def post(self, account_number):
parser = reqparse.RequestParser()
parser.add_argument('sessionUserID')
args = parser.parse_args()
sessionUserID = args['sessionUserID']
response = requests.get(f"{api_url}/accounts/{account_number}")
if response.status_code == 404:
return (response.json())
isActive = response.json()['IsActive']
query = ''
if isActive == 'True':
if response.json()['Balance'] == 0:
query = f"""UPDATE Accounts SET IsActive = 0 WHERE AccountNumber = {account_number}"""
else:
return Helper.CustomResponse(
406, 'Balance must be $0.00 to be deactivated')
else:
query = f"""UPDATE Accounts SET IsActive = 1 WHERE AccountNumber = {account_number}"""
try:
engine.execute(query)
except Exception as e:
print(e)
return Helper.CustomResponse(500, 'SQL Error')
user = response.json()['id']
if isActive == 'True':
message = f"Account deactivated"
custom_response = Helper.CustomResponse(200, message)
data = {
'SessionUserID': sessionUserID,
'UserID': response.json()['id'],
'AccountNumber': response.json()['AccountNumber'],
'Amount': 0,
'Event': message
}
requests.post(f"{api_url}/events/create", json=data)
return custom_response
else:
message = f"Account activated!"
custom_response = Helper.CustomResponse(200, message)
data = {
'SessionUserID': sessionUserID,
'UserID': response.json()['id'],
'AccountNumber': response.json()['AccountNumber'],
'Amount': 0,
'Event': message
}
requests.post(f"{api_url}/events/create", json=data)
return custom_response
def get(self):
##### optional url query parameters
args = {
'id':
request.args.get('id'),
'username':
request.args.get('username'),
'usertype':
request.args.get('usertype'),
'firstname':
request.args.get('firstname'),
'lastname':
request.args.get('lastname'),
'email':
request.args.get('email'),
'is_active':
request.args.get('is_active'),
'is_password_expired':
request.args.get('is_password_expired'),
'password_expiration_date':
request.args.get('password_expiration_date'),
}
params = 'where '
for key, value in args.items():
if value != None:
params += f"{key} = '{value}' and "
if params == 'where ':
params = ''
else:
params = params[0:len(params) - 4]
#####
query = f"SELECT * FROM Users {params} ORDER BY id ASC"
try:
resultproxy = engine.execute(query)
except:
return Helper.CustomResponse(500, 'SQL ERROR')
d, a = {}, []
for rowproxy in resultproxy:
# rowproxy.items() returns an array like [(key0, value0), (key1, value1)]
for column, value in rowproxy.items():
# build up the dictionary
temp = str(value).split()
value = temp[0]
d = {**d, **{column: value}}
a.append(d)
if not a:
abort(Helper.CustomResponse(404, 'no users found'))
return a
def post(self):
parser = reqparse.RequestParser()
parser.add_argument('action')
parser.add_argument('journal_id')
parser.add_argument('form')
parser.add_argument('sessionUserID')
args = parser.parse_args()
action = args['action']
journal_ID = args['journal_id']
formDict = Helper.ParseArgs(args['form'])
sessionUserID = args['sessionUserID']
query = f"""UPDATE JournalEntries SET Status = '{action}', Message = '{formDict['message']}' WHERE Journal_ID = {journal_ID}"""
try:
engine.execute(query)
except Exception as e:
print(e)
return Helper.CustomResponse(500, 'SQL Error')
journalEntryDict = requests.get(
f"{api_url}/journals?Journal_ID={journal_ID}").json()
srcAccountDict = requests.get(
f"{api_url}/accounts/{journalEntryDict[0]['SourceAccountNumber']}"
).json()
destAccountDict = requests.get(
f"{api_url}/accounts/{journalEntryDict[0]['DestAccountNumber']}"
).json()
message = f"Journal Entry {action}"
data = {
'SessionUserID': sessionUserID,
'UserID': srcAccountDict['id'],
'AccountNumber': srcAccountDict['AccountNumber'],
'Event': message,
'Amount': 0
}
requests.post(f"{api_url}/events/create", json=data)
message = f"Journal Entry {action}"
data = {
'SessionUserID': sessionUserID,
'UserID': destAccountDict['id'],
'AccountNumber': destAccountDict['AccountNumber'],
'Event': message,
'Amount': 0
}
requests.post(f"{api_url}/events/create", json=data)
return Helper.CustomResponse(200, f"Journal Entry {action}")
def get(self):
query = "SELECT COUNT(EventID) from Events"
try:
