darkhelm/notifications-api
1
0
Fork 0
mirror of https://github.com/GSA/notifications-api.git synced 2025-12-09 14:42:24 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
501e63ea680421eaf0095b8b48d095b5524b858c
notifications-api/app/provider_details/rest.py
Kenneth Kehl 58a8b51f59 more input checking
2025-06-26 10:35:46 -07:00

80 lines
2.8 KiB
Python
Raw Blame History

from flask import Blueprint, jsonify, request
from app.dao.provider_details_dao import (
dao_get_provider_stats,
dao_get_provider_versions,
dao_update_provider_details,
get_provider_details_by_id,
)
from app.dao.users_dao import get_user_by_id
from app.errors import InvalidRequest, register_errors
from app.schemas import provider_details_history_schema, provider_details_schema
from app.utils import check_suspicious_id
provider_details = Blueprint("provider_details", __name__)
register_errors(provider_details)
@provider_details.route("", methods=["GET"])
def get_providers():
data = dao_get_provider_stats()
provider_details = [
{
"id": row.id,
"display_name": row.display_name,
"identifier": row.identifier,
"notification_type": row.notification_type,
"active": row.active,
"updated_at": row.updated_at,
"supports_international": row.supports_international,
"created_by_name": row.created_by_name,
"current_month_billable_sms": row.current_month_billable_sms,
}
for row in data
]
return jsonify(provider_details=provider_details)
@provider_details.route("/<uuid:provider_details_id>", methods=["GET"])
def get_provider_by_id(provider_details_id):
check_suspicious_id(provider_details_id)
data = provider_details_schema.dump(get_provider_details_by_id(provider_details_id))
return jsonify(provider_details=data)
@provider_details.route("/<uuid:provider_details_id>/versions", methods=["GET"])
def get_provider_versions(provider_details_id):
check_suspicious_id(provider_details_id)
versions = dao_get_provider_versions(provider_details_id)
data = provider_details_history_schema.dump(versions, many=True)
return jsonify(data=data)
@provider_details.route("/<uuid:provider_details_id>", methods=["POST"])
def update_provider_details(provider_details_id):
check_suspicious_id(provider_details_id)
valid_keys = {"priority", "created_by", "active"}
req_json = request.get_json()
invalid_keys = req_json.keys() - valid_keys
if invalid_keys:
message = "Not permitted to be updated"
errors = {key: [message] for key in invalid_keys}
raise InvalidRequest(errors, status_code=400)
provider = get_provider_details_by_id(provider_details_id)
# Handle created_by differently due to how history entry is created
if "created_by" in req_json:
user = get_user_by_id(req_json["created_by"])
provider.created_by_id = user.id
req_json.pop("created_by")
for key in req_json:
setattr(provider, key, req_json[key])
dao_update_provider_details(provider)
return jsonify(provider_details=provider_details_schema.dump(provider)), 200
Reference in New Issue View Git Blame Copy Permalink