def get(self, _id):
account_id = request.headers.get("account_id")
if _id == account_id or (not is_customer(account_id) and is_customer(_id)):
result = get_account_visits(_id)
return make_response(jsonify(result), 200)
else:
return make_response("Invalid request, account id needed", 400)
def get(self, _id=None):
if _id:
account_id = request.headers.get("account_id")
if _id == account_id or (not is_customer(account_id) and is_customer(
_id)): # to not allow hairdresses to check other hairdressers
result = get_account_data(_id)
return make_response(result, 200)
else:
return make_response("User not authorized to view this data", 401)
else:
if not is_customer(request.headers.get("account_id")):
result = get_all_customers_data()
return make_response(result, 200)
else:
return make_response("Not authorized to see all users data", 401)
def get_account_visits(account_id: str) -> dict:
"""
Provides date, address/full name of customer, and id of the visits of the given account id
"""
if is_customer(account_id):
return get_customer_visits(account_id)
else:
return get_hairdresser_visits(account_id)
def get(self):
account_id = request.headers.get("account_id")
session_id = request.headers.get("session_id")
access_results = {"isHairdresser": False, "isAdmin": False}
if not is_customer(account_id):
access_results["isHairdresser"] = True
if can_access_admin(session_id, account_id):
access_results["isAdmin"] = True
return make_response(access_results, 200)
def get(self, _id=None):
if authorized_to_access_visit(_id, request.headers.get("account_id")):
for_edit = request.headers.get("for_edit")
if _id and for_edit:
result = get_visit_details_for_edit(_id)
return make_response(result, 200)
elif _id and not for_edit:
result = get_visit_details(_id, is_customer(request.headers.get("account_id")))
return make_response(result, 200)
else:
return make_response("No visit id provided", 400)
else:
return make_response("User not authorized to see this visit", 401)
def patch(self, _id):
data = request.get_json()
if data["summary"] or data["pictures"]:
if not is_customer(request.headers.get("account_id")):
visit_summary_update = add_visit_summary(request.get_json())
if visit_summary_update:
return make_response("Visit updated successfully", 200)
else:
return make_response(jsonify(visit_summary_update), 400)
else:
if authorized_to_access_visit(data["id"], request.headers.get("account_id")):
inputs = VisitInputs(request)
if inputs.validate():
visit_update = update_visit(data)
else:
return make_response(str(inputs.errors), 400)
if visit_update["success"]:
return make_response("Visit updated successfully", 200)
else:
return make_response(jsonify(visit_update), 400)
else:
return make_response("User not authorized to edit this visit", 401)
def on_model_change(self, form, model, is_created):
if is_created and is_customer(form.account_id.data):
raise (AttributeError("Klient nie może byc administratorem"))