def get_stocktakingcollections(admin, collection_id): """ Returns the stocktakingcollection with the requested id. In addition, all stocktakings that belong to this collection are returned. :param admin: Is the administrator user, determined by @adminRequired. :param collection_id: Is the stocktakingcollection id. :return: The requested stocktakingcollection and all related stocktakings JSON object. :raises EntryNotFound: If the stocktakingcollection with this ID does not exist. """ # Query the stocktakingcollection. collection = StocktakingCollection.query.filter_by( id=collection_id).first() # If it does not exist, raise an exception. if not collection: raise exc.EntryNotFound() fields_collection = [ 'id', 'timestamp', 'admin_id', 'revoked', 'revokehistory' ] fields_stocktaking = ['id', 'product_id', 'count', 'collection_id'] stocktakings = collection.stocktakings.all() result = convert_minimal(collection, fields_collection)[0] result['stocktakings'] = convert_minimal(stocktakings, fields_stocktaking) return jsonify(result), 200
def get_replenishmentcollection(admin, id): """ Returns the replenishmentcollection with the requested id. In addition, all replenishments that belong to this collection are returned. :param admin: Is the administrator user, determined by @adminRequired. :param id: Is the replenishmentcollection id. :return: The requested replenishmentcollection and all related replenishments JSON object. :raises EntryNotFound: If the replenishmentcollection with this ID does not exist. """ # Query the replenishmentcollection. replcoll = ReplenishmentCollection.query.filter_by(id=id).first() # If it does not exist, raise an exception. if not replcoll: raise exc.EntryNotFound() fields_replcoll = [ 'id', 'timestamp', 'admin_id', 'price', 'revoked', 'revokehistory', 'comment' ] fields_repl = [ 'id', 'replcoll_id', 'product_id', 'amount', 'total_price', 'revoked' ] repls = replcoll.replenishments.all() result = convert_minimal(replcoll, fields_replcoll)[0] result['replenishments'] = convert_minimal(repls, fields_repl) return jsonify(result), 200
def list_purchases(admin): """ Returns a list of all purchases. If this route is called by an administrator, all information is returned. However, if it is called without further rights, a minimal version is returned. :param admin: Is the administrator user, determined by @adminOptional. :return: A list of all purchases. """ if admin is not None: fields = [ 'id', 'timestamp', 'user_id', 'admin_id', 'product_id', 'productprice', 'amount', 'revoked', 'price' ] else: fields = [ 'id', 'timestamp', 'user_id', 'admin_id', 'product_id', 'amount' ] query = QueryFromRequestParameters(Purchase, request.args, fields) if admin is None: query = query.filter(~exists().where( PurchaseRevoke.purchase_id == Purchase.id)) result, content_range = query.result() response = jsonify(convert_minimal(result, fields)) response.headers['Content-Range'] = content_range return response
def get_user(admin, user_id): """ Returns the user with the requested id. :param admin: Is the administrator user, determined by @adminOptional. :param user_id: Is the user id. :return: The requested user as JSON object. """ # Query user user = User.query.filter(User.id == user_id).first() if not user: raise exc.EntryNotFound() if admin is None: # Check if the user has been verified. if not user.is_verified: raise exc.UserIsNotVerified() # Check if the user is inactive if not user.active: raise exc.UserIsInactive() fields = ['id', 'firstname', 'lastname', 'fullname', 'credit', 'rank_id', 'imagename', 'active', 'is_admin', 'creation_date', 'verification_date', 'is_verified'] user = convert_minimal(user, fields)[0] return jsonify(user), 200
