def get_list_items_for_ue():
list_items = []
if request.method == 'POST':
ue = request.form.get('ue')
if ue:
list_items = get_items(ue)
print('items for ue', list_items)
return list_items
def add_user(current_user_id, current_user_type):
connection = None
try:
if current_user_type != 'admin':
raise Exception('Unauthorized')
data = AddUser().load(request.get_json(force=True))
username, email, user_type = data['username'], data['email'], data[
'user_type']
del data['username']
del data['user_type']
if data.get('options', None):
options = data['options']
del data['options']
else:
options = {}
connection = mysql.connect()
if user_type == 'manager':
reporting_to = options['reporting_to']
if reporting_to:
with connection.cursor() as cur:
admin_query = "SELECT id FROM AdminInfo WHERE id = %s"
cur.execute(admin_query, reporting_to)
admin_id = cur.fetchall()
if not admin_id:
raise Exception('Reporting to: Not an Admin')
if user_type == 'staff':
reporting_to = options['reporting_to']
if reporting_to:
with connection.cursor() as cur:
manager_query = "SELECT id FROM ManagerInfo WHERE id = %s"
cur.execute(manager_query, reporting_to)
manager_id = cur.fetchall()
if not manager_id:
raise Exception('Reporting to: Not a Manager')
keys, values = get_items(data)
with connection.cursor() as cur:
if options.get('is_primary', None):
# dont insert another primary user if one is already present
primary_users = "SELECT count(id) FROM AdminInfo where is_primary=true"
cur.execute(primary_users)
primary_user_count = cur.fetchall()[0][0]
if primary_user_count:
raise Exception('Primary user already exists')
detail_query = "INSERT INTO EmployeeDetails (" + keys + ") VALUES (" + generate_placeholders(
len(values)) + ")"
cur.execute(detail_query, values)
cur.execute("SELECT id FROM EmployeeDetails WHERE email=%s",
(email))
user_id = cur.fetchall()[0][0]
password = generate_password()
print(password)
pw_hash = bcrypt.generate_password_hash(password)
login_query = "INSERT INTO EmployeeLogin VALUES (" + generate_placeholders(
4) + ")"
cur.execute(login_query, (user_id, username, pw_hash, user_type))
if user_type == 'admin':
options['id'] = user_id
keys, values = get_items(options)
role_query = "INSERT INTO AdminInfo (" + keys + ") VALUES (" + generate_placeholders(
len(values)) + ")"
cur.execute(role_query, values)
elif user_type == 'manager':
options['id'] = user_id
options['added_by'] = current_user_id
keys, values = get_items(options)
role_query = "INSERT INTO ManagerInfo (" + keys + ") VALUES (" + generate_placeholders(
len(values)) + ")"
cur.execute(role_query, values)
elif user_type == 'staff':
options['id'] = user_id
options['added_by'] = current_user_id
keys, values = get_items(options)
role_query = "INSERT INTO StaffInfo (" + keys + ") VALUES (" + generate_placeholders(
len(values)) + ")"
cur.execute(role_query, values)
connection.commit()
return jsonify({'message': 'User Created'}), 201
except ValidationError as err:
return jsonify({'message': err.messages}), 400
except Exception as err:
if connection:
connection.rollback()
if str(err) == 'Primary user already exists' or str(
err) == 'Reporting to: Not an Admin' or str(
err) == 'Reporting to: Not a Manager':
return jsonify({'message': str(err)}), 400
elif str(err) == 'Unauthorized':
return jsonify({'message': str(err)}), 401
print("Unexpected error:", err)
return jsonify({'message': 'Cannot process request'}), 500
finally:
if connection:
connection.close()