def logs_clear_all():
"""
Clear all logs.
"""
data = json.loads(request.data)
session_id = data.get('session_id')
if not User.check_session(data.get('session_id')):
log = Logs('logs_clear_all', \
dumps({'error': 'must be logged in to clear logs'}), 400)
log.create()
return make_response(
dumps({'error': 'must be logged in to clear logs'}), 400)
current_user, _ = User.get_user_data_from_session(session_id)
if not current_user.get('isAdmin'):
log = Logs('logs_clear_all', \
dumps({"error": "you do not have permission to clear logs"}), 401)
log.create()
return make_response(dumps({"error": "you do not have permission to clear logs"}), \
401)
results, response_code = Logs.clear_all()
return make_response(dumps(results), response_code)
def get_movies():
"""get a list of movies from the db"""
results = Movie.get_movies(10)
log = Logs('get_movies', dumps(results), 200)
log.create()
return make_response(dumps(results), 200)
def get_movie_details(movie_id):
"""get a movie's details from the db"""
results, response_code = Movie.get_movie_details(movie_id)
log = Logs('get_movie_details', dumps(results), response_code)
log.create()
return make_response(jsonify(results), response_code)
def user_details():
"""check sensitive user details"""
session_id = request.args.get('sessionId')
result, response_code = User.get_user_data_from_session(session_id)
log = Logs('user_details', dumps(result), response_code)
log.create()
return make_response(dumps(result), response_code)
def search_user():
"""searches for a user with a name containing the given string"""
name = request.args.get('name')
results, response_code = User.find_all_user_with_name(name)
log = Logs('search_user', dumps(results), response_code)
log.create()
return make_response(dumps(results), response_code)
def prod_get_all():
"""
Gets all prods for a user
"""
data = json.loads(request.data)
user_id = data.get('user_id')
results, response_code = Prod.get_all_for_user(user_id)
log = Logs('prod_get_all', dumps(results), response_code)
log.create()
return make_response(dumps(results), response_code)
def prod_mark_read():
"""
Marks prods as read in the database
"""
data = json.loads(request.data)
prod_id = data.get('prod_id')
result, response_code = Prod.mark_read(prod_id)
log = Logs('prod_mark_read', dumps(result), response_code)
log.create()
return make_response(dumps(result), response_code)
def end_session():
"""
End a user's session
"""
data = json.loads(request.data)
session_id = data.get('sessionId')
result, response_code = User.end_session(session_id)
log = Logs('end_session', dumps(result), response_code)
log.create()
return make_response(dumps(result), response_code)
def make_admin():
"""make another user an admin"""
data = json.loads(request.data)
user_id = data.get('user_id')
session_id = data.get('session_id')
if not User.check_session(data.get('session_id')):
log = Logs('make_admin',
dumps({'error': 'must be logged in to make a user admin'}),
400)
log.create()
return make_response(
dumps({'error': 'must be logged in to make a user admin'}), 400)
if not user_id:
log = Logs('make_admin', dumps({"error": "user id is required"}), 400)
log.create()
return make_response(dumps({"error": "user id is required"}), 400)
current_user, _status = User.get_user_data_from_session(session_id)
if not current_user.get('isAdmin'):
log = Logs(
'make_admin',
dumps({"error": "you do not have permission to make admin"}), 401)
log.create()
return make_response(
dumps({"error": "you do not have permission to make admin"}), 401)
result, response_status = User.make_admin(user_id)
log = Logs('make_admin', dumps(result), response_status)
log.create()
return make_response(dumps(result), response_status)
def delete_user():
"""delete a user"""
data = json.loads(request.data)
user_id = data.get('user_id')
session_id = data.get('session_id')
if not User.check_session(data.get('session_id')):
log = Logs('delete_user',
dumps({'error': 'must be logged in to delete a user'}), 400)
log.create()
return make_response(
dumps({'error': 'must be logged in to delete a user'}), 400)
if not user_id:
log = Logs('delete_user', dumps({"error": "user id is required"}), 400)
log.create()
return make_response(dumps({"error": "user id is required"}), 400)
current_user, _status = User.get_user_data_from_session(session_id)
if not (str(current_user.get('_id')) == user_id
or current_user.get('isAdmin')):
log = Logs('delete_user', \
dumps({"error": "you cannot delete an account you do not own"}), 401)
log.create()
return make_response(
dumps({"error": "you cannot delete an account you do not own"}),
401)
delete_result, response_status = User.delete_user(user_id)
log = Logs('delete_user', dumps(delete_result), response_status)
log.create()
return make_response(dumps(delete_result), response_status)
