zcash-grant-system/backend/grant/admin/views.py

from functools import wraps
from flask import Blueprint, g, session, request
from flask_yoloapi import endpoint, parameter
from hashlib import sha256
from uuid import uuid4
from flask_cors import CORS, cross_origin
from sqlalchemy import func, or_

from grant.extensions import db
from grant.user.models import User, users_schema, user_schema
from grant.proposal.models import (
    Proposal,
    ProposalContribution,
    proposals_schema,
    proposal_schema,
    user_proposal_contributions_schema,
    PENDING
)
from grant.comment.models import Comment, comments_schema, user_comments_schema
from grant.email.send import generate_email
from .example_emails import example_email_args


blueprint = Blueprint('admin', __name__, url_prefix='/api/v1/admin')


admin_auth = {
    "username": "admin",
    "password": "79994491a17ec1d817fb0330303ea88880835961fbab1d12329f5d720602fbb3",
    "salt": "ad01deb1ccba4d0e8b831ed3d1e82c10"
}


def auth_required(f):
    @wraps(f)
    def decorated(*args, **kwargs):
        if 'username' in session:
            return f(*args, **kwargs)
        else:
            return {"message": "Authentication required"}, 401

    return decorated


@blueprint.route("/checklogin", methods=["GET"])
@endpoint.api()
def loggedin():
    if 'username' in session:
        return {"isLoggedIn": True}
    if 'username' not in session:
        return {"isLoggedIn": False}


@blueprint.route("/login", methods=["POST"])
@endpoint.api(
    parameter('username', type=str, required=False),
    parameter('password', type=str, required=False),
)
def login(username, password):
    pass_salt = ('%s%s' % (password, admin_auth['salt'])).encode('utf-8')
    pass_hash = sha256(pass_salt).hexdigest()
    if username == admin_auth['username'] and pass_hash == admin_auth['password']:
        session['username'] = username
        return {"isLoggedIn": True}
    else:
        return {"message": "Username or password incorrect."}, 401


@blueprint.route("/logout", methods=["GET"])
@endpoint.api()
def logout():
    del session['username']
    return {"isLoggedIn": False}


@blueprint.route("/stats", methods=["GET"])
@endpoint.api()
@auth_required
def stats():
    user_count = db.session.query(func.count(User.id)).scalar()
    proposal_count = db.session.query(func.count(Proposal.id)).scalar()
    proposal_pending_count = db.session.query(func.count(Proposal.id)) \
        .filter(Proposal.status == PENDING) \
        .scalar()
    return {
        "userCount": user_count,
        "proposalCount": proposal_count,
        "proposalPendingCount": proposal_pending_count,
    }


# USERS


@blueprint.route('/users/<id>', methods=['DELETE'])
@endpoint.api()
@auth_required
def delete_user(id):
    return {"message": "Not implemented."}, 400


@blueprint.route("/users", methods=["GET"])
@endpoint.api()
@auth_required
def get_users():
    users = User.query.all()
    result = users_schema.dump(users)
    return result


@blueprint.route('/users/<id>', methods=['GET'])
@endpoint.api()
@auth_required
def get_user(id):
    user_db = User.query.filter(User.id == id).first()
    if user_db:
        user = user_schema.dump(user_db)
        user_proposals = Proposal.query.filter(Proposal.team.any(id=user['userid'])).all()
        user['proposals'] = proposals_schema.dump(user_proposals)
        user_comments = Comment.get_by_user(user_db)
        user['comments'] = user_comments_schema.dump(user_comments)
        contributions = ProposalContribution.get_by_userid(user_db.id)
        contributions_dump = user_proposal_contributions_schema.dump(contributions)
        user["contributions"] = contributions_dump
        return user
    return {"message": f"Could not find user with id {id}"}, 404


