def delete(self, group_id): group = check_group_exists(group_id) check_user_is_member_of_group(get_authorized_user(), group) _delete_group(group) return {"message": "Deleted group"}, 200
def delete(self, bill_id): bill = check_bill_exists(bill_id) _check_user_is_allowed_to_modify_bill(get_authorized_user(), bill) _delete_bill(bill) return {"message": "Deleted bill"}, 200
def get(self): current_user = get_authorized_user() bills = get_valid_bills_by_user_id(current_user.id) return { "message": "Returned bills", "bills": [bill.to_dict() for bill in bills] }, 200
def put(self, token): user = get_authorized_user() if user.confirmed is True: return {"message": "Account already confirmed"}, 200 if user.confirm(token): return {"message": "Account confirmed"}, 201 return {"message": "Confirmation token invalid"}, 400
def get(self, group_id): current_user = get_authorized_user() bills = get_valid_bills_by_group_id(current_user.id) result = { "message": "Returned bills", "bills": [bill.to_dict() for bill in bills] } return result, 200
def get(self): current_user = get_authorized_user() groups = get_valid_groups_by_user_id(current_user.id) result = { "message": "Returned groups", "groups": [group.to_dict() for group in groups] } return result, 200
def put(self, group_id): json_data = load_request_data_as_json(request) data = _load_group_data(json_data) _validate_group_data(data, group_id) group = check_group_exists(group_id) check_user_is_member_of_group(get_authorized_user(), group) _update_group_data(group, data) return {"message": "Edited group"}, 200
def get(self): current_user = get_authorized_user() friends = get_friends_by_user_id(current_user.id) result = { "message": "Returned friends", "friends": [{ "user_id": friend.friend_id } for friend in friends] } return result, 200
def _validate_group(data): current_user = get_authorized_user() is_current_user_in_group = False if "members" in data: for member in data["members"]: user = _get_user_from_member_data(member) # Check if user is current user if user.id == current_user.id: is_current_user_in_group = True if not is_current_user_in_group: abort(400, "User who created group must be group member")
def put(self, bill_id): json_data = load_request_data_as_json(request) bill = check_bill_exists(bill_id) data = _load_bill_data(json_data) _validate_bill_data(data) _check_user_is_allowed_to_modify_bill(get_authorized_user(), bill) _update_bill_data(bill, data) _update_friends(bill) return {"message": "Updated bill"}, 200
def wrapper(*args, **kwargs): current_user = get_authorized_user() if current_user.confirmed is False: abort(403, "Account needs to be confirmed for this operation") return fn(*args, **kwargs)
def _is_user_allowed_to_access(user_id): authorized_user_id = get_authorized_user().id if authorized_user_id != user_id: abort(401, "Not allowed to view user")