Part 6

Author: a-luna

src/flask_api_tutorial/api/widgets/business.py

@@ -2,10 +2,11 @@
 from http import HTTPStatus
 
 from flask import jsonify, url_for
-from flask_restx import abort
+from flask_restx import abort, marshal
 
 from flask_api_tutorial import db
-from flask_api_tutorial.api.auth.decorators import admin_token_required
+from flask_api_tutorial.api.auth.decorators import token_required, admin_token_required
+from flask_api_tutorial.api.widgets.dto import pagination_model, widget_name
 from flask_api_tutorial.models.user import User
 from flask_api_tutorial.models.widget import Widget
 
@@ -25,3 +26,76 @@ def create_widget(widget_dict):
     response.status_code = HTTPStatus.CREATED
     response.headers["Location"] = url_for("api.widget", name=name)
     return response
+
+
+@token_required
+def retrieve_widget_list(page, per_page):
+    pagination = Widget.query.paginate(page, per_page, error_out=False)
+    response_data = marshal(pagination, pagination_model)
+    response_data["links"] = _pagination_nav_links(pagination)
+    response = jsonify(response_data)
+    response.headers["Link"] = _pagination_nav_header_links(pagination)
+    response.headers["Total-Count"] = pagination.total
+    return response
+
+
+@token_required
+def retrieve_widget(name):
+    return Widget.query.filter_by(name=name.lower()).first_or_404(
+        description=f"{name} not found in database."
+    )
+
+
+@admin_token_required
+def update_widget(name, widget_dict):
+    widget = Widget.find_by_name(name.lower())
+    if widget:
+        for k, v in widget_dict.items():
+            setattr(widget, k, v)
+        db.session.commit()
+        message = f"'{name}' was successfully updated"
+        response_dict = dict(status="success", message=message)
+        return response_dict, HTTPStatus.OK
+    try:
+        valid_name = widget_name(name.lower())
+    except ValueError as e:
+        abort(HTTPStatus.BAD_REQUEST, str(e), status="fail")
+    widget_dict["name"] = valid_name
+    return create_widget(widget_dict)
+
+
+@admin_token_required
+def delete_widget(name):
+    widget = Widget.query.filter_by(name=name.lower()).first_or_404(
+        description=f"{name} not found in database."
+    )
+    db.session.delete(widget)
+    db.session.commit()
+    return "", HTTPStatus.NO_CONTENT
+
+
+def _pagination_nav_links(pagination):
+    nav_links = {}
+    per_page = pagination.per_page
+    this_page = pagination.page
+    last_page = pagination.pages
+    nav_links["self"] = url_for("api.widget_list", page=this_page, per_page=per_page)
+    nav_links["first"] = url_for("api.widget_list", page=1, per_page=per_page)
+    if pagination.has_prev:
+        nav_links["prev"] = url_for(
+            "api.widget_list", page=this_page - 1, per_page=per_page
+        )
+    if pagination.has_next:
+        nav_links["next"] = url_for(
+            "api.widget_list", page=this_page + 1, per_page=per_page
+        )
+    nav_links["last"] = url_for("api.widget_list", page=last_page, per_page=per_page)
+    return nav_links
+
+
+def _pagination_nav_header_links(pagination):
+    url_dict = _pagination_nav_links(pagination)
+    link_header = ""
+    for rel, url in url_dict.items():
+        link_header += f'<{url}>; rel="{rel}", '
+    return link_header.strip().strip(",")

src/flask_api_tutorial/api/widgets/dto.py

@@ -3,7 +3,9 @@
 from datetime import date, datetime, time, timezone
 
 from dateutil import parser
-from flask_restx.inputs import URL
+from flask_restx import Model
+from flask_restx.fields import Boolean, DateTime, Integer, List, Nested, String, Url
+from flask_restx.inputs import positive, URL
 from flask_restx.reqparse import RequestParser
 
