def replace_user_filters(user_id): """ :Route: PUT /<user_id>/filter?filter=now&filter=popular :Description: Replaces all filters for a single user with id `user_id`. New filters passed by query parameter are validated. :param user_id: The unique ID of a specific user :type user_id: int :param filter: An optional query component/parameter that takes a list of values. Passed in values are validated as filters before being added. :type filter: str or None :return: Success/error message :Requires: Admin permissions """ new_filters = request.args.getlist('filter') # Check that user exists user = user_utils.get_user(user_id) if not user: return "No such user with id " + str(user_id) + " found!" valid_filters = [f for f in new_filters if user_utils.is_valid_filter(f)] users_collection.update({'account.id': str(user_id)}, {'$set': { 'app.filters': valid_filters }}) return "Replaced filters for user with id " + str(user_id)
def deactivate_user(user_id): """ :Route: PUT /deactivate/<user_id> :Description: Deactivates a user with id `user_id` without deleting user from database. A user with an activated account can log in. Otherwise account is rejected/suspended from use. :param user_id: The unique ID of a specific user :type user_id: int :return: Success/error message :Requires: Admin permissions """ # Check if user exists in collection user = user_utils.get_user(user_id) if user: # Update status to inactive user['account']['is_active'] = False user['account']['time_updated'] = datetime.now().strftime( '%Y-%m-%d %H:%M:%S') # Update database entry users_collection.replace_one({"account.id": str(user_id)}, user.copy()) return "Deactivated user with id " + str(user_id) + "!" return "No such user with id " + str(user_id) + " found!"
def facebook_authorized(resp): if resp is None: return "Access denied: reason=%s error=%s" % ( request.args["error_reason"], request.args["error_description"] ) session['oauth_token'] = (resp['access_token'], '') session['expires'] = resp['expires_in'] print("Token expires in " + str(resp['expires_in'])) # me = facebook_oauth.get("/me") # return str(me.data) me = facebook_oauth.get('/me?fields=id,name,first_name,last_name,email,picture') userID = me.data['id'] userName = me.data['name'] accessToken = resp['access_token'] # If user exists in collection, logs them in # Otherwise, registers new user and logs them in # TODO get email if we can fb_user = user_utils.get_user(userID) if not fb_user: user_utils.add_user(userID, userName, me.data['first_name'], me.data['last_name']) user = User(userID) login_user(user) return "Successfully registered new user!" else: users.update_user(userID) user = User(userID, fb_user['account']['is_active'], fb_user['account']['is_admin']) login_user(user) return "Successfully logged in with Facebook!"
def get_current_user(): if not current_user.is_authenticated: return "No user is logged in!" user = user_utils.get_user(current_user.get_id()) if user: return jsonify(user) return "Could not get current user!"
def get_current_user(): if not current_user.is_authenticated: return jsonify({}) user = user_utils.get_user(current_user.get_id()) if user: return jsonify(user) # Could not get current user return jsonify({})
def remove_user(user_id): """ :Route: DELETE /<user_id> :Description: Removes a user with id `user_id`. User information stored in a different database. :param user_id: The unique ID of a specific user :type user_id: int :return: Success/error message :Requires: Admin permissions """ # Check that user exists to remove user = user_utils.get_user(user_id) if not user: return "No such user with id " + str(user_id) + " found!" # Delete user from OG database users_collection.find_one_and_delete({'account.id': str(user_id)}) # Check that user was successfully deleted from collection if user_utils.get_user(user_id): return "User with id " + str( user_id) + " was not deleted successfully!" # Insert to database for deleted users user['account']['time_deleted'] = datetime.now().strftime( '%Y-%m-%d %H:%M:%S') dead_users_collection.insert_one(user) if dead_users_collection.find_one({'account.id': str(user_id)}, {'_id': False}): return "User was successfully removed from the database and saved to past users!" else: return "User with id " + str( user_id ) + " was successfully deleted (but not saved to past users)!"
