示例#1
0
def update_user(user_id):
    """
    Update an user account.
    """
    user = User.get(user_id)
    if not user:
        return api_error('User not found', 404)
    form_kwargs = dict(
        validate_unique_email=user.email != request.json.get('email')
    )
    if 'password' in request.json:
        form = FullUserForm(**form_kwargs)
    else:
        form = BaseUserForm(**form_kwargs)
    if not form.validate_on_submit():
        return api_error(form.errors)
    services = []
    if form.role.data == 'provider':
        user.services = Service.get_by_ids(form.services.data)
    user.email = form.email.data
    if 'password' in request.json:
        user.set_password(form.password.data)
    user.name = form.name.data
    user.organization = form.organization.data
    user.phone_number = form.phone_number.data
    user.role = form.role.data
    user.save()
    return jsonify(user)
示例#2
0
def mark_need_resolved(need_id):
    """
    Resolve a need and close an alert if necessary.
    Send out a message stating the alert was closed as well.
    """
    need = Need.get(need_id)

    # Check validity of need_id
    if not need:
        return api_error('Need not found')
    if not current_user.is_admin and current_user.id != need.alert.user_id:
        return api_error('Permission denied')
    if need.resolved:
        return api_error('Need already resolved!')

    # validate the form
    form = ResolveNeedForm(need=need)
    if not form.validate_on_submit():
        return api_error(form.errors)

    # Update Need with form data, including setting resolved to True.
    need.resolved = True
    need.resolved_at = datetime.utcnow()
    need.resolve_notes = form.notes.data
    need.resolve_message = form.message.data
    for provision in need.provisions:
        provision.selected = provision.id in form.provisions.data
    need.save()

    # Check if alert is resolved, notify those involved
    resolve_need(need)

    return '', 200
示例#3
0
def get_need(need_id):
    need = Need.get(need_id)
    if not need:
        return api_error('Need not found')
    if not current_user.is_admin and current_user.id != need.alert.user_id:
        return api_error('Permission denied')
    return jsonify(need.to_advocate_json())
示例#4
0
def update_category(category_id):
    """
    Update an category.
    """
    category = Category.get(category_id)
    if not category:
        return api_error('Category not found', 404)
    form = CategoryForm(
        validate_unique_name=category.name != request.json.get('name')
    )
    if not form.validate_on_submit():
        return api_error(form.errors)

    category.name = form.name.data
    category.description = form.description.data

    if 'services' in request.json:
        services = request.json['services']
        for data in services:
            service = Service.get(data['id'])
            service.sort_order = data['sort_order']
            service.save()

    category.save()
    return '', 200
示例#5
0
def get_need(need_id):
    need = Need.get(need_id)
    if not need:
        return api_error('Need not found')
    if current_user.id != need.alert.user_id:
        return api_error('Permission denied')
    return jsonify(need.to_advocate_json())
示例#6
0
def delete_user(id):
    """
    Delete an user.
    """
    user = User.get(id)
    if not user:
        return api_error('User not found', 404)
    if user.id == current_user.id:
        return api_error('Cannot delete self', 404)
    user.delete()
    return '', 202
示例#7
0
def change_password():
    """
    Change logged in user's password.
    """
    form = ChangePasswordForm(request.json_multidict)
    if not form.validate_on_submit():
        return api_error(form.errors)
    if not current_user.check_password(form.current.data):
        return api_error(dict(form=['Current password is incorrect.']))
    current_user.set_password(form.new_password.data)
    current_user.save()
    return '', 200
示例#8
0
def delete_response(uuid):
    """
    Delete a response to an alert.
    """
    return 'Not Implemented', 501 # We currently don't support a UI for this
    alert = Alert.get(uuid)
    if not alert:
        return api_error('Alert not found.', 404)
    if current_user.role == 'advocate' and alert.user.id != current_user.id:
        return api_error('Forbidden.', 403)

