def delete_user():
"""Endpoint for deleting user records from the database.
Args can be sent as key/value pairs in the query string ('GET'), or as
key/value pairs in the content ('POST').
Args:
user_id: the id of the user to delete (REQUIRED)
Return:
A JSON representing deletion success or failure
"""
if not utils.is_logged_in():
response = make_response(json.\
dumps('Must sign in to CRUD'), 403)
response.headers['Content-Type'] = 'application/json'
if request.values.get("user_id") and \
len(request.values.get("user_id")) > 0:
user_id = int(request.values.get("user_id"))
user = DataManager.get_user(user_id=user_id)
# check permissions
if not utils.canUserCRUD(user.id,
login_session["user_id"], login_session["user_type_id"]):
response = make_response(json.\
dumps('Not authorized for actions on given user'), 403)
response.headers['Content-Type'] = 'application/json'
return response
# if the user to be deleted can crud all, but login user can't
login_crud_all = DataManager.\
get_user_type(user_type_id=login_session["user_type_id"]).CRUD_all
delete_crud_all = DataManager.\
get_user_type(user_type_id=user.user_type_id).CRUD_all
if delete_crud_all and not login_crud_all:
response = make_response(json.\
dumps('Not authorized to delete this user'), 403)
response.headers['Content-Type'] = 'application/json'
return response
# update and return
result = DataManager.delete_user(user_id)
if result == 1:
return jsonify({"Message": "Successful deletion",
"Post": "deletion",
"Model": "user",
"id": user_id})
else:
response = make_response(json.\
dumps('User id did not match any in db'), 401)
response.headers['Content-Type'] = 'application/json'
return response
else:
response = make_response(json.dumps('Invalid user id'), 401)
response.headers['Content-Type'] = 'application/json'
return response
def delete_calorie():
"""Endpoint for deleting calorie records from the database.
Args can be sent as key/value pairs in the query string ('GET'), or as
key/value pairs in the content ('POST').
Args:
calorie_id: the id of the calorie to delete (REQUIRED)
Return:
A JSON representing deletion success or failure, with success
representing the possibly new calorie total for that day so the client
may change pass/fail for any cached calories for that day.
"""
if not utils.is_logged_in():
response = make_response(json.\
dumps('Must sign in to CRUD'), 403)
response.headers['Content-Type'] = 'application/json'
if request.values.get("calorie_id") and \
len(request.values.get("calorie_id")) > 0:
calorie_id = int(request.values.get("calorie_id"))
calorie = DataManager.get_calorie(calorie_id=calorie_id)
# check permissions
if not utils.canCalorieCRUD(calorie.user_id,
login_session["user_id"], login_session["user_type_id"]):
response = make_response(json.\
dumps('Not authorized for cal actions for given user'), 403)
response.headers['Content-Type'] = 'application/json'
return response
# update and return
(daytotal, meets) = utils.pass_fail_cal(calorie)
date = calorie.date
num_calories = DataManager.get_calorie(calorie_id).num_calories
result = DataManager.delete_calorie(calorie_id)
if result == 1:
return jsonify({"Message": "Successful deletion",
"Post": "deletion",
"Model": "calorie",
"id": calorie_id,
"num_calories": num_calories,
"daytotal": daytotal,
"date": date,
"old_date": False,
"old_date_meets": False,
"old_date_daytotal": False})
else:
response = make_response(json.\
dumps('Calorie id did not match any in db'), 401)
response.headers['Content-Type'] = 'application/json'
return response
else:
response = make_response(json.dumps('Invalid calorie id'), 401)
response.headers['Content-Type'] = 'application/json'
return response
def get_user():
"""Endpoint for serving user records from the database.
Args can be sent as key/value pairs in the query string ('GET')
Args are optional unless noted.
Args:
user_id: the id of the user to get
email: the email of the user to get
username: the username of the user to get
Return:
A JSON representing the database version(s) of the user(s) specified
by the given arguments
"""
if not utils.is_logged_in():
response = make_response(json.\
dumps('Must sign in to CRUD'), 403)
response.headers['Content-Type'] = 'application/json'
if request.values.get("user_id") and \
len(request.values.get("user_id")) > 0:
user_id = int(request.values.get("user_id"))
else:
user_id = None
if request.values.get("username") and \
len(request.values.get("username")) > 0:
username = request.values.get("username")
else:
username = None
if request.values.get("email") and \
len(request.values.get("email")) > 0:
email = request.values.get("email")
else:
email = None
# check permissions
if not utils.canUserCRUD(user_id,
login_session["user_id"], login_session["user_type_id"]):
response = make_response(json.\
dumps('Not authorized to get other user data'), 403)
response.headers['Content-Type'] = 'application/json'
return response
user = DataManager.get_user(user_id=user_id, username=username, email=email)
if not type(user) is list:
# single result
return jsonify(Data=[user.serialize])
elif len(user) > 0:
# multiple results
return jsonify(Data=[i.serialize for i in user])
else:
# no results, return empty list
return jsonify(Data=[])
def get_user_type():
"""Endpoint for serving user type records from the database.
