def update_user(current_user, id, user_id):
group = group_repository.get_or_404(current_user, id)
user = user_repository.get_or_404(user_id)
before_group_user_role = group.get_user_role(user)
if current_user == user and before_group_user_role == GroupUserRole.OWNER:
raise BusinessException("Você é o dono e não pode ser alterado.")
json_data = request.get_json()
utils.validate_params(json_data, ["role"])
data = utils.parse_params(json_data, ["role"])
group_user_role = GroupUserRole(data["role"])
if group_user_role in [GroupUserRole.USER, GroupUserRole.ADMIN]:
utils.check_permission(current_user, group, [GroupUserRole.OWNER])
if group_user_role == GroupUserRole.OWNER:
raise BusinessException("O grupo só pode ter um dono.")
data["group_id"] = group.id
data["user_id"] = user.id
group_user_repository.update(group, user, data)
return jsonify(group.json())
def add_user(current_user, id, user_id):
group = group_repository.get_or_404(current_user, id)
user = user_repository.get_or_404(user_id)
group_users = [
user_repository.get(group_user.user_id) for group_user in group.users
]
if user in group_users:
raise BusinessException("O usuário já encontra-se no grupo.")
json_data = request.get_json()
utils.validate_params(json_data, ["role"])
data = utils.parse_params(json_data, ["role"])
group_user_role = GroupUserRole(data["role"])
if group_user_role == GroupUserRole.USER:
utils.check_permission(current_user, group,
[GroupUserRole.OWNER, GroupUserRole.ADMIN])
if group_user_role == GroupUserRole.ADMIN:
utils.check_permission(current_user, group, [GroupUserRole.OWNER])
if group_user_role == GroupUserRole.OWNER:
raise BusinessException("O grupo só pode ter um dono.")
data["group_id"] = group.id
data["user_id"] = user.id
group_user_repository.save(data)
return jsonify(group.json())
def update(current_user, id, group_id):
group = group_repository.get_or_404(current_user, group_id)
utils.check_permission(current_user, group,
[GroupUserRole.OWNER, GroupUserRole.ADMIN])
expense = expense_repository.get_or_404(group, id)
json_data = request.get_json()
data = utils.parse_params(
json_data, ["name", "category_id", "value", "description", "items"])
data_items = []
if "items" in data:
utils.validate_params(data, ["user_id", "value"], "items")
data_items = data.pop("items")
if data["value"] != sum(data_item["value"]
for data_item in data_items):
raise BusinessException(
"A soma dos valores dos não equivale ao total da despesa.")
expense = expense_repository.update(group, id, data)
update_items(expense, data_items, group)
return jsonify(expense.json())
def token():
json_data = request.get_json()
utils.validate_params(json_data, ["username", "password", "device"])
utils.validate_params(json_data, ["token"], "device")
username = json_data.get("username")
password = json_data.get("password")
user = user_repository.get_by_username(username)
if not user:
raise NotFoundException(
f"Não foi encontrado usuário com login [{username}].")
if not check_password_hash(user.password, password):
return jsonify({"message": "Suas credenciais estão incorretas."}), 403
payload = {
"username":
user.username,
"exp":
datetime.datetime.utcnow() + datetime.timedelta(seconds=TOKEN_LIFETIME)
}
token = jwt.encode(payload, current_app.config.get("SECRET_KEY"))
device_token = json_data.get("device").get("token")
save_device(user, device_token)
return jsonify({
"token": token.decode("utf-8"),
"expires_in": TOKEN_LIFETIME
})
def signup():
json_data = request.get_json()
params = ["full_name", "username", "password", "confirm_password"]
utils.validate_params(json_data, params)
data = utils.parse_params(json_data, params)
existing_user = user_repository.get_by_username(data["username"])
# sqlalchemy.exc.IntegrityError
if existing_user:
return jsonify(
{"message":
f"Usuário {data['username']} não está disponível."}), 409
if data["password"] != data["confirm_password"]:
return jsonify({"message": "As senhas não coincidem."}), 409
data["password"] = generate_password_hash(data.get("password"))
del data["confirm_password"]
user = user_repository.save(data)
return jsonify(user.json())
def update(current_user, id):
group = group_repository.get_or_404(current_user, id)
utils.check_permission(current_user, group,
[GroupUserRole.OWNER, GroupUserRole.ADMIN])
json_data = request.get_json()
utils.validate_params(json_data, ["name"])
data = utils.parse_params(json_data, ["name"])
group = group_repository.update(current_user, id, data)
return jsonify(group.json())
def save(current_user):
json_data = request.get_json()
utils.validate_params(json_data, ["name"])
data = utils.parse_params(json_data, ["name"])
group = group_repository.save(data)
data_group_user = {
"group_id": group.id,
"user_id": current_user.id,
"role": GroupUserRole.OWNER.name
}
group_user_repository.save(data_group_user)
return jsonify(group.json())