cpp-css · lekhuong07 · Nov 23, 2020 · Nov 22, 2020 · Nov 22, 2020 · Nov 22, 2020
diff --git a/backend/api/admin.py b/backend/api/admin.py
@@ -1,3 +1,4 @@
+from api.helpers import requires_auth
 from config import app, db
 from database.organization import Organization
 from database.role import Role, Roles
@@ -26,10 +27,9 @@ def show_board(org_id):
 
 
 @app.route('/organization/make_admin/<path:org_id>', methods=['POST'])
+@requires_auth
 def make_admin(org_id):
-    token = request.headers.get('Authorization')
-    token = token.split()[1]
-    sessionObj = db.session.query(Session).filter(Session.session_id == token).first()
+    sessionObj = request.session
     current_role = Role.query.filter_by(organization_id=org_id, user_id=sessionObj.user_id).first()
     print("DEBUG....")
     print(current_role)
@@ -64,10 +64,9 @@ def make_admin(org_id):
 
 
 @app.route('/admins/remove_admin/<path:org_id>', methods=['DELETE'])
+@requires_auth
 def remove_admin(org_id):
-    token = request.headers.get('Authorization')
-    token = token.split()[1]
-    sessionObj = db.session.query(Session).filter(Session.session_id == token).first()
+    sessionObj = request.session
     current_role = Role.query.filter_by(organization_id=org_id, user_id=sessionObj.user_id).first()
     print("DEBUG....")
     print(current_role)
@@ -91,4 +90,3 @@ def remove_admin(org_id):
 
         else:
             return jsonify(message='You do not allow to remove admin', success=False)
-
diff --git a/backend/api/event.py b/backend/api/event.py
@@ -37,11 +37,7 @@ def get_all_unpublished_event(org_id):
     events = db.session.query(Event).filter(or_(Event.phase == EventPhase.INITIALIZED,
                                                 Event.phase == EventPhase.ARCHIVED),
                                                 Event.organization_id == org_id).all()
-    token = request.headers.get('Authorization')
-    token = token.split()[1]
-    sessionObj = db.session.query(Session).filter(Session.session_id == token).first()
-
-    user = sessionObj.user
+    user = request.user
     if user.roles.filter(Role.role == Roles.MEMBER):
       return {'message': 'You are not allowed to see unpublished event',
               'success': False}
@@ -59,9 +55,7 @@ def get_all_unpublished_event(org_id):
 @app.route('/event/add/<path:org_id>', methods=['POST'])
 @requires_auth
 def create_event(org_id):
-    token = request.headers.get('Authorization')
-    token = token.split()[1]
-    sessionObj = db.session.query(Session).filter(Session.session_id == token).first()
+    sessionObj = request.session
     creator_id = sessionObj.user_id
 
     roleObj = db.session.query(Role).filter(Role.user_id == creator_id,
@@ -131,9 +125,7 @@ def delete_event(event_id):
                        message="The event does not exists.")
     else:
         # Get the session token
-        token = request.headers.get('Authorization')
-        token = token.split()[1]
-        sessionObj = db.session.query(Session).filter(Session.session_id == token).first()
+        sessionObj = request.session
         # print("...SESSION TOKEN...")
         # print(sessionObj)
         user_role = db.session.query(Role).filter(Role.organization_id == event.organization_id,
@@ -167,9 +159,7 @@ def register_event(event_id):
         return jsonify(success=False,
                        message="The event does not exists.")
     else:
-        token = request.headers.get('Authorization')
-        token = token.split()[1]
-        sessionObj = db.session.query(Session).filter(Session.session_id == token).first()
+        sessionObj = request.session
         #print("...SESSION TOKEN...")
         #print(sessionObj)
         register_id = sessionObj.user_id
@@ -212,9 +202,7 @@ def unregister_event(event_id):
     # Verified the organization id existed or not
     event_obj = Event.query.filter_by(event_id=event_id).first()
     event_name = event_obj.event_name
-    token = request.headers.get('Authorization')
-    token = token.split()[1]
-    sessionObj = db.session.query(Session).filter(Session.session_id == token).first()
+    sessionObj = request.session
     register_obj = db.session.query(Registration).filter(Registration.register_id == sessionObj.user_id,
                                                          Registration.event_id == event_id).first()
 
