finish up differentiated control

CURaise · Dec 1, 2023 · 36e5f0d · 36e5f0d
1 parent 3826825
commit 36e5f0d
Show file tree

Hide file tree

Showing 4 changed files with 131 additions and 0 deletions.
diff --git a/src/admin/routes.py b/src/admin/routes.py
@@ -72,3 +72,44 @@ def signout_admin():
         return success_message("Log out success. ")
     else:
         return failure_message(FAIL_MSG.SIGNOUT_FAILED)
+
+
+@bp.route('/my/', methods=['GET'])
+@role_required('admin')
+def get_me():
+    return success_message(current_user.serialize())
+
+
+@bp.route('/my/edit/', methods=['PUT'])
+@role_required('admin')
+def edit_me():
+    try:
+        json_data = json.loads(request.data)
+    except json.decoder.JSONDecodeError as e:
+        return failure_message(FAIL_MSG.POST_FORM.ERROR + str(e))
+
+    for k in json_data.keys():
+        if not hasattr(current_user, k):
+            return failure_message(FAIL_MSG.POST_FORM.FIELD_NAME_WRONG)
+
+    for k, v in json_data.items():
+        setattr(current_user, k, v)
+
+    try:
+        db.session.commit()
+    except Exception as e:
+        return failure_message(FAIL_MSG.ADD_TO_DATABASE + str(e))
+
+    return success_message(current_user.serialize())
+
+
+@bp.route('/my/', methods=['DELETE'])
+@role_required('admin')
+def delete_me():
+    try:
+        db.session.delete(current_user)
+        db.session.commit()
+    except Exception as e:
+        return failure_message(FAIL_MSG.REMOVE_FROM_DATABASE + str(e))
+
+    return success_message(current_user.serialize())
diff --git a/src/clubs/routes.py b/src/clubs/routes.py
@@ -59,10 +59,87 @@ def create_club():
     except Exception as e:
         return failure_message(FAIL_MSG.ADD_TO_DATABASE + str(e))
 
+    login_user(new_club, remember=True)
+
     return success_message(new_club.id)
 
 
+@bp.route('/signin/', methods=['POST'])
+def signin_club():
+    try:
+        json_data = json.loads(request.data)
+        email = json_data['email']
+        password = json_data['password']
+    except KeyError as e:
+        return failure_message(FAIL_MSG.POST_FORM.FIELD_NAME_WRONG + str(e))
+    except json.decoder.JSONDecodeError as e:
+        return failure_message(FAIL_MSG.POST_FORM.ERROR + str(e))
+
+    club = Club.query.filter_by(email=email).first()
+    if club is None:
+        return failure_message(FAIL_MSG.TARGET_NOT_FOUND)
+
+    if not check_password_hash(club.password, password):
+        return failure_message(FAIL_MSG.WRONG_PASSWORD)
+
+    if login_user(club, remember=True):
+        return success_message("Log in success. ")
+    else:
+        return failure_message(FAIL_MSG.LOGIN_FAILED)
+
+
+@bp.route('/signout/', methods=['POST'])
+@role_required('club')
+def signout_club():
+    if logout_user():
+        return success_message("Log out success. ")
+    else:
+        return failure_message(FAIL_MSG.SIGNOUT_FAILED)
+
+
+@bp.route('/my/', methods=['GET'])
+@role_required('club')
+def get_me():
+    return success_message(current_user.serialize())
+
+
+@bp.route('/my/edit/', methods=['PUT'])
+@role_required('club')
+def edit_me():
+    try:
+        json_data = json.loads(request.data)
+    except json.decoder.JSONDecodeError as e:
+        return failure_message(FAIL_MSG.POST_FORM.ERROR + str(e))
+
+    for k in json_data.keys():
+        if not hasattr(current_user, k):
+            return failure_message(FAIL_MSG.POST_FORM.FIELD_NAME_WRONG)
+
+    for k, v in json_data.items():
+        setattr(current_user, k, v)
+
+    try:
+        db.session.commit()
+    except Exception as e:
+        return failure_message(FAIL_MSG.ADD_TO_DATABASE + str(e))
+
+    return success_message(current_user.serialize())
+
+
+@bp.route('/my/', methods=['DELETE'])
+@role_required('club')
+def delete_me():
+    try:
+        db.session.delete(current_user)
+        db.session.commit()
+    except Exception as e:
+        return failure_message(FAIL_MSG.REMOVE_FROM_DATABASE + str(e))
+
+    return success_message(current_user.serialize())
+
+
 @bp.route('/<club_id>/', methods=['GET'])
+@role_required('admin')
 def get_club_by_id(club_id):
     target = Club.query.filter_by(id=club_id).first()
 
@@ -73,6 +150,7 @@ def get_club_by_id(club_id):
 
 
 @bp.route('/<club_id>/edit/', methods=['PUT'])
+@role_required('admin')
 def edit_club(club_id):
     try:
         json_data = json.loads(request.data)
@@ -100,6 +178,7 @@ def edit_club(club_id):
 
 
 @bp.route('/<club_id>/', methods=['DELETE'])
+@role_required('admin')
 def delete_by_club_id(club_id):
     club = get_club_by_id(club_id=club_id)
 

diff --git a/src/fundraisers/routes.py b/src/fundraisers/routes.py
@@ -8,6 +8,7 @@
 
 
 @bp.route('/create/', methods=['POST'])
+@role_required('club')
 def create_fundraisers():
     """
     Add a fundraiser event to the database.
@@ -78,6 +79,7 @@ def get_all_fundraisers():
 
 
 @bp.route('/<fundraiser_id>/edit/', methods=['PUT'])
+@role_required('club')
 def edit_fundraiser(fundraiser_id):
     try:
         json_data = json.loads(request.data)
@@ -105,6 +107,7 @@ def edit_fundraiser(fundraiser_id):
 
 
 @bp.route('/add_item/', methods=['POST'])
+@role_required('club')
 def add_fundraiser_item():
     try:
         json_data = json.loads(request.data)
@@ -136,6 +139,7 @@ def add_fundraiser_item():
 
 
 @bp.route('/<fundraiser_id>/', methods=['DELETE'])
+@role_required('club')
 def delete_fundraiser_by_id(fundraiser_id):
     fundraiser = get_by_fundraiser_id(fundraiser_id=fundraiser_id)
 

diff --git a/src/models/admin.py b/src/models/admin.py
@@ -31,3 +31,10 @@ def is_anonymous(self):
         :return: False, because anonymity is not supported
         """
         return False
+
+    def serialize(self):
+        return {
+            'id': self.id,
+            'name': self.name,
+            'email': self.email
+        }