# PROPOSALS


@blueprint.route("/proposals", methods=["GET"])
@endpoint.api()
@auth_required
def get_proposals():
    # endpoint.api doesn't seem to handle GET query array input
    status_filters = request.args.getlist('statusFilters[]')
    or_filter = or_(Proposal.status == v for v in status_filters)
    proposals = Proposal.query.filter(or_filter) \
        .order_by(Proposal.date_created.desc()) \
        .all()
    # TODO: return partial data for list
    dumped_proposals = proposals_schema.dump(proposals)
    return dumped_proposals


@blueprint.route('/proposals/<id>', methods=['GET'])
@endpoint.api()
@auth_required
def get_proposal(id):
    proposal = Proposal.query.filter(Proposal.id == id).first()
    if proposal:
        return proposal_schema.dump(proposal)
    return {"message": "Could not find proposal with id %s" % id}, 404


@blueprint.route('/proposals/<id>', methods=['DELETE'])
@endpoint.api()
@auth_required
def delete_proposal(id):
    return {"message": "Not implemented."}, 400


@blueprint.route('/proposals/<id>/approve', methods=['PUT'])
@endpoint.api(
    parameter('isApprove', type=bool, required=True),
    parameter('rejectReason', type=str, required=False)
)
@auth_required
def approve_proposal(id, is_approve, reject_reason=None):
    proposal = Proposal.query.filter_by(id=id).first()
    if proposal:
        proposal.approve_pending(is_approve, reject_reason)
        db.session.commit()
        return proposal_schema.dump(proposal)

    return {"message": "Not implemented."}, 400


# EMAIL


@blueprint.route('/email/example/<type>', methods=['GET'])
@cross_origin(supports_credentials=True)
@endpoint.api()
@auth_required
def get_email_example(type):
    email = generate_email(type, example_email_args.get(type))
    if email['info'].get('subscription'):
        # Unserializable, so remove
        email['info'].pop('subscription', None)
    return email
Admin (#164) * admin backend * admin ui * tslint ignore contracts * fix name * build & serve 2018-10-30 09:35:47 -07:00			`from functools import wraps`
Proposal Approval Process (#39) * endpoints and model support for proposal approval * admin test + proposal approval tests * GET user/<id> withPending support * basic withPending suport for Profile * change create publish to sumbit for approval * admin proposal filter by status + some refactoring * admin: update antd * backend: admin get single proposal + populate date_approved * admin: rework Proposals + support approval * backend: approval process updates * admin: review count on home + cosmetic * frontend: proposal approval flow * Profile ZEC/ZAT adjustments * fix regression in formatUserFromGet + update error type in users/reducers * fix merge tsc issues * publish warning vebiage change * fix ssr fetchProposal 404 hang bug * proposals/<id> - limit status non-LIVE to team member, exclude DELETED * various adjustments to Proposal based on `status` * remove comments * Proposal statuses to banner style + fix up CreateFlow - Preview mode * Proposal tsc fix 2019-01-09 10:23:08 -08:00			`from flask import Blueprint, g, session, request`
Admin (#164) * admin backend * admin ui * tslint ignore contracts * fix name * build & serve 2018-10-30 09:35:47 -07:00			`from flask_yoloapi import endpoint, parameter`
			`from hashlib import sha256`
			`from uuid import uuid4`
			`from flask_cors import CORS, cross_origin`
Proposal Approval Process (#39) * endpoints and model support for proposal approval * admin test + proposal approval tests * GET user/<id> withPending support * basic withPending suport for Profile * change create publish to sumbit for approval * admin proposal filter by status + some refactoring * admin: update antd * backend: admin get single proposal + populate date_approved * admin: rework Proposals + support approval * backend: approval process updates * admin: review count on home + cosmetic * frontend: proposal approval flow * Profile ZEC/ZAT adjustments * fix regression in formatUserFromGet + update error type in users/reducers * fix merge tsc issues * publish warning vebiage change * fix ssr fetchProposal 404 hang bug * proposals/<id> - limit status non-LIVE to team member, exclude DELETED * various adjustments to Proposal based on `status` * remove comments * Proposal statuses to banner style + fix up CreateFlow - Preview mode * Proposal tsc fix 2019-01-09 10:23:08 -08:00			`from sqlalchemy import func, or_`
Admin (#164) * admin backend * admin ui * tslint ignore contracts * fix name * build & serve 2018-10-30 09:35:47 -07:00
			`from grant.extensions import db`
Admin - rework user list/user detail (#80) * fix UserCommentSchema to no longer exclude contributions (no longer on ProposalSchema) * return more detail for /admin/users/<id> * admin: add UserDetail + refactoring * remove unused state from UserItem.tsx 2019-01-16 21:01:29 -08:00			`from grant.user.models import User, users_schema, user_schema`
			`from grant.proposal.models import (`
			`Proposal,`
			`ProposalContribution,`
			`proposals_schema,`
			`proposal_schema,`
			`user_proposal_contributions_schema,`
			`PENDING`
			`)`
			`from grant.comment.models import Comment, comments_schema, user_comments_schema`
Email admin + more email templates (#37) * Email admin page with previews. * Move example args to backend since emails take in Python classes. * Text version of invite email. * Proposal approval / rejection emails. * Back button. * Contribution confirmed email. 2019-01-09 11:08:25 -08:00			`from grant.email.send import generate_email`
			`from .example_emails import example_email_args`
Admin (#164) * admin backend * admin ui * tslint ignore contracts * fix name * build & serve 2018-10-30 09:35:47 -07:00