def list_users(admin): """ Returns a list of all users. If this route is called by an administrator, all information is returned. However, if it is called without further rights, a minimal version is returned. :param admin: Is the administrator user, determined by @adminOptional. :return: A list of all users. """ # Define fields if admin is None: fields = ['id', 'firstname', 'lastname', 'fullname', 'rank_id', 'imagename'] else: fields = ['id', 'firstname', 'lastname', 'fullname', 'credit', 'rank_id', 'imagename', 'active', 'is_admin', 'creation_date', 'verification_date', 'is_verified'] query = QueryFromRequestParameters(User, request.args, fields=fields) # Hide non verified, inactive and system users for non-administrators if admin is None: query = (query .filter(User.is_verified.is_(True)) .filter(User.active.is_(True)) .filter(User.is_system_user.is_(False))) result, content_range = query.result() response = jsonify(convert_minimal(result, fields)) response.headers['Content-Range'] = content_range return response
def list_tags(): """ Returns a list of all tags. :return: A list of all tags. """ result = Tag.query.all() tags = convert_minimal(result, ['id', 'name', 'created_by']) return jsonify(tags), 200
def list_ranks(): """ Returns a list of all ranks. :return: A list of all ranks. """ result = Rank.query.all() ranks = convert_minimal(result, ['id', 'name', 'debt_limit']) return jsonify(ranks), 200
def login(): """ Registered users can log in on this route. :return: A temporary valid token, which users can use to identify themselves when making requests to the API. :raises DataIsMissing: If the id or password (or both) is not included in the request. :raises UnknownField: If an unknown parameter exists in the request data. :raises InvalidType: If one or more parameters have an invalid type. :raises InvalidCredentials: If no user can be found with the given data. :raises UserIsNotVerified: If the user has not yet been verified. """ data = json_body() # Check all items in the json body. required = {'id': int, 'password': str} check_fields_and_types(data, required) # Try to get the user with the id user = User.query.filter_by(id=data['id']).first() # If no user with this data exists cancel the authentication. if not user: raise exc.InvalidCredentials() # Check if the user has already been verified. if not user.is_verified: raise exc.UserIsNotVerified() # Check if the user is inactive if not user.active: raise exc.UserIsInactive() # Check if the user has set a password. if not user.password: raise exc.InvalidCredentials() # Check if the password matches the user's password. if not bcrypt.check_password_hash(user.password, str(data['password'])): raise exc.InvalidCredentials() # Create a dictionary object of the user. fields = ['id', 'firstname', 'lastname', 'credit', 'is_admin'] d_user = convert_minimal(user, fields)[0] # Create a token. exp = datetime.datetime.utcnow() + datetime.timedelta(minutes=60) token = jwt.encode({'user': d_user, 'exp': exp}, app.config['SECRET_KEY']) # Return the result. return jsonify({'result': True, 'token': token.decode('UTF-8')}), 200
def list_turnovers(admin): """ Returns a list of all turnovers. :param admin: Is the administrator user, determined by @adminRequired. :return: A list of all turnovers. """ turnovers = Turnover.query.all() fields = ['id', 'timestamp', 'amount', 'comment', 'revoked', 'admin_id'] return jsonify(convert_minimal(turnovers, fields)), 200
def list_replenishmentcollections(admin): """ Returns a list of all replenishmentcollections. :param admin: Is the administrator user, determined by @adminRequired. :return: A list of all replenishmentcollections. """ data = ReplenishmentCollection.query.all() fields = ['id', 'timestamp', 'admin_id', 'price', 'revoked', 'comment'] response = convert_minimal(data, fields) return jsonify(response), 200
def list_stocktakingcollections(admin): """ Returns a list of all stocktakingcollections. :param admin: Is the administrator user, determined by @adminRequired. :return: A list of all stocktakingcollections. """ data = (StocktakingCollection.query.order_by( StocktakingCollection.timestamp).all()) fields = ['id', 'timestamp', 'admin_id', 'revoked'] return jsonify(convert_minimal(data, fields)), 200
def list_tags(): """ Returns a list of all tags. :return: A list of all tags. """ fields = ['id', 'name', 'created_by', 'is_for_sale'] query = QueryFromRequestParameters(Tag, request.args, fields) result, content_range = query.result() response = jsonify(convert_minimal(result, fields)) response.headers['Content-Range'] = content_range return response
