Resolve "Add api methods"

.vscode/tasks.json

@@ -29,7 +29,6 @@
             "options": {
                 "cwd": "${workspaceFolder}/client"
             },
-
         },
         {
             "label": "Start server",
@@ -54,6 +53,16 @@
                 "cwd": "${workspaceFolder}/server"
             },
         },
+        {
+            "label": "Populate server",
+            "type": "shell",
+            "group": "build",
+            "command": "env/Scripts/python populate.py",
+            "problemMatcher": [],
+            "options": {
+                "cwd": "${workspaceFolder}/server"
+            },
+        },
         {
             "label": "Open server coverage",
             "type": "shell",
@@ -63,7 +72,6 @@
             "options": {
                 "cwd": "${workspaceFolder}/server"
             },
-
         },
         {
             "label": "Start client and server",

server/app/__init__.py

@@ -25,7 +25,6 @@ def create_app(config_name="configmodule.DevelopmentConfig"):
         from app.api import api_blueprint
 
         app.register_blueprint(api_blueprint, url_prefix="/api")
-
         return app
 
 

server/app/api/__init__.py

+from functools import wraps
+
 from flask import Blueprint
+from flask_jwt_extended import verify_jwt_in_request
+from flask_jwt_extended.utils import get_jwt_claims
+
+
+def admin_required():
+    def wrapper(fn):
+        @wraps(fn)
+        def decorator(*args, **kwargs):
+            verify_jwt_in_request()
+            claims = get_jwt_claims()
+            if claims["role"] == "Admin":
+                return fn(*args, **kwargs)
+            else:
+                return {"message:": "Admins only"}, 403
+
+        return decorator
+
+    return wrapper
+
+
+def text_response(text, code=200):
+    return {"message": text}, code
+
+
+def query_response(db_items, code=200):
+    if type(db_items) is not list:
+        db_items = [db_items]
+    return {"result": [i.get_dict() for i in db_items]}, code
+
+
+def object_response(items, code=200):
+    if type(items) is not list:
+        items = [items]
+    return {"result": items}, code
+
 
 api_blueprint = Blueprint("api", __name__)
 
 # Import the rest of the routes.
-from app.api import users, admin
+from app.api import admin, users

server/app/api/competitions.py

+###
+# Admin stuff placed here for later use
+# No need to implement this before the application is somewhat done
+###
+
+import app.database.controller as dbc
+import app.utils.http_codes as codes
+from app import db
+from app.api import admin_required, api_blueprint, object_response, query_response, text_response
+from app.database.models import Blacklist, City, Competition, Role, User
+from app.utils.validator import edit_user_schema, login_schema, register_schema, validate_object
+from flask import request
+from flask_jwt_extended import (
+    create_access_token,
+    create_refresh_token,
+    get_jwt_identity,
+    get_raw_jwt,
+    jwt_refresh_token_required,
+    jwt_required,
+)
+
+
+@api_blueprint.route("/competitions/<int:id>", methods=["GET"])
+@jwt_required
+def get(id):
+    item = Competition.query.filter(Competition.id == id).first()
+    if not item:
+        return text_response("Competition not found", codes.NOT_FOUND)
+
+    return query_response(item)
+
+
+@api_blueprint.route("/competitions", methods=["POST"])
+@jwt_required
+def create():
+    json_dict = request.get_json(force=True)
+
+    name = json_dict.get("name")
+    city_id = json_dict.get("city_id")
+    year = json_dict.get("year", 2020)
+    style_id = json_dict.get("style_id", 0)
+
+    dbc.add.competition(name, year, style_id, city_id)
+
+    item = Competition.query.filter(Competition.name == name).first()
+    return query_response(item)

server/app/api/users.py

 import datetime
 
 import app.database.controller as dbc
+import app.utils.http_codes as codes
 from app import db
-from app.api import api_blueprint
-from app.database.models import Blacklist, User
+from app.api import admin_required, api_blueprint, object_response, query_response, text_response
+from app.database.models import Blacklist, City, Role, User
 from app.utils.validator import edit_user_schema, login_schema, register_schema, validate_object
 from flask import request
 from flask_jwt_extended import (
@@ -16,19 +17,34 @@ from flask_jwt_extended import (
 )
 
 
-def get_current_user():
+##Helpers
+def _get_current_user():
     return User.query.filter_by(id=get_jwt_identity()).first()
 