    alert.delete()
    return '', 202
示例#9
0
def login():
    """
    Authenticate with the application.
    """
    # TODO: issue API key here instead of cookie
    form = LoginForm(request.json_multidict)
    if not form.validate_on_submit():
        return api_error(form.errors)
    user = User.get_by_email(form.email.data.lower())
    password = form.password.data
    if user is not None and user.check_password(password):
        login_user(user)
        return jsonify(user)
    return api_error(dict(form=['Invalid username/password.']))
示例#10
0
def get_alert(alert_id):
    alert = Alert.get(alert_id)
    if not alert:
        return api_error('Alert not found')
    if current_user.role == 'provider':
        if not alert.provider_has_permission(current_user):
            return api_error('Permission denied')
        data = alert.to_provider_json(current_user)
    elif current_user.role == 'advocate':
        if alert.user.id != current_user.id:
            return api_error('Permission denied')
        data = alert.to_advocate_json()
    else: # is an admin
        data = alert.to_advocate_json()
    return jsonify(data)
示例#11
0
def get_alert(alert_id):
    alert = Alert.get(alert_id)
    if not alert:
        return api_error('Alert not found')
    if current_user.role == 'provider':
        if not alert.provider_has_permission(current_user):
            return api_error('Permission denied')
        data = alert.to_provider_json(current_user)
    elif current_user.role == 'advocate':
        if alert.user.id != current_user.id:
            return api_error('Permission denied')
        data = alert.to_advocate_json()
    else: # is an admin
        data = alert.to_json()
    return jsonify(data)
示例#12
0
def update_service(service_id):
    """
    Update an service.
    """
    service = Service.get(service_id)
    if not service:
        return api_error("Service not found", 404)
    form = ServiceForm(validate_unique_name=service.name != request.json.get("name"))
    if not form.validate_on_submit():
        return api_error(form.errors)

    service.name = form.name.data
    service.description = form.description.data
    service.category = Category.get(form.category.data)

    service.save()
    return "", 200
示例#13
0
def help_message():
    """
    Send a help message on behalf of the provider.
    """
    if 'message' not in request.json:
        return api_error('Message not specified.')
    send_help_message(current_user, request.json['message'])
    return '', 200
示例#14
0
def delete_category(category_id):
    """
    Delete an category.
    """
    category = Category.get(category_id)
    if not category:
        return api_error('Category not found', 404)
    category.delete()
    return '', 200
示例#15
0
def delete_category(category_id):
    """
    Delete an category.
    """
    category = Category.get(category_id)
    if not category:
        return api_error('Category not found', 404)
    category.delete()
    return '', 200
示例#16
0
def delete_service(service_id):
    """
    Delete an service.
    """
    service = Service.get(service_id)
    if not service:
        return api_error('Service not found', 404)
    service.delete()
    return '', 200
示例#17
0
def create_response():
    """
    Create a response to an alert.

    POST params:
        - alert_id: alert identifier
        - message: response message
    """
    if 'alert_id' not in request.json or 'needs_provided' not in request.json:
        return api_error('Invalid form')

    alert = Alert.get(int(request.json['alert_id']))

    if not alert:
        return api_error('Alert not found.', 404)

    respond_to_alert(current_user, request.json['needs_provided'], alert)

    return '', 201
示例#18
0
def create_alert():
    """
    Create an alert. Must be an advocate.
    """
    form = AlertForm()
    if not form.validate_on_submit():
        return api_error(form.errors)

    send_out_alert(form)
    return '', 201
示例#19
0
def create_alert():
    """
    Create an alert. Must be an advocate.
    """
    form = AlertForm()
    if not form.validate_on_submit():
        return api_error(form.errors)

    send_out_alert(form)
    return '', 201
示例#20
0
def create_service():
    """
    Create a service. Must be an admin.
    """
    form = ServiceForm()
    if not form.validate_on_submit():
        return api_error(form.errors)

    service = Service(name=form.name.data, description=form.description.data, category=Category.get(form.category.data))
    service.save()
    return "", 201
示例#21
0
def resolve_need(need_id):
    need = Need.get(need_id)
    if not need:
        return api_error('Need not found')
    if current_user.id != need.alert.user_id:
        return api_error('Permission denied')
    if need.resolved:
        return api_error('Need already resolved!')
    form = ResolveNeedForm(need=need)
    if not form.validate_on_submit():
        return api_error(form.errors)
    need.resolved = True
    need.resolved_at = datetime.utcnow()
    need.resolve_notes = form.notes.data
    need.resolve_message = form.message.data
    for provision in need.provisions:
        provision.selected = provision.id in form.provisions.data
    send_out_resolution(need)
    need.save()
    return '', 200
示例#22
0
def set_category_sort():
    """
    Sets the order of the categories.
    """
    if 'categories' not in request.json:
        return api_error('Invalid form.')
    categories = request.json['categories']
    for data in categories:
        category = Category.get(data['id'])
        category.sort_order = data['sort_order']
        category.save()
    return jsonify(Category.all())
示例#23
0
def set_category_sort():
    """
    Sets the order of the categories.
    """
    if 'categories' not in request.json:
        return api_error('Invalid form.')
    categories = request.json['categories']
    for data in categories:
        category = Category.get(data['id'])
        category.sort_order = data['sort_order']
        category.save()
    return jsonify(Category.all())
示例#24
0
def forgot_password():
    """
    Send a password reset email.
    """
    form = ForgotPasswordForm(request.json_multidict)
    if not form.validate_on_submit():
        return api_error(form.errors)