			`blueprint = Blueprint('admin', __name__, url_prefix='/api/v1/admin')`


			`admin_auth = {`
			`"username": "admin",`
			`"password": "79994491a17ec1d817fb0330303ea88880835961fbab1d12329f5d720602fbb3",`
			`"salt": "ad01deb1ccba4d0e8b831ed3d1e82c10"`
			`}`


			`def auth_required(f):`
			`@wraps(f)`
			`def decorated(args, *kwargs):`
			`if 'username' in session:`
			`return f(args, *kwargs)`
			`else:`
			`return {"message": "Authentication required"}, 401`

			`return decorated`


			`@blueprint.route("/checklogin", methods=["GET"])`
			`@endpoint.api()`
			`def loggedin():`
			`if 'username' in session:`
			`return {"isLoggedIn": True}`
			`if 'username' not in session:`
			`return {"isLoggedIn": False}`


			`@blueprint.route("/login", methods=["POST"])`
			`@endpoint.api(`
			`parameter('username', type=str, required=False),`
			`parameter('password', type=str, required=False),`
			`)`
			`def login(username, password):`
			`pass_salt = ('%s%s' % (password, admin_auth['salt'])).encode('utf-8')`
			`pass_hash = sha256(pass_salt).hexdigest()`
			`if username == admin_auth['username'] and pass_hash == admin_auth['password']:`
			`session['username'] = username`
			`return {"isLoggedIn": True}`
			`else:`
			`return {"message": "Username or password incorrect."}, 401`


			`@blueprint.route("/logout", methods=["GET"])`
			`@endpoint.api()`
			`def logout():`
			`del session['username']`
			`return {"isLoggedIn": False}`


