Merge pull request #45 from Women-in-Computing-at-RIT/feature/checkIn

ha1lie · web-flow · commit a53410d97397 · 2023-02-27T10:40:45.000-05:00
Resume Downloader
diff --git a/api/src/controller/userSearch.py b/api/src/controller/userSearch.py
@@ -0,0 +1,43 @@
+from flask_restful import Resource, reqparse
+from flask import request
+from data.users import getUsers
+from utils.authentication import authenticate
+from data.permissions import canAccessUserData
+
+
+class UserSearch(Resource):
+    PATH = '/user/search'
+
+    def get(self):
+        authenticationPayload = authenticate(request.headers)
+        if authenticationPayload is None:
+            return {"message": "Must be logged in"}, 401
+        auth0_id = authenticationPayload['sub']
+
+        permissions = canAccessUserData(auth0_id)
+        if permissions is None:
+            return {"message": "Internal Server Error"}, 500
+        if not (permissions or authenticationPayload['gty'] == 'client-credentials'):
+            # check that the grant type is client-credentials which will exist only for the machine to machine
+            # auth0 connections using client id and secret, aka: discord bots and s3 resume downloader
+            return {"message": "Permission Denied"}, 403
+
+        parser = reqparse.RequestParser()
+        parser.add_argument('firstName', type=str, required=False)
+        parser.add_argument('lastName', type=str, required=False)
+        parser.add_argument('email', type=str, required=False)
+        parser.add_argument('applicationId', type=str, required=False)
+        parser.add_argument('userId', type=str, required=False)
+        parser.add_argument('recipientStatusFilter', type=str, required=False, action="append")
+        args = parser.parse_args()
+
+        matchingUsers = getUsers(applicationStatusFilterList=args['recipientStatusFilter'],
+                                 firstName=args['firstName'],
+                                 lastName=args['lastName'],
+                                 email=args['email'],
+                                 applicationId=args['applicationId'],
+                                 userId=args['userId'])
+
+        if matchingUsers is None:
+            return {"Message": "Internal Server Error"}, 500
+        return matchingUsers
diff --git a/api/src/controller/users.py b/api/src/controller/users.py
@@ -4,7 +4,6 @@
 from utils.authentication import authenticate
 from data.permissions import canAccessUserData
 
-
 class Users(Resource):
     PATH = '/users'
 
@@ -13,6 +12,7 @@ def get(self):
         if authenticationPayload is None:
             return {"message": "Must be logged in"}, 401
         auth0_id = authenticationPayload['sub']
+
         permissions = canAccessUserData(auth0_id)
         if permissions is None:
             return {"message": "Internal Server Error"}, 500
diff --git a/api/src/data/users.py b/api/src/data/users.py
@@ -20,29 +20,61 @@ def getUserQuery():
            "LEFT JOIN Sponsors as s ON u.sponsor_id = s.sponsor_id "
 
 
-def getUsers(status=None, is_virtual=None) -> list:
+def getUsers(applicationStatusFilterList: List[str] = None, is_virtual=None, firstName=None, lastName=None, userId=None,
+             email=None, applicationId=None) -> list:
     """
     Get a filtered list of all users in json/dictionary format
-    :param status: string matching user application status
+    :param applicationId:
+    :param email:
+    :param userId:
+    :param lastName:
+    :param firstName:
+    :param applicationStatusFilterList: list of statuses to match
     :param is_virtual: boolean for if you want all virtual/in person users
-    :return: list of dictionaries with user information
+    :return: list of dictionaries with user information, None if error
     """
-
     sql = getUserQuery()
+    firstWhereClause = True
     args = ()
-    if status is not None:
-        sql += "WHERE app.status = %s"
-        args = args + (status,)
-        if is_virtual is not None:
-            sql += "AND WHERE app.is_virtual = %s"
-            args = args + (is_virtual,)
-    elif is_virtual is not None:
-        sql += "WHERE app.is_virtual = %s"
+
+    if applicationStatusFilterList is not None:
+        sql += f" WHERE app.status in ({','.join(['%s'] * len(applicationStatusFilterList))}) "
+        for status in applicationStatusFilterList:
+            args = args + (status,)
+    if is_virtual is not None:
+        sql += getOptionalAnd(firstWhereClause) + " WHERE app.is_virtual = %s "
         args = args + (is_virtual,)
+    if firstName is not None:
+        sql += getOptionalAnd(firstWhereClause) + " WHERE u.first_name = %s "
+        args = args + (firstName,)
+    if lastName is not None:
+        sql += getOptionalAnd(firstWhereClause) + " WHERE u.last_name = %s "
+        args = args + (lastName,)
+    if userId is not None:
+        sql += getOptionalAnd(firstWhereClause) + " WHERE u.user_id = %s "
+        args = args + (userId,)
+    if email is not None:
+        sql += getOptionalAnd(firstWhereClause) + " WHERE u.email = %s "
+        args = args + (email,)
+    if applicationId is not None:
+        sql += getOptionalAnd(firstWhereClause) + " WHERE app.application_id = %s "
+        args = args + (applicationId,)
 
     return exec_get_all(sql, args)
 