resultProxy = engine.execute(query)
except Exception as e:
print(e)
return Helper.CustomResponse(500, 'SQL Error')
for rowProxy in resultProxy:
return rowProxy[0]
def post(self):
content = request.get_json()
creationDateTime = datetime.now().strftime('%Y-%m-%d %H:%M:%S')
eventID = requests.get(f"{api_url}/events/count").json()
query = f"""INSERT INTO Events VALUES ({eventID}, {content['SessionUserID']}, {content['UserID']}, {content['AccountNumber']}, '{content['Event']}', {content['Amount']}, '{creationDateTime}')"""
try:
engine.execute(query)
except Exception as e:
print(e)
return Helper.CustomResponse(500, 'SQL Error')
def post(self, user_id):
parser = reqparse.RequestParser()
parser.add_argument('form')
parser.add_argument('sessionUserID')
parser.add_argument('userID')
args = parser.parse_args()
formDict = Helper.ParseArgs(args['form'])
sessionUserID = args['sessionUserID']
userID = args['userID']
currentPassword = formDict['currentPassword']
newPassword = formDict['newPassword']
sqlCurrentPassword = requests.get(
f"{api_url}/users/{user_id}").json()[0]['hashed_password']
previousPasswords = requests.get(
f"{api_url}/users/{user_id}/get_passwords").json()
if (check_password_hash(sqlCurrentPassword, currentPassword) == False):
response = Helper.CustomResponse(401,
'Incorrect current password!')
return response
for entry in previousPasswords:
if check_password_hash(entry['password'], newPassword):
response = Helper.CustomResponse(
406, 'New password has been used before!')
return response
newPassword = generate_password_hash(newPassword)
engine.execute(
f"""UPDATE Users SET hashed_password = '******' WHERE id = {user_id}; INSERT INTO Passwords (id, password) VALUES ({user_id}, '{newPassword}');"""
)
message = "User Password Updated"
data = {
'SessionUserID': sessionUserID,
'UserID': userID,
'AccountNumber': 0,
'Amount': 0,
'Event': message
}
requests.post(f"{api_url}/events/create", json=data)
response = Helper.CustomResponse(200, 'Password has been updated!')
return response
def get(self):
resultproxy = engine.execute(
f"SELECT * FROM Events ORDER BY EventID DESC")
d, a = {}, []
for rowproxy in resultproxy:
# rowproxy.items() returns an array like [(key0, value0), (key1, value1)]
for column, value in rowproxy.items():
# build up the dictionary
d = {**d, **{column: value}}
a.append(d)
if not a:
abort(Helper.CustomResponse(404, 'no events found'))
return a
def get(self):
resultproxy = engine.execute(f"SELECT * FROM Users ORDER BY id ASC")
d, a = {}, []
for rowproxy in resultproxy:
# rowproxy.items() returns an array like [(key0, value0), (key1, value1)]
for column, value in rowproxy.items():
# build up the dictionary
temp = str(value).split()
value = temp[0]
d = {**d, **{column: value}}
a.append(d)
if not a:
abort(Helper.CustomResponse(404, 'no users found'))
return a
def get(self):
##### optional url query parameters
args = {
'Journal_ID': request.args.get('Journal_ID'),
'RequestorUserID': request.args.get('RequestorUserID'),
'SourceAccountNumber': request.args.get('SourceAccountNumber'),
'DestAccountNumber': request.args.get('DestAccountNumber'),
'Status': request.args.get('Status'),
'Credits': request.args.get('Credits'),
'Message': request.args.get('Message'),
'Timestamp': request.args.get('Timestamp'),
'StartDate': request.args.get('StartDate'),
'EndDate': request.args.get('EndDate')
}
startDate = datetime.strptime('2000-01-01 00:00:00',
'%Y-%m-%d %H:%M:%S')
endDate = datetime.strptime('2100-12-31 23:59:59', '%Y-%m-%d %H:%M:%S')
params = 'where '
for key, value in args.items():
if value != None:
if key == 'StartDate':
startDate = value
elif key == 'EndDate':
endDate = value
else:
params += f"{key} = '{value}' and "
params += f"TimeStamp BETWEEN '{startDate}' AND '{endDate}'"
if params == 'where ':
params = ''
#####
query = f"""select JournalEntries.*, src.AccountName as SourceAccountName, dest.AccountName as DestAccountName
from JournalEntries
inner join Accounts src on JournalEntries.SourceAccountNumber=src.AccountNumber
inner join Accounts dest on JournalEntries.DestAccountNumber=dest.AccountNumber
{params}"""
resultproxy = engine.execute(query)
