Merge pull request #100 from whyphi/bug/update-listing-settings

Bug/update listing settings
whyphi · Aug 4, 2024 · 7c67795 · 7c67795
2 parents 7b2dac9 + 5a649a4
commit 7c67795
Show file tree

Hide file tree

Showing 5 changed files with 25 additions and 20 deletions.
diff --git a/chalicelib/api/accountability.py b/chalicelib/api/accountability.py
@@ -1,12 +1,13 @@
 from chalice import Blueprint
 from chalicelib.decorators import auth
 from chalicelib.services.AccountabilityService import accountability_service
+from chalicelib.models.roles import Roles
 
 accountability_api = Blueprint(__name__)
 
 
 @accountability_api.route("/accountability", methods=["GET"], cors=True)
-@auth(accountability_api, roles=["admin"])
+@auth(accountability_api, roles=[Roles.ADMIN, Roles.MEMBER])
 def get_accountability():
     if accountability_api.current_request.query_params:
         page = int(accountability_api.current_request.query_params.get("page", 0))

diff --git a/chalicelib/api/events_member.py b/chalicelib/api/events_member.py
@@ -1,68 +1,69 @@
 from chalice import Blueprint
 from chalicelib.decorators import auth
 from chalicelib.services.EventsMemberService import events_member_service
+from chalicelib.models.roles import Roles
 
 events_member_api = Blueprint(__name__)
 
 
 @events_member_api.route("/timeframes", methods=["POST"], cors=True)
-@auth(events_member_api, roles=["admin"])
+@auth(events_member_api, roles=[Roles.ADMIN])
 def create_timeframe():
     data = events_member_api.current_request.json_body
     return events_member_service.create_timeframe(data)
 
 
 @events_member_api.route("/timeframes", methods=["GET"], cors=True)
-@auth(events_member_api, roles=["admin"])
+@auth(events_member_api, roles=[Roles.ADMIN, Roles.MEMBER])
 def get_all_timeframes():
     return events_member_service.get_all_timeframes()
 
 
 @events_member_api.route("/timeframes/{timeframe_id}", methods=["GET"], cors=True)
-@auth(events_member_api, roles=["admin"])
+@auth(events_member_api, roles=[Roles.ADMIN, Roles.MEMBER])
 def get_timeframe(timeframe_id: str):
     return events_member_service.get_timeframe(timeframe_id)
 
 
 @events_member_api.route("/timeframes/{timeframe_id}", methods=["DELETE"], cors=True)
-@auth(events_member_api, roles=["admin"])
+@auth(events_member_api, roles=[Roles.ADMIN])
 def delete_timeframe(timeframe_id: str):
     return events_member_service.delete_timeframe(timeframe_id)
 
 
 @events_member_api.route("/timeframes/{timeframe_id}/events", methods=["POST"], cors=True)
-@auth(events_member_api, roles=["admin"])
+@auth(events_member_api, roles=[Roles.ADMIN])
 def create_event(timeframe_id: str):
     data = events_member_api.current_request.json_body
     return events_member_service.create_event(timeframe_id, data)
 
 
 @events_member_api.route("/events/{event_id}", methods=["GET"], cors=True)
-@auth(events_member_api, roles=["admin"])
+@auth(events_member_api, roles=[Roles.ADMIN, Roles.MEMBER])
 def get_event(event_id: str):
     return events_member_service.get_event(event_id)
 
 
 @events_member_api.route("/timeframes/{timeframe_id}/sheets", methods=["GET"], cors=True)
-@auth(events_member_api, roles=["admin"])
+@auth(events_member_api, roles=[Roles.ADMIN, Roles.MEMBER])
 def get_timeframe_sheets(timeframe_id: str):
     return events_member_service.get_timeframe_sheets(timeframe_id)
 
 
 @events_member_api.route("/events/{event_id}/checkin", methods=["POST"], cors=True)
-@auth(events_member_api, roles=["admin"])
+@auth(events_member_api, roles=[Roles.ADMIN, Roles.MEMBER])
 def checkin(event_id: str):
     data = events_member_api.current_request.json_body
     return events_member_service.checkin(event_id, data)
 
 
 @events_member_api.route("/events/{event_id}", methods=["PATCH"], cors=True)
-@auth(events_member_api, roles=["admin"])
+@auth(events_member_api, roles=[Roles.ADMIN])
 def update_event(event_id: str):
     pass
 