def add_user_filters(user_id): """ :Route: POST /<user_id>/filter?filter=now&filter=popular :Description: Add new filters for a single user with id `user_id`. New filters passed by query parameter are validated. Only new filters are added, aka no duplicates are inserted. :param user_id: The unique ID of a specific user :type user_id: int :param filter: An optional query component/parameter that takes a list of values. Passed in values are validated as filters before being added. :type filter: str or None :return: Success/error message :Requires: Admin permissions """ new_filters = request.args.getlist('filter') # Check that user exists user = user_utils.get_user(user_id) if not user: return "No such user with id " + str(user_id) + " found!" # Get user filters updated = False added_filters = [] old_filters = user['app']['filters'] # Ignore filters already in filters list for new_f in [f for f in new_filters if f not in old_filters]: # Check that filter is valid and then add to filters list if user_utils.is_valid_filter(new_f): added_filters.append(new_f) updated = True if updated: users_collection.update( {'account.id': str(user_id)}, {'$push': { 'app.filters': { '$each': added_filters } }}) return "Added specified filters for user with id " + str(user_id) return "No filters specified to add to user with id " + str(user_id)
def user_events(): if current_user.is_authenticated: currID = current_user.get_id() user = user_utils.get_user(currID) if not user: return "Could not get current user!" eventID = request.args.get('eid') if request.method == 'POST': # POST return user_utils.add_favorite(currID, eventID) elif request.method == 'DELETE': # DELETE return user_utils.remove_favorite(currID, eventID) else: # GET or anything else return jsonify(user['app']['favorites']) return redirect(url_for('auth.login'))
def add_user_past_events(user_id): """ :Route: POST /<user_id>/past?past_event=event_id&past_event=event_id :Description: Add new past events for a single user with id `user_id`. Only unique events are added, aka no duplicates are inserted. :param user_id: The unique ID of a specific user :type user_id: int :param past_event: An optional query component/parameter that takes a list of values. Passed in values are int event IDs which uniquely identify an event. :type past_event: int or None :return: Success/error message :Requires: Admin permissions """ new_past_events = request.args.getlist('past_event') # Check that user exists user = user_utils.get_user(user_id) if not user: return "No such user with id " + str(user_id) + " found!" # Get user past events updated = False added_events = [] old_past_events = user['app']['past_events'] # Ignore past events already in past events list for new_f in [f for f in new_past_events if f not in old_past_events]: added_events.append(new_f) updated = True if updated: users_collection.update( {'account.id': str(user_id)}, {'$push': { 'app.past_events': { '$each': added_events } }}) return "Added specified past events for user with id " + str(user_id) return "No past events specified to add to user with id " + str(user_id)
def get_user_by_id(user_id): """ :Route: GET /<user_id> :Description: Gets single user with id `user_id` :param user_id: The unique ID of a specific user :type user_id: int :return: JSON of specific user info :Requires: Admin permissions """ # Check that user exists user = user_utils.get_user(user_id) if user: return jsonify(user) return "No such user with id " + str(user_id) + " found!"
def remove_user_past_events(user_id): """ :Route: DELETE /<user_id>/past?past_event=event_id&past_event=event_id :Description: Remove past events for a single user with id `user_id`. If no past events are specified, all of the user's past events are removed. :param user_id: The unique ID of a specific user :type user_id: int :param past_event: An optional query component/parameter that takes a list of values. Passed in values are int event IDs which uniquely identify an event. :type past_event: int or None :return: Success/error message :Requires: Admin permissions """ remove_past_events = request.args.getlist('past_event') # Check that user exists user = user_utils.get_user(user_id) if not user: return "No such user with id " + str(user_id) + " found!" # If no past events specified, remove all past events from the user if not remove_past_events: users_collection.update({'account.id': str(user_id)}, {'$set': { 'app.past_events': [] }}) return "Removed all past events for user with id " + str(user_id) # Otherwise remove only the past events specified users_collection.update( {'account.id': str(user_id)}, {'$pull': { 'app.past_events': { '$in': remove_past_events } }}) return "Removed specified past events for user with id " + str(user_id)
