Take home Flask assignment
Assumptions: each account can have only one role but 0 or many permissions.
How to run:
1. create a python virtual environment with python 3.9.7
2. pip install -r requirements.txt
3. python app.py
4. the default URL is: 127.0.0.1:5000/
The backend starts with two predefined users:
{
"1": {
"permissions": "company_list",
"role": "admin",
"username": "jj"
},
"2": {
"permissions": "company_list",
"role": "user",
"username": "uu"
}
}
both with password = 'SomeSecretPassword'. You can pass the username and password to endpoint "/api/token" to get a authentication token for the specific user. You can put the token in the user field and leave password field blank to represent the user for the next 800 seconds.
A simple breakdown of the api endpoints:
{
"/api/token": {
"methods": ["GET", "POST"],
"authentication": "login",
"description": "exchange username-password combination with a login token",
"response": {"token": "token"}
},
"/api/manageUsers/listUsers": {
"methods": ["GET"],
"authentication": "admin",
"description": "list all user in the database",
"response": {
"user.id": {
"username": "user.username",
"role": "user.role",
"permissions": "user.permissions"
}
}
},
"/api/manageUsers/createUser": {
"methods": ["POST"],
"authentication": "admin",
"input": {
"application/json": {
"username": "username",
"role": "user",
"password": "password",
"permissions": ["company_info","company_list"]
}
},
"description": "Create a user",
"response": {
"Success": {
"id": "u.id", "username": "u.username", "role": "u.role", "permissions": "u.permissions"
}
}
},
"/api/manageUsers/updateUser": {
"methods": ["POST"],
"authentication": "admin",
"input": {
"application/json": {
"id/username": "choose at least one",
"password": "optional",
"role": "optional",
"permissions": ["optional", "company_list"]
}
},
"description": "update user information",
"response": {
"Success": {
"id": "u.id", "username": "u.username", "role": "u.role", "permissions": "u.permissions"
}
}
},
"/api/manageUsers/deleteUser": {
"methods": ["DELETE"],
"authentication": "admin",
"input": {
"application/json": {
"id/username": "choose at least one"
}
},
"description": "Delete a user by id or username",
"response": {
"Success": "successfully deleted user with id: {u.id} and username: {u.username}"
}
},
"/api/CompanyLists/create": {
"methods": ["POST"],
"authentication": "admin",
"input": {
"application/json": {
"company_list": [1,2,3,4,5]
}
},
"description": "Create a company list",
"response": {
"Success":
{
"id": "cl.id", "CompanyList": [1,2,3,4,5]
}
}
},
"/api/CompanyLists/list": {
"methods": ["GET"],
"authentication": ["admin", "user"],
"description": "List all company lists",
"response": {
"cl.id": {
"company_list": [1,2,3,4,5]
}
}
},
"/api/CompanyLists/delete": {
"methods": ["DELETE"],
"authentication": "admin",
"input": {
"application/json": {
"id": "company_list.id"
}
},
"description": "Delete a company list by id",
"response": {
"Success": "successfully deleted company list with id: {cl.id} and content: {cl.company_list}"
}
},
"/api/userCompanyListAssociation/create": {
"methods": ["POST"],
"authentication": "admin",
"input": {
"application/json": {
"userId": "uid",
"companyListId": "clid"
}
},
"description": "Associate user with company list on a many-to-many relationship",
"response": {
"Success": "Added association for user with id: {u.id} and username: {u.username} with company list: {cl.company_list}"
}
},
"/api/userCompanyListAssociation/read/<uid>": {
"methods": ["GET"],
"authentication": "admin",
"input": {
"path parameter": {
"uid": "userId"
}
},
"description": "Read all user-CompanyList associations of a certain user",
"response": {
"cl.id": "cl.company_list"
}
},
"/api/userCompanyListAssociation/delete": {
"methods": ["DELETE"],
"authentication": "admin",
"input": {
"application/json": {
"userId": "uid",
"companyListId": "clid"
}
},
"description": "Delete a company-CompanyList association",
"response": {
"Success": "removed company list with id: {cl.id} and list: {cl.company_list}, from user with id: {u.id} and username: {u.username}"
}
},
"/api/viewCompany/<company_id>": {
"methods": ["GET"],
"authentication": "user",
"input": {
"path parameter": {
"company_id": "company_id"
}
},
"description": "View the information about the company, simplified by doing sha256",
"response": {"Company info": "sha256(str(company_id).encode('utf-8')).hexdigest()"}
}
}