def bucketlist(): '''Retrieves all bucketlists for a logged in user and returns a JSON response for (GET request) to /bucketlists. POST requests to this route creates a bucketlist for the logged in user. ''' user_id = auth.get_current_user_id() if request.method == "GET": query = BucketList.query.filter_by(created_by=user_id) limit = request.args.get('limit', 20) q = request.args.get('q') page = request.args.get('page', 1) result_data = None if query.all(): if not 0 <= int(limit) <= 100: raise NotAcceptable('Maximum limit per page is 100.') else: result_data = query if q: result_data = query.filter( BucketList.name.ilike('%{0}%'.format(q))) result_data = list_object_transform( result_data.paginate(page, int(limit), False).items) return {'message': result_data} raise NotFound('There are no bucketlist for this user') else: name = request.form.get("name") a_bucketlist = BucketList(created_by=user_id, name=name) a_bucketlist.save() return { "message": "Bucketlist was created successfully", "bucketlist": a_bucketlist.to_json() }, 201
def bucketlist(): """Retrieves all bucketlists for a logged in user and returns a JSON response for (GET request) to /bucketlists. POST requests to this route creates a bucketlist for the logged in user. """ user_id = auth.get_current_user_id() if request.method == "GET": query = BucketList.query.filter_by(created_by=user_id) limit = request.args.get("limit", 20) q = request.args.get("q") page = request.args.get("page", 1) result_data = None if query.all(): if not 0 <= int(limit) <= 100: raise NotAcceptable("Maximum limit per page is 100.") else: result_data = query if q: result_data = query.filter(BucketList.name.ilike("%{0}%".format(q))) result_data = list_object_transform(result_data.paginate(page, int(limit), False).items) return {"message": result_data} raise NotFound("There are no bucketlist for this user") else: name = request.form.get("name") a_bucketlist = BucketList(created_by=user_id, name=name) a_bucketlist.save() return {"message": "Bucketlist was created successfully", "bucketlist": a_bucketlist.to_json()}, 201
def files_create(): data = request.get_json() user_id = auth.get_current_user_id() with db_manager.session_scope() as session: # Get user from DB user = session.query(User).get(user_id) # Verify that user exists if not user: return api_error(http_code=Unauthorized.code, api_result_code=ApiErorrCode.UNAUTHORIZED) # Verify that file doesn't exist yet file = session.query(File).filter( File.filename == data['filename']).all() if file: return api_error(api_result_code=ApiErorrCode.FILE_ALREADY_EXISTS) # Create the file in DB with the same level of the owner user file = File(filename=data['filename'], level=user.level, owner=user) session.add(file) session.commit() # Create the file on the filesystem file_manager.create_file(file.filename) return jsonify(file.to_dict())
def files_read(filename): user_id = auth.get_current_user_id() with db_manager.session_scope() as session: # Verify that file exists file = session.query(File).filter( File.filename == filename).one_or_none() if not file: return api_error(api_result_code=ApiErorrCode.FILE_NOT_EXISTS) # Get the user from DB user = session.query(User).get(user_id) if not user: return api_error(http_code=Unauthorized.code, api_result_code=ApiErorrCode.UNAUTHORIZED) # Enforce BLP no write down if not blp_rules.enforce_blp_read(user.level, file.level): return api_error(http_code=Unauthorized.code, api_result_code=ApiErorrCode.UNAUTHORIZED) # Read from the file content = file_manager.read_file(file.filename) return jsonify({'content': content})
def write_or_append(write_func): user_id = auth.get_current_user_id() data = request.get_json() with db_manager.session_scope() as session: # Verify that file exists file = session.query(File).filter( File.filename == data['filename']).one_or_none() if not file: return api_error(api_result_code=ApiErorrCode.FILE_NOT_EXISTS) # Get the user from DB user = session.query(User).get(user_id) if not user: return api_error(http_code=Unauthorized.code, api_result_code=ApiErorrCode.UNAUTHORIZED) # Enforce BLP no write down if not blp_rules.enforce_blp_write(user.level, file.level): return api_error(http_code=Unauthorized.code, api_result_code=ApiErorrCode.UNAUTHORIZED) # Write to the file write_func(file.filename, data['content']) return api_ok()
def files_delete(): data = request.get_json() user_id = auth.get_current_user_id() with db_manager.session_scope() as session: # Verify that file exists file = session.query(File).filter( File.filename == data['filename']).one_or_none() if not file: return api_error(api_result_code=ApiErorrCode.FILE_NOT_EXISTS) # Verify that the user who tries to delete the file is the owner of the file if file.owner_id != user_id: return api_error( http_code=Unauthorized.code, api_result_code=ApiErorrCode.UNAUTHORIZED, error_message="The file can be deleted only by its owner") # Delete the file entry from DB session.delete(file) session.commit() # Delete the file on the filesystem file_manager.delete_file(data['filename']) return api_ok()
def interview_blueprint_route_list(): current_role = get_current_role() if request.method != 'GET': return 'Unknown action' if current_role not in ['admin', 'worker']: return redirect('/menu') try: with UseDatabase(current_app.config['db'][current_role]) as cursor: if current_role == 'admin': get_interviews_query = """ select i.iv_id, i.salary, e.name as employee, i.iv_date, v.position from interview i join employee e on e.emp_id = i.emp_id join vacancy v on i.v_id = v.v_id where iv_id in (select distinct iv_id from interview_result) order by i.iv_id """ cursor.execute(get_interviews_query) interviews = make_dict_list_from_rows(cursor) get_candidates_query = """ select ir.iv_id, c.c_id, c.name, c.age, c.gender, c.address from interview_result ir join candidate c on ir.c_id = c.c_id order by ir.iv_id; """ cursor.execute(get_candidates_query) candidates = make_dict_list_from_rows(cursor) for interview in interviews: interview['candidates'] = [ candidate for candidate in candidates if candidate['iv_id'] == interview['iv_id'] ] return render_template('interview_list_admin.html', interviews=interviews) elif current_role == 'worker': # Добавить, чтоб выводились собсеседования конкретного employee worker_id = get_current_user_id() get_interview_query = f""" SELECT i.iv_date as date, v.position, i.salary, c.name as candidate, iv.result, iv.rating from interview_result iv join interview i on iv.iv_id = i.iv_id join candidate c on iv.c_id = c.c_id join employee e on i.emp_id = e.emp_id join vacancy v on i.v_id = v.v_id where e.emp_id = {worker_id} """ cursor.execute(get_interview_query) interviews = make_dict_list_from_rows(cursor) return render_template('interview_list_worker.html', interviews=interviews) else: return 'Error. You are not permitted to view this page' except DBConnectionError as e: return 'Произошла ошибка соединения' except DBCredentialError as e: return 'Не удается войти в бд' except DBBaseError as e: return 'Произошла непредвиденная ошибка бд' except DBSQLError as e: return 'Ошибка базы данных'