def remove_user_filters(user_id): """ :Route: DELETE /<user_id>/filter?filter=now&filter=popular :Description: Remove filters for a single user with id `user_id`. Filters to remove are passed by query parameter. If no filters are specified, all of the user's filters are removed. :param user_id: The unique ID of a specific user :type user_id: int :param filter: An optional query component/parameter that takes a list of values. :type filter: str or None :return: Success/error message :Requires: Admin permissions """ remove_filters = request.args.getlist('filter') # Check that user exists user = user_utils.get_user(user_id) if not user: return "No such user with id " + str(user_id) + " found!" # If no filters specified, remove all filters from the user if not remove_filters: users_collection.update({'account.id': str(user_id)}, {'$set': { 'app.filters': [] }}) return "Removed all filters for user with id " + str(user_id) # Otherwise remove only the filters specified users_collection.update( {'account.id': str(user_id)}, {'$pull': { 'app.filters': { '$in': remove_filters } }}) return "Removed specified filters for user with id " + str(user_id)
def get_user_past_events(user_id): """ :Route: GET /<user_id>/past :Description: Gets all past events for a single user with id `user_id` :param user_id: The unique ID of a specific user :type user_id: int :return: JSON of specific user's past events :Requires: Admin permissions """ # Check that user exists user = user_utils.get_user(user_id) if not user: return "No such user with id " + str(user_id) + " found!" # Get user filters return jsonify({'filters': user['app']['past_events']})
def google_authorized(resp): next = request.args.get('next') if resp is None: return "Access denied: reason=%s error=%s" % ( request.args["error_reason"], request.args["error_description"] ) session['oauth_token'] = (resp['access_token'], '') session['expires'] = resp['expires_in'] print("Token expires in " + str(resp['expires_in'])) me = google_oauth.get('userinfo') print(me.data) userID = me.data['id'] userName = me.data['name'].title() accessToken = resp['access_token'] email = me.data['email'] domain = email.split('@')[1] if domain != 'ucla.edu' and domain != 'g.ucla.edu': return "Invalid email. UCLA email required." # If user exists in collection, logs them in # Otherwise, registers new user and logs them in # TODO get email if we can g_user = user_utils.get_user(userID) if not g_user: # Successfully registered new user user_utils.add_user(userID, userName, me.data['given_name'].title(), me.data['family_name'].title(), me.data['email']) user = User(userID) login_user(user) return "Successfully registered new user" if next == None else redirect(next) else: # Successfully logged in users.update_user(userID) user = User(userID, g_user['account']['is_active'], g_user['account']['is_admin']) login_user(user) return "Successfully logged in" if next == None else redirect(next)
def update_user(user_id): """ :Route: PUT /<user_id>?active=false&admin=true&password=str&first_name=Katrina&last_name=Wijaya&[email protected] :Description: Updates user with id `user_id`. Updates any optional fields that are set as query parameters. :param user_id: The int ID of a specific user :type user_id: int :param active: An optional query component/parameter to update whether or not a user is active. If true, user has an activated account that they can log in to, otherwise account will be rejected/suspended from use :type active: boolean or None :param admin: An optional query component/parameter to update whether or not a user has admin permissions. All admins have same permissions so maybe should create a super admin. :type admin: boolean or None :param password: An optional query component/parameter to update the password for a user. TODO: actually supporting passwords/salting/hashing. :type password: str or None :param first_name: An optional query component/parameter to update the user's first name. Does not modify full name stored in database. :type first_name: str or None :param last_name: An optional query component/parameter to update the user's last name. Does not modify full name stored in database. :type last_name: str or None :param email: An optional query component/parameter to update the user's email. TODO: email verification. :type email: str or None :return: JSON of updated user or an error message :Requires: Admin permissions """ active = request.args.get('active') admin = request.args.get('admin') password = request.args.get('password') first_name = request.args.get('first_name') last_name = request.args.get('last_name') email = request.args.get('email') # Check if user already exists in collection user = user_utils.get_user(user_id) if user: # Update access/update/login time (in UTC I think) user['account']['time_updated'] = datetime.now().strftime( '%Y-%m-%d %H:%M:%S') # Update all fields as passed in via optional parameters if active and active.lower() == "true": user['account']['is_active'] = True if active and active.lower() == "false": user['account']['is_active'] = False if admin and admin.lower() == "true": user['account']['is_admin'] = True if admin and admin.lower() == "false": user['account']['is_admin'] = False if password: user['account'][ 'password_hash'] = password # TODO: implement hashing/salting/do this better if first_name: user['personal_info']['first_name'] = first_name if last_name: user['personal_info']['last_name'] = last_name if email: user['personal_info']['email'] = email # Update database entry users_collection.replace_one({"account.id": str(user_id)}, user.copy()) return jsonify(user_utils.get_user(user_id)) return "No such user with id " + str(user_id) + " found!"
def user_loader(user_id): db_user = user_utils.get_user(user_id) if db_user: return User(db_user['account']['id'], db_user['account']['is_active'], db_user['account']['is_admin']) return None