def bucketlist():
'''Retrieves all bucketlists for a logged in user and returns a
JSON response for (GET request) to /bucketlists.
POST requests to this route creates a bucketlist for the logged
in user.
'''
user_id = auth.get_current_user_id()
if request.method == "GET":
query = BucketList.query.filter_by(created_by=user_id)
limit = request.args.get('limit', 20)
q = request.args.get('q')
page = request.args.get('page', 1)
result_data = None
if query.all():
if not 0 <= int(limit) <= 100:
raise NotAcceptable('Maximum limit per page is 100.')
else:
result_data = query
if q:
result_data = query.filter(
BucketList.name.ilike('%{0}%'.format(q)))
result_data = list_object_transform(
result_data.paginate(page, int(limit), False).items)
return {'message': result_data}
raise NotFound('There are no bucketlist for this user')
else:
name = request.form.get("name")
a_bucketlist = BucketList(created_by=user_id, name=name)
a_bucketlist.save()
return {
"message": "Bucketlist was created successfully",
"bucketlist": a_bucketlist.to_json()
}, 201
def bucketlist():
"""Retrieves all bucketlists for a logged in user and returns a
JSON response for (GET request) to /bucketlists.
POST requests to this route creates a bucketlist for the logged
in user.
"""
user_id = auth.get_current_user_id()
if request.method == "GET":
query = BucketList.query.filter_by(created_by=user_id)
limit = request.args.get("limit", 20)
q = request.args.get("q")
page = request.args.get("page", 1)
result_data = None
if query.all():
if not 0 <= int(limit) <= 100:
raise NotAcceptable("Maximum limit per page is 100.")
else:
result_data = query
if q:
result_data = query.filter(BucketList.name.ilike("%{0}%".format(q)))
result_data = list_object_transform(result_data.paginate(page, int(limit), False).items)
return {"message": result_data}
raise NotFound("There are no bucketlist for this user")
else:
name = request.form.get("name")
a_bucketlist = BucketList(created_by=user_id, name=name)
a_bucketlist.save()
return {"message": "Bucketlist was created successfully", "bucketlist": a_bucketlist.to_json()}, 201
def files_create():
data = request.get_json()
user_id = auth.get_current_user_id()
with db_manager.session_scope() as session:
# Get user from DB
user = session.query(User).get(user_id)
# Verify that user exists
if not user:
return api_error(http_code=Unauthorized.code,
api_result_code=ApiErorrCode.UNAUTHORIZED)
# Verify that file doesn't exist yet
file = session.query(File).filter(
File.filename == data['filename']).all()
if file:
return api_error(api_result_code=ApiErorrCode.FILE_ALREADY_EXISTS)
# Create the file in DB with the same level of the owner user
file = File(filename=data['filename'], level=user.level, owner=user)
session.add(file)
session.commit()
# Create the file on the filesystem
file_manager.create_file(file.filename)
return jsonify(file.to_dict())
def files_read(filename):
user_id = auth.get_current_user_id()
with db_manager.session_scope() as session:
# Verify that file exists
file = session.query(File).filter(
File.filename == filename).one_or_none()
if not file:
return api_error(api_result_code=ApiErorrCode.FILE_NOT_EXISTS)
# Get the user from DB
user = session.query(User).get(user_id)
if not user:
return api_error(http_code=Unauthorized.code,
api_result_code=ApiErorrCode.UNAUTHORIZED)
# Enforce BLP no write down
if not blp_rules.enforce_blp_read(user.level, file.level):
return api_error(http_code=Unauthorized.code,
api_result_code=ApiErorrCode.UNAUTHORIZED)
# Read from the file
content = file_manager.read_file(file.filename)
return jsonify({'content': content})
def write_or_append(write_func):
user_id = auth.get_current_user_id()
data = request.get_json()
with db_manager.session_scope() as session:
# Verify that file exists
file = session.query(File).filter(
File.filename == data['filename']).one_or_none()
if not file:
return api_error(api_result_code=ApiErorrCode.FILE_NOT_EXISTS)
# Get the user from DB
user = session.query(User).get(user_id)
if not user:
return api_error(http_code=Unauthorized.code,
api_result_code=ApiErorrCode.UNAUTHORIZED)
# Enforce BLP no write down
if not blp_rules.enforce_blp_write(user.level, file.level):
return api_error(http_code=Unauthorized.code,
api_result_code=ApiErorrCode.UNAUTHORIZED)
# Write to the file
write_func(file.filename, data['content'])
return api_ok()
def files_delete():
data = request.get_json()
user_id = auth.get_current_user_id()
with db_manager.session_scope() as session:
# Verify that file exists
file = session.query(File).filter(
File.filename == data['filename']).one_or_none()
if not file:
return api_error(api_result_code=ApiErorrCode.FILE_NOT_EXISTS)
# Verify that the user who tries to delete the file is the owner of the file
if file.owner_id != user_id:
return api_error(
http_code=Unauthorized.code,
api_result_code=ApiErorrCode.UNAUTHORIZED,
error_message="The file can be deleted only by its owner")
# Delete the file entry from DB
session.delete(file)
session.commit()
# Delete the file on the filesystem
file_manager.delete_file(data['filename'])
return api_ok()
def interview_blueprint_route_list():
current_role = get_current_role()
if request.method != 'GET':
return 'Unknown action'
if current_role not in ['admin', 'worker']:
return redirect('/menu')
try:
with UseDatabase(current_app.config['db'][current_role]) as cursor:
if current_role == 'admin':
get_interviews_query = """
select
i.iv_id,
i.salary,
e.name as employee,
i.iv_date,
v.position
from interview i
join employee e on e.emp_id = i.emp_id
join vacancy v on i.v_id = v.v_id
where iv_id in (select distinct iv_id from interview_result)
order by i.iv_id
"""
cursor.execute(get_interviews_query)
interviews = make_dict_list_from_rows(cursor)
get_candidates_query = """
select
ir.iv_id,
c.c_id,
c.name,
c.age,
c.gender,
c.address
from interview_result ir
join candidate c on ir.c_id = c.c_id
order by ir.iv_id;
"""
cursor.execute(get_candidates_query)
candidates = make_dict_list_from_rows(cursor)
for interview in interviews:
interview['candidates'] = [
candidate for candidate in candidates
if candidate['iv_id'] == interview['iv_id']
]
return render_template('interview_list_admin.html',
interviews=interviews)
elif current_role == 'worker':
# Добавить, чтоб выводились собсеседования конкретного employee
worker_id = get_current_user_id()
get_interview_query = f"""
SELECT
i.iv_date as date,
v.position,
i.salary,
c.name as candidate,
iv.result,
iv.rating
from interview_result iv
join interview i on iv.iv_id = i.iv_id
join candidate c on iv.c_id = c.c_id
join employee e on i.emp_id = e.emp_id
join vacancy v on i.v_id = v.v_id
where e.emp_id = {worker_id}
"""
cursor.execute(get_interview_query)
interviews = make_dict_list_from_rows(cursor)
return render_template('interview_list_worker.html',
interviews=interviews)
else:
return 'Error. You are not permitted to view this page'
except DBConnectionError as e:
return 'Произошла ошибка соединения'
except DBCredentialError as e:
return 'Не удается войти в бд'
except DBBaseError as e:
return 'Произошла непредвиденная ошибка бд'
except DBSQLError as e:
return 'Ошибка базы данных'