diff --git a/app/__init__.py b/app/__init__.py index 5e0c172..a93036b 100644 --- a/app/__init__.py +++ b/app/__init__.py @@ -1,13 +1,14 @@ """ the __init__.py file - included to make app a package """ from flask import Flask from flask_restful import Api +from flask_jwt_extended import JWTManager from app.api.v2.views_users import UserRegister, UserLogin +from app.api.v2.views_orders import GetAllOrders from instance.config import app_config @@ -16,7 +17,11 @@ def create_app(config_name): app.config.from_object(app_config[config_name]) app.config.from_pyfile('config.py') api_endpoint = Api(app) - api_endpoint.add_resource(Orders, '/api/v1/orders') - api_endpoint.add_resource(OrderSpecific, '/api/v1/order/') + + api_endpoint.add_resource(UserRegister, '/api/v2/auth/signup') + api_endpoint.add_resource(UserLogin, '/api/v2/auth/login') + api_endpoint.add_resource(GetAllOrders, '/api/v2/orders/') + + jwt = JWTManager(app) return app \ No newline at end of file diff --git a/app/api/v2/model_orders.py b/app/api/v2/model_orders.py new file mode 100644 index 0000000..f405959 --- /dev/null +++ b/app/api/v2/model_orders.py @@ -0,0 +1,35 @@ +import psycopg2 +from flask import request, jsonify + +from app import migration + +connection = migration.db_connection() +cursor = connection.cursor() + +class Orders(): + """Class to handle orders""" + def get_user_order(self): + """Get all orders for a particular user in the database""" + try: + orders_table = "SELECT * FROM orders" + cursor.execute(orders_table) + connection.commit() + rows = cursor.fetchall() + print(rows) + user_orders = [] + if rows is not None and len(rows) > 0: + for row in rows: + order_dict = { + "status" : row[1], + "meal_name" : row[2], + "order_quantity" : row[3], + "order_cost" : row[4], + "user_id" : row[5] + } + user_orders.append(order_dict) + return {"orders":user_orders}, 200 + return {'msg': 'No records to fetch'}, 404 + except (Exception, psycopg2.DatabaseError) as error: + print(error) + connection.close() + return {'Error', error}, 400 \ No newline at end of file diff --git a/app/api/v2/model_users.py b/app/api/v2/model_users.py index b07f2dd..e16a12c 100644 --- a/app/api/v2/model_users.py +++ b/app/api/v2/model_users.py @@ -88,15 +88,17 @@ def login(self, username, password): response.status_code = 400 return response try: - get_user = "SELECT username, password \ + get_user = "SELECT username, password, admin \ FROM users \ WHERE username = '" + username + "' AND password = '" + password + "'" cursor.execute(get_user) row = cursor.fetchone() if row is not None: - row = cursor.fetchone() - access_token = create_access_token(identity=username) - print(access_token) + dbusername = row[0] + dbadmin = row[2] + if not dbusername or not dbadmin: + return {'msg':'Error, problem getting credentials from the database'}, 400 + access_token = create_access_token(identity={"username": dbusername, "admin": dbadmin}) response = jsonify({"msg":"Successfully logged in", "access_token":access_token}) response.status_code = 200 return response @@ -104,6 +106,4 @@ def login(self, username, password): response.status_code = 401 return response except (Exception, psycopg2.DatabaseError) as error: - print("Error executing", error) return jsonify({"msg" : "Error, check the database {}".format(error)}) - \ No newline at end of file diff --git a/app/api/v2/views_orders.py b/app/api/v2/views_orders.py new file mode 100644 index 0000000..28a4c0a --- /dev/null +++ b/app/api/v2/views_orders.py @@ -0,0 +1,15 @@ +from flask import request +from flask_restful import Resource +from flask_jwt_extended import jwt_required, get_jwt_identity + +from app.api.v2.model_orders import Orders + +class GetAllOrders(Resource): + """Method to add and get orders""" + @jwt_required + def get(self): + """Method to get all a user's orders""" + current_user = get_jwt_identity() + if current_user['admin'] == True: + return Orders().get_user_order() + return {'msg', 'Sorry you do not have sufficient rights to access this page'}, 403 \ No newline at end of file