 
+def _create_token(user):
+    expires = datetime.timedelta(days=7)
+    claims = {"role": user.role.name}
+
+    return create_access_token(identity=user.id, expires_delta=expires, user_claims=claims)
+
+
 @api_blueprint.route("/users/test", methods=["GET"])
 def test():
-    return {"message": "hello teknik8"}, 200
+    return text_response("hello teknik8")
 
 
 @api_blueprint.route("/users/test_auth", methods=["GET"])
 @jwt_required
+@admin_required()
 def test_auth():
-    return {"message": "you are authenticated"}, 200
+    return text_response("you are authenticated")
+
+
+@api_blueprint.route("/roles", methods=["GET"])
+@jwt_required
+def get_roles():
+    return query_response(Role.query.all())
 
 
 @api_blueprint.route("/users/login", methods=["POST"])
@@ -37,26 +53,20 @@ def login():
 
     validate_msg = validate_object(login_schema, json_dict)
     if validate_msg is not None:
-        return {"message": validate_msg}, 400
+        return text_response(validate_msg, codes.BAD_REQUEST)
 
-    email = json_dict["email"]
-    password = json_dict["password"]
+    email = json_dict.get("email")
+    password = json_dict.get("password")
     user = User.query.filter_by(email=email).first()
 
-    # Don't show the user that the email was correct unless the password was also correct
-    if not user:
-        return {"message": "The email or password you entered is incorrect."}, 401
-
-    if not user.is_correct_password(password):
-        return {"message": "The email or password you entered is incorrect."}, 401
+    if not user or not user.is_correct_password(password):
+        return text_response("Invalid email or password", codes.UNAUTHORIZED)
 
-    expires = datetime.timedelta(days=7)
-    access_token = create_access_token(identity=user.id, expires_delta=expires)
+    access_token = _create_token(user)
     refresh_token = create_refresh_token(identity=user.id)
-    return (
-        {"id": user.id, "access_token": access_token, "refresh_token": refresh_token},
-        200,
-    )
+
+    response = {"id": user.id, "access_token": access_token, "refresh_token": refresh_token}
+    return object_response(response)
 
 
 @api_blueprint.route("/users/logout", methods=["POST"])
@@ -66,15 +76,16 @@ def logout():
 
     db.session.add(Blacklist(jti))
     db.session.commit()
-    return {"message": "message fully logged out"}, 200
+    return text_response("Logged out")
 
 
 @api_blueprint.route("/users/refresh", methods=["POST"])
 @jwt_refresh_token_required
 def refresh():
     current_user = get_jwt_identity()
-    ret = {"access_token": create_access_token(identity=current_user)}
-    return ret, 200
+    response = {"access_token": _create_token(current_user)}
+
+    return object_response(response)
 
 
 @api_blueprint.route("/users/", methods=["POST"])
@@ -83,68 +94,101 @@ def create():
 
     validate_msg = validate_object(register_schema, json_dict)
     if validate_msg is not None:
-        return {"message": validate_msg}, 400
+        return text_response(validate_msg, codes.BAD_REQUEST)
+
+    email = json_dict.get("email")
+    password = json_dict.get("password")
+    role = json_dict.get("role")
+    city = json_dict.get("city")
 
-    existing_user = User.query.filter_by(email=json_dict["email"]).first()
+    existing_user = User.query.filter(User.email == email).first()
 
     if existing_user is not None:
-        return {"message": "User already exists"}, 400
+        return text_response("User already exists", codes.BAD_REQUEST)
 
-    dbc.add.user(json_dict["email"], json_dict["password"], json_dict["role"], json_dict["city"])
+    dbc.add.user(email, password, role, city)
 
-    item_user = User.query.filter_by(email=json_dict["email"]).first()
+    item_user = User.query.filter(User.email == email).first()
 
-    return item_user.get_dict(), 200
+    return query_response(item_user)
 
 
-@api_blueprint.route("/users/", methods=["PUT"])
+@api_blueprint.route("/users/", defaults={"user_id": None}, methods=["PUT"])
+@api_blueprint.route("/users/<int:user_id>", methods=["PUT"])
 @jwt_required
-def edit():
+def edit(user_id):
     json_dict = request.get_json(force=True)
 
     validate_msg = validate_object(edit_user_schema, json_dict)
     if validate_msg is not None:
-        return {"message": validate_msg}, 400
+        return text_response(validate_msg, codes.BAD_REQUEST)
+
+    if user_id:
+        item_user = User.query.filter(User.id == user_id).first()
+    else:
+        item_user = _get_current_user()
+
+    name = json_dict.get("name")
+    role = json_dict.get("city")
+    city = json_dict.get("password")
+
+    if name:
+        item_user.name = name.title()
 
