diff --git a/mpwo_api/mpwo_api/activities/models.py b/mpwo_api/mpwo_api/activities/models.py index e9d0c678..4e9a0e4a 100644 --- a/mpwo_api/mpwo_api/activities/models.py +++ b/mpwo_api/mpwo_api/activities/models.py @@ -17,6 +17,12 @@ class Sport(db.Model): def __init__(self, label): self.label = label + def serialize(self): + return { + 'id': self.id, + 'label': self.label + } + class Activity(db.Model): __tablename__ = "activities" diff --git a/mpwo_api/mpwo_api/activities/sports.py b/mpwo_api/mpwo_api/activities/sports.py index 1dc7ea42..a254bb8a 100644 --- a/mpwo_api/mpwo_api/activities/sports.py +++ b/mpwo_api/mpwo_api/activities/sports.py @@ -2,7 +2,7 @@ from flask import Blueprint, jsonify, request from mpwo_api import appLog, db from sqlalchemy import exc -from ..users.utils import authenticate, is_admin +from ..users.utils import authenticate, authenticate_as_admin from .models import Sport sports_blueprint = Blueprint('sports', __name__) @@ -15,11 +15,7 @@ def get_sports(auth_user_id): sports = Sport.query.order_by(Sport.id).all() sports_list = [] for sport in sports: - sport_object = { - 'id': sport.id, - 'label': sport.label - } - sports_list.append(sport_object) + sports_list.append(sport.serialize()) response_object = { 'status': 'success', 'data': { @@ -34,16 +30,11 @@ def get_sports(auth_user_id): def get_sport(auth_user_id, sport_id): """Get a sport""" sport = Sport.query.filter_by(id=sport_id).first() - sports_list = [] if sport: - sports_list.append({ - 'id': sport.id, - 'label': sport.label - }) response_object = { 'status': 'success', 'data': { - 'sports': sports_list + 'sports': [sport.serialize()] } } code = 200 @@ -51,7 +42,7 @@ def get_sport(auth_user_id, sport_id): response_object = { 'status': 'not found', 'data': { - 'sports': sports_list + 'sports': [] } } code = 404 @@ -59,16 +50,9 @@ def get_sport(auth_user_id, sport_id): @sports_blueprint.route('/sports', methods=['POST']) -@authenticate +@authenticate_as_admin def post_sport(auth_user_id): """Post a sport""" - if not is_admin(auth_user_id): - response_object = { - 'status': 'error', - 'message': 'You do not have permissions.' - } - return jsonify(response_object), 401 - sport_data = request.get_json() if not sport_data or sport_data.get('label') is None: response_object = { @@ -105,16 +89,9 @@ def post_sport(auth_user_id): @sports_blueprint.route('/sports/', methods=['PATCH']) -@authenticate +@authenticate_as_admin def update_sport(auth_user_id, sport_id): """Update a sport""" - if not is_admin(auth_user_id): - response_object = { - 'status': 'error', - 'message': 'You do not have permissions.' - } - return jsonify(response_object), 401 - sport_data = request.get_json() if not sport_data or sport_data.get('label') is None: response_object = { @@ -160,16 +137,9 @@ def update_sport(auth_user_id, sport_id): @sports_blueprint.route('/sports/', methods=['DELETE']) -@authenticate +@authenticate_as_admin def delete_sport(auth_user_id, sport_id): """Delete a sport""" - if not is_admin(auth_user_id): - response_object = { - 'status': 'error', - 'message': 'You do not have permissions.' - } - return jsonify(response_object), 401 - sports_list = [] try: sport = Sport.query.filter_by(id=sport_id).first() diff --git a/mpwo_api/mpwo_api/users/utils.py b/mpwo_api/mpwo_api/users/utils.py index da6670a7..ec338154 100644 --- a/mpwo_api/mpwo_api/users/utils.py +++ b/mpwo_api/mpwo_api/users/utils.py @@ -6,6 +6,16 @@ from flask import current_app, jsonify, request from .models import User +def is_admin(user_id): + user = User.query.filter_by(id=user_id).first() + return user.admin + + +def is_valid_email(email): + mail_pattern = r"(^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$)" + return re.match(mail_pattern, email) is not None + + def verify_extension(file_type, req): response_object = {'status': 'success'} @@ -61,14 +71,33 @@ def authenticate(f): return decorated_function -def is_admin(user_id): - user = User.query.filter_by(id=user_id).first() - return user.admin +def authenticate_as_admin(f): + @wraps(f) + def decorated_function(*args, **kwargs): + response_object = { + 'status': 'error', + 'message': 'Something went wrong. Please contact us.' + } + code = 401 + auth_header = request.headers.get('Authorization') + if not auth_header: + response_object['message'] = 'Provide a valid auth token.' + code = 403 + return jsonify(response_object), code + auth_token = auth_header.split(" ")[1] + resp = User.decode_auth_token(auth_token) + if isinstance(resp, str): + response_object['message'] = resp + return jsonify(response_object), code + user = User.query.filter_by(id=resp).first() + if not user: + return jsonify(response_object), code + if not is_admin(resp): + response_object['message'] = 'You do not have permissions.' + return jsonify(response_object), code + return f(resp, *args, **kwargs) - -def is_valid_email(email): - mail_pattern = r"(^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$)" - return re.match(mail_pattern, email) is not None + return decorated_function def register_controls(username, email, password, password_conf):