def add_lot():
"""
POST create new lot
:return:
"""
if request.method == 'POST':
new_lot = Lot(owner=request.oauth.user)
form_data = None
try:
if hasattr(request,
'data') and request.content_type == 'application/json':
form_data = json.loads(request.data)
elif 'multipart/form-data' in request.content_type:
form_data = request.form
else:
db.session.rollback()
raise InvalidUsage('Incorrect content type.', status_code=500)
except:
db.session.rollback()
raise InvalidUsage('Get post data error.', status_code=500)
new_lot = lot_edit(new_lot, form_data=form_data)
db.session.add(new_lot)
db.session.commit()
new_lot = Lot.query.get(new_lot.id)
return jsonify(new_lot.serialize)
def wrapper(*args, **kwargs):
if request.oauth.user.admin_user != 1:
raise InvalidUsage('Just admin user can do this.', status_code=403)
elif request.oauth.user.admin_user != 1:
raise InvalidUsage('Just admin user can do this.', status_code=403)
return function(*args, **kwargs)
def publish_lot(lot_id):
lot = Lot.query.get(lot_id)
if lot.published:
raise InvalidUsage('Lot already published', status_code=400)
try:
lot.published = True
db.session.commit()
return jsonify(dict(success=True, message='ok'))
except:
raise InvalidUsage('Wrong input data', status_code=400)
def edit_category(category_id=None):
"""
operations with category PUT DELETE POST
:param category_id:
:return:
"""
category = Category.query.get(category_id)
form_data = None
if request.method != 'DELETE':
try:
if hasattr(request,
'data') and request.content_type == 'application/json':
form_data = json.loads(request.data)
elif 'multipart/form-data' in request.content_type:
form_data = request.form
else:
raise InvalidUsage('Incorrect content type.', status_code=500)
except:
raise InvalidUsage('Get post data error.', status_code=500)
if request.method == 'PUT':
category = category_edit(category, form_data=form_data)
db.session.add(category)
db.session.commit()
category = Category.query.get(category.id)
return jsonify(category.serialize)
elif request.method == 'DELETE':
count_lots = Lot.query.filter_by(category_id=category.id).count()
count_sub_category = Category.query.filter_by(
parent_id=category.id).count()
if count_sub_category == 0 and count_lots == 0:
db.session.delete(category)
db.session.commit()
return jsonify(dict(success=True))
else:
return jsonify(
dict(success=False,
message='lots or other categories refer on it'))
elif request.method == 'POST':
new_category = Category(user=request.oauth.user)
new_category.parent_id = category.id
new_category = category_edit(new_category, form_data=form_data)
db.session.add(new_category)
db.session.commit()
new_category = Category.query.get(new_category.id)
return jsonify(new_category.serialize)
def get_lots_by_page():
"""
get lots per pages
:param page:
:return:
"""
category = None
category_obj = None
if request and 'category' in request.args:
try:
category = int(request.args.get('category', None))
except (TypeError, ValueError):
raise InvalidUsage('You can not access to this lot',
status_code=404)
from lucky_club.api.categories.models import Category
category_obj = Category.query.get(category)
if category and category_obj:
lots_pages = Lot.query.filter(((Lot.finished == True) | (Lot.published == True)) & (Lot.deleted == False) & (Lot.category_id == category)) \
.paginate(error_out=False)
else:
lots_pages = Lot.query.filter(((Lot.finished == True) | (Lot.published == True)) & (Lot.deleted == False)) \
.paginate(error_out=False)
return jsonify(total_objects=lots_pages.total,
total_pages=lots_pages.pages,
page=lots_pages.page,
objects=[c.serialize for c in lots_pages.items],
has_next=lots_pages.has_next,
has_prev=lots_pages.has_prev)
def delete_attach(attachment_id):
"""
lot operations
:param attachment_id:
:return:
"""
attachment = Attachment.query.get(attachment_id)
lot = attachment.lot
if lot.owner_id == request.oauth.user.id or request.oauth.user.admin_user == 1:
if lot and not lot.published and not lot.deleted and not lot.finished:
db.session.delete(attachment)
db.session.commit()
return jsonify(dict(success=True))
else:
raise InvalidUsage('you can not edit unpublished lot',
status_code=400)
else:
raise InvalidUsage('do not have permissions', status_code=400)
def wrapper(*args, **kwargs):
from lucky_club.api.lots.models import Lot
lot = Lot.query.get(kwargs['lot_id'])
if lot and lot.published == True:
return function(*args, **kwargs)
else:
raise InvalidUsage('lot does not published yes', status_code=400)
def wrapper(*args, **kwargs):
from lucky_club.api.lots.models import Lot
lot = Lot.query.get(kwargs['lot_id'])
if lot and lot.deleted == False and lot.finished == False:
return function(*args, **kwargs)
else:
raise InvalidUsage('You can not edit finished ot deleted lot', status_code=400)
def recommend_lot(lot_id):
lot = Lot.query.get(lot_id)
try:
lot.recommend = not lot.recommend
db.session.commit()
return jsonify(dict(success=True, message='ok'))
except:
raise InvalidUsage('Wrong input data', status_code=400)
def wrapper(*args, **kwargs):
from lucky_club.api.lots.models import Lot
lot = Lot.query.get(kwargs['lot_id'])
if lot and (lot.owner_id == request.oauth.user.id or request.oauth.user.admin_user == 1):
return function(*args, **kwargs)
else:
raise InvalidUsage('You do not have permissions to edit object', status_code=403)
def wrapper(*args, **kwargs):
from lucky_club.api.lots.models import Lot
lot = Lot.query.get(kwargs['lot_id'])
if lot:
return function(*args, **kwargs)
else:
raise InvalidUsage('Lot does not exists', status_code=404)
def wrapper(*args, **kwargs):
from lucky_club.api.categories.models import Category
category = Category.query.get(kwargs['category_id'])
if category:
return function(*args, **kwargs)
else:
raise InvalidUsage('Category does not exists', status_code=404)
def _usergetter(self, username, password, client, request, *args, **kwargs):
if not hasattr(request, 'jwt_token'):
raise InvalidUsage('wrong parameter', status_code=500)
jwt_token = request.jwt_token
if self.app.config['TESTING']:
try:
token = jwt.decode(jwt_token, 'secret', algorithms=['HS256'])
except Exception:
raise InvalidUsage('JWT token decode problem', status_code=500)
else:
try:
token = self.parse_key(token_data=jwt_token, app=self.app)
except ExpiredSignatureError:
raise InvalidUsage('Token expired', status_code=500)
account = User.query.filter_by(firebase_user_id=token['sub']).one_or_none()
if account is None:
account = User(firebase_user_id=token['sub'])
account.email = token['email']
account.email_verified = token['email_verified']
account.name = token.get('name')
account.photo_url = token.get('picture')
# TODO change in prod system
# account.admin_user = 1
account.admin_user = 0
db.session.add(account)
from lucky_club.api.profile.models import Profile
profile = Profile(user=account, screen_name = account.name)
db.session.add(profile)
from lucky_club.api.account.models import Account
bank_account = Account(user=account)
db.session.add(bank_account)
db.session.commit()
if account and account.blocked == 1:
raise InvalidUsage('Access denied', status_code=403)
return account
def leave_lot(lot_id):
"""
get lot pictures
:param lot_id:
:return:
"""
lot = Lot.query.get(lot_id)
if lot.finished or lot.deleted:
raise InvalidUsage('You can not leave lot.', status_code=400)
participant = Participants.query.filter_by(
lot_id=lot_id, participant_id=request.oauth.user.id).first()
if not participant:
raise InvalidUsage('You are not participant.', status_code=400)
db.session.delete(participant)
db.session.commit()
return jsonify(dict(success=True, message='ok'))
def un_publish_lot(lot_id):
lot = Lot.query.get(lot_id)
if not lot.published:
raise InvalidUsage('Lot does not published yet', status_code=400)
count_members = Participants.query.filter_by(lot_id=lot.id).count()
if count_members == 0:
lot.published = False
db.session.commit()
return jsonify(dict(success=True))
def get_lot_by_id(lot_id):
"""
lot operations
:param lot_id:
:return:
"""
lot = Lot.query.get(lot_id)
if lot.deleted:
raise InvalidUsage('You can not access to this lot', status_code=403)
return jsonify(lot.serialize)
def add_message(lot_id):
"""
get lot pictures
:param lot_id:
:return:
"""
if request.method == 'POST':
new_message = Messages(user=request.oauth.user, lot_id=lot_id)
form_data = None
try:
if hasattr(request,
'data') and request.content_type == 'application/json':
form_data = json.loads(request.data)
elif 'multipart/form-data' in request.content_type:
form_data = request.form
else:
db.session.rollback()
raise InvalidUsage('Incorrect content type.', status_code=500)
except:
db.session.rollback()
raise InvalidUsage('Get post data error.', status_code=500)
try:
if 'message' not in form_data or not form_data['message'].strip():
db.session.rollback()
raise InvalidUsage('Field name is empty', status_code=400)
message = form_data['message']
new_message.message = message
except:
db.session.rollback()
raise InvalidUsage('Wrong input data', status_code=400)
db.session.add(new_message)
db.session.commit()
new_message = Messages.query.get(new_message.id)
return jsonify(new_message.serialize)
def category_edit(category, form_data):
from flask_uploads import UploadNotAllowed
from lucky_club.lucky_club import uploaded_photos
try:
if 'file' in request.files:
file = request.files['file']
if file.filename == '':
db.session.rollback()
raise InvalidUsage('Input file.', status_code=500)
if not is_ascii(file.filename):
name, ext = os.path.splitext(file.filename)
name = "1" + ext
file.filename = name
filename = uploaded_photos.save(file)
category.picture_file = filename
except UploadNotAllowed:
db.session.rollback()
raise InvalidUsage('The upload was not allowed', status_code=500)
else:
if 'name' not in form_data or not form_data['name'].strip():
db.session.rollback()
raise InvalidUsage('Field name is empty', status_code=400)
name = form_data['name']
category.name = name
if 'description' not in form_data or not form_data[
'description'].strip():
db.session.rollback()
raise InvalidUsage('Field description is empty', status_code=400)
description = form_data['description']
category.description = description
return category
def get_messages(lot_id):
"""
get lot pictures
:param lot_id:
:return:
"""
lot = Lot.query.get(lot_id)
if (lot.finished or lot.published) and not lot.deleted:
messages = Messages.query.filter_by(lot_id=lot_id).all()
return jsonify(messages=[c.serialize for c in messages])
else:
raise InvalidUsage('You can not access to this lot', status_code=403)
def edit_lot(lot_id):
edited_lot = Lot.query.get(lot_id)
if edited_lot.published:
raise InvalidUsage('You can not edit published lot.', status_code=403)
try:
if hasattr(request,
'data') and request.content_type == 'application/json':
form_data = json.loads(request.data)
elif 'multipart/form-data' in request.content_type:
form_data = request.form
else:
raise InvalidUsage('Incorrect content type.', status_code=500)
except:
raise InvalidUsage('Get post data error.', status_code=500)
if request.method == 'PUT':
edited_lot = lot_edit(edited_lot, form_data=form_data)
db.session.commit()
edited_lot = Lot.query.get(edited_lot.id)
return jsonify(edited_lot.serialize)
def get_users_lot_by_id(lot_id):
"""
lot operations
:param lot_id:
:return:
"""
lot = Lot.query.get(lot_id)
if lot.owner_id == request.oauth.user.id or request.oauth.user.admin_user == 1:
return jsonify(lot.serialize)
else:
if (lot.finished or lot.published) and not lot.deleted:
return jsonify(lot.serialize)
else:
raise InvalidUsage('You can not access to this lot',
status_code=403)
def finished_lot(lot_id):
"""
lot operations
:param lot_id:
:return:
"""
edited_lot = Lot.query.get(lot_id)
if edited_lot.deleted or not edited_lot.published:
raise InvalidUsage('Unappropriated operation with not deleted lot',
status_code=400)
if request.method == 'POST':
edited_lot.finished = True
db.session.commit()
return jsonify(dict(success=True))
def join_lot(lot_id):
"""
get lot pictures
:param lot_id:
:return:
"""
participant = Participants.query.filter_by(
lot_id=lot_id, participant_id=request.oauth.user.id).first()
if participant:
raise InvalidUsage('You are already participant.', status_code=400)
participant = Participants(lot_id=lot_id,
participant_id=request.oauth.user.id)
db.session.add(participant)
db.session.commit()
return jsonify(dict(success=True, message='ok'))
def lot_edit(edited_lot, form_data):
try:
if 'name' not in form_data or not form_data['name'].strip():
db.session.rollback()
raise InvalidUsage('Field name is empty', status_code=400)
name = form_data['name']
edited_lot.name = name
if 'description' not in form_data or not form_data[
'description'].strip():
db.session.rollback()
raise InvalidUsage('Field description is empty', status_code=400)
description = form_data['description']
edited_lot.description = description
if 'full_description' not in form_data or not form_data[
'full_description'].strip():
db.session.rollback()
raise InvalidUsage('Field full_description is empty',
status_code=400)
full_description = form_data['full_description']
edited_lot.full_description = full_description
if 'category_id' not in form_data:
db.session.rollback()
raise InvalidUsage('Field category is empty', status_code=400)
category = form_data['category_id']
edited_lot.category_id = int(category)
if 'count_participants' not in form_data:
db.session.rollback()
raise InvalidUsage('Field count_participants is empty',
status_code=400)
count_participants = form_data['count_participants']
edited_lot.count_participants = int(count_participants)
if 'price' not in form_data:
db.session.rollback()
raise InvalidUsage('Field price is empty', status_code=400)
price = form_data['price']
edited_lot.price = float(price)
except:
db.session.rollback()
raise InvalidUsage('Wrong input data', status_code=400)
return edited_lot
def set_favorite(lot_id):
"""
get lot pictures
