API: sports - minor refactor

2018-05-09 16:50:30 +02:00 · 2018-05-09 16:50:30 +02:00 · be65388dd2
commit be65388dd2
parent d912dfc835
3 changed files with 49 additions and 44 deletions
--- a/mpwo_api/mpwo_api/activities/models.py
+++ b/mpwo_api/mpwo_api/activities/models.py
@ -17,6 +17,12 @@ class Sport(db.Model):
    def __init__(self, label):
        self.label = label

+    def serialize(self):
+        return {
+            'id': self.id,
+            'label': self.label
+        }
+

 class Activity(db.Model):
    __tablename__ = "activities"
--- a/mpwo_api/mpwo_api/activities/sports.py
+++ b/mpwo_api/mpwo_api/activities/sports.py
@ -2,7 +2,7 @@ from flask import Blueprint, jsonify, request
 from mpwo_api import appLog, db
 from sqlalchemy import exc

-from ..users.utils import authenticate, is_admin
+from ..users.utils import authenticate, authenticate_as_admin
 from .models import Sport

 sports_blueprint = Blueprint('sports', __name__)
@ -15,11 +15,7 @@ def get_sports(auth_user_id):
    sports = Sport.query.order_by(Sport.id).all()
    sports_list = []
    for sport in sports:
-        sport_object = {
-            'id': sport.id,
-            'label': sport.label
-        }
-        sports_list.append(sport_object)
+        sports_list.append(sport.serialize())
    response_object = {
        'status': 'success',
        'data': {
@ -34,16 +30,11 @@ def get_sports(auth_user_id):
 def get_sport(auth_user_id, sport_id):
    """Get a sport"""
    sport = Sport.query.filter_by(id=sport_id).first()
-    sports_list = []
    if sport:
-        sports_list.append({
-            'id': sport.id,
-            'label': sport.label
-        })
        response_object = {
            'status': 'success',
            'data': {
-                'sports': sports_list
+                'sports': [sport.serialize()]
            }
        }
        code = 200
@ -51,7 +42,7 @@ def get_sport(auth_user_id, sport_id):
        response_object = {
            'status': 'not found',
            'data': {
-                'sports': sports_list
+                'sports': []
            }
        }
        code = 404
@ -59,16 +50,9 @@ def get_sport(auth_user_id, sport_id):


@sports_blueprint.route('/sports', methods=['POST'])
-@authenticate
+@authenticate_as_admin
 def post_sport(auth_user_id):
    """Post a sport"""
-    if not is_admin(auth_user_id):
-        response_object = {
-            'status': 'error',
-            'message': 'You do not have permissions.'
-        }
-        return jsonify(response_object), 401
-
    sport_data = request.get_json()
    if not sport_data or sport_data.get('label') is None:
        response_object = {
@ -105,16 +89,9 @@ def post_sport(auth_user_id):


@sports_blueprint.route('/sports/<int:sport_id>', methods=['PATCH'])
-@authenticate
+@authenticate_as_admin
 def update_sport(auth_user_id, sport_id):
    """Update a sport"""
-    if not is_admin(auth_user_id):
-        response_object = {
-            'status': 'error',
-            'message': 'You do not have permissions.'
-        }
-        return jsonify(response_object), 401
-
    sport_data = request.get_json()
    if not sport_data or sport_data.get('label') is None:
        response_object = {
@ -160,16 +137,9 @@ def update_sport(auth_user_id, sport_id):


@sports_blueprint.route('/sports/<int:sport_id>', methods=['DELETE'])
-@authenticate
+@authenticate_as_admin
 def delete_sport(auth_user_id, sport_id):
    """Delete a sport"""
-    if not is_admin(auth_user_id):
-        response_object = {
-            'status': 'error',
-            'message': 'You do not have permissions.'
-        }
-        return jsonify(response_object), 401
-
    sports_list = []
    try:
        sport = Sport.query.filter_by(id=sport_id).first()
--- a/mpwo_api/mpwo_api/users/utils.py
+++ b/mpwo_api/mpwo_api/users/utils.py
@ -6,6 +6,16 @@ from flask import current_app, jsonify, request
 from .models import User


+def is_admin(user_id):
+    user = User.query.filter_by(id=user_id).first()
+    return user.admin
+
+
+def is_valid_email(email):
+    mail_pattern = r"(^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$)"
+    return re.match(mail_pattern, email) is not None
+
+
 def verify_extension(file_type, req):
    response_object = {'status': 'success'}

@ -61,14 +71,33 @@ def authenticate(f):
    return decorated_function


-def is_admin(user_id):
-    user = User.query.filter_by(id=user_id).first()
-    return user.admin
+def authenticate_as_admin(f):
+    @wraps(f)
+    def decorated_function(*args, **kwargs):
+        response_object = {
+            'status': 'error',
+            'message': 'Something went wrong. Please contact us.'
+        }
+        code = 401
+        auth_header = request.headers.get('Authorization')
+        if not auth_header:
+            response_object['message'] = 'Provide a valid auth token.'
+            code = 403
+            return jsonify(response_object), code
+        auth_token = auth_header.split(" ")[1]
+        resp = User.decode_auth_token(auth_token)
+        if isinstance(resp, str):
+            response_object['message'] = resp
+            return jsonify(response_object), code
+        user = User.query.filter_by(id=resp).first()
+        if not user:
+            return jsonify(response_object), code
+        if not is_admin(resp):
+            response_object['message'] = 'You do not have permissions.'
+            return jsonify(response_object), code
+        return f(resp, *args, **kwargs)

-
-def is_valid_email(email):
-    mail_pattern = r"(^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$)"
-    return re.match(mail_pattern, email) is not None
+    return decorated_function


 def register_controls(username, email, password, password_conf):