API: sports - minor refactor

2018-05-09 16:50:30 +02:00 · 2018-05-09 16:50:30 +02:00 · be65388dd2
commit be65388dd2
parent d912dfc835
3 changed files with 49 additions and 44 deletions
--- a/mpwo_api/mpwo_api/activities/models.py
+++ b/mpwo_api/mpwo_api/activities/models.py
@ -17,6 +17,12 @@ class Sport(db.Model):
    def __init__(self, label):
        self.label = label
    def serialize(self):
        return {
            'id': self.id,
            'label': self.label
        }
 class Activity(db.Model):
    __tablename__ = "activities"
--- a/mpwo_api/mpwo_api/activities/sports.py
+++ b/mpwo_api/mpwo_api/activities/sports.py
@ -2,7 +2,7 @@ from flask import Blueprint, jsonify, request
 from mpwo_api import appLog, db
 from sqlalchemy import exc
-from ..users.utils import authenticate, is_admin
+from ..users.utils import authenticate, authenticate_as_admin
 from .models import Sport
 sports_blueprint = Blueprint('sports', __name__)
@ -15,11 +15,7 @@ def get_sports(auth_user_id):
    sports = Sport.query.order_by(Sport.id).all()
    sports_list = []
    for sport in sports:
-        sport_object = {
+        sports_list.append(sport.serialize())
            'id': sport.id,
            'label': sport.label
        }
        sports_list.append(sport_object)
    response_object = {
        'status': 'success',
        'data': {
@ -34,16 +30,11 @@ def get_sports(auth_user_id):
 def get_sport(auth_user_id, sport_id):
    """Get a sport"""
    sport = Sport.query.filter_by(id=sport_id).first()
    sports_list = []
    if sport:
        sports_list.append({
            'id': sport.id,
            'label': sport.label
        })
        response_object = {
            'status': 'success',
            'data': {
-                'sports': sports_list
+                'sports': [sport.serialize()]
            }
        }
        code = 200
@ -51,7 +42,7 @@ def get_sport(auth_user_id, sport_id):
        response_object = {
            'status': 'not found',
            'data': {
-                'sports': sports_list
+                'sports': []
            }
        }
        code = 404
@ -59,16 +50,9 @@ def get_sport(auth_user_id, sport_id):
@sports_blueprint.route('/sports', methods=['POST'])
-@authenticate
+@authenticate_as_admin
 def post_sport(auth_user_id):
    """Post a sport"""
    if not is_admin(auth_user_id):
        response_object = {
            'status': 'error',
            'message': 'You do not have permissions.'
        }
        return jsonify(response_object), 401
    sport_data = request.get_json()
    if not sport_data or sport_data.get('label') is None:
        response_object = {
@ -105,16 +89,9 @@ def post_sport(auth_user_id):
@sports_blueprint.route('/sports/<int:sport_id>', methods=['PATCH'])
-@authenticate
+@authenticate_as_admin
 def update_sport(auth_user_id, sport_id):
    """Update a sport"""
    if not is_admin(auth_user_id):
        response_object = {
            'status': 'error',
            'message': 'You do not have permissions.'
        }
        return jsonify(response_object), 401
    sport_data = request.get_json()
    if not sport_data or sport_data.get('label') is None:
        response_object = {
@ -160,16 +137,9 @@ def update_sport(auth_user_id, sport_id):
@sports_blueprint.route('/sports/<int:sport_id>', methods=['DELETE'])
-@authenticate
+@authenticate_as_admin
 def delete_sport(auth_user_id, sport_id):
    """Delete a sport"""
    if not is_admin(auth_user_id):
        response_object = {
            'status': 'error',
            'message': 'You do not have permissions.'
        }
        return jsonify(response_object), 401
    sports_list = []
    try:
        sport = Sport.query.filter_by(id=sport_id).first()
--- a/mpwo_api/mpwo_api/users/utils.py
+++ b/mpwo_api/mpwo_api/users/utils.py
@ -6,6 +6,16 @@ from flask import current_app, jsonify, request
 from .models import User
 def is_admin(user_id):
    user = User.query.filter_by(id=user_id).first()
    return user.admin
 def is_valid_email(email):
    mail_pattern = r"(^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$)"
    return re.match(mail_pattern, email) is not None
 def verify_extension(file_type, req):
    response_object = {'status': 'success'}
@ -61,14 +71,33 @@ def authenticate(f):
    return decorated_function
-def is_admin(user_id):
+def authenticate_as_admin(f):
-    user = User.query.filter_by(id=user_id).first()
+    @wraps(f)
-    return user.admin
+    def decorated_function(*args, **kwargs):
        response_object = {
            'status': 'error',
            'message': 'Something went wrong. Please contact us.'
        }
        code = 401
        auth_header = request.headers.get('Authorization')
        if not auth_header:
            response_object['message'] = 'Provide a valid auth token.'
            code = 403
            return jsonify(response_object), code
        auth_token = auth_header.split(" ")[1]
        resp = User.decode_auth_token(auth_token)
        if isinstance(resp, str):
            response_object['message'] = resp
            return jsonify(response_object), code
        user = User.query.filter_by(id=resp).first()
        if not user:
            return jsonify(response_object), code
        if not is_admin(resp):
            response_object['message'] = 'You do not have permissions.'
            return jsonify(response_object), code
        return f(resp, *args, **kwargs)
-
+    return decorated_function
 def is_valid_email(email):
    mail_pattern = r"(^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$)"
    return re.match(mail_pattern, email) is not None
 def register_controls(username, email, password, password_conf):