 from flask_api_tutorial.util.datetime_util import make_tzaware, DATE_MONTH_NAME
@@ -66,3 +68,49 @@ def future_date_from_string(date_str):
     required=True,
     nullable=False,
 )
+
+update_widget_reqparser = create_widget_reqparser.copy()
+update_widget_reqparser.remove_argument("name")
+
+pagination_reqparser = RequestParser(bundle_errors=True)
+pagination_reqparser.add_argument("page", type=positive, required=False, default=1)
+pagination_reqparser.add_argument(
+    "per_page", type=positive, required=False, choices=[5, 10, 25, 50, 100], default=10
+)
+
+widget_owner_model = Model("Widget Owner", {"email": String, "public_id": String})
+
+widget_model = Model(
+    "Widget",
+    {
+        "name": String,
+        "info_url": String,
+        "created_at": String(attribute="created_at_str"),
+        "created_at_iso8601": DateTime(attribute="created_at"),
+        "created_at_rfc822": DateTime(attribute="created_at", dt_format="rfc822"),
+        "deadline": String(attribute="deadline_str"),
+        "deadline_passed": Boolean,
+        "time_remaining": String(attribute="time_remaining_str"),
+        "owner": Nested(widget_owner_model),
+        "link": Url("api.widget"),
+    },
+)
+
+pagination_links_model = Model(
+    "Nav Links",
+    {"self": String, "prev": String, "next": String, "first": String, "last": String},
+)
+
+pagination_model = Model(
+    "Pagination",
+    {
+        "links": Nested(pagination_links_model, skip_none=True),
+        "has_prev": Boolean,
+        "has_next": Boolean,
+        "page": Integer,
+        "total_pages": Integer(attribute="pages"),
+        "items_per_page": Integer(attribute="per_page"),
+        "total_items": Integer(attribute="total"),
+        "items": List(Nested(widget_model)),
+    },
+)

src/flask_api_tutorial/api/widgets/endpoints.py

@@ -3,10 +3,28 @@
 
 from flask_restx import Namespace, Resource
 
-from flask_api_tutorial.api.widgets.dto import create_widget_reqparser
-from flask_api_tutorial.api.widgets.business import create_widget
+from flask_api_tutorial.api.widgets.dto import (
+    create_widget_reqparser,
+    update_widget_reqparser,
+    pagination_reqparser,
+    widget_owner_model,
+    widget_model,
+    pagination_links_model,
+    pagination_model,
+)
+from flask_api_tutorial.api.widgets.business import (
+    create_widget,
+    retrieve_widget_list,
+    retrieve_widget,
+    update_widget,
+    delete_widget,
+)
 
 widget_ns = Namespace(name="widgets", validate=True)
+widget_ns.models[widget_owner_model.name] = widget_owner_model
+widget_ns.models[widget_model.name] = widget_model
+widget_ns.models[pagination_links_model.name] = pagination_links_model
+widget_ns.models[pagination_model.name] = pagination_model
 
 
 @widget_ns.route("", endpoint="widget_list")
@@ -16,6 +34,16 @@
 class WidgetList(Resource):
     """Handles HTTP requests to URL: /widgets."""
 