			`@blueprint.route("/stats", methods=["GET"])`
			`@endpoint.api()`
			`@auth_required`
			`def stats():`
			`user_count = db.session.query(func.count(User.id)).scalar()`
			`proposal_count = db.session.query(func.count(Proposal.id)).scalar()`
Proposal Approval Process (#39) * endpoints and model support for proposal approval * admin test + proposal approval tests * GET user/<id> withPending support * basic withPending suport for Profile * change create publish to sumbit for approval * admin proposal filter by status + some refactoring * admin: update antd * backend: admin get single proposal + populate date_approved * admin: rework Proposals + support approval * backend: approval process updates * admin: review count on home + cosmetic * frontend: proposal approval flow * Profile ZEC/ZAT adjustments * fix regression in formatUserFromGet + update error type in users/reducers * fix merge tsc issues * publish warning vebiage change * fix ssr fetchProposal 404 hang bug * proposals/<id> - limit status non-LIVE to team member, exclude DELETED * various adjustments to Proposal based on `status` * remove comments * Proposal statuses to banner style + fix up CreateFlow - Preview mode * Proposal tsc fix 2019-01-09 10:23:08 -08:00			`proposal_pending_count = db.session.query(func.count(Proposal.id)) \`
			`.filter(Proposal.status == PENDING) \`
			`.scalar()`
Admin (#164) * admin backend * admin ui * tslint ignore contracts * fix name * build & serve 2018-10-30 09:35:47 -07:00			`return {`
			`"userCount": user_count,`
Proposal Approval Process (#39) * endpoints and model support for proposal approval * admin test + proposal approval tests * GET user/<id> withPending support * basic withPending suport for Profile * change create publish to sumbit for approval * admin proposal filter by status + some refactoring * admin: update antd * backend: admin get single proposal + populate date_approved * admin: rework Proposals + support approval * backend: approval process updates * admin: review count on home + cosmetic * frontend: proposal approval flow * Profile ZEC/ZAT adjustments * fix regression in formatUserFromGet + update error type in users/reducers * fix merge tsc issues * publish warning vebiage change * fix ssr fetchProposal 404 hang bug * proposals/<id> - limit status non-LIVE to team member, exclude DELETED * various adjustments to Proposal based on `status` * remove comments * Proposal statuses to banner style + fix up CreateFlow - Preview mode * Proposal tsc fix 2019-01-09 10:23:08 -08:00			`"proposalCount": proposal_count,`
			`"proposalPendingCount": proposal_pending_count,`
Admin (#164) * admin backend * admin ui * tslint ignore contracts * fix name * build & serve 2018-10-30 09:35:47 -07:00			`}`


Admin - rework user list/user detail (#80) * fix UserCommentSchema to no longer exclude contributions (no longer on ProposalSchema) * return more detail for /admin/users/<id> * admin: add UserDetail + refactoring * remove unused state from UserItem.tsx 2019-01-16 21:01:29 -08:00			`# USERS`


Admin (#164) * admin backend * admin ui * tslint ignore contracts * fix name * build & serve 2018-10-30 09:35:47 -07:00			`@blueprint.route('/users/<id>', methods=['DELETE'])`
			`@endpoint.api()`
			`@auth_required`
			`def delete_user(id):`
Admin adjustments (#167) * disable admin delete user & proposal endpoints * handle absence of web3 gracefully 2018-11-01 18:35:14 -07:00			`return {"message": "Not implemented."}, 400`
Admin (#164) * admin backend * admin ui * tslint ignore contracts * fix name * build & serve 2018-10-30 09:35:47 -07:00

			`@blueprint.route("/users", methods=["GET"])`
			`@endpoint.api()`
			`@auth_required`
			`def get_users():`
			`users = User.query.all()`
			`result = users_schema.dump(users)`
Admin - rework user list/user detail (#80) * fix UserCommentSchema to no longer exclude contributions (no longer on ProposalSchema) * return more detail for /admin/users/<id> * admin: add UserDetail + refactoring * remove unused state from UserItem.tsx 2019-01-16 21:01:29 -08:00			`return result`


