def api_manager_getFoodList(): if not hasattr(current_user, 'roles') or 'Manager' not in current_user.roles: return ErrorModel('No Privilege: Must be Manager').json() return SuccessModel(mysqlDB.select('SELECT * FROM Food;', ())['data']).json()
def api_manager_getAvailableStaff(): if not hasattr(current_user, 'roles') or 'Manager' not in current_user.roles: return ErrorModel('No Privilege: Must be Manager').json() username = current_user.id callProcedure('mn_view_foodTruck_available_staff', [username, None]) data = select('mn_view_foodTruck_available_staff_result', '1 = 1', '*')['data'] urlData = json.loads(request.args.get('data') or '{}') foodTruckName = urlData.get('foodTruckName') if foodTruckName: callProcedure('mn_view_foodTruck_staff', [foodTruckName]) newData = select('mn_view_foodTruck_staff_result', '1 = 1', '*')['data'] data = tuple(list(data) + list(newData)) for obj in data: staffUsername = mysqlDB.select( 'SELECT username from Staff NATURAL JOIN `User` WHERE CONCAT(firstName, " ", lastName) = %s', (obj.get('availableStaff') or obj.get('assignedStaff')))['data'][0]['username'] obj['username'] = staffUsername return SuccessModel(data).json()
def api_manager_createFoodTruck(): if not hasattr(current_user, 'roles') or 'Manager' not in current_user.roles: return ErrorModel('No Privilege: Must be Manager').json() username = current_user.id data = request.get_json() foodTruckName = data.get('name') station = data.get('station') staffs = data.get('assignedStaff') menuItems = data.get('menuItems') if not (type(foodTruckName) is str and type(station) is str and type(staffs) is list and type(menuItems) is list): return ErrorModel({'errno': 0}).json() callProcedure('mn_create_foodTruck_add_station', [foodTruckName, station, username]) for staff in staffs: callProcedure('mn_create_foodTruck_add_staff', [foodTruckName, staff]) for menuItem in menuItems: callProcedure( 'mn_create_foodTruck_add_menu_item', [foodTruckName, float(menuItem['price']), menuItem['food']]) if not mysqlDB.tryCommit(): return ErrorModel({'errno': 1}).json() return SuccessModel({}).json()
def api_admin_manageFood(): if not hasattr(current_user, 'roles') or 'Admin' not in current_user.roles: return ErrorModel('No Privilege: Must be Admin').json() data = json.loads(request.args.get('data') or '{}') foodName = data.get('name') sortBy = data.get('sortBy') isAsc = data.get('asc') if sortBy is not None: if isAsc: isAsc = 'ASC' else: isAsc = 'DESC' ret = {} callProcedure('ad_filter_food', [foodName, sortBy, isAsc]) result = select('ad_filter_food_result', '1 = 1', '*') if not result['okay']: return ErrorModel({'errno': 0}).json() ret['table'] = result['data'] result = mysqlDB.select('SELECT * FROM Food;', ()) if not result['okay']: return ErrorModel({'errno': 1}).json() ret['foodList'] = result['data'] return SuccessModel(ret).json()
def api_admin_updateStation(): if not hasattr(current_user, 'roles') or 'Admin' not in current_user.roles: return ErrorModel('No Privilege: Must be Admin').json() data = request.get_json() stationName = data.get('name') capacity = data.get('capacity') sponsoredBuilding = data.get('sponsoredBuilding') if type(stationName) is str and type( capacity) is int and capacity > 0 and type( sponsoredBuilding) is str: if not checkExist('Station', '`stationName` = %s', (stationName)): return ErrorModel({'errno': 0}).json() numFoodTrucks = mysqlDB.select( 'SELECT COUNT(*) AS numFoodTrucks FROM FoodTruck WHERE stationName = %s', (stationName))['data'][0]['numFoodTrucks'] if numFoodTrucks > capacity: return ErrorModel({'errno': 3}).json() callProcedure('ad_update_station', [stationName, capacity, sponsoredBuilding]) if not mysqlDB.tryCommit(): return ErrorModel({'errno': 2}).json() return SuccessModel({}).json() else: return ErrorModel({'errno': 1}).json()
def api_customer_explore(): if not hasattr(current_user, 'roles') or 'Customer' not in current_user.roles: return ErrorModel('No Privilege: Must be Customer').json() data = json.loads(request.args.get('data') or '{}') buildingName = data.get('buildingName') stationName = data.get('stationName') buildingTag = data.get('buildingTag') foodTruckName = data.get('foodTruckName') food = data.get('food') ret = {} callProcedure( 'cus_filter_explore', [buildingName, stationName, buildingTag, foodTruckName, food]) ret['table'] = select('cus_filter_explore_result', '1 = 1', '*')['data'] ret['stationList'] = mysqlDB.select('SELECT stationName from Station;', ())['data'] ret['buildingList'] = mysqlDB.select('SELECT buildingName from Station;', ())['data'] return SuccessModel(ret).json()
