def post(self, resp):
post_data = request.get_json()
response_object = {
'status': 'fail',
'message': 'Invalid payload.'
}
if not is_admin(resp):
response_object['message'] = \
'You do not have the permission to do that.'
return response_object, 401
if not post_data:
return response_object, 400
username = post_data.get('username')
email = post_data.get('email')
password = post_data.get('password')
try:
user = User.query.filter_by(email=email).first()
if not user:
db.session.add(User(
username=username, email=email, password=password))
db.session.commit()
response_object['status'] = 'success'
response_object['message'] = f'{email} was added!'
return response_object, 201
else:
response_object['message'] = 'Sorry. ' \
'That email already exists.'
return response_object, 400
except (exc.IntegrityError, ValueError):
db.session.rollback()
return response_object, 400
def post(self, resp):
post_data = request.get_json()
response_object = {"status": "fail", "message": "Invalid payload"}
if not is_admin(resp):
response_object["message"] =\
"You do not have permission to do that"
return response_object, 401
if not post_data:
return response_object, 400
username = post_data.get("username")
email = post_data.get("email")
password = post_data.get("password")
try:
user = User.query.filter_by(email=email).first()
if not user:
db.session.add(
User(username=username, email=email, password=password))
db.session.commit()
response_object["status"] = "success"
response_object["message"] = f"{email} was added!"
return response_object, 201
response_object["message"] = "Sorry. That email already exists"
return response_object, 400
except exc.IntegrityError:
db.session.rollback()
return response_object, 400
except (exc.IntegrityError, ValueError):
db.session.rollback()
return response_object, 400
def post_users(user_id):
""" POST /users
Adds a new user.
model:
username,
email,
password,
active,
admin,
created_at
:param user_id:
:return: Flask Response
"""
if not is_admin(user_id):
return error_response('You do not have permission to do that.'), 401
data = request.get_json()
if not data:
return error_response(), 400
username = data.get('username')
email = data.get('email')
password = data.get('password')
# TODO setup validation
try:
if not User.query.filter(
or_(User.username == username, User.email == email)).first():
add_user(username, email, password)
return success_response(
'{email} was added!'.format(email=email)), 201
return error_response('User already exists.'), 400
except (exc.IntegrityError, ValueError):
db.session.rollback()
return error_response(), 400
def add_user(resp):
"""Add a user to the database."""
post_data = request.get_json()
response_object = {
'status': 'fail',
'message': 'Invalid payload.'
}
if not is_admin(resp):
response_object['message'] = 'You do not have permission to do that.'
return jsonify(response_object), 401
if not post_data:
return jsonify(response_object), 400
username = post_data.get('username')
email = post_data.get('email')
password = post_data.get('password')
try:
user = User.query.filter_by(email=email).first()
if not user:
db.session.add(
User(username=username, email=email, password=password)
)
db.session.commit()
response_object = {
'status': 'success',
'message': '{email} was added!'.format(email=email)
}
return jsonify(response_object), 201
else:
response_object['message'] = 'Sorry. That email already exists.'
return jsonify(response_object), 400
except (exc.IntegrityError, ValueError) as e:
db.session.rollback()
return jsonify(response_object), 400
def delete(self, sub, user_id, question_id):
""" Delete question_id, must be admin or the correct user """
response = {'status': 'fail', 'message': 'Question does not exist'}
if not is_admin(sub) and not is_same_user(sub, user_id):
response[
'message'] = 'You do not have permission to delete this question'
return response, 403
try:
question = Question.query.filter_by(
id=int(question_id), author_id=int(user_id)).first()
if not question:
return response, 404
else:
db.session.query(Question).filter(
Question.id == int(question_id)).delete()
db.session.commit()
# get updated object
deleted_question = Question.query.filter_by(
id=int(question_id)).first()
if not deleted_question:
delete_response = {
"status": "success",
"message": "Deleted"
}
return delete_response, 204
else:
response['message'] = 'Server error'
return response, 500
except ValueError:
return response, 404
def post(self, sub):
post_data = request.get_json()
response = {'status': 'fail', 'message': 'Invalid payload'}
if not is_admin(sub):
response['message'] = 'Forbidden'
return response, 403
# empty request
if not post_data:
response['message'] = 'Empty payload'
return response, 400
username = post_data.get('username')
email = post_data.get('email')
password = post_data.get('password')
# test User constraints
try:
user = User.query.filter_by(
email=email).first() # get first record that matches email
if not user:
db.session.add(
User(username=username, email=email,
password=password)) # add new user
db.session.commit() # commit to db
response['status'] = 'success'
response['message'] = f'{email} added.'
