Exemplo n.º 1
0
    def post(self):
        """
        Performs a purchase operation
        """
        data = Customer.decode_auth_token(request.headers['Authorization'])
        try:
            customer = Customer.query.filter_by(
                customer_mail_address=data['customer']).first()
        except OperationalError:
            raise InternalServerError('Customer table is missing')
        purchase = Purchase(
            purchase_date=dt.utcnow(),
            purchase_customer_mail_address=customer.customer_mail_address)
        if customer is None:
            raise NotFound(description='Resource ' + customer.__repr__() +
                           ' is not found')

        # check if the product is requested more than once
        product_list = set()
        for details in request.json['purchase_details']:
            # adds the product to a set to later check if the product
            # appears more than once in the purchase_details
            if details['purchase_quantity'] <= 0:
                raise UnprocessableEntity('Purchase quantity cannot be <= 0')
            product_list.add(details['product_code'])

        # If length of set and received entries are different then
        # it means some products shows up twice in the list,
        # raise 422 HTTP error
        if len(product_list) != len(request.json['purchase_details']):
            raise UnprocessableEntity('A product has been submitted twice')

        # adds the purchase to session
        db.session.add(purchase)
        for details in request.json['purchase_details']:
            product = Product.query.filter_by(
                product_code_uuid=details['product_code']).first()
            if product is None:
                raise NotFound('Product ' + details['product_code'] +
                               ' not found')
            if not product.product_availability:
                db.session.remove()
                raise UnprocessableEntity('Unavailable product selected')
            if product.product_quantity <= 0:
                db.session.remove()
                raise UnprocessableEntity('Product out of stock')
            if product.product_quantity < details['purchase_quantity']:
                db.session.remove()
                raise UnprocessableEntity('Too much quantity requested')
            # update the product quantity
            product.product_quantity = product.product_quantity - details[
                'purchase_quantity']
            # create a new association object between a purchase and a product
            purchase_item = PurchaseItem(
                purchase_item_product_code_uuid=product.product_code_uuid,
                purchase_item_purchase_code_uuid=purchase.purchase_code_uuid,
                purchase_item_quantity=details['purchase_quantity'])
            db.session.add(purchase_item)
        db.session.commit()
        return {'purchase_uuid': purchase.purchase_code_uuid}, 200
Exemplo n.º 2
0
 def post(self, mail_address):
     """
     Produce the expense bill
     """
     data = Customer.decode_auth_token(request.headers['Authorization'])
     if data['customer'] != mail_address:
         raise Forbidden(
             "You don't have the permission to access the requested resource"
         )
     return produce_purchase_list(mail_address)
Exemplo n.º 3
0
    def decorated(*args, **kwargs):
        token = None

        if 'Authorization' in request.headers:
            token = request.headers['Authorization']
            data = Customer.decode_auth_token(token)
            if data['status'] == 'fail':
                return data, 401
        if not token:
            return {'message': 'Token is missing'}, 401
        return f(*args, **kwargs)
Exemplo n.º 4
0
 def get(self, mail_address):
     """
     Get customer data.
     """
     token = request.headers['Authorization']
     data = Customer.decode_auth_token(token)
     if not data['admin'] and data['customer'] != mail_address:
         raise Unauthorized()
     customer = Customer.query.filter_by(
         customer_mail_address=mail_address).first()
     if customer is None:
         raise NotFound()
     return customer, 200
Exemplo n.º 5
0
 def test_decode_auth_token(self):
     user = Customer(customer_mail_address='*****@*****.**',
                     customer_pin_hash=str(12612),
                     customer_first_name='foo',
                     customer_last_name='bar')
     db.session.add(user)
     db.session.commit()
     auth_token = user.encode_auth_token()
     self.assertTrue(isinstance(auth_token, bytes))
     resp = Customer.decode_auth_token(auth_token.decode("utf-8"))
     if resp['status'] == 'success':
         self.assertTrue(resp['customer'] == user.customer_mail_address)
     else:
         assert False
Exemplo n.º 6
0
def logout_customer(data):
    auth_token = data
    if auth_token:
        resp = Customer.decode_auth_token(auth_token)
        if resp['status'] == 'success':
            # mark the token as blacklisted
            return save_token(token=auth_token)
        else:
            return resp, 401
    else:
        response_object = {
            'status': 'fail',
            'message': 'Provide a valid auth token'
        }
        return response_object, 403
Exemplo n.º 7
0
    def decorated(*args, **kwargs):
        token = None

        if 'Authorization' in request.headers:
            token = request.headers['Authorization']
            data = Customer.decode_auth_token(token)
            if data['status'] == 'fail':
                return data, 401
            elif not data['admin']:
                return {
                    'message':
                    'Admin token required, please login with an admin account'
                }, 401
        if not token:
            return {'message': 'Token is missing'}, 401
        return f(*args, **kwargs)
Exemplo n.º 8
0
 def put(self, mail_address):
     """
     Edit customer data.
     """
     token = request.headers['Authorization']
     data = Customer.decode_auth_token(token)
     if data['customer'] != mail_address:
         raise Forbidden()
     customer = Customer.query.filter_by(
         customer_mail_address=mail_address).first()
     if customer is None:
         raise NotFound()
     if 'pin' in request.json.keys():
         if not (0 <= request.json["pin"] <= 99999):
             raise UnprocessableEntity("The PIN must be 5 digits")
         customer.set_password(str(request.json['pin']))
     if 'first_name' in request.json.keys():
         customer.customer_first_name = request.json['first_name']
     if 'last_name' in request.json.keys():
         customer.customer_last_name = request.json['last_name']
     db.session.commit()
     return '', 204
Exemplo n.º 9
0
 def post(self, purchase_uuid):
     data = Customer.decode_auth_token(request.headers['Authorization'])
     return undo_purchase(purchase_uuid, data['customer']), 204