:param lot_id:
:return:
"""
try:
favorite = Favorite.query.filter_by(
lot_id=lot_id, user_id=request.oauth.user.id).first()
if favorite:
db.session.delete(favorite)
db.session.commit()
else:
favorite = Favorite(lot_id=lot_id, user_id=request.oauth.user.id)
db.session.add(favorite)
db.session.commit()
return jsonify(dict(success=True, message='ok'))
except:
raise InvalidUsage('Something went wrong.', status_code=500)
def get_user_info(user_id):
profile = Profile.query.get(user_id)
if profile:
jsonify(profile.serialize)
else:
raise InvalidUsage('Can not find user.', status_code=404)
def wrapped_f(*args, **kwargs):
if methods and request.method in methods and request.oauth.user.admin_user != 1:
raise InvalidUsage('Just admin user can do this.', status_code=403)
elif not methods and request.oauth.user.admin_user != 1:
raise InvalidUsage('Just admin user can do this.', status_code=403)
return f(*args, **kwargs)
def me():
profile = None
try:
profile = Profile.query.filter_by(user=request.oauth.user).first()
except:
raise InvalidUsage('Get profile error', status_code=500)
if request.method == 'GET':
try:
return jsonify(profile.serialize)
except:
raise InvalidUsage('Get profile error', status_code=500)
elif request.method == 'PUT':
form_data = None
try:
if hasattr(request,
'data') and request.content_type == 'application/json':
form_data = json.loads(request.data)
elif 'multipart/form-data' in request.content_type:
form_data = request.form
else:
raise InvalidUsage('Incorrect content type.', status_code=500)
except:
raise InvalidUsage('Cannot get input data.', status_code=500)
from flask_uploads import UploadNotAllowed
from lucky_club.lucky_club import uploaded_photos
try:
if 'file' in request.files:
file = request.files['file']
if file.filename == '':
raise InvalidUsage('Input file.', status_code=500)
from pytils.translit import translify
if not is_ascii(file.filename):
name, ext = os.path.splitext(file.filename)
name = "1" + ext
file.filename = name
# file.filename = translify(file.filename)
filename = uploaded_photos.save(file)
profile.photo_file_name = filename
except UploadNotAllowed:
raise InvalidUsage('The upload was not allowed', status_code=500)
else:
if 'first_name' in form_data:
first_name = form_data['first_name']
profile.first_name = first_name
if 'screen_name' in form_data:
screen_name = form_data['screen_name']
profile.screen_name = screen_name
if 'last_name' in form_data:
last_name = form_data['last_name']
profile.last_name = last_name
if 'email' in form_data:
email = form_data['email']
profile.email = email
if 'bank_card' in form_data:
bank_card = form_data['bank_card']
profile.bank_card = bank_card
if 'phone' in form_data:
phone = form_data['phone']
profile.phone = phone
db.session.commit()
profile = Profile.query.filter_by(user=profile.user).first()
return jsonify(profile.serialize)
else:
raise InvalidUsage('Method does not support.', status_code=405)
def add_attach(lot_id):
"""
POST create new lot
:return:
"""
lot = Lot.query.get(lot_id)
if lot.published or lot.deleted or lot.finished:
raise InvalidUsage('Lot already published, deleted or finished',
status_code=400)
if request.method == 'POST':
new_attach = Attachment(user=request.oauth.user, lot_id=lot_id)
try:
if hasattr(request,
'data') and request.content_type == 'application/json':
form_data = json.loads(request.data)
elif 'multipart/form-data' in request.content_type:
form_data = request.form
else:
db.session.rollback()
raise InvalidUsage('Incorrect content type.', status_code=500)
except:
db.session.rollback()
raise InvalidUsage('Get post data error.', status_code=500)
from flask_uploads import UploadNotAllowed
from lucky_club.lucky_club import uploaded_photos
try:
if 'file' in request.files:
file = request.files['file']
if file.filename == '':
db.session.rollback()
raise InvalidUsage('Input file.', status_code=500)
if not is_ascii(file.filename):
name, ext = os.path.splitext(file.filename)
name = "1" + ext
file.filename = name
filename = uploaded_photos.save(file)
new_attach.picture = filename
except UploadNotAllowed:
db.session.rollback()
raise InvalidUsage('The upload was not allowed', status_code=500)
else:
if 'description' not in form_data or not form_data[
'description'].strip():
db.session.rollback()
raise InvalidUsage('Field description is empty',
status_code=400)
description = form_data['description']
new_attach.description = description
db.session.add(new_attach)
db.session.commit()
new_attach = Attachment.query.get(new_attach.id)
return jsonify(new_attach.serialize)
def error_by_oauth():
raise InvalidUsage('There occurs an error.', status_code=500)