def user_details_update():
#TODO: separate to a validation class
if request.get_json() is None:
return ru.http_unsupported_media_type()
if request.get_json().get('email') is None:
return ru.http_bad_gateway(message="Email must not be empty")
if not vu.is_valid_email(request.get_json().get('email')):
return ru.http_bad_gateway(message="Email is invalid")
if request.get_json().get('first_name') is None:
return ru.http_bad_gateway(message="First name must not be empty")
if request.get_json().get('last_name') is None:
return ru.http_bad_gateway(message="Last name must not be empty")
if request.get_json().get('role') is None:
return ru.http_bad_gateway(message="Role must not be empty")
if request.get_json().get('role') not in role_values:
return ru.http_bad_gateway(message="Role value is not valid")
if request.headers.get('authorization') is None:
return ru.http_unauthorized()
auth = request.headers.get('authorization').split(' ')
if not vu.is_valid_bearer(auth):
return ru.http_unauthorized(message="Invalid Bearer Authentication")
token = UserToken.is_valid_token(auth[1])
if token is None:
return ru.http_unauthorized(message="Invalid token")
if token.is_blocked or token.is_expired:
return ru.http_forbidden()
if User.is_existing_email_for_update_by_id(
token.user,
request.get_json().get('email')):
return ru.http_conflict(message="Email is already existing")
user = User.find_by_id(token.user)
if user is None:
return ru.http_forbidden()
if not User.update_user_by_id(
user.id,
email=request.get_json().get('email'),
first_name=request.get_json().get('first_name'),
last_name=request.get_json().get('last_name'),
role=user.role):
ru.http_conflict(message="Failed to update the resource")
return ru.http_success(message="Successful updated")
def user_password_update_for_admin(uid):
#TODO: separate to a validation class
if request.get_json() is None:
return ru.http_unsupported_media_type()
#TODO: improve validation for password
if request.get_json().get('password') is None:
return ru.http_bad_gateway(message="Password must not be empty")
if len(request.get_json().get('password')) < 8:
return ru.http_bad_gateway(
message="Password must be a minimum of 8 characters")
if request.headers.get('authorization') is None:
return ru.http_unauthorized()
auth = request.headers.get('authorization').split(' ')
if not vu.is_valid_bearer(auth):
return ru.http_unauthorized(message="Invalid Bearer Authentication")
token = UserToken.is_valid_token(auth[1])
if token is None:
return ru.http_unauthorized(message="Invalid token")
if token.is_blocked or token.is_expired:
return ru.http_forbidden()
user = User.find_by_id(token.user)
if user is None:
return ru.http_forbidden()
if not user.is_admin:
return ru.http_forbidden()
if not User.update_user_password_by_uid(
uid, User.generate_password(request.get_json().get('password'))):
ru.http_conflict(message="Failed to update the resource")
return ru.http_success(message="Successful updated password")
def user_login():
#TODO: separate to a validation class
if request.get_json() is None:
return ru.http_unsupported_media_type()
if request.get_json().get('email') is None:
return ru.http_bad_gateway()
if not vu.is_valid_email(request.get_json().get('email')):
return ru.http_bad_gateway()
#TODO: improve validation for password
if request.get_json().get('password') is None:
return ru.http_bad_gateway()
if len(request.get_json().get('password')) < 8:
return ru.http_bad_gateway(
message="Password must be a minimum of 8 characters")
user = User.is_valid_user(request.get_json().get('email'),
request.get_json().get('password'))
if user is None:
return ru.http_unauthorized(message="Email and password is not valid")
token = UserToken.generate_token()
if UserToken.create_token(user=user.id, token=token):
ru.http_conflict(message="Failed to create a user token")
return ru.http_success(
meta={
'uid': user.uid,
'token': token,
'role': role_values_reverse.get(user.role),
'first_name': user.first_name,
'last_name': user.last_name
})
def user_registration_for_admin():
#TODO: separate to a validation class
if request.get_json() is None:
return ru.http_unsupported_media_type()
if request.get_json().get('email') is None:
return ru.http_bad_gateway(message="Email must not be empty")
if not vu.is_valid_email(request.get_json().get('email')):
return ru.http_bad_gateway(message="Email is invalid")
#TODO: improve validation for password
if request.get_json().get('password') is None:
return ru.http_bad_gateway(message="Password must not be empty")
if len(request.get_json().get('password')) < 8:
return ru.http_bad_gateway(
message="Password must be a minimum of 8 characters")
if request.get_json().get('first_name') is None:
return ru.http_bad_gateway(message="First name must not be empty")
if request.get_json().get('last_name') is None:
return ru.http_bad_gateway(message="Last name must not be empty")
if request.get_json().get('role') is None:
return ru.http_bad_gateway(message="Role must not be empty")
if request.get_json().get('role') not in role_values:
return ru.http_bad_gateway(message="Role value is not valid")
if request.headers.get('authorization') is None:
return ru.http_unauthorized()
auth = request.headers.get('authorization').split(' ')
if not vu.is_valid_bearer(auth):
return ru.http_unauthorized(message="Invalid Bearer Authentication")
token = UserToken.is_valid_token(auth[1])
if token is None:
return ru.http_unauthorized(message="Invalid token")
if token.is_blocked or token.is_expired:
return ru.http_forbidden()
if User.is_existing_email(request.get_json().get('email')):
return ru.http_conflict(message="Email is already existing")
user = User.find_by_id(token.user)
if user is None:
return ru.http_forbidden()
if not user.is_admin:
return ru.http_forbidden()
if not User.create_user(
email=request.get_json().get('email'),
password=User.generate_password(
request.get_json().get('password')),
uid=User.generate_uid(),
first_name=request.get_json().get('first_name'),
last_name=request.get_json().get('last_name'),
role=role_values.get(request.get_json().get('role')),
#status default = 2 for the meantime when there is no email validation yet
status=1):
ru.http_conflict(message="Failed to create the resource")
return ru.http_created()
def submit_to_finance_manager_by_manager(id):
#TODO: separate to a validation class
if request.get_json() is None:
return ru.http_unsupported_media_type()
finance_manager_id = None
if 'approver' not in request.get_json():
return ru.http_bad_gateway(
message="Approver is required in the request")
else:
if request.get_json().get('approver') is None:
pass
else:
finance_manager = User.find_by_uid(
request.get_json().get('approver'))
if finance_manager is None:
return ru.http_bad_gateway(message="Invalid manager")
if not finance_manager.is_finance_manager:
return ru.http_bad_gateway(message="Invalid manager")
finance_manager_id = finance_manager.id
auth = request.headers.get('authorization').split(' ')
if not vu.is_valid_bearer(auth):
return ru.http_unauthorized(message="Invalid Bearer Authentication")
token = UserToken.is_valid_token(auth[1])
if token is None:
return ru.http_unauthorized(message="Invalid token")
if token.is_blocked or token.is_expired:
return ru.http_forbidden()
user = User.find_by_id(token.user)
if user is None:
return ru.http_forbidden()
if user.is_manager:
travel = db.session.query(Travel).join(
TravelApproval, TravelApproval.travel == Travel.id).filter(
TravelApproval.approver == user.id, TravelApproval.status == 2,
Travel.id == id).first()
if travel is None:
return ru.http_conflict(message="No travel available for update")
ta = db.session.query(TravelApproval).filter(
travel.id == TravelApproval.travel).order_by(
desc(TravelApproval.id)).limit(1).first()
if ta is None:
return ru.http_conflict(message="No data available for update")
#if not submitted
if ta.status != 2:
return ru.http_conflict(message="Data is not available for update")
if ta.approver != user.id:
return ru.http_conflict(
message="Data is not available for update of the user")
TravelApproval.create(status=1,
travel=travel.id,
sender=user.id,
approver=finance_manager_id)
return ru.http_success()
else:
return ru.http_forbidden(
message='Role is not allowed to access this resource')
def approve_record_by_manager(id):
#TODO: separate to a validation class
if request.get_json() is None:
return ru.http_unsupported_media_type()
if request.get_json().get('status') is None:
return ru.http_bad_gateway(message="Status is required")
if status_values.get(
request.get_json().get('status')) is None or status_values.get(
request.get_json().get('status')) not in (2, 3):
return ru.http_bad_gateway(message="Status is invalid")
auth = request.headers.get('authorization').split(' ')
if not vu.is_valid_bearer(auth):
return ru.http_unauthorized(message="Invalid Bearer Authentication")
token = UserToken.is_valid_token(auth[1])
if token is None:
return ru.http_unauthorized(message="Invalid token")
if token.is_blocked or token.is_expired:
return ru.http_forbidden()
user = User.find_by_id(token.user)
if user is None:
return ru.http_forbidden()
if user.is_manager:
