def remove_user(user_id):
session_id = auth.check_token(request.headers.get('session'))
if not session_id:
return "Unauthorized request: Bad session token", 401
user_sess = User.find_id(session_id)
if not user_sess:
return "Session token not found", 404
if (not session_id == user_id) and (not user_sess.type == "organizer"):
return "Unauthorized request: You don't have permission for this action", 401
user = User.find_id(user_id)
if not user:
return "User not found", 404
user.delete()
return 'User deleted'
def update_user(user_id):
session_id = auth.check_token(request.headers.get('session'))
if not session_id:
return "Unauthorized request: Bad session token", 401
user_sess = User.find_id(session_id)
if not user_sess:
return "Session token not found", 404
if (not session_id == user_id) and (not user_sess.type == "organizer"):
return "Unauthorized request: You don't have permission for this action", 401
user = User.find_id(user_id)
if not user:
return "User not found", 404
hadError = False
for key, value in request.get_json().items():
if key == "password":
setattr(user, key,
bcrypt.hashpw(value.encode('utf-8'), bcrypt.gensalt()))
elif not key.startswith(
'_'
) and not key == "id" and not key == "type" and value != "": # Some security
setattr(user, key, value)
if not user.complete and not hadError:
user.completion_token = None
user.complete = True
try:
user.save()
except Exception as e:
print("ERROR SAVING USER OBJECT", str(e))
print(user.to_dict())
return json.dumps({
'error': True,
'message': "Validation error: " + str(e)
}), 400, jsonType
return user.to_json()
def request_upload(upload_location):
filetype = request.args.get("filetype")
filesize = request.args.get("filesize")
if filetype not in ['png', 'jpg', 'jpeg', 'gif', 'pdf']:
return "Invalid filetype", 400
# TODO: Check filesize
if upload_location not in ["event", "user", "project"]:
return "Invalid upload location", 400
token = request.headers.get('session')
user_id = sessions.get('session:' + token)
if not user_id:
return "Session invalid", 40
user = User.find_id(user_id)
if not user:
return "Session invalid", 401
if upload_location == "event" and user.type != "organizer":
return "You don't have permission to upload", 401
upload_policy = SharedAccessPolicy(
AccessPolicy(
start=(
datetime.datetime.utcnow() -
datetime.timedelta(minutes=15)).strftime("%Y-%m-%dT%H:%M:%SZ"),
expiry=(
datetime.datetime.utcnow() +
datetime.timedelta(minutes=15)).strftime("%Y-%m-%dT%H:%M:%SZ"),
permission=BlobSharedAccessPermissions.WRITE,
))
destination_url = upload_location + "/" + create_filename(
) + '.' + filetype
# TODO: fix "Incorrect Padding" exception on this line
upload_token = azure_storage.generate_shared_access_signature(
container_name='user-files',
blob_name=destination_url,
shared_access_policy=upload_policy,
)
print("Created Destination Url " + destination_url)
print("Created upload token " + upload_token)
return json.dumps({
"upload_url": files_url + destination_url + "?" + upload_token,
"file_url": files_url + destination_url
}), 200, jsonType
def find_user_events(user_id):
user = User.find_id(user_id)
if not user:
return "User not found", 404
result = {"upcoming": [], "attended": []}
for evt in user.events:
if evt.start_date > datetime.now():
result['upcoming'].append(evt.to_dict())
else:
result['attended'].append(evt.to_dict())
return json.dumps(result), 200, jsonType
def retrieve_user():
token = request.headers.get('session')
user_id = sessions.get('session:' + token)
if not user_id:
return "Session invalid", 401
user = User.find_id(user_id)
if not user:
return "Session invalid", 401
return user.to_json()
def unregister(event_id):
user_id = auth.check_token(request.headers.get('session'))
if not user_id:
return "Unauthorized request: Bad session token", 401
user = User.find_id(user_id)
if not user:
return "Unauthorized request: User doesn't have permission", 401
event = Event.find_event(event_id)
if not event:
return "Event not found", 404
if event in user.events:
user.events.remove(event)
user.save()
return json.dumps({"status": "removed"}), 200, jsonType
def create_project():
user_id = auth.check_token(request.headers.get('session'))
if not user_id:
return "Unauthorized request: Bad session token", 401
user = User.find_id(user_id)
if not user:
return "User not found", 404
project = Project()
event_id = request.json.get('event')
if not event_id:
return "Event is required", 400
event = Event.find_event(event_id)
if not event:
return "Event not found", 404
if not (event in user.events or event.id in user.events):
return "User not attending event", 400
teammate_email = request.json.get('teammate') # A team is required
if not teammate_email:
return "Teammate email is required", 400
teammate = User.objects(email=teammate_email).first()
