|
46 | 46 | from app.models.ticket_holder import TicketHolder |
47 | 47 | from app.models.track import Track |
48 | 48 | from app.models.user_favourite_event import UserFavouriteEvent |
49 | | -from app.models.user import User, ATTENDEE, OWNER, ORGANIZER, COORGANIZER |
| 49 | +from app.models.user import User, ATTENDEE, OWNER, ORGANIZER, COORGANIZER, TRACK_ORGANIZER, REGISTRAR, MODERATOR, \ |
| 50 | + SALES_ADMIN, MARKETER |
50 | 51 | from app.models.users_events_role import UsersEventsRoles |
51 | 52 | from app.models.stripe_authorization import StripeAuthorization |
52 | 53 |
|
| 54 | + |
53 | 55 | def validate_event(user, modules, data): |
54 | 56 | if not user.can_create_event(): |
55 | 57 | raise ForbiddenException({'source': ''}, |
@@ -105,8 +107,13 @@ def validate_date(event, data): |
105 | 107 | "ends-at should be after starts-at") |
106 | 108 |
|
107 | 109 | if datetime.timestamp(data['starts_at']) <= datetime.timestamp(datetime.now()): |
108 | | - raise UnprocessableEntity({'pointer': '/data/attributes/starts-at'}, |
109 | | - "starts-at should be after current date-time") |
| 110 | + if event and event.deleted_at and not data.get('deleted_at'): |
| 111 | + data['state'] = 'draft' |
| 112 | + elif event and not event.deleted_at and data.get('deleted_at'): |
| 113 | + pass |
| 114 | + else: |
| 115 | + raise UnprocessableEntity({'pointer': '/data/attributes/starts-at'}, |
| 116 | + "starts-at should be after current date-time") |
110 | 117 |
|
111 | 118 | class EventList(ResourceList): |
112 | 119 | def before_get(self, args, kwargs): |
@@ -142,6 +149,62 @@ def query(self, view_kwargs): |
142 | 149 | query_ = query_.join(Event.roles).filter_by(user_id=user.id).join(UsersEventsRoles.role). \ |
143 | 150 | filter(Role.name != ATTENDEE) |
144 | 151 |
|
| 152 | + if view_kwargs.get('user_owner_id') and 'GET' in request.method: |
| 153 | + if not has_access('is_user_itself', user_id=int(view_kwargs['user_owner_id'])): |
| 154 | + raise ForbiddenException({'source': ''}, 'Access Forbidden') |
| 155 | + user = safe_query(db, User, 'id', view_kwargs['user_owner_id'], 'user_owner_id') |
| 156 | + query_ = query_.join(Event.roles).filter_by(user_id=user.id).join(UsersEventsRoles.role). \ |
| 157 | + filter(Role.name == OWNER) |
| 158 | + |
| 159 | + if view_kwargs.get('user_organizer_id') and 'GET' in request.method: |
| 160 | + if not has_access('is_user_itself', user_id=int(view_kwargs['user_organizer_id'])): |
| 161 | + raise ForbiddenException({'source': ''}, 'Access Forbidden') |
| 162 | + user = safe_query(db, User, 'id', view_kwargs['user_organizer_id'], 'user_organizer_id') |
| 163 | + query_ = query_.join(Event.roles).filter_by(user_id=user.id).join(UsersEventsRoles.role). \ |
| 164 | + filter(Role.name == ORGANIZER) |
| 165 | + |
| 166 | + if view_kwargs.get('user_coorganizer_id') and 'GET' in request.method: |
| 167 | + if not has_access('is_user_itself', user_id=int(view_kwargs['user_coorganizer_id'])): |
| 168 | + raise ForbiddenException({'source': ''}, 'Access Forbidden') |
| 169 | + user = safe_query(db, User, 'id', view_kwargs['user_coorganizer_id'], 'user_coorganizer_id') |
| 170 | + query_ = query_.join(Event.roles).filter_by(user_id=user.id).join(UsersEventsRoles.role). \ |
| 171 | + filter(Role.name == COORGANIZER) |
| 172 | + |
| 173 | + if view_kwargs.get('user_track_organizer_id') and 'GET' in request.method: |
| 174 | + if not has_access('is_user_itself', user_id=int(view_kwargs['user_track_organizer_id'])): |
| 175 | + raise ForbiddenException({'source': ''}, 'Access Forbidden') |
| 176 | + user = safe_query(db, User, 'id', view_kwargs['user_track_organizer_id'], 'user_organizer_id') |
| 177 | + query_ = query_.join(Event.roles).filter_by(user_id=user.id).join(UsersEventsRoles.role). \ |
| 178 | + filter(Role.name == TRACK_ORGANIZER) |
| 179 | + |
