def get_users(): query_params = request.args if not query_params.get(gc.CNIC) and not query_params.get(gc.CONTACT): response = make_general_response(INVALID_QUERY_PARAM, "Invalid query params") return response, BAD_REQUEST cnic = query_params.get(gc.CNIC) contact = query_params.get(gc.CONTACT) if cnic and not validate_cnic(cnic): response = make_general_response(INVALID_PARAMETER, "Invalid CNIC") return response, BAD_REQUEST if contact and not validate_contact(contact): response = make_general_response(INVALID_PARAMETER, "Invalid contact") return response, BAD_REQUEST users = find_user_by_cnic_or_contact(cnic, contact) if users: response = make_general_response(SUCCESS, "Success") response[gc.DATA] = users return response, OK else: response = make_general_response(USER_NOT_FOUND, "User Not found") return response, BAD_REQUEST
def login(): auth_body = request.authorization if not auth_body or not auth_body.get(gc.USERNAME) or not auth_body.get(gc.PASSWORD): response = make_general_response(FAIL, "Authorization Missing") return response, UNAUTHORIZED query = f"Select * from {ADMIN} where {USERNAME} = '{auth_body.get(gc.USERNAME)}' and" \ f" {PASSWORD} = '{auth_body.get(gc.PASSWORD)}' " r = database.select_query(query) result = r.fetchall() if len(result) != 0: if result[0][USERNAME] == auth_body.get(USERNAME) and result[0][PASSWORD] == auth_body.get(PASSWORD): response = make_general_response(SUCCESS, "SUCCESS") token = encode( { USERNAME: auth_body.get(gc.USERNAME), PASSWORD: sha256(auth_body.get(gc.PASSWORD).encode(gc.ASCII)).hexdigest() }, current_app.config[SECRET_KEY]) response[gc.TOKEN] = token return response, OK else: response = make_general_response(ADMIN_NOT_FOUND, "Could not verify") return response, UNAUTHORIZED else: response = make_general_response(ADMIN_NOT_FOUND, "Could not verify") return response, UNAUTHORIZED
def get_roles(): roles = get_all_roles() if roles: response = make_general_response(SUCCESS, "Success") response[gc.DATA] = roles return response, OK else: response = make_general_response(FAIL, "FAIL") return response, BAD_REQUEST
def get_shifts(): shifts = get_all_shifts() if shifts: response = make_general_response(SUCCESS, "Success") response[gc.DATA] = shifts return response, OK else: response = make_general_response(FAIL, "FAIL") return response, BAD_REQUEST
def get_genders(): gender = get_all_genders() if gender: response = make_general_response(SUCCESS, "Success") response[gc.DATA] = gender return response, OK else: response = make_general_response(FAIL, "FAIL") return response, BAD_REQUEST
def get_madrassas(): madrassas = get_all_madrassas() if madrassas: response = make_general_response(SUCCESS, "Success") response[gc.DATA] = madrassas return response, OK else: response = make_general_response(FAIL, "FAIL") return response, BAD_REQUEST
def admin_dashboard(): def first_row_first_col(query): res = database.select_query(query) res = res.fetchall() count = res[0][ID] return count query_params = request.args length_query_param = len(query_params) if length_query_param == 0: response = make_general_response(MISSING_QUERY_PARAM, "Query params are missing") return response, BAD_REQUEST elif len(query_params) > 1: response = make_general_response(ADDITIONAL_QUERY_PARAM, "Additional Query params") return response, BAD_REQUEST elif not query_params.get(gc.ADMIN): response = make_general_response(INVALID_QUERY_PARAM, "Invalid query params") return response, BAD_REQUEST username = query_params.get(gc.ADMIN) query = f"Select {USERNAME} from {ADMIN} where {USERNAME} = '{username}' " r = database.select_query(query) result = r.fetchall() if len(result) == 0: response = make_general_response(ADMIN_NOT_FOUND, "Admin not found") return response, OK query = f"select count({ID}) as {ID} from {MADRASSA}" madrassa_count = first_row_first_col(query) query = f"select count({ID}) as {ID} from {COURSE}" course_count = first_row_first_col(query) query = f"select count({ID}) as {ID} from {SHIFT}" shift_count = first_row_first_col(query) query = f"select count({ID}) as {ID} from {ENROLLMENT} where {ROLE_ID} = 0" teacher_count = first_row_first_col(query) query = f"select count({ID}) as {ID} from {ENROLLMENT} where {ROLE_ID} = 1" student_count = first_row_first_col(query) response = make_general_response(SUCCESS, "Success") response[gc.DATA] = { 'totalStudents': student_count, 'totalTeachers': teacher_count, 'totalShifts': shift_count, 'totalCourses': course_count, 'totalMadrassas': madrassa_count } return response, OK