if not teammate:
return "Teammate not found", 404
if not (event in teammate.events or event.id in teammate.events):
return "Teammate not registered for event", 400
project.name = request.json.get('name')
project.description = request.json.get('description')
project.image = request.json.get('image')
project.event = event
project.team = []
project.team.append(user)
project.team.append(teammate)
project.save()
if not project.id:
return 'Error creating project', 500
return project.select_related(max_depth=1).to_json()
def remove_project(project_id):
session_id = auth.check_token(request.headers.get('session'))
if not session_id:
return "Unauthorized request: Bad session token", 401
user_sess = User.find_id(session_id)
if not user_sess:
return "Session token not found", 404
project = Project.find_id(project_id)
if not project:
return "Project not found", 404
if not (user_sess in project.team or user_sess.type == "organizer"):
return "Unauthorized request: You don't have permission for this action", 401
project.delete()
return 'Project deleted'
def update_project(project_id):
session_id = auth.check_token(request.headers.get('session'))
if not session_id:
return "Unauthorized request: Bad session token", 401
user_sess = User.find_id(session_id)
if not user_sess:
return "Session token not found", 404
project = Project.find_id(project_id)
if not project:
return "Project not found", 404
for key, value in request.get_json().items():
if not key.startswith('_'): # Some security
setattr(project, key, value)
project.save()
return project.to_json()
def checkout(event_id):
user_id = auth.check_token(request.headers.get('session'))
if not user_id:
return "Unauthorized request: Bad session token", 401
user = Organizer.find_id(user_id)
if not user:
return "Unauthorized request: User doesn't have permission", 401
event = Event.find_event(event_id)
if not event:
return "Event not found", 404
attendee = User.find_id(request.json['attendee_id'])
if not attendee:
return "Attendee not found", 404
if event in attendee.checkins:
attendee.checkins.remove(event)
attendee.save()
return json.dumps({"status": "removed"}), 200, jsonType
def all_scheduleitems(event_id):
user_id = auth.check_token( request.headers.get('session') )
if not user_id:
return "Unauthorized request: Bad session token", 401
user = User.find_id( user_id )
if not user:
return "User not found", 404
event = Event.find_event( event_id )
if not event:
return "Event not found", 404
attended_ids = [ evt.id for evt in user.events ]
if not (event.id in attended_ids or user.type == "organizer"):
return "Unauthorized request: User doesn't have permission"
schedule = []
for s in event.schedule:
schedule.append(s.to_dict())
return json.dumps( schedule ), 200, jsonType
def get_post(event_id, post_id):
user_id = auth.check_token(request.headers.get('session'))
if not user_id:
return "Unauthorized request: Bad session token", 401
user = User.find_id(user_id)
if not user:
return "User not found", 404
event = Event.find_event(event_id)
if not event:
return "Event not found", 404
attended_ids = [evt.id for evt in user.events]
if not (event.id in attended_ids or user.type == "organizer"):
return "Unauthorized request: User doesn't have permission"
post = Post.find_id(post_id)
if not post:
return "Post not found", 404
return post.to_json()
def all_posts(event_id):
user_id = auth.check_token(request.headers.get('session'))
if not user_id:
return "Unauthorized request: Bad session token", 401
user = User.find_id(user_id)
if not user:
return "User not found", 404
event = Event.find_event(event_id)
if not event:
return "Event not found", 404
attended_ids = [evt.id for evt in user.events]
if not (event.id in attended_ids or user.type == "organizer"):
return "Unauthorized request: User doesn't have permission"
posts = []
for p in Post.objects(event=event):
posts.append(p.to_dict())
return json.dumps(posts), 200, jsonType
}), 400, jsonType
elif price > 0:
print("price > 0")
return json.dumps({
"status": "failed",
"reason": "payment",
"message": "This event costs $%s." % price
}), 400, jsonType
else:
print("user account exists")
user_id = auth.check_token(request.headers.get('session'))
if not user_id:
return "Unauthorized request: Bad session token", 401
user = User.find_id(user_id)
if not user:
return "Unauthorized request: User doesn't have permission", 401
if user.type == "organizers":
return "Organizers can't register for an event", 400
if (event.registration_end < datetime.now()):
return json.dumps({
"status": "failed",
"reason": "closed",
"message": "Registration for this event has ended."
}), 200, jsonType
if event in user.events:
return json.dumps({
"status":
def find_user(user_id):
user = User.find_id(user_id)
if not user:
return "User not found", 404
return user.to_json()