Args can be sent as key/value pairs in the query string ('GET').
Args:
None. This endpoint method will simply show which user types
exist (and their properties)
Return:
A JSON representing the database version(s) of the user type(s)
specified by the given arguments
"""
if not utils.is_logged_in():
response = make_response(json.\
dumps('Must sign in to CRUD'), 403)
response.headers['Content-Type'] = 'application/json'
user_type = DataManager.get_user_type()
if len(user_type) > 0:
return jsonify(Data=[i.serialize for i in user_type])
else:
# no results, return empty list
return jsonify(Data=[])
def edit_calorie():
"""Endpoint for editing calorie records in the database.
Args can be sent as key/value pairs in the query string ('GET'), or as
key/value pairs in the content ('POST').
Args are optional unless noted.
Args:
calorie_id: the id of the calorie to edit (REQUIRED)
user_id: the new user id
date: the new date. must be given in 'YYYY-MM-DD' format
time: the new time. must be given as an hour, from 0 <= h <= 24
text: the new description
num_calories: the new number of calories
Return:
A JSON representing the database version of the updated calorie,
with extra field representing the possibly new calorie total for that
day so the client may change pass/fail for any cached calories for that
day.
"""
if not utils.is_logged_in():
response = make_response(json.\
dumps('Must sign in to CRUD'), 403)
response.headers['Content-Type'] = 'application/json'
if request.values.get("calorie_id") and \
len(request.values.get("calorie_id")) > 0:
calorie_id = int(request.values.get("calorie_id"))
else:
response = make_response(json.dumps('Must provide calorie id'), 401)
response.headers['Content-Type'] = 'application/json'
return response
if request.values.get("user_id") and \
len(request.values.get("user_id")) > 0:
user_id = int(request.values.get("user_id"))
else:
user_id = None
if request.values.get("date") and \
len(request.values.get("date")) > 0:
dates = bleach.clean(request.values.get("date")).split("-")
date = datetime.date(int(dates[0]), int(dates[1]), int(dates[2]))
if not utils.is_calorie_date(date):
response = make_response(json.\
dumps('date invalid'), 400)
response.headers['Content-Type'] = 'application/json'
return response
else:
date = None
if request.values.get("time") and \
len(request.values.get("time")) > 0:
time = datetime.time(int(bleach.clean(request.values.get("time"))))
if not utils.is_calorie_time(time):
response = make_response(json.\
dumps('time invalid'), 400)
response.headers['Content-Type'] = 'application/json'
return response
else:
time = None
if request.values.get("text") and \
len(request.values.get("text")) > 0:
text = bleach.clean(request.values.get("text"))
if not utils.is_calorie_text(text):
response = make_response(json.\
dumps('text invalid'), 400)
response.headers['Content-Type'] = 'application/json'
return response
else:
text = None
if request.values.get("amnt") and \
len(request.values.get("amnt")) > 0:
amnt = bleach.clean(request.values.get("amnt"))
if not utils.is_calorie_amount(amnt):
response = make_response(json.\
dumps('amount invalid'), 400)
response.headers['Content-Type'] = 'application/json'
return response
else:
amnt = None
# check permissions
calorie = DataManager.get_calorie(calorie_id=calorie_id)
if not utils.canCalorieCRUD(calorie.user_id,
login_session["user_id"], login_session["user_type_id"]):
response = make_response(json.\
dumps('Not authorized for cal actions for given user'), 403)
response.headers['Content-Type'] = 'application/json'
return response
if user_id and not utils.canCalorieCRUD(user_id,
login_session["user_id"], login_session["user_type_id"]):
response = make_response(json.\
dumps('Not authorized for cal actions for given user'), 403)
response.headers['Content-Type'] = 'application/json'
return response
# get additional info
old_calorie = DataManager.get_calorie(calorie_id=calorie_id)
(old_daytotal, old_meets) = utils.pass_fail_cal(old_calorie)
# make the update and return
DataManager.edit_calorie(calorie_id, user_id=user_id, date=date,
time=time, text=text, num_calories=amnt)
calorie = DataManager.get_calorie(calorie_id=calorie_id)
date_changed = old_calorie.date != calorie.date
if calorie:
(daytotal, meets) = utils.pass_fail_cal(calorie)
sCal = calorie.serialize
sCal["daytotal"] = daytotal
sCal["meets"] = meets
sCal["old_date"] = old_calorie.date
sCal["old_date_meets"] = old_meets
sCal["old_date_daytotal"] = old_daytotal
return jsonify(Data=[sCal])
else:
response = make_response(json.dumps('Internal server error'), 500)
response.headers['Content-Type'] = 'application/json'
return response
def add_calorie():
"""Endpoint for adding calorie records in the database.