+    @widget_ns.doc(security="Bearer")
+    @widget_ns.response(HTTPStatus.OK, "Retrieved widget list.", pagination_model)
+    @widget_ns.expect(pagination_reqparser)
+    def get(self):
+        """Retrieve a list of widgets."""
+        request_data = pagination_reqparser.parse_args()
+        page = request_data.get("page")
+        per_page = request_data.get("per_page")
+        return retrieve_widget_list(page, per_page)
+
     @widget_ns.doc(security="Bearer")
     @widget_ns.response(int(HTTPStatus.CREATED), "Added new widget.")
     @widget_ns.response(int(HTTPStatus.FORBIDDEN), "Administrator token required.")
@@ -25,3 +53,37 @@ def post(self):
         """Create a widget."""
         widget_dict = create_widget_reqparser.parse_args()
         return create_widget(widget_dict)
+
+
+@widget_ns.route("/<name>", endpoint="widget")
+@widget_ns.param("name", "Widget name")
+@widget_ns.response(int(HTTPStatus.BAD_REQUEST), "Validation error.")
+@widget_ns.response(int(HTTPStatus.NOT_FOUND), "Widget not found.")
+@widget_ns.response(int(HTTPStatus.UNAUTHORIZED), "Unauthorized.")
+@widget_ns.response(int(HTTPStatus.INTERNAL_SERVER_ERROR), "Internal server error.")
+class Widget(Resource):
+    """Handles HTTP requests to URL: /widgets/{name}."""
+
+    @widget_ns.doc(security="Bearer")
+    @widget_ns.response(int(HTTPStatus.OK), "Retrieved widget.", widget_model)
+    @widget_ns.marshal_with(widget_model)
+    def get(self, name):
+        """Retrieve a widget."""
+        return retrieve_widget(name)
+
+    @widget_ns.doc(security="Bearer")
+    @widget_ns.response(int(HTTPStatus.OK), "Widget was updated.", widget_model)
+    @widget_ns.response(int(HTTPStatus.CREATED), "Added new widget.")
+    @widget_ns.response(int(HTTPStatus.FORBIDDEN), "Administrator token required.")
+    @widget_ns.expect(update_widget_reqparser)
+    def put(self, name):
+        """Update a widget."""
+        widget_dict = update_widget_reqparser.parse_args()
+        return update_widget(name, widget_dict)
+
+    @widget_ns.doc(security="Bearer")
+    @widget_ns.response(int(HTTPStatus.NO_CONTENT), "Widget was deleted.")
+    @widget_ns.response(int(HTTPStatus.FORBIDDEN), "Administrator token required.")
+    def delete(self, name):
+        """Delete a widget."""
+        return delete_widget(name)

tests/conftest.py

@@ -4,7 +4,7 @@
 from flask_api_tutorial import create_app
 from flask_api_tutorial import db as database
 from flask_api_tutorial.models.user import User
-from tests.util import EMAIL, PASSWORD
+from tests.util import EMAIL, ADMIN_EMAIL, PASSWORD
 
 
 @pytest.fixture
@@ -32,3 +32,11 @@ def user(db):
     db.session.add(user)
     db.session.commit()
     return user
+
+
+@pytest.fixture
+def admin(db):
+    admin = User(email=ADMIN_EMAIL, password=PASSWORD, admin=True)
+    db.session.add(admin)
+    db.session.commit()
+    return admin