def api_admin_updateBuilding(): if not hasattr(current_user, 'roles') or 'Admin' not in current_user.roles: return ErrorModel('No Privilege: Must be Admin').json() data = request.get_json() oldName = data.get('oldName') newName = data.get('newName') description = data.get('description') tags = data.get('tags') if oldName and newName and description is not None and tags and len( tags) > 0: if checkExist('Building', '`buildingName` = %s', (oldName)): if oldName.lower() == newName.lower() or not checkExist( 'Building', '`buildingName` = %s', (newName)): callProcedure('ad_update_building', [oldName, newName, description]) # The provided stored proecedure API is different. Let's do a vinilla style! mysqlDB.modify( 'DELETE FROM `BuildingTag` WHERE `buildingName` = %s;', newName) for tag in tags: if not checkExist('BuildingTag', '`buildingName` = %s AND `tag` = %s', (newName, tag)): callProcedure('ad_add_building_tag', [newName, tag]) if not mysqlDB.tryCommit(): return ErrorModel({'errno': 0}).json() return SuccessModel({}).json() else: return ErrorModel({'errno': 3}).json() else: return ErrorModel({'errno': 2}).json() return ErrorModel({'errno': 1}).json()
def api_amdin_resetState(): if not hasattr(current_user, 'roles') or 'Admin' not in current_user.roles: return ErrorModel('No Privilege: Must be Admin').json() mysqlDB.executeSqlFile('db-setup/phase4-reset.sql') return SuccessModel({}).json()
def api_manager_manageFoodTruck(): if not hasattr(current_user, 'roles') or 'Manager' not in current_user.roles: return ErrorModel('No Privilege: Must be Manager').json() username = current_user.id data = json.loads(request.args.get('data') or '{}') foodTruckName = data.get('foodTruckName') or '' stationName = data.get('stationName') or '' staffCount = data.get('staffCount') low = None high = None if staffCount: low = staffCount.get('low') high = staffCount.get('high') hasRemainingCapacity = data.get('hasRemainingCapacity') if hasRemainingCapacity is None: hasRemainingCapacity = False callProcedure('mn_filter_foodTruck', [ username, foodTruckName, stationName, low, high, hasRemainingCapacity ]) ret = {} ret['table'] = select('mn_filter_foodTruck_result', '1 = 1', '*')['data'] callProcedure('mn_get_station', [username]) ret['stationList'] = select('mn_get_station_result', '1 = 1', '*')['data'] return SuccessModel(ret).json()
def api_admin_getAvailableBuilding(): if not hasattr(current_user, 'roles') or 'Admin' not in current_user.roles: return ErrorModel('No Privilege: Must be Admin').json() callProcedure('ad_get_available_building', []) return SuccessModel( select('ad_get_available_building_result', '1 = 1', '*')['data']).json()
def api_customer_foodTruckMenu(): if not hasattr(current_user, 'roles') or 'Customer' not in current_user.roles: return ErrorModel('No Privilege: Must be Customer').json() data = json.loads(request.args.get('data') or '{}') foodTruck = data.get('foodTruck') callProcedure('mn_view_foodTruck_menu', [foodTruck]) ret = select('mn_view_foodTruck_menu_result', '1 = 1', 'foodName, price')['data'] cleanDecimal(ret, 'price', 2) return SuccessModel(ret).json()
def api_customer_selectLocation(): if not hasattr(current_user, 'roles') or 'Customer' not in current_user.roles: return ErrorModel('No Privilege: Must be Customer').json() data = request.get_json() station = data.get('station') username = current_user.id callProcedure('cus_select_location', [username, station]) if not mysqlDB.tryCommit(): return ErrorModel({'errno': 0}).json() return SuccessModel({}).json()
def api_customer_orderHistory(): if not hasattr(current_user, 'roles') or 'Customer' not in current_user.roles: return ErrorModel('No Privilege: Must be Customer').json() username = current_user.id callProcedure('cus_order_history', [username]) ret = select('cus_order_history_result', '1 = 1', '*')['data'] cleanDecimal(ret, 'orderTotal', 2) formatDate(ret, 'date') formatOrderID(ret, 'orderID') return SuccessModel(ret).json()