    user = User.get_by_email(form.email.data)
    if user:
        send_password_reset(user)

    return '', 200
示例#25
0
def create_category():
    """
    Create a category. Must be an admin.
    """
    form = CategoryForm()
    if not form.validate_on_submit():
        return api_error(form.errors)

    name = form.name.data
    description = form.description.data

    category = Category(name=name, description=description)
    category.save()
    return '', 201
示例#26
0
def delete_alert(id):
    """
    Delete an alert.
    """
    return 'Not Implemented', 501 # We do not support a UI for this
    if current_user.role == 'advocate':
        alert = Alert.get_user_alert(current_user, id)
    else:
        alert = Alert.get(id)
    if not alert:
        return api_error('No alert was found.', 404)

    alert.delete()
    return '', 200
示例#27
0
def create_category():
    """
    Create a category. Must be an admin.
    """
    form = CategoryForm()
    if not form.validate_on_submit():
        return api_error(form.errors)

    name = form.name.data
    description = form.description.data

    category = Category(name=name, description=description)
    category.save()
    return '', 201
示例#28
0
def delete_alert(id):
    """
    Delete an alert.
    """
    return 'Not Implemented', 501  # We do not support a UI for this
    if current_user.role == 'advocate':
        alert = Alert.get_user_alert(current_user, id)
    else:
        alert = Alert.get(id)
    if not alert:
        return api_error('No alert was found.', 404)

    alert.delete()
    return '', 200
示例#29
0
def update_profile():
    """
    Update logged in user's profile.
    """
    form = UpdateProfileForm(request.json_multidict)
    if not form.validate_on_submit():
        return api_error(form.errors)
    current_user.name = form.name.data
    current_user.organization = form.organization.data
    current_user.email = form.email.data
    current_user.phone_number = form.phone_number.data
    if current_user.is_provider:
        current_user.services = Service.get_by_ids(form.services.data)
    current_user.save()
    return jsonify(current_user)
示例#30
0
def update_category(category_id):
    """
    Update an category.
    """
    category = Category.get(category_id)
    if not category:
        return api_error('Category not found', 404)
    form = CategoryForm(
        validate_unique_name=category.name != request.json.get('name'))
    if not form.validate_on_submit():
        return api_error(form.errors)

    category.name = form.name.data
    category.description = form.description.data

    if 'services' in request.json:
        services = request.json['services']
        for data in services:
            service = Service.get(data['id'])
            service.sort_order = data['sort_order']
            service.save()

    category.save()
    return '', 200
示例#31
0
def reset_password():
    """
    Reset a user's password with valid token.
    Will send a password reset notification email to user.
    """
    reset_token_life = timedelta(
        hours=current_app.config.get('RESET_TOKEN_LIFE', 24))
    form = ResetPasswordForm(request.json_multidict)
    if not form.validate_on_submit():
        return api_error(form.errors)
    user = User.get_by_email(form.email.data)
    if not user:
        return api_error(dict(form=['Could not find user.']))
    if not user.reset_token or user.reset_token != form.token.data:
        return api_error(dict(form=['Invalid reset token.']))
    if user.reset_created_at < datetime.utcnow() - reset_token_life:
        return api_error(dict(form=['Reset token expired']))
    user.set_password(form.password.data)
    user.reset_token = None
    user.reset_created_at = None
    user.save()
    send_confirm_password_reset(user)
    login_user(user)
    return jsonify(user)
示例#32
0
def resolve_all_alert_needs(alert_id):
    alert = Alert.get(alert_id)
    if not alert:
        return api_error('Alert not found')

    for need in alert.needs:
        need.resolved = True
        need.resolved_at = datetime.utcnow()
        need.save(False)

    alert.save()

    if ('notifyProvidersAllResolved' in request.json and
        request.json['notifyProvidersAllResolved']):
        send_out_alert_closed(alert)

    return '', 200
示例#33
0
def create_user():
    """
    Create an user account.
    """
    form = FullUserForm()
    if not form.validate_on_submit():
        return api_error(form.errors)
    services = []
    if form.role.data == 'provider':
        services = Service.get_by_ids(form.services.data)
    user = User(
        name=form.name.data,
        organization=form.organization.data,
        email=form.email.data,
        password=form.password.data,
        phone_number=form.phone_number.data,
        role=form.role.data,
        services=services
    )
    user.save()
    return jsonify(user)