| 180 | + if view_kwargs.get('user_registrar_id') and 'GET' in request.method: |
| 181 | + if not has_access('is_user_itself', user_id=int(view_kwargs['user_registrar_id'])): |
| 182 | + raise ForbiddenException({'source': ''}, 'Access Forbidden') |
| 183 | + user = safe_query(db, User, 'id', view_kwargs['user_registrar_id'], 'user_registrar_id') |
| 184 | + query_ = query_.join(Event.roles).filter_by(user_id=user.id).join(UsersEventsRoles.role). \ |
| 185 | + filter(Role.name == REGISTRAR) |
| 186 | + |
| 187 | + if view_kwargs.get('user_moderator_id') and 'GET' in request.method: |
| 188 | + if not has_access('is_user_itself', user_id=int(view_kwargs['user_moderator_id'])): |
| 189 | + raise ForbiddenException({'source': ''}, 'Access Forbidden') |
| 190 | + user = safe_query(db, User, 'id', view_kwargs['user_moderator_id'], 'user_moderator_id') |
| 191 | + query_ = query_.join(Event.roles).filter_by(user_id=user.id).join(UsersEventsRoles.role). \ |
| 192 | + filter(Role.name == MODERATOR) |
| 193 | + |
| 194 | + if view_kwargs.get('user_marketer_id') and 'GET' in request.method: |
| 195 | + if not has_access('is_user_itself', user_id=int(view_kwargs['user_marketer_id'])): |
| 196 | + raise ForbiddenException({'source': ''}, 'Access Forbidden') |
| 197 | + user = safe_query(db, User, 'id', view_kwargs['user_marketer_id'], 'user_marketer_id') |
| 198 | + query_ = query_.join(Event.roles).filter_by(user_id=user.id).join(UsersEventsRoles.role). \ |
| 199 | + filter(Role.name == MARKETER) |
| 200 | + |
| 201 | + if view_kwargs.get('user_sales_admin_id') and 'GET' in request.method: |
| 202 | + if not has_access('is_user_itself', user_id=int(view_kwargs['user_sales_admin_id'])): |
| 203 | + raise ForbiddenException({'source': ''}, 'Access Forbidden') |
| 204 | + user = safe_query(db, User, 'id', view_kwargs['user_sales_admin_id'], 'user_sales_admin_id') |
| 205 | + query_ = query_.join(Event.roles).filter_by(user_id=user.id).join(UsersEventsRoles.role). \ |
| 206 | + filter(Role.name == SALES_ADMIN) |
| 207 | + |
145 | 208 | if view_kwargs.get('event_type_id') and 'GET' in request.method: |
146 | 209 | query_ = self.session.query(Event).filter( |
147 | 210 | getattr(Event, 'event_type_id') == view_kwargs['event_type_id']) |
@@ -175,7 +238,8 @@ def before_post(self, args, kwargs, data=None): |
175 | 238 | user = User.query.filter_by(id=kwargs['user_id']).first() |
176 | 239 | modules = Module.query.first() |
177 | 240 | validate_event(user, modules, data) |
178 | | - validate_date(None, data) |
| 241 | + if data['state'] != 'draft': |
| 242 | + validate_date(None, data) |
179 | 243 |
|
180 | 244 | def after_create_object(self, event, data, view_kwargs): |
181 | 245 | """ |
@@ -492,7 +556,11 @@ def before_update_object(self, event, data, view_kwargs): |
492 | 556 | :param view_kwargs: |
493 | 557 | :return: |
494 | 558 | """ |
495 | | - if data.get('starts_at') != event.starts_at or data.get('ends_at') != event.ends_at: |
| 559 | + is_date_updated = (data.get('starts_at') != event.starts_at or data.get('ends_at') != event.ends_at) |
| 560 | + is_draft_published = (event.state == "draft" and data.get('state') == "published") |
| 561 | + is_event_restored = (event.deleted_at and not data.get('deleted_at')) |
| 562 | + |
| 563 | + if is_date_updated or is_draft_published or is_event_restored: |
496 | 564 | validate_date(event, data) |
497 | 565 |
|
498 | 566 | if has_access('is_admin') and data.get('deleted_at') != event.deleted_at: |
@@ -522,6 +590,7 @@ def after_update_object(self, event, data, view_kwargs): |
522 | 590 | 'model': Event, |
523 | 591 | 'methods': { |
524 | 592 | 'before_update_object': before_update_object, |
| 593 | + 'before_get_object': before_get_object, |
525 | 594 | 'after_update_object': after_update_object, |
526 | 595 | 'before_patch': before_patch |
527 | 596 | }} |
|
0 commit comments