-    user = get_current_user()
-    user.name = json_dict["name"].title()
+    if city:
+        if City.query.filter(City.name == city).first() is None:
+            return text_response(f"City {city} does not exist", codes.BAD_REQUEST)
+        item_user.city = city
+
+    if role:
+        if Role.query.filter(Role.name == role).first() is None:
+            return text_response(f"Role {role} does not exist", codes.BAD_REQUEST)
+        item_user.role = role
 
     db.session.commit()
-    return user.get_dict(), 200
+    db.session.refresh(item_user)
+    return query_response(item_user)
 
 
-@api_blueprint.route("/users/", methods=["DELETE"])
+@api_blueprint.route("/users/", defaults={"user_id": None}, methods=["DELETE"])
+@api_blueprint.route("/users/<int:user_id>", methods=["DELETE"])
 @jwt_required
-def delete():
-    user = get_current_user()
-    db.session.delete(user)
+def delete(user_id):
+    if user_id:
+        item_user = User.query.filter(User.id == user_id).first()
+    else:
+        item_user = _get_current_user()
+
+    db.session.delete(item_user)
     jti = get_raw_jwt()["jti"]
     db.session.add(Blacklist(jti))
     db.session.commit()
-    return {"message": "User was deleted"}, 200
+
+    return text_response("User deleted")
 
 
 ###
 # Getters
 ###
-@api_blueprint.route("/users/", defaults={"UserID": None}, methods=["GET"])
-@api_blueprint.route("/users/<int:UserID>", methods=["GET"])
+@api_blueprint.route("/users/", defaults={"user_id": None}, methods=["GET"])
+@api_blueprint.route("/users/<int:user_id>", methods=["GET"])
 @jwt_required
-def get(UserID):
+def get(user_id):
 
-    if UserID:
-        user = User.query.filter_by(id=UserID).first()
+    if user_id:
+        user = User.query.filter(User.id == user_id).first()
     else:
-        user = get_current_user()
+        user = _get_current_user()
 
     if not user:
-        return {"message": "User not found"}, 404
+        return text_response("User not found", codes.NOT_FOUND)
 
-    return user.get_dict(), 200
+    return query_response(user)
 
 
-# Searchable, returns 10 max at default
+# Searchable, returns 15 max at default
 @api_blueprint.route("/users/search", methods=["GET"])
+@jwt_required
 def search():
     arguments = request.args
     query = User.query
@@ -164,4 +208,4 @@ def search():
     else:
         query = query.limit(15)
 
-    return [i.get_dict() for i in query.all()], 200
+    return query_response(query.all())

server/app/database/__init__.py

@@ -5,5 +5,5 @@ from sqlalchemy.sql import func
 
 class Base(Model):
     __abstract__ = True
-    created = sa.Column(sa.DateTime(timezone=True), server_default=func.now())
-    updated = sa.Column(sa.DateTime(timezone=True), onupdate=func.now())
+    _created = sa.Column(sa.DateTime(timezone=True), server_default=func.now())
+    _updated = sa.Column(sa.DateTime(timezone=True), onupdate=func.now())

server/app/database/controller/add.py

@@ -13,8 +13,8 @@ def user(email, plaintext_password, role, city):
     return User.query.filter(User.email == email).first()
 
 
-def competition(name, style_id, city_id):
-    db.session.add(Competition(name, style_id, city_id))
+def competition(name, year, style_id, city_id):
+    db.session.add(Competition(name, year, style_id, city_id))
     db.session.commit()
 
     filters = (Competition.name == name) & (Competition.city_id == city_id)

server/app/database/controller/get.py

 from app import db
 from app.database.models import City, Competition, Role, Slide, Style, User
 from sqlalchemy import and_, or_
-
-
-def user():
-    return

server/app/database/models.py

@@ -12,6 +12,9 @@ class Blacklist(db.Model):
     def __init__(self, jti):
         self.jti = jti
 
+    def get_dict(self):
+        return {"id": self.id, "jti": self.jti, "expire_date": self.expire_date}
+
 
 class Role(db.Model):
     id = db.Column(db.Integer, primary_key=True)
@@ -22,6 +25,9 @@ class Role(db.Model):
     def __init__(self, name):
         self.name = name
 