Args can be sent as key/value pairs in the query string ('GET'), or as
key/value pairs in the content ('POST').
All args are required.
Args:
user_id: the calorie's user id
date: the calorie's date. must be given in 'YYYY-MM-DD' format
time: the calorie's time. must be given as an hour, from 0 <= h <= 24
text: the calorie's description
amnt: the new number of calories
Return:
A JSON representing the database version(s) of the created calorie,
with extra field representing the possibly new calorie total for that
day so the client may change pass/fail for any cached calories for that
day.
"""
if not utils.is_logged_in():
response = make_response(json.\
dumps('Must sign in to CRUD'), 403)
response.headers['Content-Type'] = 'application/json'
if request.values.get("user_id") and \
len(request.values.get("user_id")) > 0:
user_id = int(request.values.get("user_id"))
if not utils.canCalorieCRUD(user_id,
login_session["user_id"], login_session["user_type_id"]):
response = make_response(json.\
dumps('Not authorized for cal actions for given user'), 403)
response.headers['Content-Type'] = 'application/json'
return response
else:
response = make_response(json.dumps('Must provide valid user id'), 401)
response.headers['Content-Type'] = 'application/json'
return response
if request.values.get("date") and \
len(request.values.get("date")) > 0:
dates = bleach.clean(request.values.get("date")).split("-")
date = datetime.date(int(dates[0]), int(dates[1]), int(dates[2]))
if not utils.is_calorie_date(date):
response = make_response(json.\
dumps('date invalid'), 400)
response.headers['Content-Type'] = 'application/json'
return response
else:
response = make_response(json.dumps('Must provide valid date'), 401)
response.headers['Content-Type'] = 'application/json'
return response
if request.values.get("time") and \
len(request.values.get("time")) > 0:
time = datetime.time(int(request.values.get("time")))
if not utils.is_calorie_time(time):
response = make_response(json.\
dumps('time invalid'), 400)
response.headers['Content-Type'] = 'application/json'
return response
else:
response = make_response(json.dumps('Must provide valid time'), 401)
response.headers['Content-Type'] = 'application/json'
return response
if request.values.get("text") and \
len(request.values.get("text")) > 0:
text = bleach.clean(request.values.get("text"))
if not utils.is_calorie_text(text):
response = make_response(json.dumps('text invalid'), 400)
response.headers['Content-Type'] = 'application/json'
return response
else:
response = make_response(json.dumps('Must provide valid text'), 401)
response.headers['Content-Type'] = 'application/json'
return response
if request.values.get("amnt") and \
len(request.values.get("amnt")) > 0:
amnt = request.values.get("amnt")
if not utils.is_calorie_amount(amnt):
response = make_response(json.dumps('amount invalid'), 400)
response.headers['Content-Type'] = 'application/json'
return response
else:
response = make_response(json.dumps('Must provide valid amount'), 401)
response.headers['Content-Type'] = 'application/json'
return response
cal_id = DataManager.add_calorie(user_id, date, time, text, amnt)
calorie = DataManager.get_calorie(calorie_id=cal_id)
if calorie:
(daytotal, meets) = utils.pass_fail_cal(calorie)
sCal = calorie.serialize
sCal["daytotal"] = daytotal
sCal["meets"] = meets
sCal["old_date"] = False
sCal["old_date_meets"] = False
sCal["old_date_daytotal"] = False
utils.pass_fail_cal(calorie)
return jsonify(Data=[sCal])
else:
response = make_response(json.dumps('Internal server error'), 500)
response.headers['Content-Type'] = 'application/json'
return response
def get_calorie():
"""Endpoint for serving calorie records from the database.
Args can be sent as key/value pairs in the query string ('GET').
All args are optional. Providing no args returns all calories.