def login_user():
"""check an email and password login"""
data = json.loads(request.data)
email = data.get('email')
password = data.get('password')
if not email or not password:
return make_response(
dumps({"error": "email and password are required"}), 400)
login_result, response_status = User.attempt_login(email, password)
log = Logs('login_user', dumps(login_result), response_status)
log.create()
return make_response(dumps(login_result), response_status)
def unfollow():
"""unfollows a user with the given id"""
data = json.loads(request.data)
if not User.check_session(data.get('session_id')):
log = Logs('unfollow',
dumps({'error': 'must be logged in to unfollow'}), 400)
log.create()
return make_response(dumps({'error': 'must be logged in to unfollow'}),
400)
results, response_code = User.unfollow_user_with_id(
data.get('session_id'), data.get('oid'))
log = Logs('unfollow', dumps(results), response_code)
log.create()
return make_response(dumps(results), response_code)
def follow_me_get_all():
"""
Gets all users who follow a user
"""
data = json.loads(request.data)
if not User.check_session(data.get('session_id')):
log = Logs('follow_me_get_all', \
dumps({'error': 'must be logged in to view followers'}), 400)
log.create()
return make_response(
dumps({'error': 'must be logged in to view followers'}), 400)
user_id = data.get('user_id')
results, response_code = User.get_users_follow_me(user_id)
log = Logs('follow_me_get_all', dumps(results), response_code)
log.create()
return make_response(dumps(results), response_code)
def delete_movie_reviews(movie_id):
"""
Delete a review from a movie, given the review id
"""
data = json.loads(request.data)
review_id = data.get('review_id')
session_id = data.get('session_id')
if not (data.get('session_id')
and User.check_session(data.get('session_id'))):
log = Logs('delete_movie_reviews', \
dumps({'error': 'must be logged in to delete review'}), 400)
log.create()
return make_response(
dumps({'error': 'must be logged in to delete review'}), 400)
results, response_code = Review.delete(review_id)
log = Logs('delete_movie_reviews', dumps(results), response_code)
log.create()
return make_response(dumps(results), response_code)
def setUp(self):
APP.config['TESTING'] = True
APP.config['WTF_CSRF_ENABLED'] = False
self.app = APP.test_client()
DB.Logs.delete_many({})
DB.User.delete_many({})
DB.Session.delete_many({})
log = Logs('test', dumps({'log': 'test log'}), 200)
log.create()
DB.User.insert_one({
'name': 'Admin',
'email': '*****@*****.**',
'password': '******',
'age': 22,
'genre': 'Horror',
'isAdmin': True
})
DB.Session.insert_one({
'session_id': 'admin',
'email': '*****@*****.**'
})
DB.User.insert_one({
'name': 'User',
'email': '*****@*****.**',
'password': '******',
'age': 22,
'genre': 'Horror',
'isAdmin': False
})
DB.Session.insert_one({
'session_id': 'notadmin',
'email': '*****@*****.**'
})
def review_movie(movie_id):
"""rate a movie from 1-5 stars (add more later)"""
new_review = Review()
data = json.loads(request.data)
if not User.check_session(data.get('session_id')):
log = Logs('review_movie',
dumps({'error': 'must be logged in to review'}), 400)
log.create()
return make_response(dumps({'error': 'must be logged in to review'}),
400)
new_review.tmdb_id = movie_id
new_review.user_id = data.get('user_id')
new_review.user_name = data.get('user_name')
new_review.rating = data.get('rating')
new_review.description = data.get('description')
new_review.movie_title = data.get('movie_title')
results, response_code = new_review.create()
log = Logs('review_movie', dumps(results), response_code)
log.create()
return make_response(dumps(results), response_code)
def prod_users():
"""
Send users prods (movie recommendations)
Return data contains a dict from receiver id to result
"""
data = json.loads(request.data)
if not User.check_session(data.get('session_id')):
log = Logs('prod_users', dumps({'error': 'must be logged in to prod'}),
400)
log.create()
return make_response(dumps({'error': 'must be logged in to prod'}),
400)
receivers = data.get('receivers')
sender = data.get('sender')
tmdb_id = data.get('tmdb_id')
message = data.get('message')
if not receivers or not sender or not tmdb_id:
log = Logs('prod_users', \
dumps({'error': 'sender, receiver, and tmdb id required for prod'}), 400)
log.create()
return make_response(dumps({'error': 'sender, receiver, and tmdb id required for prod'}), \
400)
results = {}
for recv in receivers:
new_prod = Prod(sender, recv, tmdb_id, message)
result, rc = new_prod.create()
results[recv] = result
log = Logs('prod_users', dumps(results), 200)
log.create()
return make_response(dumps(results), 200)
def log(message):
date = datetime.datetime.now()
Logs.create(message=message, date=date, user=1)
print("%s %s" % (date, message))