Add one on one API

Author: recrsn

snowflake/acl/__init__.py

@@ -0,0 +1 @@
+from .one_on_one import *

snowflake/acl/one_on_one.py

@@ -0,0 +1,11 @@
+from flask_login import current_user
+
+from snowflake.models import OneOnOne, User
+
+
+def can_view_one_on_one(one_on_one: OneOnOne, user: User = current_user):
+    return user.id == one_on_one.user_id or user.id == one_on_one.created_by_id
+
+
+def can_delete_one_on_one(one_on_one: OneOnOne, user: User = current_user):
+    return can_view_one_on_one(one_on_one, user)

snowflake/app.py

@@ -24,9 +24,12 @@
 
 app.register_blueprint(api.healthcheck.blueprint, url_prefix="/api/healthcheck")
 app.register_blueprint(index.blueprint)
+
+app.register_blueprint(api.notifications.blueprint, url_prefix="/api/notifications")
+app.register_blueprint(api.one_on_ones.blueprint, url_prefix="/api/one_on_ones")
 app.register_blueprint(api.token.blueprint, url_prefix="/api/tokens")
 app.register_blueprint(api.users.blueprint, url_prefix="/api/users")
-app.register_blueprint(api.notifications.blueprint, url_prefix="/api/notifications")
+
 app.register_blueprint(login.blueprint, url_prefix="/login")
 app.register_blueprint(register.blueprint, url_prefix="/register")
 app.register_blueprint(profile.blueprint, url_prefix="/profile")

snowflake/controllers/api/__init__.py

@@ -1,4 +1,5 @@
-from . import users
+from . import healthcheck
 from . import notifications
+from . import one_on_ones
 from . import token
-from . import healthcheck
+from . import users

snowflake/controllers/api/one_on_ones.py

@@ -0,0 +1,192 @@
+from datetime import datetime
+
+from flask import Blueprint, request
+from flask_login import login_required, current_user
+from marshmallow import ValidationError
+
+from .response import not_found, unauthorized, no_content, bad_request, validation_error
+from ... import acl
+from ...db import transaction, db
+from ...models import OneOnOne, OneOnOneActionItem
+from ...schemas.one_on_one import OneOnOneSchema, GetOneOnOneSchema, CreateOneOnOneSchema, OneOnOneActionItemSchema, \
+    CreateOrEditOneOnOneActionItemSchema
+
+blueprint = Blueprint('api.one_on_ones', __name__)
+
+one_on_one_schema = OneOnOneSchema()
+one_on_one_action_item_schema = OneOnOneActionItemSchema()
+get_one_on_one_schema = GetOneOnOneSchema()
+create_one_on_one_schema = CreateOneOnOneSchema()
+create_or_edit_one_on_one_action_item_schema = CreateOrEditOneOnOneActionItemSchema()
+
+
+@blueprint.route('', methods=['GET'])
+@login_required
+def list_all():
+    return one_on_one_schema.jsonify(OneOnOne.get_by_user(current_user), many=True)
+
+
+@blueprint.route('', methods=['PUT'])
+@login_required
+def create():
+    if not request.is_json:
+        return bad_request()
+
+    try:
+        one_on_one: OneOnOne = create_one_on_one_schema.load(request.json)
+        one_on_one.created_by = current_user
+        one_on_one.created_at = datetime.now()
+
+        with transaction():
+            OneOnOne.create(one_on_one)
+
+        return get_one_on_one_schema.jsonify(one_on_one)
+    except ValidationError as e:
+        return validation_error(e.messages)
+
+
+@blueprint.route('/<_id>', methods=['GET'])
+@login_required
+def get(_id: int):
+    one_on_one = OneOnOne.get(_id)
+
+    if not one_on_one:
+        return not_found()
+
+    if not acl.can_view_one_on_one(one_on_one):
+        return unauthorized()
+
+    return get_one_on_one_schema.jsonify(one_on_one)
+
+
+@blueprint.route('/<one_on_one_id>/action_items', methods=['GET'])
+@login_required
+def get_action_items(one_on_one_id: int):
+    one_on_one = OneOnOne.get(one_on_one_id)
+
+    if not one_on_one:
+        return not_found()
+
+    if not acl.can_view_one_on_one(one_on_one):
+        return unauthorized()
+
+    return one_on_one_action_item_schema.jsonify(one_on_one.action_items, many=True)
+
+
+@blueprint.route('/<one_on_one_id>/action_items/<action_item_id>', methods=['GET'])
+@login_required
+def get_action_item(one_on_one_id: int, action_item_id: int):
+    one_on_one = OneOnOne.get(one_on_one_id)
+
+    if not one_on_one:
+        return not_found()
+
+    if not acl.can_view_one_on_one(one_on_one):
+        return unauthorized()
+
+    action_item = OneOnOneActionItem.get(action_item_id)
+
+    if not action_item:
+        return not_found()
+
+    if not action_item.one_on_one_id == one_on_one.id:
+        return not_found()
+
+    return one_on_one_action_item_schema.jsonify(action_item)
+
+
+@blueprint.route('/<one_on_one_id>/action_items/<action_item_id>', methods=['DELETE'])
+@login_required
+def delete_action_item(one_on_one_id: int, action_item_id: int):
+    one_on_one = OneOnOne.get(one_on_one_id)
+
+    if not one_on_one:
+        return not_found()
+
+    if not acl.can_view_one_on_one(one_on_one):
+        return unauthorized()
+
+    action_item = OneOnOneActionItem.get(action_item_id)
+
+    if not action_item:
+        return not_found()
+
+    if not action_item.one_on_one_id == one_on_one.id:
+        return not_found()
+
+    with transaction():
+        db.session.remove(one_on_one)
+
+    return no_content()
+
+
+@blueprint.route('/<one_on_one_id>/action_items', methods=['PUT'])
+@login_required
+def create_action_item(one_on_one_id: int):
+    if not request.is_json:
+        return bad_request()
+
+    one_on_one = OneOnOne.get(one_on_one_id)
+
+    if not one_on_one:
+        return not_found()
+
+    if not acl.can_view_one_on_one(one_on_one):
+        return unauthorized()
+
+    try:
+        action_item: OneOnOneActionItem = create_or_edit_one_on_one_action_item_schema.load(request.json)
+        action_item.one_on_one = one_on_one
+        action_item.created_by = current_user
+        action_item.created_at = datetime.now()
+
+        with transaction():
+            OneOnOneActionItem.create(action_item)
+
+        return one_on_one_action_item_schema.jsonify(action_item)
+    except ValidationError as e:
+        return validation_error(e.messages)
+
+
+@blueprint.route('/<one_on_one_id>/action_items/<action_item_id>', methods=['PATCH'])
+@login_required
+def edit_action_item(one_on_one_id: int, action_item_id: int):
+    if not request.is_json:
+        return bad_request()
+
+    one_on_one = OneOnOne.get(one_on_one_id)
+
+    if not one_on_one:
+        return not_found()
+
+    if not acl.can_view_one_on_one(one_on_one):
+        return unauthorized()
+
+    action_item = OneOnOneActionItem.get(action_item_id)
+
+    try:
+        action_item: OneOnOneActionItem = create_or_edit_one_on_one_action_item_schema.load(request.json, action_item)
+
+        with transaction():
+            db.session.add(action_item)
+
+        return one_on_one_action_item_schema.jsonify(action_item)
+    except ValidationError as e:
+        return validation_error(e.messages)
+
+
+@blueprint.route('/<_id>', methods=['DELETE'])
+@login_required
+def delete_one_on_one(_id: int):
+    one_on_one = OneOnOne.get(_id)
+
+    if not one_on_one:
+        return not_found()
+
+    if not acl.can_delete_one_on_one(one_on_one):
+        return unauthorized()
+
+    with transaction():
+        db.session.remove(one_on_one)
+
+    return no_content()