return response, 201
else:
response['message'] = 'Email already exists'
return response, 400
# Handle db exception
except (exc.IntegrityError, ValueError):
db.session.rollback() # must rollback any changes
return response, 400
def put(self, sub, user_id, question_id):
""" Update question_id, must be admin or the correct user """
put_data = request.get_json()
response = {'status': 'fail', 'message': 'Question does not exist'}
# If user sending req is not admin and not updating their own question, fail
if not is_admin(sub) and not is_same_user(sub, user_id):
response[
'message'] = 'You do not have permission to update this question'
return response, 403
try:
question = Question.query.filter_by(
id=int(question_id), author_id=int(user_id)).first()
if not question:
return response, 404
else:
for key, value in put_data.items():
setattr(question, key, value)
db.session.commit()
updated_question = Question.query.filter_by(
id=int(question_id), author_id=int(user_id)).first()
put_response = {
'status': 'success',
'data': updated_question.to_json()
}
return put_response, 201
except ValueError:
return response, 404
def delete(self, sub, user_id):
""" Delete user_id, must be admin or the correct user """
response = {'status': 'fail', 'message': 'User does not exist'}
# If user sending request is not admin and not the user deleting their own profile return 403
if not is_admin(sub) and not is_same_user(sub, user_id):
response[
'message'] = 'You do not have permission to delete this user'
return response, 403
try:
user = User.query.filter_by(id=int(user_id)).first()
if not user:
return response, 404
else:
db.session.query(User).filter(User.id == user_id).delete()
db.session.commit()
# get updated object
deleted_user = User.query.filter_by(id=int(user_id)).first()
if not deleted_user:
delete_response = {
"status": "success",
"message": "Deleted"
}
return delete_response, 204
else:
response['message'] = 'Server error'
return response, 500
except ValueError:
return response, 404
def put(self, sub, user_id):
""" Update user_id, must be admin or the correct user """
put_data = request.get_json()
response = {'status': 'fail', 'message': 'User does not exist'}
# If user sending request is not admin and not the user updating their own profile
if not is_admin(sub) and not is_same_user(sub, user_id):
response[
'message'] = 'You do not have permission to update this user'
return response, 403
try:
user = User.query.filter_by(id=int(user_id)).first()
if not user:
return response, 404
else:
for key, value in put_data.items():
setattr(user, key, value)
db.session.commit()
# get updated object
updated_user = User.query.filter_by(id=int(user_id)).first()
put_response = {
"status": "success",
"data": updated_user.to_json()
}
return put_response, 201
except ValueError:
return response, 404
def flower_user(resp):
print("hello")
post_data = request.get_json()
response_object = {'message': 'Invalid payload'}
if not is_admin(resp):
response_object['message'] = 'You do not have permission to do that.'
return jsonify(response_object), 401
# check for post_data
# import pdb; pdb.set_trace()
if not post_data:
return jsonify(response_object), 400
username = post_data.get('username')
email = post_data.get('email')
password = post_data.get('password')
try:
user = User.query.filter_by(email=email).first()
if not user:
db.session.add(
User(username=username, email=email, password=password))
db.session.commit()
response_object['message'] = f'{email} was added'
return jsonify(response_object), 201
else:
response_object['message'] = 'Sorry. That email already exists'
return jsonify(response_object), 400
except (exc.IntegrityError, ValueError) as e:
db.session.rollback()
response_object['ValueError'] = 'ValueError'
return jsonify(response_object), 400
def add_user(resp):
# pdb.set_trace()
if not is_admin(resp):
response_object = {
'status': 'error',
'message': 'You do not have permission to do that.'
}
return make_response(jsonify(response_object)), 401
post_data = request.get_json()
# handler the empty post
if not post_data:
response_object = {'status': 'fail', 'message': 'Invalid payload.'}
# 返回
return make_response(jsonify(response_object)), 400
username = post_data.get('username')
email = post_data.get('email')
password = post_data.get('password')
try:
# handler the duplicate email post
user = User.query.filter_by(email=email).first()
# not duplicate email
if not user:
db.session.add(
User(username=username, email=email, password=password))
db.session.commit()
response_object = {
'status': 'success',
'message': f'{email} was added!'
}
return make_response(jsonify(response_object)), 201
else:
response_object = {
'status': 'fail',
'message': 'Sorry, That email has already exist.'
}
return make_response(jsonify(response_object)), 400
except exc.IntegrityError as e:
db.session.rollback()
response_object = {'status': 'fail', 'message': 'Invalid payload.'}
return make_response(jsonify(response_object)), 400
except ValueError as e:
db.session.rollback()
response_object = {'status': 'fail', 'message': 'Invalid payload.'}
return make_response(jsonify(response_object)), 400
def get(self, sub, user_id, question_id):
""" Get single question by user id """
response = {'status': 'fail', 'message': 'Question does not exist'}
if not is_admin(sub) and not is_same_user(sub, user_id):
response[
'message'] = 'You do not have permission to view this question'
return response, 403
try:
question = Question.query.filter_by(
id=int(question_id), author_id=int(user_id)).first()
if not question:
return response, 404
else:
response = {'status': 'success', 'data': question.to_json()}
return response, 200
except ValueError:
return response, 404
def post(resp, self):
jsonrequest = request.get_json()
result = TaskSchema().load(jsonrequest)
if result.errors:
return result.errors, 400
if not is_admin(resp):
response_object = {
'status': 'fail',
'message': 'You do not have permission to do that.'
}
return response_object, 401
try:
result.data.save()
except (ValueError) as e:
response_object = {'status': 'fail', 'message': 'Invalid payload'}
return response_object, 400
return TaskSchema().dump(result.data).data, 201