tests/test_create_widget.py

@@ -0,0 +1,89 @@
+"""Unit tests for POST requests sent to api.widget_list API endpoint."""
+from datetime import date, timedelta
+from http import HTTPStatus
+
+import pytest
+
+from tests.util import (
+    EMAIL,
+    ADMIN_EMAIL,
+    BAD_REQUEST,
+    FORBIDDEN,
+    DEFAULT_NAME,
+    login_user,
+    create_widget,
+)
+
+
+@pytest.mark.parametrize("widget_name", ["abc123", "widget-name", "new_widget1"])
+def test_create_widget_valid_name(client, db, admin, widget_name):
+    response = login_user(client, email=ADMIN_EMAIL)
+    assert "access_token" in response.json
+    access_token = response.json["access_token"]
+    response = create_widget(client, access_token, widget_name=widget_name)
+    assert response.status_code == HTTPStatus.CREATED
+    assert "status" in response.json and response.json["status"] == "success"
+    success = f"New widget added: {widget_name}."
+    assert "message" in response.json and response.json["message"] == success
+    location = f"http://localhost/api/v1/widgets/{widget_name}"
+    assert "Location" in response.headers and response.headers["Location"] == location
+
+
+@pytest.mark.parametrize(
+    "deadline_str",
+    [
+        date.today().strftime("%m/%d/%Y"),
+        date.today().strftime("%Y-%m-%d"),
+        (date.today() + timedelta(days=3)).strftime("%b %d %Y"),
+    ],
+)
+def test_create_widget_valid_deadline(client, db, admin, deadline_str):
+    response = login_user(client, email=ADMIN_EMAIL)
+    assert "access_token" in response.json
+    access_token = response.json["access_token"]
+    response = create_widget(client, access_token, deadline_str=deadline_str)
+    assert response.status_code == HTTPStatus.CREATED
+    assert "status" in response.json and response.json["status"] == "success"
+    success = f"New widget added: {DEFAULT_NAME}."
+    assert "message" in response.json and response.json["message"] == success
+    location = f"http://localhost/api/v1/widgets/{DEFAULT_NAME}"
+    assert "Location" in response.headers and response.headers["Location"] == location
+
+
+@pytest.mark.parametrize(
+    "deadline_str",
+    [
+        "1/1/1970",
+        (date.today() - timedelta(days=3)).strftime("%Y-%m-%d"),
+        "a long time ago, in a galaxy far, far away",
+    ],
+)
+def test_create_widget_invalid_deadline(client, db, admin, deadline_str):
+    response = login_user(client, email=ADMIN_EMAIL)
+    assert "access_token" in response.json
+    access_token = response.json["access_token"]
+    response = create_widget(client, access_token, deadline_str=deadline_str)
+    assert response.status_code == HTTPStatus.BAD_REQUEST
+    assert "message" in response.json and response.json["message"] == BAD_REQUEST
+    assert "errors" in response.json and "deadline" in response.json["errors"]
+
+
+def test_create_widget_already_exists(client, db, admin):
+    response = login_user(client, email=ADMIN_EMAIL)
+    assert "access_token" in response.json
+    access_token = response.json["access_token"]
+    response = create_widget(client, access_token)
+    assert response.status_code == HTTPStatus.CREATED
+    response = create_widget(client, access_token)
+    assert response.status_code == HTTPStatus.CONFLICT
+    name_conflict = f"Widget name: {DEFAULT_NAME} already exists, must be unique."
+    assert "message" in response.json and response.json["message"] == name_conflict
+
+
+def test_create_widget_no_admin_token(client, db, user):
+    response = login_user(client, email=EMAIL)
+    assert "access_token" in response.json
+    access_token = response.json["access_token"]
+    response = create_widget(client, access_token)
+    assert response.status_code == HTTPStatus.FORBIDDEN
+    assert "message" in response.json and response.json["message"] == FORBIDDEN

tests/test_delete_widget.py

@@ -0,0 +1,40 @@
+"""Test cases for GET requests sent to the api.widget API endpoint."""
+from http import HTTPStatus
+
+from tests.util import (
+    ADMIN_EMAIL,
+    EMAIL,
+    DEFAULT_NAME,
+    FORBIDDEN,
+    login_user,
+    create_widget,
+    retrieve_widget,
+    delete_widget,
+)
+
+
+def test_delete_widget(client, db, admin):
+    response = login_user(client, email=ADMIN_EMAIL)
+    assert "access_token" in response.json
+    access_token = response.json["access_token"]
+    response = create_widget(client, access_token)
+    assert response.status_code == HTTPStatus.CREATED
+    response = delete_widget(client, access_token, widget_name=DEFAULT_NAME)
+    assert response.status_code == HTTPStatus.NO_CONTENT
+    response = retrieve_widget(client, access_token, widget_name=DEFAULT_NAME)
+    assert response.status_code == HTTPStatus.NOT_FOUND
+
+
+def test_delete_widget_no_admin_token(client, db, admin, user):
+    response = login_user(client, email=ADMIN_EMAIL)
+    assert "access_token" in response.json
+    access_token = response.json["access_token"]
+    response = create_widget(client, access_token)
+    assert response.status_code == HTTPStatus.CREATED
+
+    response = login_user(client, email=EMAIL)
+    assert "access_token" in response.json
+    access_token = response.json["access_token"]
+    response = delete_widget(client, access_token, widget_name=DEFAULT_NAME)
+    assert response.status_code == HTTPStatus.FORBIDDEN
+    assert "message" in response.json and response.json["message"] == FORBIDDEN