API: sports - minor refactor

This commit is contained in:
Sam 2018-05-09 16:50:30 +02:00
parent d912dfc835
commit be65388dd2
3 changed files with 49 additions and 44 deletions

View File

@ -17,6 +17,12 @@ class Sport(db.Model):
def __init__(self, label): def __init__(self, label):
self.label = label self.label = label
def serialize(self):
return {
'id': self.id,
'label': self.label
}
class Activity(db.Model): class Activity(db.Model):
__tablename__ = "activities" __tablename__ = "activities"

View File

@ -2,7 +2,7 @@ from flask import Blueprint, jsonify, request
from mpwo_api import appLog, db from mpwo_api import appLog, db
from sqlalchemy import exc from sqlalchemy import exc
from ..users.utils import authenticate, is_admin from ..users.utils import authenticate, authenticate_as_admin
from .models import Sport from .models import Sport
sports_blueprint = Blueprint('sports', __name__) sports_blueprint = Blueprint('sports', __name__)
@ -15,11 +15,7 @@ def get_sports(auth_user_id):
sports = Sport.query.order_by(Sport.id).all() sports = Sport.query.order_by(Sport.id).all()
sports_list = [] sports_list = []
for sport in sports: for sport in sports:
sport_object = { sports_list.append(sport.serialize())
'id': sport.id,
'label': sport.label
}
sports_list.append(sport_object)
response_object = { response_object = {
'status': 'success', 'status': 'success',
'data': { 'data': {
@ -34,16 +30,11 @@ def get_sports(auth_user_id):
def get_sport(auth_user_id, sport_id): def get_sport(auth_user_id, sport_id):
"""Get a sport""" """Get a sport"""
sport = Sport.query.filter_by(id=sport_id).first() sport = Sport.query.filter_by(id=sport_id).first()
sports_list = []
if sport: if sport:
sports_list.append({
'id': sport.id,
'label': sport.label
})
response_object = { response_object = {
'status': 'success', 'status': 'success',
'data': { 'data': {
'sports': sports_list 'sports': [sport.serialize()]
} }
} }
code = 200 code = 200
@ -51,7 +42,7 @@ def get_sport(auth_user_id, sport_id):
response_object = { response_object = {
'status': 'not found', 'status': 'not found',
'data': { 'data': {
'sports': sports_list 'sports': []
} }
} }
code = 404 code = 404
@ -59,16 +50,9 @@ def get_sport(auth_user_id, sport_id):
@sports_blueprint.route('/sports', methods=['POST']) @sports_blueprint.route('/sports', methods=['POST'])
@authenticate @authenticate_as_admin
def post_sport(auth_user_id): def post_sport(auth_user_id):
"""Post a sport""" """Post a sport"""
if not is_admin(auth_user_id):
response_object = {
'status': 'error',
'message': 'You do not have permissions.'
}
return jsonify(response_object), 401
sport_data = request.get_json() sport_data = request.get_json()
if not sport_data or sport_data.get('label') is None: if not sport_data or sport_data.get('label') is None:
response_object = { response_object = {
@ -105,16 +89,9 @@ def post_sport(auth_user_id):
@sports_blueprint.route('/sports/<int:sport_id>', methods=['PATCH']) @sports_blueprint.route('/sports/<int:sport_id>', methods=['PATCH'])
@authenticate @authenticate_as_admin
def update_sport(auth_user_id, sport_id): def update_sport(auth_user_id, sport_id):
"""Update a sport""" """Update a sport"""
if not is_admin(auth_user_id):
response_object = {
'status': 'error',
'message': 'You do not have permissions.'
}
return jsonify(response_object), 401
sport_data = request.get_json() sport_data = request.get_json()
if not sport_data or sport_data.get('label') is None: if not sport_data or sport_data.get('label') is None:
response_object = { response_object = {
@ -160,16 +137,9 @@ def update_sport(auth_user_id, sport_id):
@sports_blueprint.route('/sports/<int:sport_id>', methods=['DELETE']) @sports_blueprint.route('/sports/<int:sport_id>', methods=['DELETE'])
@authenticate @authenticate_as_admin
def delete_sport(auth_user_id, sport_id): def delete_sport(auth_user_id, sport_id):
"""Delete a sport""" """Delete a sport"""
if not is_admin(auth_user_id):
response_object = {
'status': 'error',
'message': 'You do not have permissions.'
}
return jsonify(response_object), 401
sports_list = [] sports_list = []
try: try:
sport = Sport.query.filter_by(id=sport_id).first() sport = Sport.query.filter_by(id=sport_id).first()

View File

@ -6,6 +6,16 @@ from flask import current_app, jsonify, request
from .models import User from .models import User
def is_admin(user_id):
user = User.query.filter_by(id=user_id).first()
return user.admin
def is_valid_email(email):
mail_pattern = r"(^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$)"
return re.match(mail_pattern, email) is not None
def verify_extension(file_type, req): def verify_extension(file_type, req):
response_object = {'status': 'success'} response_object = {'status': 'success'}
@ -61,14 +71,33 @@ def authenticate(f):
return decorated_function return decorated_function
def is_admin(user_id): def authenticate_as_admin(f):
user = User.query.filter_by(id=user_id).first() @wraps(f)
return user.admin def decorated_function(*args, **kwargs):
response_object = {
'status': 'error',
'message': 'Something went wrong. Please contact us.'
}
code = 401
auth_header = request.headers.get('Authorization')
if not auth_header:
response_object['message'] = 'Provide a valid auth token.'
code = 403
return jsonify(response_object), code
auth_token = auth_header.split(" ")[1]
resp = User.decode_auth_token(auth_token)
if isinstance(resp, str):
response_object['message'] = resp
return jsonify(response_object), code
user = User.query.filter_by(id=resp).first()
if not user:
return jsonify(response_object), code
if not is_admin(resp):
response_object['message'] = 'You do not have permissions.'
return jsonify(response_object), code
return f(resp, *args, **kwargs)
return decorated_function
def is_valid_email(email):
mail_pattern = r"(^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$)"
return re.match(mail_pattern, email) is not None
def register_controls(username, email, password, password_conf): def register_controls(username, email, password, password_conf):