def api_customer_currentInformation(): if not hasattr(current_user, 'roles') or 'Customer' not in current_user.roles: return ErrorModel('No Privilege: Must be Customer').json() username = current_user.id ret = {} callProcedure('cus_current_information_basic', [username]) ret['basic'] = select('cus_current_information_basic_result', '1 = 1', '*')['data'] cleanDecimal(ret['basic'], 'balance', 2) callProcedure('cus_current_information_foodTruck', [username]) ret['foodTrucks'] = select('cus_current_information_foodTruck_result', '1 = 1', '*')['data'] return SuccessModel(ret).json()
def api_manager_summaryDetail(): if not hasattr(current_user, 'roles') or 'Manager' not in current_user.roles: return ErrorModel('No Privilege: Must be Manager').json() urlData = json.loads(request.args.get('data') or '{}') foodTruckName = urlData.get('foodTruckName') username = current_user.id callProcedure('mn_summary_detail', [username, foodTruckName]) ret = select('mn_summary_detail_result', '1 = 1', '*')['data'] cleanDecimal(ret, 'totalPurchase', 2) formatDate(ret, 'date') return SuccessModel(ret).json()
def api_admin_deleteBuilding(): if not hasattr(current_user, 'roles') or 'Admin' not in current_user.roles: return ErrorModel('No Privilege: Must be Admin').json() data = request.get_json() buildingName = data.get('building') if buildingName: callProcedure('ad_delete_building', [buildingName]) if not mysqlDB.tryCommit(): return ErrorModel({'errno': 0}).json() else: return ErrorModel({'errno': 1}).json() return SuccessModel({}).json()
def api_manager_deleteFoodTruck(): if not hasattr(current_user, 'roles') or 'Manager' not in current_user.roles: return ErrorModel('No Privilege: Must be Manager').json() data = request.get_json() name = data.get('foodTruck') if type(name) is not str: return ErrorModel({'errno': 0}).json() callProcedure('mn_delete_foodTruck', [name]) if not mysqlDB.tryCommit(): return ErrorModel({'errno': 1}).json() return SuccessModel({}).json()
def api_admin_deleteFood(): if not hasattr(current_user, 'roles') or 'Admin' not in current_user.roles: return ErrorModel('No Privilege: Must be Admin').json() data = request.get_json() name = data.get('name') if not name or type(name) is not str: return ErrorModel({'errno': 1}).json() if not checkExist('Food', '`foodName` = %s', (name)): return ErrorModel({'errno': 0}).json() callProcedure('ad_delete_food', [name]) if not mysqlDB.tryCommit(): return ErrorModel({'errno': 2}).json() return SuccessModel({}).json()
def api_admin_getStation(): if not hasattr(current_user, 'roles') or 'Admin' not in current_user.roles: return ErrorModel('No Privilege: Must be Admin').json() data = json.loads(request.args.get('data') or '{}') buildingName = data.get('buildingName') res = mysqlDB.select( 'SELECT `stationName` FROM `Station` WHERE `buildingName` = %s;', (buildingName))['data'] if len(res) == 0: return ErrorModel({'errno': 1}).json() stationName = res[0]['stationName'] callProcedure('ad_view_station', [stationName]) res = select('ad_view_station_result', '1 = 1', '*') return SuccessModel( select('ad_view_station_result', '1 = 1', '*')['data'][0]).json()
def api_manager_updateFoodTruck(): if not hasattr(current_user, 'roles') or 'Manager' not in current_user.roles: return ErrorModel('No Privilege: Must be Manager').json() username = current_user.id data = request.get_json() foodTruckName = data.get('name') oldFoodTruckName = data.get('oldName') station = data.get('station') staffs = data.get('assignedStaff') menuItems = data.get('menuItems') if not (type(foodTruckName) is str and type(oldFoodTruckName) is str and type(station) is str and type(staffs) is list and type(menuItems) is list): return ErrorModel({'errno': 0}).json() mysqlDB.modify( 'UPDATE FoodTruck SET foodTruckName = %s WHERE foodTruckName = %s;', (foodTruckName, oldFoodTruckName)) callProcedure('mn_update_foodTruck_station', [foodTruckName, station]) mysqlDB.modify( 'UPDATE Staff SET foodTruckName = NULL WHERE foodTruckName = %s;', (foodTruckName)) for staff in staffs: callProcedure('mn_update_foodTruck_staff', [foodTruckName, staff]) for menuItem in menuItems: if not checkExist('MenuItem', 'foodName = %s AND foodTruckName = %s', [menuItem['food'], foodTruckName]): callProcedure( 'mn_create_foodTruck_add_menu_item', [foodTruckName, float(menuItem['price']), menuItem['food']]) else: callProcedure( 'mn_update_foodTruck_menu_item', [foodTruckName, float(menuItem['price']), menuItem['food']]) if not mysqlDB.tryCommit(): return ErrorModel({'errno': 1}).json() return SuccessModel({}).json()
