def mutate(self, info, name, longitude, latitude, days_hours, food_items): # get authentication token from request header auth_token = get_token_from_header() # return unauthorized if token is not present if not auth_token: abort(401, 'A valid token must be included') # get the user_id from the token user_id = get_user_id_from_token(auth_token) # create and insert entry in database try: truck = FoodTruck(name=name, longitude=longitude, latitude=latitude, days_hours=days_hours, food_items=food_items, user_id=user_id) db.session.add(truck) db.session.commit() current_app.logger.info( 'successfully inserted food truck entry with id %d', truck.uuid) return CreateFoodTruck(food_truck=truck) except SQLAlchemyError as e: db.session.rollback() current_app.logger.error( 'error inserting food truck entry (%s, %d, %d, %s, %s): %s', name, latitude, longitude, days_hours, food_items, e) abort(500, 'Error creating resource')
def mutate(self, info, truck_id): # get authentication token from request header auth_token = get_token_from_header() # return unauthorized if token is not present if not auth_token: abort(401, 'A valid token must be included') # get the user_id from the token user_id = get_user_id_from_token(auth_token) # delete truck with id if it exists try: truck = FoodTruck.query.filter_by(uuid=truck_id).first() if truck: if truck.user_id == user_id or User.is_admin(user_id): FoodTruck.query.filter_by(uuid=truck_id).delete() db.session.commit() current_app.logger.info( 'successfully deleted food truck entry id %d', truck_id) return DeleteFoodTruck(food_truck=truck) else: abort(401, 'Not authorized to modify this resource') else: return DeleteFoodTruck(food_truck=truck) except SQLAlchemyError as e: db.session.rollback() current_app.logger.error( 'error deleting food truck entry id %d: %s', truck_id, e) abort(500, 'Error deleting resource with id {}'.format(truck_id))
def get(self): """ GET /auth/user endpoint returns user details if authenticated Parameters: - Returns: str: JSON representation of user details """ # get authentication token from request header auth_token = get_token_from_header() # token must be present if auth_token: # get user id from token payload user_id = get_user_id_from_token(auth_token) try: # get user details from database user = User.query.filter_by(id=user_id).first() return make_response(jsonify(user.serialize()), 200) except Exception as e: current_app.logger.error('Error getting user details: %s', e) abort(500, 'Error getting user details') # if no token is present, return unsuccessful response else: abort(401, 'A valid token must be included')
def mutate(self, info, truck_id, name, longitude, latitude, days_hours, food_items): # get authentication token from request header auth_token = get_token_from_header() # return unauthorized if token is not present if not auth_token: abort(401, 'A valid token must be included') # get the user_id from the token user_id = get_user_id_from_token(auth_token) # fetch truck by id and update or create if it does not exist try: truck = FoodTruck.query.filter_by(uuid=truck_id).first() # truck does not exist, so it is created if truck is None: truck = FoodTruck(name=name, longitude=longitude, latitude=latitude, days_hours=days_hours, food_items=food_items, user_id=user_id) truck.uuid = truck_id db.session.add(truck) # truck exists, so it is updated else: if truck.user_id == user_id or User.is_admin(user_id): truck.name = name truck.longitude = longitude truck.latitude = latitude truck.days_hours = days_hours truck.food_items = food_items else: abort(401, 'Not authorized to modify this resource') # commit changes to database db.session.commit() current_app.logger.info( 'successfully updated food truck entry id %d', truck_id) return UpdateFoodTruck(food_truck=truck) except SQLAlchemyError as e: db.session.rollback() current_app.logger.error( 'error updating food truck entry id %d: %s', truck_id, e) abort(500, 'Error updating resource with id {}'.format(truck_id))
def delete(self, truck_id): """ DELETE /foodtrucks/<id> endpoint deletes /foodtrucks resource with specific id Parameters: truck_id (int): id of truck to query Returns: str: JSON response with success message """ # get authentication token from request header auth_token = get_token_from_header() # return unauthorized if token is not present if not auth_token: abort(401, 'A valid token must be included') # get the user_id from the token user_id = get_user_id_from_token(auth_token) # delete truck with id if it exists try: truck = FoodTruck.query.filter_by(uuid=truck_id).first() if truck: if truck.user_id == user_id or User.is_admin(user_id): FoodTruck.query.filter_by(uuid=truck_id).delete() db.session.commit() current_app.logger.info( 'successfully deleted food truck entry id %d', truck_id) return make_response(jsonify({'message': 'Entry deleted'}), 200) else: abort(401, 'Not authorized to modify this resource') else: return make_response(jsonify({'message': 'Entry deleted'}), 200) except SQLAlchemyError as e: db.session.rollback() current_app.logger.error( 'error deleting food truck entry id %d: %s', truck_id, e) abort(500, 'Error deleting resource with id {}'.format(truck_id))