 
+def getOptionalAnd(isFirstWhereClause) -> str:
+    """
+    Helper function, returns "AND " if clause isn't the first and empty string if it is
+    :param isFirstWhereClause:
+    :return:
+    """
+    if isFirstWhereClause:
+        return ""
+    else:
+        return " AND "
+
+
 def getUserByAuthID(auth_id) -> dict:
     """
     wrapper for getting user using auth0 id
@@ -94,7 +126,7 @@ def getUserById(auth_id=None, user_id=None) -> dict:
     if auth_id is not None:
         sql += "WHERE u.auth0_id = %s"
         args = args + (auth_id,)
-    if user_id is not None:
+    elif user_id is not None:
         sql += "WHERE u.user_id = %s"
         args = args + (user_id,)
 
@@ -121,4 +153,3 @@ def getUserEmailsWithFilter(applicationStatusFilterList: List[str]):
         if len(u['email']) > 1:
             emailList.append(u['email'])
     return emailList
-
diff --git a/api/src/db/db_utils.py b/api/src/db/db_utils.py
@@ -109,7 +109,7 @@ def exec_get_one(sql, args={}) -> (dict, bool):
         return None, True
 
 
-def exec_get_all(sql, args={}) -> dict:
+def exec_get_all(sql, args={}) -> list:
     """
     Retrieves many records from the dictionary
     :param sql:
@@ -118,6 +118,7 @@ def exec_get_all(sql, args={}) -> dict:
     """
     conn = connect()
     if conn is None:
+        logger.error("SQL Connection Error")
         return None
     cur = conn.cursor(dictionary=True)
     try:
diff --git a/api/src/db/migration/migration.py b/api/src/db/migration/migration.py
@@ -3,6 +3,7 @@
 import db.db_utils as db_utils
 import glob
 import logging
+
 logger = logging.getLogger("Migrations")
 
 version = None
@@ -17,18 +18,24 @@ def initializeMigrations() -> bool:
     global version
     global dirtyVersion
     migrationInformation = getCurrentMigration()
+    if migrationInformation is None:
+        # db error
+        return False
     version = migrationInformation["version"]
     dirtyVersion = migrationInformation["dirtyVersion"]
     return not dirtyVersion
 
+
 def getCurrentMigration() -> dict:
     sql = "SELECT version, dirtyVersion FROM Migrations ORDER BY version DESC LIMIT 1;"
     migrationInformation, didError = db_utils.exec_get_one(sql)
     if migrationInformation is None or didError:
-        logger.error("Migration Information is None")
-        return None, True
+        logger.error("Migration Information is None migrationInformation: %s didError: %s", migrationInformation,
+                     didError)
+        return None
     return migrationInformation
 
+
 def up() -> bool:
     global version
     global dirtyVersion
@@ -38,6 +45,8 @@ def up() -> bool:
 
     # get current state of migrations
     migrationInformation = getCurrentMigration()
+    if migrationInformation is None:
+        return False
     version = migrationInformation["version"]
     dirtyVersion = migrationInformation["dirtyVersion"]
 
@@ -85,6 +94,8 @@ def down(rollbackNumber=1) -> bool:
 
     # get current state of migrations
     migrationInformation = getCurrentMigration()
+    if migrationInformation is None:
+        return False
     version = migrationInformation["version"]
     dirtyVersion = migrationInformation["dirtyVersion"]
 
diff --git a/api/src/server.py b/api/src/server.py
@@ -17,6 +17,7 @@
 from controller.email import Email
 from controller.emailPreset import EmailPreset
 from controller.confirmation import Confirmation
+from controller.userSearch import UserSearch
 from controller.discordIntegration import DiscordIntegration
 from controller.discord import Discord
 from db.migration import migration
@@ -53,6 +54,7 @@
 api.add_resource(Email, Email.PATH)
 api.add_resource(EmailPreset, EmailPreset.PATH)
 api.add_resource(Confirmation, Confirmation.PATH)
+api.add_resource(UserSearch, UserSearch.PATH)
 api.add_resource(DiscordIntegration, DiscordIntegration.PATH)
 api.add_resource(Discord, Discord.PATH)
 
diff --git a/ui/src/pages/manage/checkin.js b/ui/src/pages/manage/checkin.js
