def delete(self): is_user = False try: if g.user: is_user = True except: pass data = CustomerDelete.parser.parse_args() error_validation = validators.delete_validator(**data) if error_validation['error validation']: return error_validation if is_user: user = g.user position = PositionModel.find_by_id(user.position_id) if position.name != 'admin' or not user.verify_password( data['password']): return { 'message': "You are not privileged to delete customer's account!" }, 400 customer = CustomerModel.find_by_username(data['username']) if customer: log = LogModel("remove customer '{}'".format(data['username']), g.user.username, auth.admin) customer.delete_from_db() log.save_to_db() return {'message': "Customer's account deleted."} return { 'message': "Customer '{}' account does not exist.".format( data['username']) } else: customer = g.customer if customer.username != data['username']: return { 'message': 'You can not delete your account because you have typed wrong username!' }, 400 if not customer.verify_password(data['password']): return { 'message': 'You can not delete your account because you have typed wrong password!' }, 400 log = LogModel("remove customer '{}'".format(data['username']), g.customer.username, auth.customer) customer.delete_from_db() log.save_to_db() return {'message': 'Your account is deleted.'}
def authenticate(username, password): user = UserModel.find_by_username(username) customer = CustomerModel.find_by_username(username) print('authXXX') if user and user.verify_password(password): print('USER-auth') return user elif customer and customer.verify_password(password): print('CUSTOMER-auth') return customer
def get(self, username): if not Item.is_user(): return {'message': 'You are not privileged to continue!'}, 400 else: guest = UserModel.find_by_username(username) or CustomerModel.find_by_username(username) if not guest: return {'message': "Guest '{}' not found.".format(username)}, 404 if Item.is_admin(): return {'items': [item.json() for item in ItemModel.query.filter_by(reserved_by=guest.username)]} return {'items': [item.short_json() for item in ItemModel.query.filter_by(reserved_by=guest.username)]}
def post(self): try: user = g.user except: return {'message': "You are not privileged to continue!"}, 400 data = UserRegister.parser.parse_args() error_validation = validators.user_register_validator(**data) if error_validation['error validation']: return error_validation position = PositionModel.find_by_id(user.position_id) print(position) if position.name != 'admin': return { 'message': "You are not privileged to create user's account!" }, 400 if UserModel.find_by_username(data['username']): return { "message": "A user with that username already exists." }, 400 if CustomerModel.find_by_username(data['username']): return { "message": "A customer with that username already exists." }, 400 user = UserModel(**data) # user.save_to_db() log = LogModel("add user '{}'".format(data['username']), g.user.username, auth.admin) try: user.save_to_db() log.save_to_db() except: return { 'message': 'An error occurred inserting the user.' }, 500 # Internal Server Error # return {'user': user.fake_json()}, 201 # return {'users': [user.short_json() for user in UserModel.query.all()]}, 201 return {"message": "User created successfully."}, 201
def get(self, customer_name): try: if g.customer: return {'message': 'You are not privileged to continue!'}, 400 except: pass # position = PositionModel.find_by_id(g.user.position_id) # if position.name != 'admin': # return {'message': "You are not privileged to check user details!"}, 400 customer = CustomerModel.find_by_username(customer_name) if customer: return customer.json() return { 'message': "Customer '{}' not found.".format(customer_name) }, 404
def post(self): data = CustomerRegister.parser.parse_args() error_validation = validators.customer_register_validator(**data) if error_validation['error validation']: return error_validation if CustomerModel.find_by_username( data['username']) or UserModel.find_by_username( data['username']): return { "message": "An account with that username already exists" }, 400 customer = CustomerModel( **data) # CustomerModel(data['username'], data['password'] ...) customer.save_to_db() # return {'customer': customer.fake_json()}, 201 # return {'customers': [customer.short_json() for customer in CustomerModel.query.all()]}, 201 return {"message": "Account created successfully."}, 201