 
 @events_member_api.route("/events/{event_id}", methods=["DELETE"], cors=True)
-@auth(events_member_api, roles=["admin"])
+@auth(events_member_api, roles=[Roles.ADMIN])
 def delete_event(event_id: str):
     return events_member_service.delete(event_id)
diff --git a/chalicelib/api/events_rush.py b/chalicelib/api/events_rush.py
@@ -1,12 +1,14 @@
 from chalice import Blueprint
 from chalicelib.decorators import auth
 from chalicelib.services.EventsRushService import events_rush_service
+from chalicelib.models.roles import Roles
+
 
 events_rush_api = Blueprint(__name__)
 
 
 @events_rush_api.route("/events/rush", methods=["GET"], cors=True)
-@auth(events_rush_api, roles=["admin"])
+@auth(events_rush_api, roles=[Roles.ADMIN, Roles.MEMBER])
 def get_rush_events():
     return events_rush_service.get_rush_categories_and_events()
 
@@ -17,27 +19,27 @@ def get_rush_event(event_id):
 
 
 @events_rush_api.route("/events/rush/category", methods=["POST"], cors=True)
-@auth(events_rush_api, roles=["admin"])
+@auth(events_rush_api, roles=[Roles.ADMIN])
 def create_rush_category():
     data = events_rush_api.current_request.json_body
     return events_rush_service.create_rush_category(data)
 
 
 @events_rush_api.route("/events/rush", methods=["POST"], cors=True)
-@auth(events_rush_api, roles=["admin"])
+@auth(events_rush_api, roles=[Roles.ADMIN])
 def create_rush_event():
     data = events_rush_api.current_request.json_body
     return events_rush_service.create_rush_event(data)
 
 
 @events_rush_api.route("/events/rush", methods=["PATCH"], cors=True)
-@auth(events_rush_api, roles=["admin"])
+@auth(events_rush_api, roles=[Roles.ADMIN])
 def modify_rush_event():
     data = events_rush_api.current_request.json_body
     return events_rush_service.modify_rush_event(data)
 
 @events_rush_api.route("/events/rush/settings", methods=["PATCH"], cors=True)
-@auth(events_rush_api, roles=["admin"])
+@auth(events_rush_api, roles=[Roles.ADMIN])
 def modify_rush_settings():
     data = events_rush_api.current_request.json_body
     return events_rush_service.modify_rush_settings(data)
@@ -56,11 +58,12 @@ def get_rush_events_default_category():
 
 
 @events_rush_api.route("/events/rush/{event_id}", methods=["DELETE"], cors=True)
+@auth(events_rush_api, roles=[Roles.ADMIN])
 def delete_rush_event(event_id):
     return events_rush_service.delete_rush_event(event_id)
 
 
 @events_rush_api.route("/events/rush/{category_id}/analytics", methods=["GET"], cors=True)
-@auth(events_rush_api, roles=["admin"])
+@auth(events_rush_api, roles=[Roles.ADMIN])
 def get_rush_category_analytics(category_id):
     return events_rush_service.get_rush_category_analytics(category_id=category_id)
diff --git a/chalicelib/api/listings.py b/chalicelib/api/listings.py
@@ -55,8 +55,8 @@ def toggle_visibility(id):
 
 
 @listings_api.route("/listings/{id}/update-field", methods=["PATCH"], cors=True)
-@handle_exceptions
 @auth(listings_api, roles=[Roles.ADMIN, Roles.MEMBER])
+@handle_exceptions
 def update_listing_field_route(id):
     try:
         return listing_service.update_field_route(

diff --git a/chalicelib/api/members.py b/chalicelib/api/members.py
@@ -7,7 +7,7 @@
 
 
 @members_api.route("/member/{user_id}", methods=["GET"], cors=True)
-@auth(members_api, roles=["admin", "member"])
+@auth(members_api, roles=[Roles.ADMIN, Roles.MEMBER])
 def get_member(user_id):
     member = member_service.get_by_id(user_id)
     return member if member else {}
@@ -23,7 +23,7 @@ def update_member(user_id):
 
 
 @members_api.route("/members", methods=["GET"], cors=True)
-@auth(members_api, roles=["admin", "member"])
+@auth(members_api, roles=[Roles.ADMIN, Roles.MEMBER])
 def get_all_members():
     """Fetches all members who have access to WhyPhi."""
     return member_service.get_all()