travel = db.session.query(Travel).join(
TravelApproval, TravelApproval.travel == Travel.id).filter(
TravelApproval.approver == user.id, TravelApproval.status == 1,
Travel.id == id).first()
if travel is None:
return ru.http_conflict(message="No travel available for update")
ta = db.session.query(TravelApproval).filter(
travel.id == TravelApproval.travel).order_by(
desc(TravelApproval.id)).limit(1).first()
if ta is None:
return ru.http_conflict(message="No data available for update")
#if not submitted
if ta.status != 1:
return ru.http_conflict(message="Data is not available for update")
if ta.approver != user.id:
return ru.http_conflict(
message="Data is not available for update of the user")
ta.status = status_values.get(request.get_json().get('status'))
db.session.commit()
return ru.http_success()
else:
return ru.http_forbidden(
message='Role is not allowed to access this resource')
def create_travel_record():
#TODO: separate to a validation class
if request.get_json() is None:
return ru.http_unsupported_media_type()
if 'description' not in request.get_json():
return ru.http_bad_gateway(
message="Description is required in the request")
if 'start_date' not in request.get_json():
return ru.http_bad_gateway(
message="Start date is required in the request")
else:
if request.get_json().get('start_date') is None:
pass
else:
if not vu.is_valid_datetime_string(
request.get_json().get('start_date')):
return ru.http_bad_gateway(
message="Start date must be in format YYYY-MM-DD")
if 'end_date' not in request.get_json():
return ru.http_bad_gateway(
message="End date is required in the request")
else:
if request.get_json().get('end_date') is None:
pass
else:
if not vu.is_valid_datetime_string(
request.get_json().get('end_date')):
return ru.http_bad_gateway(
message="End date must be in format YYYY-MM-DD")
if request.get_json().get('start_date') > request.get_json().get(
'end_date'):
return ru.http_bad_gateway(
message=
"End date must be greater than or equal to start date")
if 'mode' not in request.get_json():
return ru.http_bad_gateway(message="Mode is required in the request")
if 'ticket_cost' not in request.get_json():
return ru.http_bad_gateway(
message="Ticket cost is required in the request")
else:
if request.get_json().get('ticket_cost') is None:
pass
else:
if not (type(request.get_json().get('ticket_cost')) == int
or type(request.get_json().get('ticket_cost')) == float):
return ru.http_bad_gateway(
message="Ticket cost must be numeric")
if request.get_json().get('ticket_cost') < 0:
return ru.http_bad_gateway(
message="Ticket cost must greater than or equal to 0")
if 'home_airport_cost' not in request.get_json():
return ru.http_bad_gateway(
message="Home airport cost is required in the request")
else:
if request.get_json().get('home_airport_cost') is None:
pass
else:
if not (type(request.get_json().get('home_airport_cost')) == int
or type(
request.get_json().get('home_airport_cost')) == float):
return ru.http_bad_gateway(
message="Home airport cost must be numeric")
if request.get_json().get('home_airport_cost') < 0:
return ru.http_bad_gateway(
message="Home cost must greater than or equal to 0")
if 'destination_airport_cost' not in request.get_json():
return ru.http_bad_gateway(
message="Destination airport cost is required in the request")
else:
if request.get_json().get('destination_airport_cost') is None:
pass
else:
if not (type(
request.get_json().get('destination_airport_cost')) == int
or type(request.get_json().get('destination_airport_cost'))
== float):
return ru.http_bad_gateway(
message="Destination aiport cost must be numeric")
if request.get_json().get('destination_airport_cost') < 0:
return ru.http_bad_gateway(
message="Home cost must greater than or equal to 0")
if 'hotel_cost' not in request.get_json():
return ru.http_bad_gateway(
message="Hotel cost is required in the request")
else:
if request.get_json().get('hotel_cost') is None:
pass
else:
if not (type(request.get_json().get('hotel_cost')) == int
or type(request.get_json().get('hotel_cost')) == float):
return ru.http_bad_gateway(
message="Hotel cost must be numeric")
if request.get_json().get('hotel_cost') < 0:
return ru.http_bad_gateway(
message="Hotel cost must greater than or equal to 0")
if 'local_conveyance' not in request.get_json():
return ru.http_bad_gateway(
message="Local conveyance is required in the request")
else:
if request.get_json().get('local_conveyance') is None:
pass
else:
if not (type(request.get_json().get('local_conveyance')) == int or
type(request.get_json().get('local_conveyance')) == float):