@@ -231,9 +219,7 @@ def unregister_event(event_id):
 @app.route('/event/approve/<path:event_id>', methods=['PUT'])
 @requires_auth
 def approve_event(event_id):
-    token = request.headers.get('Authorization')
-    token = token.split()[1]
-    sessionObj = db.session.query(Session).filter(Session.session_id == token).first()
+    sessionObj = request.session
     creator_id = sessionObj.user_id
     eventObj = db.session.query(Event).filter(Event.event_id == event_id).first()
 
@@ -261,9 +247,7 @@ def approve_event(event_id):
 @app.route('/event/cancel/<path:event_id>', methods=['PUT'])
 @requires_auth
 def cancel_event(event_id):
-    token = request.headers.get('Authorization')
-    token = token.split()[1]
-    sessionObj = db.session.query(Session).filter(Session.session_id == token).first()
+    sessionObj = request.session
     creator_id = sessionObj.user_id
     eventObj = db.session.query(Event).filter(Event.event_id == event_id).first()
     if eventObj is None or not eventObj:
@@ -297,6 +281,62 @@ def cancel_event(event_id):
 @requires_auth
 @requires_json # TODO: Centralize validation on event fields input
 def edit_event(event_id, **kwargs):
+    '''
+    Edit an existing event
+    ---
+    tags:
+      - event
+    parameters:
+      - in: body
+        name: body
+        required: true
+        schema:
+          required:
+            - event_name
+            - start_date
+            - end_date
+            - theme
+            - perks
+            - categories
+            - info
+          properties:
+            event_name:
+              type: string
+            start_date:
+              type: string
+              description: An ISO 8601 formatted datetime string
+            end_date:
+              type: string
+              description: An ISO 8601 formatted datetime string
+            theme:
+              type: string
+            perks:
+              type: string
+            categories:
+              type: string
+            info:
+              type: string
+    responses:
+        200:
+            description: OK
+            content:
+                application/json:
+                    schema:
+                        type: object
+                        properties:
+                            success:
+                                type: boolean
+                            message:
+                                type: string
+                            session:
+                                type: object
+                                properties:
+                                    token:
+                                        type: string
+                                    expires:
+                                        type: string
+    '''
+
     user = request.user
     event = db.session.query(Event).filter(Event.event_id == event_id).first()
     role = user.roles.filter(
@@ -318,4 +358,3 @@ def edit_event(event_id, **kwargs):
 
     db.session.commit()
     return {'success': True, 'message': '', 'event': EventSchema().dump(event)}
-
diff --git a/backend/api/helpers.py b/backend/api/helpers.py
@@ -6,12 +6,19 @@
 from database.session import Session
 from database.user import User
 
+if DEBUG: from config import swagger
 
 def all_helper():
     return None
 
 
 def requires_auth(func):
+    # Automatic Swagger documentation magic
+    if not hasattr(func, 'specs_dict'): func.specs_dict = {}
+    func.specs_dict.update({
+        'security': [{'bearerAuth': []}]
+    })
+
     @wraps(func)
     def wrapper(*args, **kwargs):
         raw_auth = request.headers.get('Authorization')
@@ -49,13 +56,35 @@ def wrapper(*args, **kwargs):
 
 def validate_types(expected):
     def _validate_types(func):
+        # Automatic Swagger documentation magic
+        if not hasattr(func, 'specs_dict'): func.specs_dict = {}
+        if not 'parameters' in func.specs_dict: func.specs_dict['parameters'] = [{
+            'in': 'body',
+            'name': 'body',
+            'required': True
+        }]
+
+        TYPE_MAP = {str: 'string', int: 'integer', float: 'number',
+                    bool: 'boolean'}
+
+        schema = {
+            'required': list(expected.keys()),
+            'properties': {}
+        }
+
+        for key, data in expected.items():
+            schema['properties'][key] = {'type': TYPE_MAP[data['type']]}
+
+        func.specs_dict['parameters'][0].update({'schema': schema})
+
+
         @wraps(func)
         def wrapper(*args, **body):
             # Check each type and add to invalid if not correct
             invalid = {}
-            for key, type in expected.items():
-                if (not key in body or not isinstance(body[key], type)):
-                    invalid[key] = type
+            for key, data in expected.items():
+                if (not key in body or not isinstance(body[key], data['type'])):
+                    invalid[key] = data['type']
 
             # if there's any invalid fields, respond with an error
             if (len(invalid) > 0):