def post(self): """ POST /foodtrucks endpoint creates a /foodtrucks resource The request must include JSON data specifying the field values of the resource. Returns: str: JSON representation of the created resource """ # get authentication token from request header auth_token = get_token_from_header() # return unauthorized if token is not present if not auth_token: abort(401, 'A valid token must be included') # get the user_id from the token user_id = get_user_id_from_token(auth_token) # get the POST data post_data = request.get_json() # validate JSON request if not post_data: abort(400, 'Request must be JSON mimetype') if not 'name' in post_data or type(post_data['name']) != str: abort(400, "invalid or missing 'name' field") if not 'longitude' in post_data or type( post_data['longitude']) != float: abort(400, "invalid or missing 'longitude' field") if not 'latitude' in post_data or type(post_data['latitude']) != float: abort(400, "invalid or missing 'latitude' field") if not 'days_hours' in post_data or type( post_data['days_hours']) != str: abort(400, "invalid or missing 'dayshours' field") if not 'food_items' in post_data or type( post_data['food_items']) != str: abort(400, "invalid or missing'food_items' field") # extract values from request name = post_data['name'] longitude = post_data['longitude'] latitude = post_data['latitude'] days_hours = post_data['days_hours'] food_items = post_data['food_items'] # create and insert entry in database try: truck = FoodTruck(name=name, longitude=longitude, latitude=latitude, days_hours=days_hours, food_items=food_items, user_id=user_id) db.session.add(truck) db.session.commit() current_app.logger.info( 'successfully inserted food truck entry with id %d', truck.uuid) return make_response(jsonify(truck.serialize()), 201) except SQLAlchemyError as e: db.session.rollback() current_app.logger.error( 'error inserting food truck entry (%s, %d, %d, %s, %s): %s', name, latitude, longitude, days_hours, food_items, e) abort(500, 'Error creating resource')
def put(self, truck_id): """ PUT /foodtrucks/<id> endpoint updates or creates /foodtrucks resource with specific id The request must include JSON data specifying the field values of the updated resource. Parameters: truck_id (int): id of truck to query Returns: str: JSON representation of updated or created resource """ # get authentication token from request header auth_token = get_token_from_header() # return unauthorized if token is not present if not auth_token: abort(401, 'A valid token must be included') # get the user_id from the token user_id = get_user_id_from_token(auth_token) # get the POST data post_data = request.get_json() # validate JSON request if not post_data: abort(400, 'Request must be JSON mimetype') if not 'name' in post_data or type(post_data['name']) != str: abort(400, "invalid or missing 'name' field") if not 'longitude' in post_data or type( post_data['longitude']) != float: abort(400, "invalid or missing 'longitude' field") if not 'latitude' in post_data or type(post_data['latitude']) != float: abort(400, "invalid or missing 'latitude' field") if not 'days_hours' in post_data or type( post_data['days_hours']) != str: abort(400, "invalid or missing 'dayshours' field") if not 'food_items' in post_data or type( post_data['food_items']) != str: abort(400, "invalid or missing 'food_items' field") # extract values from request name = post_data['name'] longitude = post_data['longitude'] latitude = post_data['latitude'] days_hours = post_data['days_hours'] food_items = post_data['food_items'] # fetch truck by id and update or create if it does not exist try: truck = FoodTruck.query.filter_by(uuid=truck_id).first() # truck does not exist, so it is created if truck is None: truck = FoodTruck(name=name, longitude=longitude, latitude=latitude, days_hours=days_hours, food_items=food_items, user_id=user_id) truck.uuid = truck_id db.session.add(truck) # truck exists, so it is updated else: if truck.user_id == user_id or User.is_admin(user_id): truck.name = name truck.longitude = longitude truck.latitude = latitude truck.days_hours = days_hours truck.food_items = food_items else: abort(401, 'Not authorized to modify this resource') # commit changes to database db.session.commit() current_app.logger.info( 'successfully updated food truck entry id %d', truck_id) return make_response(jsonify(truck.serialize()), 200) except SQLAlchemyError as e: db.session.rollback() current_app.logger.error( 'error updating food truck entry id %d: %s', truck_id, e) abort(500, 'Error updating resource with id {}'.format(truck_id))