+    def get_dict(self):
+        return {"id": self.id, "name": self.name}
+
 
 # TODO Region?
 class City(db.Model):
@@ -59,7 +65,13 @@ class User(db.Model):
         self.authenticated = False
 
     def get_dict(self):
-        return {"id": self.id, "email": self.email, "name": self.name}
+        return {
+            "id": self.id,
+            "email": self.email,
+            "name": self.name,
+            "role_id": self.role_id,
+            "city_id": self.city_id,
+        }
 
     @hybrid_property
     def password(self):
@@ -105,14 +117,17 @@ class Style(db.Model):
 class Competition(db.Model):
     id = db.Column(db.Integer, primary_key=True)
     name = db.Column(db.String(STRING_SIZE), unique=True)
+    year = db.Column(db.Integer, nullable=False, default=2020)
+
     style_id = db.Column(db.Integer, db.ForeignKey("style.id"), nullable=False)
     city_id = db.Column(db.Integer, db.ForeignKey("city.id"), nullable=False)
 
     slides = db.relationship("Slide", backref="competition")
     teams = db.relationship("Team", backref="competition")
 
-    def __init__(self, name, style_id, city_id):
+    def __init__(self, name, year, style_id, city_id):
         self.name = name
+        self.year = year
         self.style_id = style_id
         self.city_id = city_id
 

server/app/utils/http_codes.py

+OK = 200
+BAD_REQUEST = 400
+UNAUTHORIZED = 401
+FORBIDDEN = 403
+NOT_FOUND = 404
+GONE = 410
+INTERNAL_SERVER_ERROR = 500
+SERVICE_UNAVAILABLE = 503

server/app/utils/test_helpers.py

+import json
+
 from app import db
 
 
+def post(client, url, data, headers=None):
+    response = client.post(url, data=json.dumps(data), headers=headers)
+    body = json.loads(response.data.decode())
+    return response, body
+
+
+def get(client, url, query_string=None, headers=None):
+    response = client.get(url, query_string=query_string, headers=headers)
+    body = json.loads(response.data.decode())
+    return response, body
+
+
+def put(client, url, data, headers=None):
+    response = client.put(url, data=json.dumps(data), headers=headers)
+    body = json.loads(response.data.decode())
+    return response, body
+
+
+def delete(client, url, data, headers=None):
+    response = client.delete(url, data=json.dumps(data), headers=headers)
+    body = json.loads(response.data.decode())
+    return response, body
+
+
 # Try insert invalid row. If it fails then the test is passed
 def assert_insert_fail(db_type, *args):
     try:

server/app/utils/validator.py

@@ -23,4 +23,6 @@ register_schema = {
 
 edit_user_schema = {
     "name": {"type": "string", "required": False, "minlength": 1, "maxlength": 50},
+    "role": {"type": "string", "required": False},
+    "city": {"type": "string", "required": False},
 }

server/configmodule.py

@@ -9,6 +9,7 @@ class Config:
 
 class DevelopmentConfig(Config):
     DEBUG = True
+    SQLALCHEMY_DATABASE_URI = "sqlite:///database.db"
 
 
 class TestingConfig(Config):

server/populate.py

+import app.database.controller as dbc
+from app import create_app, db
+from app.database.models import City, MediaType, QuestionType, Role
+
+user = {"email": "test@test.se", "password": "password", "role": "Admin", "city": "Linköping"}
+media_types = ["Image", "Video"]
+question_types = ["Boolean", "Multiple", "Text"]
+roles = ["Admin", "Editor"]
+cities = ["Linköping"]
+
+
+def _add_items():
+    # Add media types
+    for item in media_types:
+        db.session.add(MediaType(item))
+
+    db.session.commit()
+
+    # Add question types
+    for item in question_types:
+        db.session.add(QuestionType(item))
+    db.session.commit()
+
+    # Add roles
+    for item in roles:
+        db.session.add(Role(item))
+    db.session.commit()
+
+    # Add cities
+    for item in cities:
+        db.session.add(City(item))
+    db.session.commit()
+
+    # Add user with role and city
+    dbc.add.user("test@test.se", "password", "Admin", "Linköping")
+
+    db.session.flush()
+
+
+app = create_app("configmodule.DevelopmentConfig")
+
+with app.app_context():
+    db.create_all()
+    _add_items()

server/tests/test_app.py

 import json
 
 from app.database.populate import add_default_values
+from app.utils.test_helpers import delete, get, post, put
 
 from tests import app, client
 
@@ -8,40 +9,42 @@ from tests import app, client
 def test_app(client):
     add_default_values()
 