return ru.http_bad_gateway(
message="Local conveyance cost must be numeric")
if request.get_json().get('local_conveyance') < 0:
return ru.http_bad_gateway(
message="Local conveyance must greater than or equal to 0")
manager_id = None
if 'approver' not in request.get_json():
return ru.http_bad_gateway(
message="Approver is required in the request")
else:
if request.get_json().get('approver') is None:
pass
else:
manager = User.find_by_uid(request.get_json().get('approver'))
if manager is None:
return ru.http_bad_gateway(message="Invalid manager")
if not manager.is_manager:
return ru.http_bad_gateway(message="Invalid manager")
manager_id = manager.id
auth = request.headers.get('authorization').split(' ')
if not vu.is_valid_bearer(auth):
return ru.http_unauthorized(message="Invalid Bearer Authentication")
token = UserToken.is_valid_token(auth[1])
if token is None:
return ru.http_unauthorized(message="Invalid token")
if token.is_blocked or token.is_expired:
return ru.http_forbidden()
user = User.find_by_id(token.user)
if user is None:
return ru.http_forbidden()
is_submitted = 1
if for_values.get(request.args.get('for')) is not None:
is_submitted = for_values.get(request.args.get('for'))
if is_submitted == 1:
if manager_id is None:
return ru.http_conflict(
message="Manager must be required when submitting for approval"
)
if user.is_employee:
travel = Travel.create_with_return(
description=request.get_json().get('description'),
start_date=request.get_json().get('start_date'),
end_date=request.get_json().get('end_date'),
mode=request.get_json().get('mode'),
ticket_cost=request.get_json().get('ticket_cost'),
home_airport_cab_cost=request.get_json().get('home_airport_cost'),
dest_airport_cab_cost=request.get_json().get(
'destination_airport_cost'),
hotel_cost=request.get_json().get('hotel_cost'),
local_conveyance=request.get_json().get('local_conveyance'),
owner=user.id,
)
if travel is None:
return ru.http_conflict(
message="Failed to save your travel details")
else:
ta = TravelApproval.create(travel=travel.id,
sender=user.id,
approver=manager_id,
status=is_submitted)
if not ta:
return ru.http_conflict(
message="Failed to save your travel approval details")
return ru.http_created(message="successfully created")
else:
return ru.http_forbidden(
message='Role is not allowed to create a travel record')
def update_travel_record(id):
#TODO: separate to a validation class
if request.get_json() is None:
return ru.http_unsupported_media_type()
if 'description' not in request.get_json():
return ru.http_bad_gateway(
message="Description is required in the request")
if 'start_date' not in request.get_json():
return ru.http_bad_gateway(
message="Start date is required in the request")
else:
if request.get_json().get('start_date') is None:
pass
else:
if not vu.is_valid_datetime_string(
request.get_json().get('start_date')):
return ru.http_bad_gateway(
message="Start date must be in format YYYY-MM-DD")
if 'end_date' not in request.get_json():
return ru.http_bad_gateway(
message="End date is required in the request")
else:
if request.get_json().get('end_date') is None:
pass
else:
if not vu.is_valid_datetime_string(
request.get_json().get('end_date')):
return ru.http_bad_gateway(
message="End date must be in format YYYY-MM-DD")
if request.get_json().get('start_date') > request.get_json().get(
'end_date'):
return ru.http_bad_gateway(
message=
"End date must be greater than or equal to start date")
if 'mode' not in request.get_json():
return ru.http_bad_gateway(message="Mode is required in the request")
if 'ticket_cost' not in request.get_json():
return ru.http_bad_gateway(
message="Ticket cost is required in the request")
else:
if request.get_json().get('ticket_cost') is None:
pass
else:
if not (type(request.get_json().get('ticket_cost')) == int
or type(request.get_json().get('ticket_cost')) == float):
return ru.http_bad_gateway(
message="Ticket cost must be numeric")
if request.get_json().get('ticket_cost') < 0:
return ru.http_bad_gateway(
message="Ticket cost must greater than or equal to 0")
if 'home_airport_cost' not in request.get_json():
return ru.http_bad_gateway(
message="Home airport cost is required in the request")
else:
if request.get_json().get('home_airport_cost') is None:
pass
else:
if not (type(request.get_json().get('home_airport_cost')) == int
or type(
request.get_json().get('home_airport_cost')) == float):
return ru.http_bad_gateway(
message="Home airport cost must be numeric")
if request.get_json().get('home_airport_cost') < 0:
return ru.http_bad_gateway(
message="Home airport cost must greater than or equal to 0"