Args:
calorie_id: the id of the calorie to get
user_id: the user id of the calorie's owner
date_from: the beginning date of the range of calories to get.
must be given in 'YYYY-MM-DD' format
date_to: the ending date of the range of calories to get.
must be given in 'YYYY-MM-DD' format
time_from: the beginning time of the range of calories to get.
must be given as an hour, from 0 <= h <= 24
time_to: the ending time of the range of calories to get
must be given as an hour, from 0 <= h <= 24
Return:
A JSON representing the database version(s) of the calorie(s) specified
by the given arguments
"""
if not utils.is_logged_in():
response = make_response(json.\
dumps('Must sign in to CRUD'), 403)
response.headers['Content-Type'] = 'application/json'
if request.values.get("calorie_id") and \
len(request.values.get("calorie_id")) > 0:
calorie_id = int(bleach.clean(request.values.get("calorie_id")))
# check permissions for reading this calorie
calorie = DataManager.get_calorie(calorie_id=calorie_id)
if not utils.canCalorieCRUD(calorie.user_id,
login_session["user_id"], login_session["user_type_id"]):
response = make_response(json.\
dumps('Not authorized for cal actions for given user'), 403)
response.headers['Content-Type'] = 'application/json'
return response
else:
calorie_id = None
if request.values.get("user_id") and \
len(request.values.get("user_id")) > 0:
user_id = int(bleach.clean(request.values.get("user_id")))
# check perissions for reading this user's calories
if not utils.canCalorieCRUD(user_id,
login_session["user_id"], login_session["user_type_id"]):
response = make_response(json.\
dumps('Not authorized for cal actions for given user'), 403)
response.headers['Content-Type'] = 'application/json'
return response
else:
user_id = None
if request.values.get("date_from") and \
len(request.values.get("date_from")) > 0:
dates = request.values.get(bleach.clean("date_from")).split("-")
date_from = datetime.date(int(dates[0]), int(dates[1]), int(dates[2]))
else:
date_from = datetime.date.min
if request.values.get("date_to") and \
len(request.values.get("date_to")) > 0:
dates = request.values.get(bleach.clean("date_to")).split("-")
date_to = datetime.date(int(dates[0]), int(dates[1]), int(dates[2]))
else:
date_to = datetime.date.max
if request.values.get("time_from") and \
len(request.values.get("time_from")) > 0:
time_from = datetime.time(int(request.values.get("time_from")))
else:
time_from = datetime.time.min
if request.values.get("time_to") and \
len(request.values.get("time_to")) > 0:
time_to = datetime.time(int(request.values.get("time_to")))
else:
time_to = datetime.time.max
calorie = DataManager.get_calorie(calorie_id=calorie_id,
user_id=user_id, date_from=date_from, date_to=date_to,
time_from=time_from, time_to=time_to)
# if results, set daytotal and whether the calorie falls on passing day
if not type(calorie) is list:
# single result
(daytotal, meets) = utils.pass_fail_cal(calorie)
sCal = calorie.serialize
sCal["daytotal"] = daytotal
sCal["meets"] = meets
sCal["old_date"] = False
sCal["old_date_meets"] = False
sCal["old_date_daytotal"] = False
utils.pass_fail_cal(calorie)
return jsonify(Data=[sCal])
elif len(calorie) > 0:
# multiple results
sCals = []
for cal in calorie:
(daytotal, meets) = utils.pass_fail_cal(cal)
sCal = cal.serialize
sCal["daytotal"] = daytotal
sCal["meets"] = meets
sCal["old_date"] = False
sCal["old_date_meets"] = False
sCal["old_date_daytotal"] = False
sCals.append(sCal)
return jsonify(Data=sCals)
else:
# no results, return empty list
return jsonify(Data=[])
def edit_user():
"""Endpoint for editing user records in the database.
Args can be sent as key/value pairs in the query string ('GET'), or as
key/value pairs in the content ('POST').
Args are optional unless noted.