-    register_data = {"email": "test1@test.se", "password": "abc123", "role": "Admin", "city": "Linköping"}
+    # Login in with default user
+    response, body = post(client, "/api/users/login", {"email": "test@test.se", "password": "password"})
+    item = body["result"][0]
+    headers = {"Authorization": "Bearer " + item["access_token"]}
+
     # Create user
-    rv = client.post(
-        "/api/users/",
-        data=json.dumps(register_data),
-    )
-    rv_dict = json.loads(rv.data.decode())
+    register_data = {"email": "test1@test.se", "password": "abc123", "role": "Admin", "city": "Linköping"}
+    response, body = post(client, "/api/users/", register_data, headers)
+    item = body["result"][0]
 
-    assert rv.status_code == 200
-    assert rv_dict["id"] == 2
-    assert "password" not in rv_dict
-    assert rv_dict["email"] == "test1@test.se"
+    assert response.status_code == 200
+    assert item["id"] == 2
+    assert "password" not in item
+    assert item["email"] == "test1@test.se"
 
     # Try loggin with wrong PASSWORD
-    rv = client.post("/api/users/login", data=json.dumps({"email": "test1@test.se", "password": "abc1234"}))
-    assert rv.status_code == 401
+    response, body = post(client, "/api/users/login", {"email": "test1@test.se", "password": "abc1234"})
+    assert response.status_code == 401
 
     # Try loggin with wrong Email
-    rv = client.post("/api/users/login", data=json.dumps({"email": "testx@test.se", "password": "abc1234"}))
-    assert rv.status_code == 401
+    response, body = post(client, "/api/users/login", {"email": "testx@test.se", "password": "abc1234"})
+    assert response.status_code == 401
 
     # Try loggin with right PASSWORD
-    rv = client.post("/api/users/login", data=json.dumps({"email": "test1@test.se", "password": "abc123"}))
-    rv_dict = json.loads(rv.data.decode())
-    assert rv.status_code == 200
-    headers = {"Authorization": "Bearer " + rv_dict["access_token"]}
+    response, body = post(client, "/api/users/login", {"email": "test1@test.se", "password": "abc123"})
+    item = body["result"][0]
+    headers = {"Authorization": "Bearer " + item["access_token"]}
+    assert response.status_code == 200
 
     # Get the current user
-    rv = client.get("/api/users/", headers=headers)
-    rv_dict = json.loads(rv.data.decode())
-    assert rv.status_code == 200
-    assert rv_dict["email"] == "test1@test.se"
-
-    rv = client.put("/api/users/", data=json.dumps({"name": "carl carlsson"}), headers=headers)
-    rv_dict = json.loads(rv.data.decode())
-    assert rv.status_code == 200
-    assert rv_dict["name"] == "Carl Carlsson"
+    response, body = get(client, "/api/users/", headers=headers)
+    item = body["result"][0]
+    assert response.status_code == 200
+    assert item["email"] == "test1@test.se"
+
+    response, body = put(client, "/api/users/", {"name": "carl carlsson"}, headers=headers)
+    item = body["result"][0]
+    assert response.status_code == 200
+    assert item["name"] == "Carl Carlsson"

server/tests/test_db.py

+import app.database.controller as dbc
 import pytest
 from app.database.models import (
     City,
@@ -13,9 +14,8 @@ from app.database.models import (
     Team,
     User,
 )
-import app.database.controller as dbc
 from app.database.populate import add_default_values
-from app.utils.test_helpers import *
+from app.utils.test_helpers import assert_exists, assert_insert_fail, assert_object_values
 
 from tests import app, client, db
 
@@ -89,8 +89,8 @@ def test_question(client):
 
     # Add competition
     item_city = City.query.filter_by(name="Linköping").first()
-    db.session.add(Competition("teknik8", item_style.id, item_city.id))
-    db.session.add(Competition("teknik9", item_style.id, item_city.id))
+    db.session.add(Competition("teknik8", 2020, item_style.id, item_city.id))
+    db.session.add(Competition("teknik9", 2020, item_style.id, item_city.id))
     db.session.commit()
     item_competition = Competition.query.filter_by(name="teknik8").first()
     item_competition_2 = Competition.query.filter_by(name="teknik9").first()