API: sports - minor refactor

mpwo_api/mpwo_api/activities/models.py

@@ -17,6 +17,12 @@ class Sport(db.Model):
     def __init__(self, label):
         self.label = label
 
+    def serialize(self):
+        return {
+            'id': self.id,
+            'label': self.label
+        }
+
 
 class Activity(db.Model):
     __tablename__ = "activities"

mpwo_api/mpwo_api/activities/sports.py

@@ -2,7 +2,7 @@ from flask import Blueprint, jsonify, request
 from mpwo_api import appLog, db
 from sqlalchemy import exc
 
-from ..users.utils import authenticate, is_admin
+from ..users.utils import authenticate, authenticate_as_admin
 from .models import Sport
 
 sports_blueprint = Blueprint('sports', __name__)
@@ -15,11 +15,7 @@ def get_sports(auth_user_id):
     sports = Sport.query.order_by(Sport.id).all()
     sports_list = []
     for sport in sports:
-        sport_object = {
+        sports_list.append(sport.serialize())
-            'id': sport.id,
-            'label': sport.label
-        }
-        sports_list.append(sport_object)
     response_object = {
         'status': 'success',
         'data': {
@@ -34,16 +30,11 @@ def get_sports(auth_user_id):
 def get_sport(auth_user_id, sport_id):
     """Get a sport"""
     sport = Sport.query.filter_by(id=sport_id).first()
-    sports_list = []
     if sport:
-        sports_list.append({
-            'id': sport.id,
-            'label': sport.label
-        })
         response_object = {
             'status': 'success',
             'data': {
-                'sports': sports_list
+                'sports': [sport.serialize()]
             }
         }
         code = 200
@@ -51,7 +42,7 @@ def get_sport(auth_user_id, sport_id):
         response_object = {
             'status': 'not found',
             'data': {
-                'sports': sports_list
+                'sports': []
             }
         }
         code = 404
@@ -59,16 +50,9 @@ def get_sport(auth_user_id, sport_id):
 
 
 @sports_blueprint.route('/sports', methods=['POST'])
-@authenticate
+@authenticate_as_admin
 def post_sport(auth_user_id):
     """Post a sport"""
-    if not is_admin(auth_user_id):
-        response_object = {
-            'status': 'error',
-            'message': 'You do not have permissions.'
-        }
-        return jsonify(response_object), 401
-
     sport_data = request.get_json()
     if not sport_data or sport_data.get('label') is None:
         response_object = {
@@ -105,16 +89,9 @@ def post_sport(auth_user_id):
 
 
 @sports_blueprint.route('/sports/<int:sport_id>', methods=['PATCH'])
-@authenticate
+@authenticate_as_admin
 def update_sport(auth_user_id, sport_id):
     """Update a sport"""
-    if not is_admin(auth_user_id):
-        response_object = {
-            'status': 'error',
-            'message': 'You do not have permissions.'
-        }
-        return jsonify(response_object), 401
-
     sport_data = request.get_json()
     if not sport_data or sport_data.get('label') is None:
         response_object = {
@@ -160,16 +137,9 @@ def update_sport(auth_user_id, sport_id):
 
 
 @sports_blueprint.route('/sports/<int:sport_id>', methods=['DELETE'])
-@authenticate
+@authenticate_as_admin
 def delete_sport(auth_user_id, sport_id):
     """Delete a sport"""
-    if not is_admin(auth_user_id):
-        response_object = {
-            'status': 'error',
-            'message': 'You do not have permissions.'
-        }
-        return jsonify(response_object), 401
-
     sports_list = []
     try:
         sport = Sport.query.filter_by(id=sport_id).first()

mpwo_api/mpwo_api/users/utils.py

@@ -6,6 +6,16 @@ from flask import current_app, jsonify, request
 from .models import User
 
 
+def is_admin(user_id):
+    user = User.query.filter_by(id=user_id).first()
+    return user.admin
+
+
+def is_valid_email(email):
+    mail_pattern = r"(^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$)"
+    return re.match(mail_pattern, email) is not None
+
+
 def verify_extension(file_type, req):
     response_object = {'status': 'success'}
 
@@ -61,14 +71,33 @@ def authenticate(f):
     return decorated_function
 
 
-def is_admin(user_id):
+def authenticate_as_admin(f):
-    user = User.query.filter_by(id=user_id).first()
+    @wraps(f)
-    return user.admin
+    def decorated_function(*args, **kwargs):
+        response_object = {
+            'status': 'error',
+            'message': 'Something went wrong. Please contact us.'
+        }
+        code = 401
+        auth_header = request.headers.get('Authorization')
+        if not auth_header:
+            response_object['message'] = 'Provide a valid auth token.'
+            code = 403
+            return jsonify(response_object), code
+        auth_token = auth_header.split(" ")[1]
+        resp = User.decode_auth_token(auth_token)
+        if isinstance(resp, str):
+            response_object['message'] = resp
+            return jsonify(response_object), code
+        user = User.query.filter_by(id=resp).first()
+        if not user:
+            return jsonify(response_object), code
+        if not is_admin(resp):
+            response_object['message'] = 'You do not have permissions.'
+            return jsonify(response_object), code
+        return f(resp, *args, **kwargs)
 
-
+    return decorated_function
-def is_valid_email(email):
-    mail_pattern = r"(^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$)"
-    return re.match(mail_pattern, email) is not None
 
 
 def register_controls(username, email, password, password_conf):