snowflake/controllers/api/response.py

@@ -9,6 +9,13 @@ def bad_request(message="Bad request"):
     return error_body(message), 400
 
 
+def validation_error(messages):
+    return jsonify({
+        'message': 'Validation error',
+        'errors': messages
+    }), 400
+
+
 def not_found(message="Not found"):
     return error_body(message), 404
 
@@ -19,3 +26,7 @@ def forbidden(message="Forbidden"):
 
 def unauthorized(message="Unauthorized"):
     return error_body(message), 401
+
+
+def no_content():
+    return '', 204

snowflake/models/one_on_one_action_item.py

@@ -3,7 +3,7 @@
 
 class OneOnOneActionItem(db.Model):
     id = db.Column(db.BigInteger, primary_key=True)
-    state = db.Column(db.Boolean)
+    state = db.Column(db.Boolean, default=False)
     content = db.Column(db.String)
 
     one_on_one_id = db.Column(db.BigInteger, db.ForeignKey('one_on_one.id'), nullable=False)
@@ -22,5 +22,5 @@ def update(self):
         db.session.commit()
 
     @staticmethod
-    def get(_id):
+    def get(_id) -> 'OneOnOneActionItem':
         return OneOnOneActionItem.query.get(_id)

snowflake/schemas/fields.py

@@ -0,0 +1,20 @@
+from marshmallow import ValidationError
+from marshmallow.fields import Field
+
+from ..models import User
+
+
+class UserByUsername(Field):
+    def _deserialize(self, value: str, attr, data, **kwargs):
+        user = User.get_by_username(value)
+
+        if not user:
+            raise ValidationError(f"User {value} not found")
+
+        return user
+
+    def _serialize(self, value: User, attr, obj, **kwargs):
+        if value is None:
+            return None
+
+        return value.username

snowflake/schemas/one_on_one.py

@@ -0,0 +1,49 @@
+from marshmallow.fields import List
+from marshmallow_sqlalchemy.fields import Nested
+
+from .fields import UserByUsername
+from .user import UserSchema
+from ..marshmallow import marshmallow
+from ..models import OneOnOne, OneOnOneActionItem
+
+
+class OneOnOneActionItemSchema(marshmallow.SQLAlchemySchema):
+    class Meta:
+        model = OneOnOneActionItem
+
+    id = marshmallow.auto_field()
+    state = marshmallow.auto_field()
+    content = marshmallow.auto_field()
+
+    created_by = Nested(UserSchema)
+
+
+class CreateOrEditOneOnOneActionItemSchema(marshmallow.SQLAlchemySchema):
+    class Meta:
+        model = OneOnOneActionItem
+        load_instance = True
+
+    state = marshmallow.auto_field()
+    content = marshmallow.auto_field()
+
+
+class OneOnOneSchema(marshmallow.SQLAlchemySchema):
+    class Meta:
+        model = OneOnOne
+
+    id = marshmallow.auto_field()
+    created_at = marshmallow.auto_field()
+    created_by = Nested(UserSchema)
+    user = Nested(UserSchema)
+
+
+class GetOneOnOneSchema(OneOnOneSchema):
+    action_items = List(Nested(OneOnOneActionItemSchema))
+
+
+class CreateOneOnOneSchema(marshmallow.SQLAlchemySchema):
+    class Meta:
+        model = OneOnOne
+        load_instance = True
+
+    user = UserByUsername()