d, a = {}, []
for rowproxy in resultproxy:
# rowproxy.items() returns an array like [(key0, value0), (key1, value1)]
for column, value in rowproxy.items():
# build up the dictionary
d = {**d, **{column: value}}
a.append(d)
if not a:
abort(Helper.CustomResponse(404, 'no journals found'))
return a
def get(self, account_number):
resultproxy = engine.execute(
f"SELECT * FROM Accounts where AccountNumber = {account_number} ORDER BY id ASC"
)
d = {}
for rowproxy in resultproxy:
# rowproxy.items() returns an array like [(key0, value0), (key1, value1)]
for column, value in rowproxy.items():
# build up the dictionary
d = {**d, **{column: value}}
if not d:
abort(
Helper.CustomResponse(
404, 'account not found with provided account number'))
return d
def get(self, user_id):
resultproxy = engine.execute(
f"select * from Users where id = {user_id}")
d, a = {}, []
for rowproxy in resultproxy:
# rowproxy.items() returns an array like [(key0, value0), (key1, value1)]
for column, value in rowproxy.items():
# build up the dictionary
temp = str(value).split()
value = temp[0]
d = {**d, **{column: value}}
a.append(d)
if not a:
abort(Helper.CustomResponse(404,
'user not found with provided id'))
return a
def post(self, account_number):
parser = reqparse.RequestParser()
parser.add_argument('form')
parser.add_argument('sessionUserID')
parser.add_argument('userID')
args = parser.parse_args()
formDict = Helper.ParseArgs(args['form'])
sessionUserID = args['sessionUserID']
userID = args['userID']
accountName = formDict['accountName']
accountDesc = formDict['accountDesc']
normalSide = formDict['normalSide']
category = formDict['category']
subcategory = formDict['subcategory']
accountOrder = formDict['accountOrder']
comment = formDict['comment']
query = f"""UPDATE Accounts SET AccountName = '{accountName}', AccountDesc = '{accountDesc}', NormalSide = '{normalSide}', Category = '{category}', Subcategory = '{subcategory}', AccountOrder = {accountOrder}, Comment = '{comment}' WHERE AccountNumber = {account_number}"""
try:
engine.execute(query)
except Exception as e:
print(e)
return Response("SQL Error",
status=500,
mimetype='application/json')
message = f"Account updated"
data = {
'SessionUserID': sessionUserID,
'UserID': userID,
'AccountNumber': account_number,
'Amount': 0,
'Event': message
}
requests.post(f"{api_url}/events/create", json=data)
response = Helper.CustomResponse(200, 'Account Edited Successfully!')
return response
def post(self, username):
parser = reqparse.RequestParser()
parser.add_argument('form')
parser.add_argument('sessionUserID')
args = parser.parse_args()
formDict = Helper.ParseArgs(args['form'])
sessionUserID = args['sessionUserID']
if formDict['accountHolderUsername'] != None:
user = formDict['accountHolderUsername']
else:
user = username
response = requests.get(f"{api_url}/users/{user}")
if response.status_code == 404:
return (response.json())
user = response.json()[0]
id = user['id']
accountName = formDict['accountName']
accountDesc = formDict['accountDesc']
normalSide = formDict['normalSide']
category = formDict['category']
subcategory = 'None'
balance = 0
creationDate = datetime.now().strftime('%Y-%m-%d %H:%M:%S')
accountOrder = 1
statement = 'None'
comment = 'None'
accountNumber = Helper.GenerateAccountNumber(api_url)
isActive = 1
response = Helper.CheckForDuplicateAccountName(id, accountName,
api_url)
if response.status_code != 200:
return response
query = f"""INSERT INTO Accounts VALUES ({id}, '{accountName}', {accountNumber}, '{accountDesc}', '{normalSide}',
'{category}', '{subcategory}', {balance}, '{creationDate}', {accountOrder},
'{statement}', '{comment}', {isActive})"""
try:
engine.execute(query)
except Exception as e:
print(e)
return Response("SQL Error",
status=500,
mimetype='application/json')
message = f"Account created"
data = {
'SessionUserID': sessionUserID,
'UserID': id,
'AccountNumber': accountNumber,
'Amount': 0,
'Event': message
}
requests.post(f"{api_url}/events/create", json=data)
email = user['email']
msg = Message('Account Creation Notice', recipients=[email])
msg.body = f"Hello,\nThank you for opening a {category} account with us!"
mail.send(msg)
response = Helper.CustomResponse(200, 'Account Created!')
return response
def post(self):
parser = reqparse.RequestParser()
parser.add_argument('form')
parser.add_argument('sessionUserID')
parser.add_argument('file')
args = parser.parse_args()
formDict = json.loads(args['form'])
response1 = requests.get(
f"{api_url}/accounts/{formDict['SourceAccountNumber']}")
response2 = requests.get(
f"{api_url}/accounts/{formDict['DestAccountNumber']}")
if response1.status_code == 404:
abort(
Helper.CustomResponse(404,
'Source Account number does not exist.'))
if response2.status_code == 404:
abort(
Helper.CustomResponse(
404, 'Destination Account number does not exist.'))
if response1.json()['AccountNumber'] == response2.json(
)['AccountNumber']:
abort(
Helper.CustomResponse(400,
'Account numbers cannot be the same.'))
response = requests.get(f"{api_url}/journals")
if response.status_code == 404:
Journal_ID = 0
else:
Journal_ID = len(requests.get(f"{api_url}/journals").json())
RequestorUserID = args['sessionUserID']
fileURL = args['file']
if (fileURL == ''):
fileURL = None
Status = 'pending'
message = formDict['Comment']
if (message == ''):
message = 'No Message provided'
timestamp = datetime.now().strftime('%Y-%m-%d %H:%M:%S')
query = f"""INSERT INTO JournalEntries VALUES ({Journal_ID}, {RequestorUserID}, {formDict['SourceAccountNumber']}, {formDict['DestAccountNumber']},
'{Status}', '{formDict['Debits']}', '{formDict['Credits']}', '{message}', '{timestamp}', '{fileURL}')"""
query2 = f"UPDATE Accounts SET Balance = Balance - {formDict['Credits']} WHERE AccountNumber = {formDict['SourceAccountNumber']};"
query3 = f"UPDATE Accounts SET Balance = Balance + {formDict['Debits']} WHERE AccountNumber = {formDict['DestAccountNumber']};"
#expense or revenue transactions will affect the retained earnings account, other types of transactions will be normal
if (formDict['TypeOfAcc'] == 'Expense or Revenue'):
query4 = f"UPDATE Accounts SET Balance = Balance - {formDict['Credits']} WHERE Subcategory ='Retained Earnings';"
try:
engine.execute(query4)
except Exception as e:
print(e)
return Helper.CustomResponse(500, 'SQL Error')
try:
engine.execute(query)
engine.execute(query2)
engine.execute(query3)
except Exception as e:
print(e)
return Helper.CustomResponse(500, 'SQL Error')
srcUserID = response1.json()['id']
destUserID = response2.json()['id']
creditsList = Helper.buildFloatArrayFromCommaDelimitedString(
formDict['Credits'])
debitsList = Helper.buildFloatArrayFromCommaDelimitedString(
formDict['Debits'])
message = f"Journal Entry Created"
data = {
'SessionUserID': RequestorUserID,
'UserID': srcUserID,
'AccountNumber': formDict['SourceAccountNumber'],
'Event': message,
'Amount': -sum(creditsList)
}
requests.post(f"{api_url}/events/create", json=data)
message = f"Journal Entry Created"
data = {
'SessionUserID': RequestorUserID,
'UserID': destUserID,
'AccountNumber': formDict['DestAccountNumber'],
'Event': message,
'Amount': sum(debitsList)
}
requests.post(f"{api_url}/events/create", json=data)
response = requests.get(f"{api_url}/users?usertype=manager")
emailDictList = response.json()
emails = []
for entry in emailDictList:
emails.append(entry['email'])
for email in emails:
msg = Message('New Journal Created', recipients=[email])
msg.body = f"Hello,\nA new journal entry has been created and is awaiting your approval"
mail.send(msg)
return Helper.CustomResponse(200, 'Entry Submitted!')