Args:
user_id: the id of the user to edit REQUIRED
email: the new email
username: the new username
exp_cal_day the new expected calories / day
user_type_id: the id of the new user type
Return:
A JSON representing the given user edited as specified
"""
if not utils.is_logged_in():
response = make_response(json.\
dumps('Must sign in to CRUD'), 403)
response.headers['Content-Type'] = 'application/json'
if request.values.get("user_id") and \
len(request.values.get("user_id")) > 0:
user_id = int(bleach.clean(request.values.get("user_id")))
else:
response = make_response(json.dumps('Must provide user id'), 401)
response.headers['Content-Type'] = 'application/json'
return response
if request.values.get("username") and \
len(request.values.get("username")) > 0:
username = bleach.clean(request.values.get("username"))
if not utils.is_username(username):
response = make_response(json.\
dumps('username invalid'), 400)
response.headers['Content-Type'] = 'application/json'
return response
else:
username = None
if request.values.get("email") and \
len(request.values.get("email")) > 0:
email = bleach.clean(request.values.get("email"))
if not utils.is_email(email):
response = make_response(json.\
dumps('email invalid'), 400)
response.headers['Content-Type'] = 'application/json'
return response
else:
email = None
if request.values.get("exp_cal_day") and \
len(request.values.get("exp_cal_day")) > 0:
exp_cal_day = int(bleach.clean(request.values.get("exp_cal_day")))
if not utils.is_exp_cal(exp_cal_day):
response = make_response(json.\
dumps('exp_cal_day invalid'), 400)
response.headers['Content-Type'] = 'application/json'
return response
else:
exp_cal_day = None
if request.values.get("user_type_id") and \
len(request.values.get("user_type_id")) > 0:
user_type_id = int(bleach.clean(request.values.get("user_type_id")))
if not utils.is_user_type_id(user_type_id):
response = make_response(json.\
dumps('user_type_id invalid'), 400)
response.headers['Content-Type'] = 'application/json'
return response
else:
user_type_id = None
userCheck = DataManager.get_user(user_id=user_id)
# check permissions
# if the logged in user can't do user actions
if not utils.canUserCRUD(userCheck.id,
login_session["user_id"], login_session["user_type_id"]):
response = make_response(json.\
dumps('Not authorized for actions on given user'), 403)
response.headers['Content-Type'] = 'application/json'
return response
# if the logged in user is trying to set user permissions and can't
if user_type_id and not utils.canSetPermissions(login_session["user_type_id"]):
response = make_response(json.\
dumps('Not authorized to set user permissions'), 403)
response.headers['Content-Type'] = 'application/json'
return response
DataManager.edit_user(user_id=user_id, username=username, email=email,
exp_cal_day=exp_cal_day, user_type_id=user_type_id)
user = DataManager.get_user(user_id=user_id)
if user:
return jsonify(Data=[user.serialize])
else:
response = make_response(json.dumps('Internal server error on update'), 500)
response.headers['Content-Type'] = 'application/json'
return response
def add_user():
"""Endpoint for adding user records to the database.
Args can be sent as key/value pairs in the query string ('GET'), or as
key/value pairs in the content ('POST').
Args are optional unless noted.
Args:
email: the email of the user (required)
username: the username of the user (required)
user_type_id: the type of user to add
exp_cal_day: the expected calories / day of the user
Return:
A JSON representing the database version(s) of the user(s) specified
by the given arguments
"""
if not utils.is_logged_in():
response = make_response(json.\
dumps('Must sign in to CRUD'), 400)
response.headers['Content-Type'] = 'application/json'
if request.values.get("username") and \
len(request.values.get("username")) > 0:
username = bleach.clean(request.values.get("username"))
if not utils.is_username(username):
response = make_response(json.\
dumps('username invalid'), 400)
response.headers['Content-Type'] = 'application/json'
return response
else:
username = None
if request.values.get("email") and \
len(request.values.get("email")) > 0:
email = bleach.clean(request.values.get("email"))
if not utils.is_email(email):
response = make_response(json.\
dumps('email invalid'), 400)
response.headers['Content-Type'] = 'application/json'
return response
else:
email = None
if request.values.get("exp_cal_day") and \
len(request.values.get("exp_cal_day")) > 0:
exp_cal_day = int(bleach.clean(request.values.get("exp_cal_day")))
if not utils.is_exp_cal(exp_cal_day):
response = make_response(json.\
dumps('exp_cal_day invalid'), 400)
response.headers['Content-Type'] = 'application/json'
return response
else:
exp_cal_day = None
if request.values.get("user_type_id") and \
len(request.values.get("user_type_id")) > 0:
user_type_id = int(bleach.clean(request.values.get("user_type_id")))
if not utils.is_user_type_id(user_type_id):
response = make_response(json.\
dumps('user_type_id invalid'), 400)
response.headers['Content-Type'] = 'application/json'
return response
else:
user_type_id = None
# check permissions
if not utils.canUserCRUD(None,
login_session["user_id"], login_session["user_type_id"]):
response = make_response(json.\
dumps('Not authorized to get other user data'), 403)
response.headers['Content-Type'] = 'application/json'
return response
if user_type_id and not utils.canSetPermissions(login_session["user_type_id"]):
response = make_response(json.\
dumps('Not authorized to set user perissions'), 403)
response.headers['Content-Type'] = 'application/json'
return response
user_id = DataManager.add_user(username, email,
exp_cal_day=exp_cal_day, user_type_id=user_type_id)
user = DataManager.get_user(user_id=user_id)
if user:
return jsonify(Data=[user.serialize])
else:
response = make_response(json.dumps('User creation error'), 500)
response.headers['Content-Type'] = 'application/json'
return response