def list_ranks(): """ Returns a list of all ranks. :return: A list of all ranks. """ fields = ['id', 'name', 'debt_limit', 'is_system_user'] query = QueryFromRequestParameters(Rank, request.args, fields) result, content_range = query.result() response = jsonify(convert_minimal(result, fields)) response.headers['Content-Range'] = content_range return response
def list_pending_validations(admin): """ Returns a list of all non verified users. :param admin: Is the administrator user, determined by @adminRequired. :return: A list of all non verified users. """ res = (db.session.query(User) .filter(~exists().where(UserVerification.user_id == User.id)) .all()) fields = ['id', 'firstname', 'lastname'] return jsonify(convert_minimal(res, fields)), 200
def list_users(admin): """ Returns a list of all users. If this route is called by an administrator, all information is returned. However, if it is called without further rights, a minimal version is returned. :param admin: Is the administrator user, determined by @adminOptional. :return: A list of all users. """ query = User.query.filter(User.is_verified.is_(True)) if not admin: query = query.filter(User.active.is_(True)) fields = ['id', 'firstname', 'lastname', 'rank_id'] return jsonify(convert_minimal(query.all(), fields)), 200 fields = [ 'id', 'firstname', 'lastname', 'credit', 'is_admin', 'creation_date', 'rank_id' ] return jsonify(convert_minimal(query.all(), fields)), 200
def list_refunds(admin): """ Returns a list of all refunds. :param admin: Is the administrator user, determined by @adminRequired. :return: A list of all refunds. """ refunds = Refund.query.all() fields = [ 'id', 'timestamp', 'user_id', 'total_price', 'comment', 'revoked', 'admin_id' ] return jsonify(convert_minimal(refunds, fields)), 200
def list_deposits(admin): """ Returns a list of all deposits. :param admin: Is the administrator user, determined by @adminRequired. :return: A list of all deposits. """ deposits = Deposit.query.all() fields = [ 'id', 'timestamp', 'user_id', 'amount', 'comment', 'revoked', 'admin_id' ] return jsonify(convert_minimal(deposits, fields)), 200
def get_user_deposits(user, user_id): """ Returns a list with all deposits of a user. :param user: Is the user, determined by @checkIfUserIsValid. :param user_id: Is the user id. :return: A list with all deposits of the user. """ fields = ['id', 'timestamp', 'admin_id', 'amount', 'revoked', 'comment'] deposits = convert_minimal(user.deposits.all(), fields) return jsonify(deposits), 200
def get_user_purchases(user, user_id): """ Returns a list with all purchases of a user. :param user: Is the user, determined by @checkIfUserIsValid. :param user_id: Is the user id. :return: A list with all purchases of the user. """ fields = ['id', 'timestamp', 'product_id', 'admin_id', 'productprice', 'amount', 'revoked', 'price'] purchases = convert_minimal(user.purchases.all(), fields) return jsonify(purchases), 200
def list_replenishments(admin): """ Returns a list of all replenishments. :param admin: Is the administrator user, determined by @adminRequired. :return: A list of all replenishments. """ fields = ['id', 'product_id', 'amount', 'total_price', 'revoked'] query = QueryFromRequestParameters(Replenishment, request.args, fields) result, content_range = query.result() response = jsonify(convert_minimal(result, fields)) response.headers['Content-Range'] = content_range return response
def list_stocktakingcollections(admin): """ Returns a list of all stocktakingcollections. :param admin: Is the administrator user, determined by @adminRequired. :return: A list of all stocktakingcollections. """ fields = ['id', 'timestamp', 'admin_id', 'revoked'] query = QueryFromRequestParameters(StocktakingCollection, request.args, fields) result, content_range = query.result() response = jsonify(convert_minimal(result, fields)) response.headers['Content-Range'] = content_range return response
