KMaina · KMaina · Oct 5, 2018
diff --git a/app/__init__.py b/app/__init__.py
@@ -1,13 +1,14 @@
 """
 the __init__.py file
-
 included to make app a package
 """
 
 from flask import Flask
 from flask_restful import Api
+from flask_jwt_extended import JWTManager
 
 from app.api.v2.views_users import UserRegister, UserLogin
+from app.api.v2.views_orders import GetAllOrders
 
 from instance.config import app_config
 
@@ -16,7 +17,11 @@ def create_app(config_name):
     app.config.from_object(app_config[config_name])
     app.config.from_pyfile('config.py')
     api_endpoint = Api(app)
-    api_endpoint.add_resource(Orders, '/api/v1/orders')
-    api_endpoint.add_resource(OrderSpecific, '/api/v1/order/<int:order_id>')
+
+    api_endpoint.add_resource(UserRegister, '/api/v2/auth/signup')
+    api_endpoint.add_resource(UserLogin, '/api/v2/auth/login')
+    api_endpoint.add_resource(GetAllOrders, '/api/v2/orders/')
+
+    jwt = JWTManager(app)
 
     return app
diff --git a/app/api/v2/model_orders.py b/app/api/v2/model_orders.py
@@ -0,0 +1,35 @@
+import psycopg2
+from flask import request, jsonify
+
+from app import migration
+
+connection = migration.db_connection()
+cursor = connection.cursor()
+
+class Orders():
+    """Class to handle orders"""
+    def get_user_order(self):
+        """Get all orders for a particular user in the database"""
+        try:
+            orders_table = "SELECT * FROM orders"
+            cursor.execute(orders_table)
+            connection.commit()
+            rows = cursor.fetchall()
+            print(rows)
+            user_orders = []
+            if rows is not None and len(rows) > 0:
+                for row in rows:
+                    order_dict = {
+                        "status" : row[1],
+                        "meal_name" : row[2],
+                        "order_quantity" : row[3],
+                        "order_cost" : row[4],
+                        "user_id" : row[5]
+                    }
+                    user_orders.append(order_dict)
+                return {"orders":user_orders}, 200
+            return {'msg': 'No records to fetch'}, 404
+        except (Exception, psycopg2.DatabaseError) as error:
+            print(error)
+            connection.close()
+        return {'Error', error}, 400
diff --git a/app/api/v2/model_users.py b/app/api/v2/model_users.py
@@ -88,22 +88,22 @@ def login(self, username, password):
             response.status_code = 400
             return response
         try:
-            get_user = "SELECT username, password \
+            get_user = "SELECT username, password, admin \
                         FROM users \
                         WHERE username = '" + username + "' AND password = '" + password +  "'"
             cursor.execute(get_user)
             row = cursor.fetchone()
             if row is not None:
-                row = cursor.fetchone()
-                access_token = create_access_token(identity=username)
-                print(access_token)
+                dbusername = row[0] 
+                dbadmin = row[2]
+                if not dbusername or not dbadmin:
+                    return {'msg':'Error, problem getting credentials from the database'}, 400
+                access_token = create_access_token(identity={"username": dbusername, "admin": dbadmin})
                 response = jsonify({"msg":"Successfully logged in", "access_token":access_token})
                 response.status_code = 200
                 return response
             response = jsonify({"msg" : "Error logging in, credentials not found"})
             response.status_code = 401
             return response
         except (Exception, psycopg2.DatabaseError) as error:
-            print("Error executing", error)
             return jsonify({"msg" : "Error, check the database {}".format(error)})
-
diff --git a/app/api/v2/views_orders.py b/app/api/v2/views_orders.py
@@ -0,0 +1,15 @@
+from flask import request
+from flask_restful import Resource
+from flask_jwt_extended import jwt_required, get_jwt_identity
+
+from app.api.v2.model_orders import Orders
+
+class GetAllOrders(Resource):
+    """Method to add and get orders"""
+    @jwt_required
+    def get(self):
+        """Method to get all a user's orders"""
+        current_user = get_jwt_identity()
+        if current_user['admin'] == True:
+            return Orders().get_user_order()
+        return {'msg', 'Sorry you do not have sufficient rights to access this page'}, 403