The Casting Agency models a company that is responsible for creating movies and managing and assigning actors to those movies. You are an Executive Producer within the company and are creating a system to simplify and streamline your process.
- Movies with attributes title and release date
- Actors with attributes name, age and gender
- GET /actors and /movies
- DELETE /actors/ and /movies/
- POST /actors and /movies and
- PATCH /actors/ and /movies/
- Casting Assistant
- Can view actors and movies
- Casting Director
- All permissions a Casting Assistant has and…
- Add or delete an actor from the database
- Modify actors or movies
- Executive Producer
- All permissions a Casting Director has and…
- Add or delete a movie from the database
- One test for success behavior of each endpoint
- One test for error behavior of each endpoint
- At least two tests of RBAC for each role
Follow instructions to install the latest version of python for your platform in the python docs
We recommend working within a virtual environment whenever using Python for projects. This keeps your dependencies for each project separate and organaized. Instructions for setting up a virual enviornment for your platform can be found in the python docs
Once you have your virtual environment setup and running, install dependencies by naviging to the /backend
directory and running:
pip install -r requirements.txt
This will install all of the required packages we selected within the requirements.txt
file.
-
Flask is a lightweight backend microservices framework. Flask is required to handle requests and responses.
-
SQLAlchemy and Flask-SQLAlchemy are libraries to handle the lightweight sqlite database. Since we want you to focus on auth, we handle the heavy lift for you in
./src/database/models.py
. We recommend skimming this code first so you know how to interface with the Drink model. -
jose JavaScript Object Signing and Encryption for JWTs. Useful for encoding, decoding, and verifying JWTS.
From within the ./src
directory first ensure you are working using your created virtual environment.
Each time you open a new terminal session, run:
export FLASK_APP=app.py;
set FLASK_APP=app.py;
To run the server, execute:
flask run --reload
- The
--reload
flag will detect file changes and restart the server automatically. - Or you can directly run it with
python app.py
and everythin will be done automatically.
-
Create a new Auth0 Account
-
Select a unique tenant domain
-
Create a new, single page web application
-
Create a new API
- in API Settings:
- Enable RBAC
- Enable Add Permissions in the Access Token
- in API Settings:
-
Create new API permissions:
get:movies
get:actors
post:movies
post:actors
patch:movies
patch:actors
delete:movies
delete:actors
get:shows
post:shows
-
Create new roles for:
- Casting Assistant
- can
get:movies get:actors
- can
- Casting director
- All permissions a Casting Assistant has and…
- Add or delete an actor from the database
post:actors delete:actors
- