def accept_invite():
token = request.json['data']['token']
try:
role_invite = RoleInvite.query.filter_by(hash=token).one()
except NoResultFound:
return NotFoundError({'source': ''}, 'Role Invite Not Found').respond()
else:
try:
user = User.query.filter_by(email=role_invite.email).first()
except NoResultFound:
return NotFoundError({'source': ''}, 'User corresponding to role invite not Found').respond()
try:
role = Role.query.filter_by(name=role_invite.role_name).first()
except NoResultFound:
return NotFoundError({'source': ''}, 'Role corresponding to role invite not Found').respond()
event = Event.query.filter_by(id=role_invite.event_id).first()
uer = UsersEventsRoles.query.filter_by(user=user).filter_by(
event=event).filter_by(role=role).first()
if not uer:
role_invite.status = "accepted"
save_to_db(role_invite, 'Role Invite Accepted')
uer = UsersEventsRoles(user, event, role)
save_to_db(uer, 'User Event Role Created')
if not user.is_verified:
user.is_verified = True
save_to_db(user, 'User verified')
return jsonify({
"email": user.email,
"event": role_invite.event_id,
"name": user.fullname if user.fullname else None
})
def reject_invite(speaker_invite_id):
try:
speaker_invite = SpeakerInvite.query.filter_by(
id=speaker_invite_id).one()
except NoResultFound:
raise NotFoundError({'source': ''}, 'Speaker Invite Not Found')
else:
if not current_user.email == speaker_invite.email:
raise ForbiddenError({'source': ''}, 'Invitee access is required.')
elif speaker_invite.status == 'accepted':
raise ConflictError(
{'pointer': '/data/status'},
'Accepted speaker invite can not be rejected.',
)
elif speaker_invite.status == 'rejected':
raise ConflictError(
{'pointer': '/data/status'},
'Speaker invite is already rejected.',
)
try:
speaker_invite.status = 'rejected'
save_to_db(speaker_invite, {'speaker invite rejected'})
except Exception:
raise UnprocessableEntityError(
{'source': ''}, 'error while rejecting speaker invite.')
return jsonify(
success=True,
message="Speaker invite rejected successfully",
)
def is_owner(view, view_args, view_kwargs, *args, **kwargs):
"""
Allows GeoKret owner access to private resources of owned GeoKrety.
Otherwise the user can only access public resource.
"""
user = current_identity
if user.is_admin:
return view(*view_args, **view_kwargs)
try:
geokret = Geokret.query.filter(
Geokret.id == kwargs['geokret_id']).one()
except NoResultFound:
return NotFoundError({
'parameter': 'geokret_id'
}, 'Geokret not found.').respond()
if geokret.owner_id == user.id:
return view(*view_args, **view_kwargs)
return ForbiddenError({'source': ''}, 'Access denied.').respond()
def page_not_found(e):
if request_wants_json():
error = NotFoundError()
return json.dumps(error.to_dict()), getattr(error, 'code', 404)
return render_template('404.html'), 404
