university-final-iot-backend/app/api/resources/account.py

128 lines
4.6 KiB
Python

from flask_restful import Resource, abort
from flask import g, render_template, redirect
from marshmallow import Schema, fields
from webargs.flaskparser import use_args
from flasgger import swag_from
from app.api.blueprint import api
import app.accounts.api as accounts
from app.accounts.tasks import send_email_task
from app.api.auth_protection import ProtectedResource
from app.api.permission_protection import (requires_permission,
valid_permissions)
from app.api.schemas import BaseTimestampedResourceSchema
from flask import current_app as app
class UserSchema(BaseTimestampedResourceSchema):
username = fields.Str(required=True)
email = fields.Email(required=True)
password = fields.Str(required=True, load_only=True)
class RoleUpdateSchema(Schema):
role_id = fields.Integer(required=True, load_only=True, location='json')
def validate_role_permissions(permissions_list):
return set(permissions_list).issubset(valid_permissions)
class RoleSchema(BaseTimestampedResourceSchema):
id = fields.Integer(required=True, location='json')
display_name = fields.String(required=True, location='json')
permissions = fields.List(fields.String, required=True,
location='json', many=True,
validate=validate_role_permissions)
class RoleCreationSchema(Schema):
display_name = fields.String(required=True, location='json')
permissions = fields.List(fields.String, required=True,
location='json', many=True)
class AccountResource(ProtectedResource):
@swag_from('swagger/get_account_spec.yaml')
def get(self, account_id):
if g.current_account.id == account_id:
return UserSchema().dump(g.current_account), 200
abort(403, message='You can only get your own account', status='error')
class RoleResource(ProtectedResource):
@swag_from('swagger/get_role_spec.yaml')
def get(self, role_id):
return RoleSchema().dump(
accounts.get_role(role_id)), 200
class RolesResource(ProtectedResource):
@requires_permission('CREATE_ROLE', 'Role creation')
@use_args(RoleCreationSchema(), locations=('json',))
@swag_from('swagger/create_role_spec.yaml')
def post(self, args):
created_role = accounts.create_role(args['display_name'],
args['permissions'])
return RoleSchema().dump(created_role), 201
@swag_from('swagger/get_roles_spec.yaml')
def get(self):
return RoleSchema().dump(accounts.get_all_roles(), many=True), 200
class AccountRoleResource(ProtectedResource):
@use_args(RoleUpdateSchema(), locations=('json',))
@swag_from('swagger/update_account_role_spec.yaml')
def put(self, args, account_id):
if g.current_account.id == account_id:
abort(403, message='You may not change your own roles',
status='error')
updated_account = accounts.update_account_role(
account_id, args['role_id'])
return UserSchema().dump(updated_account), 200
class AccountListResource(Resource):
@use_args(UserSchema(), locations=('json',))
@swag_from('swagger/create_account_spec.yaml')
def post(self, args):
try:
created_account, emailtoken = accounts.create_account(
args['username'],
args['email'],
args['password'])
confirm_url = api.url_for(
AccountEmailTokenResource,
token=emailtoken, _external=True)
html = render_template(
'activate_mail.html',
confirm_url=confirm_url)
send_email_task.delay(
args['email'],
'ETF IoT Email confirmation',
html)
return UserSchema().dump(created_account), 201
except ValueError:
abort(422, message='Account already exists', status='error')
class AccountEmailTokenResource(Resource):
def get(self, token):
success, email = accounts.confirm_email_token(token)
if success:
frontend_url = app.config['FRONTEND_URL']
html = render_template(
'welcome_to_iot.html',
frontend_url=frontend_url)
send_email_task.delay(
email,
'Welcome to ETF IoT!',
html)
return redirect(frontend_url)
class AccountEmailTokenResendResource(Resource):
@use_args(UserSchema(), locations=('json',))
def post(self, args):
return '', 201