def api_admin_getBuilding(): if not hasattr(current_user, 'roles') or 'Admin' not in current_user.roles: return ErrorModel('No Privilege: Must be Admin').json() data = json.loads(request.args.get('data') or '{}') buildingName = data.get('buildingName') if buildingName: res = {} callProcedure('ad_view_building_general', [buildingName]) res['general'] = select('ad_view_building_general_result', '1 = 1', '*')['data'][0] callProcedure('ad_view_building_tags', [buildingName]) res['tags'] = select('ad_view_building_tags_result', '1 = 1', '*')['data'] return SuccessModel(res).json() return ErrorModel({'errno': 0}).json()
def api_customer_makeOrder(): if not hasattr(current_user, 'roles') or 'Customer' not in current_user.roles: return ErrorModel('No Privilege: Must be Customer').json() username = current_user.id data = request.get_json() foodTruck = data.get('foodTruck') date = data.get('date') menuItems = data.get('menuItems') if type(foodTruck) is not str or type(date) is not str or type( menuItems) is not list: return ErrorModel({'errno': 0}).json() totalPrice = 0 for menuItem in menuItems: thisPrice = mysqlDB.select( 'SELECT price FROM MenuItem WHERE foodTruckName = %s AND foodName = %s;', (foodTruck, menuItem['food']))['data'][0]['price'] totalPrice = totalPrice + thisPrice * menuItem['quantity'] balance = mysqlDB.select( 'SELECT balance FROM Customer WHERE username = %s;', (username))['data'][0]['balance'] if totalPrice > balance: return ErrorModel({'errno': 2}).json() callProcedure('cus_order', [date, username]) currOrderIDArr = mysqlDB.select( 'SELECT MAX(orderID) AS currOrderID FROM Orders WHERE orderID NOT IN (SELECT DISTINCT orderID FROM OrderDetail);', ())['data'] if len(currOrderIDArr) == 0: return ErrorModel({'errno': 1}).json() currOrderID = currOrderIDArr[0]['currOrderID'] for menuItem in menuItems: callProcedure( 'cus_add_item_to_order', [foodTruck, menuItem['food'], menuItem['quantity'], currOrderID]) if not mysqlDB.tryCommit(): return ErrorModel({'errno': 3}).json() return SuccessModel({}).json()
def api_user_login(): data = request.get_json() username = data.get('username') password = data.get('password') if username and password: callProcedure('login', [username, password]) if checkExist('login_result', '1 = 1', ()): username = select('login_result', '1 = 1', '`username`')['data'][0]['username'] user = User.get(username) if user is None: user = User(username, getUserRoles(username)) login_user(user) resp = make_response(SuccessModel().json()) resp.set_cookie('user-roles', json.dumps(user.roles)) return resp return ErrorModel('Login Failed').json()
def api_manager_getAvailableStation(): if not hasattr(current_user, 'roles') or 'Manager' not in current_user.roles: return ErrorModel('No Privilege: Must be Manager').json() data = json.loads(request.args.get('data') or '{}') foodTruckName = data.get('foodTruckName') callProcedure('mn_get_available_station', [foodTruckName]) data = select('mn_get_available_station_result', '1 = 1', '*')['data'] if foodTruckName: data = tuple( list( mysqlDB.select( 'SELECT stationName FROM FoodTruck WHERE foodTruckName = %s;', (foodTruckName))['data']) + list(data)) return SuccessModel(data).json()
def api_admin_createStation(): if not hasattr(current_user, 'roles') or 'Admin' not in current_user.roles: return ErrorModel('No Privilege: Must be Admin').json() data = request.get_json() stationName = data.get('name') capacity = data.get('capacity') sponsoredBuilding = data.get('sponsoredBuilding') if type(stationName) is str and type( capacity) is int and capacity > 0 and type( sponsoredBuilding) is str: if checkExist('Station', '`stationName` = %s', (stationName)): return ErrorModel({'errno': 0}).json() callProcedure('ad_create_station', [stationName, sponsoredBuilding, capacity]) if not mysqlDB.tryCommit(): return ErrorModel({'errno': 2}).json() return SuccessModel({}).json() else: return ErrorModel({'errno': 1}).json()