			`@blueprint.route('/users/<id>', methods=['GET'])`
			`@endpoint.api()`
			`@auth_required`
			`def get_user(id):`
			`user_db = User.query.filter(User.id == id).first()`
			`if user_db:`
			`user = user_schema.dump(user_db)`
Admin (#164) * admin backend * admin ui * tslint ignore contracts * fix name * build & serve 2018-10-30 09:35:47 -07:00			`user_proposals = Proposal.query.filter(Proposal.team.any(id=user['userid'])).all()`
			`user['proposals'] = proposals_schema.dump(user_proposals)`
Admin - rework user list/user detail (#80) * fix UserCommentSchema to no longer exclude contributions (no longer on ProposalSchema) * return more detail for /admin/users/<id> * admin: add UserDetail + refactoring * remove unused state from UserItem.tsx 2019-01-16 21:01:29 -08:00			`user_comments = Comment.get_by_user(user_db)`
			`user['comments'] = user_comments_schema.dump(user_comments)`
			`contributions = ProposalContribution.get_by_userid(user_db.id)`
			`contributions_dump = user_proposal_contributions_schema.dump(contributions)`
			`user["contributions"] = contributions_dump`
			`return user`
			`return {"message": f"Could not find user with id {id}"}, 404`


			`# PROPOSALS`
Admin (#164) * admin backend * admin ui * tslint ignore contracts * fix name * build & serve 2018-10-30 09:35:47 -07:00

			`@blueprint.route("/proposals", methods=["GET"])`
			`@endpoint.api()`
			`@auth_required`
			`def get_proposals():`
Proposal Approval Process (#39) * endpoints and model support for proposal approval * admin test + proposal approval tests * GET user/<id> withPending support * basic withPending suport for Profile * change create publish to sumbit for approval * admin proposal filter by status + some refactoring * admin: update antd * backend: admin get single proposal + populate date_approved * admin: rework Proposals + support approval * backend: approval process updates * admin: review count on home + cosmetic * frontend: proposal approval flow * Profile ZEC/ZAT adjustments * fix regression in formatUserFromGet + update error type in users/reducers * fix merge tsc issues * publish warning vebiage change * fix ssr fetchProposal 404 hang bug * proposals/<id> - limit status non-LIVE to team member, exclude DELETED * various adjustments to Proposal based on `status` * remove comments * Proposal statuses to banner style + fix up CreateFlow - Preview mode * Proposal tsc fix 2019-01-09 10:23:08 -08:00			`# endpoint.api doesn't seem to handle GET query array input`
			`status_filters = request.args.getlist('statusFilters[]')`
			`or_filter = or_(Proposal.status == v for v in status_filters)`
			`proposals = Proposal.query.filter(or_filter) \`
			`.order_by(Proposal.date_created.desc()) \`
			`.all()`
			`# TODO: return partial data for list`
Admin (#164) * admin backend * admin ui * tslint ignore contracts * fix name * build & serve 2018-10-30 09:35:47 -07:00			`dumped_proposals = proposals_schema.dump(proposals)`
			`return dumped_proposals`


Proposal Approval Process (#39) * endpoints and model support for proposal approval * admin test + proposal approval tests * GET user/<id> withPending support * basic withPending suport for Profile * change create publish to sumbit for approval * admin proposal filter by status + some refactoring * admin: update antd * backend: admin get single proposal + populate date_approved * admin: rework Proposals + support approval * backend: approval process updates * admin: review count on home + cosmetic * frontend: proposal approval flow * Profile ZEC/ZAT adjustments * fix regression in formatUserFromGet + update error type in users/reducers * fix merge tsc issues * publish warning vebiage change * fix ssr fetchProposal 404 hang bug * proposals/<id> - limit status non-LIVE to team member, exclude DELETED * various adjustments to Proposal based on `status` * remove comments * Proposal statuses to banner style + fix up CreateFlow - Preview mode * Proposal tsc fix 2019-01-09 10:23:08 -08:00			`@blueprint.route('/proposals/<id>', methods=['GET'])`
			`@endpoint.api()`
			`@auth_required`
			`def get_proposal(id):`
			`proposal = Proposal.query.filter(Proposal.id == id).first()`
			`if proposal:`
			`return proposal_schema.dump(proposal)`
			`return {"message": "Could not find proposal with id %s" % id}, 404`


Admin (#164) * admin backend * admin ui * tslint ignore contracts * fix name * build & serve 2018-10-30 09:35:47 -07:00			`@blueprint.route('/proposals/<id>', methods=['DELETE'])`
			`@endpoint.api()`
			`@auth_required`
			`def delete_proposal(id):`
Admin adjustments (#167) * disable admin delete user & proposal endpoints * handle absence of web3 gracefully 2018-11-01 18:35:14 -07:00			`return {"message": "Not implemented."}, 400`
Proposal Approval Process (#39) * endpoints and model support for proposal approval * admin test + proposal approval tests * GET user/<id> withPending support * basic withPending suport for Profile * change create publish to sumbit for approval * admin proposal filter by status + some refactoring * admin: update antd * backend: admin get single proposal + populate date_approved * admin: rework Proposals + support approval * backend: approval process updates * admin: review count on home + cosmetic * frontend: proposal approval flow * Profile ZEC/ZAT adjustments * fix regression in formatUserFromGet + update error type in users/reducers * fix merge tsc issues * publish warning vebiage change * fix ssr fetchProposal 404 hang bug * proposals/<id> - limit status non-LIVE to team member, exclude DELETED * various adjustments to Proposal based on `status` * remove comments * Proposal statuses to banner style + fix up CreateFlow - Preview mode * Proposal tsc fix 2019-01-09 10:23:08 -08:00

			`@blueprint.route('/proposals/<id>/approve', methods=['PUT'])`
			`@endpoint.api(`
			`parameter('isApprove', type=bool, required=True),`
			`parameter('rejectReason', type=str, required=False)`
			`)`
			`@auth_required`
			`def approve_proposal(id, is_approve, reject_reason=None):`
			`proposal = Proposal.query.filter_by(id=id).first()`
			`if proposal:`
			`proposal.approve_pending(is_approve, reject_reason)`
			`db.session.commit()`
			`return proposal_schema.dump(proposal)`

			`return {"message": "Not implemented."}, 400`
Email admin + more email templates (#37) * Email admin page with previews. * Move example args to backend since emails take in Python classes. * Text version of invite email. * Proposal approval / rejection emails. * Back button. * Contribution confirmed email. 2019-01-09 11:08:25 -08:00

Admin - rework user list/user detail (#80) * fix UserCommentSchema to no longer exclude contributions (no longer on ProposalSchema) * return more detail for /admin/users/<id> * admin: add UserDetail + refactoring * remove unused state from UserItem.tsx 2019-01-16 21:01:29 -08:00			`# EMAIL`


Email admin + more email templates (#37) * Email admin page with previews. * Move example args to backend since emails take in Python classes. * Text version of invite email. * Proposal approval / rejection emails. * Back button. * Contribution confirmed email. 2019-01-09 11:08:25 -08:00			`@blueprint.route('/email/example/<type>', methods=['GET'])`
			`@cross_origin(supports_credentials=True)`
			`@endpoint.api()`
			`@auth_required`
			`def get_email_example(type):`
Email settings + unsubscribe (#75) * user subscription_settings utils + tests * UserSettings user/models updates * GET /<user_id>/settings endpoint * PUT /<user_id>/settings + more tests + refactoring * Email Notifications settings tab * email subscription verbiage * email-unsubscribe page + refactors * hook up send_email for proposal approval + add subscription checks to send_email * fix merge bug * Send email on contribution. Dont double-count contributions from the blockchain watcher. * Proposal contribution email, and fix email admin. * Send email to team on contribution received. * Email comment creator of their replies. * Send comments to proposal creator. Adjust templates for all comment emails. * Send email on contribution update. 2019-01-16 14:26:45 -08:00			`email = generate_email(type, example_email_args.get(type))`
			`if email['info'].get('subscription'):`
			`# Unserializable, so remove`
			`email['info'].pop('subscription', None)`
			`return email`