr(form, field).label.text } return _return, status.HTTP_400_BAD_REQUEST return "It does not exist.", status.HTTP_404_NOT_FOUND except ValueError: return "Prefix can only be number.", status.HTTP_400_BAD_REQUEST
def put(self, prefix): try: if prefix == 'me': user_id = token_load_with_auth( request.headers['Authorization'])['user_id'] else: user_id = int(prefix) user_query = UserModel.query \ .filter(UserModel.id == user_id) if token_is_auth(request.headers['Authorization'], user_id): user_permission = token_load_with_auth( request.headers['Authorization'])['permission'] if user_permission != 'ADMIN' and request.form.get( 'permission') is not None: return "You don't have permission.", status.HTTP_401_UNAUTHORIZED form = userValidate.modificationForm(request.form) if form.validate(): if user_query.count(): user = user_query.first() try: for key, value in request.form.items(): if value is not None and value != '': if key == 'password': value = generate_password_hash(value) token_expire_all(user.id) setattr(user, key, value) user.updated_at = datetime.datetime.now() db.session.commit() except IntegrityError as e: field, value = get_exists_error(e) _return = { 'message': "'" + value + "' is already exists.", 'field': { 'label': getattr(form, field).label.text, 'name': field } } return _return, status.HTTP_400_BAD_REQUEST return None, status.HTTP_200_OK else: return "The user does not exist.", status.HTTP_404_NOT_FOUND for field, errors in form.errors.items(): for error in errors: _return = { 'message': error, 'field': getattr(form, field).label.text } return _return, status.HTTP_400_BAD_REQUEST else: return "You don't have permission.", status.HTTP_401_UNAUTHORIZED except ValueError: return "Prefix can only be me or a number.", status.HTTP_400_BAD_REQUEST
def put(self, prefix): try: if prefix == 'me': user_id = token_load_with_auth(request.headers['Authorization'])['user_id'] else: user_id = int(prefix) user_query = UserModel.query \ .filter(UserModel.id == user_id) if token_is_auth(request.headers['Authorization'], user_id): user_permission = token_load_with_auth(request.headers['Authorization'])['permission'] if user_permission != 'ADMIN' and request.form.get('permission') is not None: return "You don't have permission.", status.HTTP_401_UNAUTHORIZED form = userValidate.modificationForm(request.form) if form.validate(): if user_query.count(): user = user_query.first() try: for key, value in request.form.items(): if value is not None and value != '': if key == 'password': value = generate_password_hash(value) token_expire_all(user.id) setattr(user, key, value) user.updated_at = datetime.datetime.now() db.session.commit() except IntegrityError as e: field, value = get_exists_error(e) _return = { 'message': "'" + value + "' is already exists.", 'field': { 'label': getattr(form, field).label.text, 'name': field } } return _return, status.HTTP_400_BAD_REQUEST return None, status.HTTP_200_OK else: return "The user does not exist.", status.HTTP_404_NOT_FOUND for field, errors in form.errors.items(): for error in errors: _return = { 'message': error, 'field': getattr(form, field).label.text } return _return, status.HTTP_400_BAD_REQUEST else: return "You don't have permission.", status.HTTP_401_UNAUTHORIZED except ValueError: return "Prefix can only be me or a number.", status.HTTP_400_BAD_REQUEST