def api_admin_deleteStation(): if not hasattr(current_user, 'roles') or 'Admin' not in current_user.roles: return ErrorModel('No Privilege: Must be Admin').json() data = request.get_json() buildingName = data.get('building') res = mysqlDB.select( 'SELECT `stationName` FROM `Station` WHERE `buildingName` = %s;', (buildingName))['data'] if len(res) == 0: return ErrorModel({'errno': 2}).json() stationName = res[0]['stationName'] if stationName: callProcedure('ad_delete_station', [stationName]) if not mysqlDB.tryCommit(): return ErrorModel({'errno': 0}).json() else: return ErrorModel({'errno': 1}).json() return SuccessModel({}).json()
def api_manager_foodTruckSummary(): if not hasattr(current_user, 'roles') or 'Manager' not in current_user.roles: return ErrorModel('No Privilege: Must be Manager').json() urlData = json.loads(request.args.get('data') or '{}') username = current_user.id foodTruckName = urlData.get('foodTruckName') stationName = urlData.get('stationName') dateRange = urlData.get('dateRange') dateFrom = None dateTo = None if dateRange: dateFrom = dateRange.get('dateFrom') dateTo = dateRange.get('dateTo') sortBy = urlData.get('sortBy') asc = urlData.get('asc') if sortBy: if not (asc == True): asc = 'DESC' else: asc = 'ASC' else: asc = None ret = {} callProcedure( 'mn_filter_summary', [username, foodTruckName, stationName, dateFrom, dateTo, sortBy, asc]) ret['table'] = select('mn_filter_summary_result', '1 = 1', '*')['data'] cleanDecimal(ret['table'], 'totalRevenue', 2) callProcedure('mn_get_station', [username]) ret['stationList'] = select('mn_get_station_result', '1 = 1', '*')['data'] return SuccessModel(ret).json()
def api_admin_manageBuildingAndStation(): if not hasattr(current_user, 'roles') or 'Admin' not in current_user.roles: return ErrorModel('No Privilege: Must be Admin').json() data = json.loads(request.args.get('data') or '{}') buildingName = data.get('buildingName') buildingTag = data.get('buildingTag') stationName = data.get('stationName') capacity = data.get('capacity') low = None high = None if capacity: low = capacity.get('low') high = capacity.get('high') callProcedure('ad_filter_building_station', [buildingName, buildingTag, stationName, low, high]) ret = {} ret['table'] = select('ad_filter_building_station_result', '1 = 1', '*')['data'] ret['buildingList'] = select('Building', '1 = 1', 'buildingName')['data'] ret['stationList'] = select('Station', '1 = 1', 'stationName')['data'] cleanDecimal(ret['table'], 'capacity', 0) return SuccessModel(ret).json()
def api_user_regiser(): data = request.get_json() username = data.get('username') password = data.get('password') firstName = data.get('firstName') lastName = data.get('lastName') email = data.get('email') balance = data.get('balance') employeeType = data.get('employeeType') # call register procedure callProcedure('register', [ username, email, firstName, lastName, password, balance, employeeType ]) roles = getUserRoles(username) err_no = (select('err_msg', '1 = 1', '`err`')['data'][0]['err']) if err_no == 0: if not mysqlDB.tryCommit(): return ErrorModel({'errno': 3}).json() return SuccessModel({'roles': roles}).json() return ErrorModel({'errno': int(err_no - 1)}).json()
def api_admin_createBuilding(): if not hasattr(current_user, 'roles') or 'Admin' not in current_user.roles: return ErrorModel('No Privilege: Must be Admin').json() data = request.get_json() name = data.get('name') description = data.get('description') tags = data.get('tags') if name and description is not None and tags and len(tags) > 0: if not checkExist('Building', '`buildingName` = %s', (name)): callProcedure('ad_create_building', [name, description]) for tag in tags: if not checkExist('BuildingTag', '`buildingName` = %s AND `tag` = %s', (name, tag)): callProcedure('ad_add_building_tag', [name, tag]) if not mysqlDB.tryCommit(): return ErrorModel({'errno': 0}).json() return SuccessModel({}).json() else: return ErrorModel({'errno': 2}).json() return ErrorModel({'errno': 1}).json()