def get_rank(rank_id): """ Returns the rank with the requested id. :param rank_id: Is the rank id. :return: The requested rank as JSON object. :raises EntryNotFound: If the rank with this ID does not exist. """ result = Rank.query.filter_by(id=rank_id).first() if not result: raise exc.EntryNotFound() rank = convert_minimal(result, ['id', 'name', 'debt_limit', 'is_system_user'])[0] return jsonify(rank), 200
def get_user_refunds(user, id): """ Returns a list with all refunds of a user. :param user: Is the user, determined by @checkIfUserIsValid. :param id: Is the user id. :return: A list with all refunds of the user. """ fields = [ 'id', 'timestamp', 'admin_id', 'total_price', 'revoked', 'comment' ] refunds = convert_minimal(user.refunds.all(), fields) return jsonify(refunds), 200
def get_tag(tag_id): """ Returns the tag with the requested id. :param tag_id: Is the tag id. :return: The requested tag as JSON object. :raises EntryNotFound: If the tag with this ID does not exist. """ result = Tag.query.filter_by(id=tag_id).first() if not result: raise exc.EntryNotFound() tag = convert_minimal(result, ['id', 'name', 'created_by', 'is_for_sale'])[0] return jsonify(tag), 200
def get_user(user, id): """ Returns the user with the requested id. :param user: Is the user, determined by @checkIfUserIsValid. :param id: Is the user id. :return: The requested user as JSON object. """ fields = [ 'id', 'firstname', 'lastname', 'credit', 'rank_id', 'is_admin', 'creation_date', 'verification_date' ] user = convert_minimal(user, fields)[0] return jsonify(user), 200
def list_deposits(admin): """ Returns a list of all deposits. :param admin: Is the administrator user, determined by @adminRequired. :return: A list of all deposits. """ fields = [ 'id', 'timestamp', 'user_id', 'amount', 'comment', 'revoked', 'admin_id' ] query = QueryFromRequestParameters(Deposit, request.args, fields) result, content_range = query.result() response = jsonify(convert_minimal(result, fields)) response.headers['Content-Range'] = content_range return response
def get_purchase(purchase_id): """ Returns the purchase with the requested id. :param purchase_id: Is the purchase id. :return: The requested purchase as JSON object. :raises EntryNotFound: If the purchase with this ID does not exist. """ purchase = Purchase.query.filter_by(id=purchase_id).first() if not purchase: raise exc.EntryNotFound() fields = [ 'id', 'timestamp', 'user_id', 'admin_id', 'product_id', 'amount', 'price', 'productprice', 'revoked', 'revokehistory' ] return jsonify(convert_minimal(purchase, fields)[0]), 200
def list_products(admin): """ Returns a list of all products. :param admin: Is the administrator user, determined by @adminOptional. :return: A list of all products """ result = Product.query.all() fields = [ 'id', 'name', 'price', 'barcode', 'active', 'countable', 'revocable', 'imagename', 'tags', 'creation_date' ] products = convert_minimal(result, fields) for product in products: product['tags'] = [t.id for t in product['tags']] return jsonify(products), 200
def get_turnover(id): """ Returns the turnover with the requested id. :param id: Is the turnover id. :return: The requested turnover as JSON object. :raises EntryNotFound: If the turnover with this ID does not exist. """ # Query the turnover res = Turnover.query.filter_by(id=id).first() # If it not exists, return an error if not res: raise exc.EntryNotFound() # Convert the turnover to a JSON friendly format fields = [ 'id', 'timestamp', 'amount', 'comment', 'revoked', 'revokehistory' ] return jsonify(convert_minimal(res, fields)[0]), 200
def list_products(admin): """ Returns a list of all products. :param admin: Is the administrator user, determined by @adminOptional. :return: A list of all products """ fields = [ 'id', 'name', 'price', 'barcode', 'active', 'countable', 'purchase_sum', 'replenishment_sum', 'balance_score', 'revocable', 'imagename', 'tags', 'creation_date' ] query = QueryFromRequestParameters(Product, request.args, fields) result, content_range = query.result() products = convert_minimal(result, fields) for product in products: product['tags'] = [t.id for t in product['tags']] response = jsonify(products) response.headers['Content-Range'] = content_range return response