def delete_shifts(): query_params = request.args deleted, code, detail = delete_shift(query_params[gc.ID]) response = make_general_response(code, detail) response[gc.DELETED] = deleted if deleted: return response, OK return response, BAD_REQUEST
def add_roles(): request_body = request.get_json() data, response_code, detail = add_new_role(request_body[gc.NAME]) response = make_general_response(response_code, detail) if data: response[gc.DATA] = data return response, CREATED return response, BAD_REQUEST
def update_roles(): request_body = request.get_json() data, response_code, detail = update_role(request_body[gc.ID], request_body[gc.NAME]) response = make_general_response(response_code, detail) if data: response[gc.DATA] = data return response, OK return response, BAD_REQUEST
def add_user(): request_body = request.get_json() if not validate_cnic(request_body.get(gc.CNIC)): response = make_general_response(INVALID_PARAMETER, "Invalid CNIC") return response, BAD_REQUEST if not validate_email(request_body.get(gc.EMAIL)): response = make_general_response(INVALID_PARAMETER, "Invalid Email ID") return response, BAD_REQUEST if not validate_contact(request_body.get(gc.CONTACT)): response = make_general_response(INVALID_PARAMETER, "Invalid Contact") return response, BAD_REQUEST if not validate_contact(request_body.get(gc.GUARDIAN_CONTACT)): response = make_general_response(INVALID_PARAMETER, "Invalid Guardian Contact") return response, BAD_REQUEST if not validate_date(request_body.get(gc.DATE_OF_BIRTH)): response = make_general_response( INVALID_PARAMETER, "Invalid DOB. Allowed Date format is YYYYMMDD") return response, BAD_REQUEST user_param = request_body data, response_code, detail = add_new_user(user_param) response = make_general_response(response_code, detail) if data: response[gc.DATA] = data return response, CREATED return response, BAD_REQUEST
def add_shifts(): request_body = request.get_json() flag, start_time = validate_time(request_body[gc.START_TIME]) if not flag: response = make_general_response( INVALID_PARAMETER, "Invalid Start Time format allowed is hhmm") return response, BAD_REQUEST flag, end_time = validate_time(request_body[gc.END_TIME]) if not flag: response = make_general_response( INVALID_PARAMETER, "Invalid End Time format allowed is hhmm") return response, BAD_REQUEST data, response_code, detail = add_new_shift(request_body[gc.NAME], start_time, end_time) response = make_general_response(response_code, detail) if data: response[gc.DATA] = data return response, CREATED return response, BAD_REQUEST
def enroll_users(): request_body = request.get_json() _id = request_body[gc.USER_ID] user = find_user_by_id(_id) if not user: response = make_general_response(USER_NOT_FOUND, "User not found") return response, BAD_REQUEST madrassa_detail_id = request_body[gc.MADRASSA_DETAIL] madrassa_detail = find_madrassa_detail_by_id(madrassa_detail_id) if not madrassa_detail: response = make_general_response(MADRASSA_DETAILS_NOT_FOUND, "Madrassa details not found") return response, BAD_REQUEST role_id = request_body[gc.ROLE_ID] role = find_role_by_id(role_id) if not role: response = make_general_response(ROLE_NOT_FOUND, "Role not found") return response, BAD_REQUEST enrollment_date = request_body[gc.ENROLMENT_DATE] if not validate_date(enrollment_date): response = make_general_response( INVALID_PARAMETER, "Invalid Date Format. Allowed Date format is YYYYMMDD") return response, BAD_REQUEST enrolled, response_code, detail = enroll_user_in_madrassa( user, madrassa_detail, role, enrollment_date) response = make_general_response(response_code, detail) if enrolled: return response, OK return response, BAD_REQUEST
def wrap(*args, **kwargs): token = None headers = request_header() if X_ACCESS_TOKEN in headers: token = headers[X_ACCESS_TOKEN] if not token: response = make_general_response(MISSING_TOKEN, 'token is missing') return response, UNAUTHORIZED # try: algorithm = gc.SHA256 data = decode(token, current_app.config[SECRET_KEY], algorithms=[algorithm]) query = f"Select {PASSWORD} from {ADMIN} where {USERNAME} = '{data.get(gc.USERNAME)}'" r = select_query(query) if r: result = r.fetchall() password = result[0][PASSWORD] hashed_password = sha256(password.encode(gc.ASCII)).hexdigest() if hashed_password == data.get(gc.PASSWORD): return f(*args, **kwargs) response = make_general_response(FAIL, 'FAIL') return response, BAD_REQUEST