)
if 'destination_airport_cost' not in request.get_json():
return ru.http_bad_gateway(
message="Destination airport cost is required in the request")
else:
if request.get_json().get('destination_airport_cost') is None:
pass
else:
if not (type(
request.get_json().get('destination_airport_cost')) == int
or type(request.get_json().get('destination_airport_cost'))
== float):
return ru.http_bad_gateway(
message="Destination aiport cost must be numeric")
if request.get_json().get('destination_airport_cost') < 0:
return ru.http_bad_gateway(
message=
"Destination airport cost must greater than or equal to 0")
if 'hotel_cost' not in request.get_json():
return ru.http_bad_gateway(
message="Hotel cost is required in the request")
else:
if request.get_json().get('hotel_cost') is None:
pass
else:
if not (type(request.get_json().get('hotel_cost')) == int
or type(request.get_json().get('hotel_cost')) == float):
return ru.http_bad_gateway(
message="Hotel cost must be numeric")
if request.get_json().get('hotel_cost') < 0:
return ru.http_bad_gateway(
message="Hotel cost must greater than or equal to 0")
if 'local_conveyance' not in request.get_json():
return ru.http_bad_gateway(
message="Local conveyance is required in the request")
else:
if request.get_json().get('local_conveyance') is None:
pass
else:
if not (type(request.get_json().get('local_conveyance')) == int or
type(request.get_json().get('local_conveyance')) == float):
return ru.http_bad_gateway(
message="Local conveyance cost must be numeric")
if request.get_json().get('local_conveyance') < 0:
return ru.http_bad_gateway(
message="Local conveyance must greater than or equal to 0")
manager_id = None
if 'approver' not in request.get_json():
return ru.http_bad_gateway(
message="Approver is required in the request")
else:
if request.get_json().get('approver') is None:
pass
else:
manager = User.find_by_uid(request.get_json().get('approver'))
if manager is None:
return ru.http_bad_gateway(message="Invalid manager")
if not manager.is_manager:
return ru.http_bad_gateway(message="Invalid manager")
manager_id = manager.id
auth = request.headers.get('authorization').split(' ')
if not vu.is_valid_bearer(auth):
return ru.http_unauthorized(message="Invalid Bearer Authentication")
token = UserToken.is_valid_token(auth[1])
if token is None:
return ru.http_unauthorized(message="Invalid token")
if token.is_blocked or token.is_expired:
return ru.http_forbidden()
user = User.find_by_id(token.user)
if user is None:
return ru.http_forbidden()
is_submitted = 1
if for_values.get(request.args.get('for')) is not None:
is_submitted = for_values.get(request.args.get('for'))
if is_submitted == 1:
if manager_id is None:
return ru.http_conflict(
message="Manager must be required when submitting for approval"
)
if user.is_employee:
sub = db.session.query(
TravelApproval.id).filter(TravelApproval.travel == id).order_by(
desc(TravelApproval.id)).limit(1)
query = db.session.query(Travel, TravelApproval).join(
TravelApproval, TravelApproval.travel == Travel.id,
isouter=False).join(User,
TravelApproval.approver == User.id,
isouter=True).filter(
Travel.owner == user.id, Travel.id == id,
TravelApproval.id == sub).first()
print(query)
if query is None:
return ru.http_bad_gateway(
message="The data is not available for update")
if query[1] is not None:
if query[1].status != 0 or query[1].sender != user.id:
return ru.http_conflict(
message="The data is not available for update")
if query is None:
return ru.http_conflict(
message="Failed to update your travel details")
query[0].description = request.get_json().get('description'),
query[0].start_date = request.get_json().get('start_date'),
query[0].end_date = request.get_json().get('end_date'),
query[0].mode = request.get_json().get('mode'),
query[0].ticket_cost = request.get_json().get('ticket_cost'),
query[0].home_airport_cab_cost = request.get_json().get(
'home_airport_cost'),
query[0].dest_airport_cab_cost = request.get_json().get(
'destination_airport_cost'),
query[0].hotel_cost = request.get_json().get('hotel_cost'),
query[0].local_conveyance = request.get_json().get('local_conveyance'),
if query[1] is None:
ta = TravelApproval.create(travel=query[0].id,
sender=user.id,
approver=manager_id,
status=is_submitted)
else:
query[1].travel = query[0].id
query[1].sender = user.id
query[1].approver = manager_id
query[1].status = is_submitted
db.session.commit()
return ru.http_created(message="successfully updated")
else:
return ru.http_forbidden(
message='Role is not allowed to update a travel record')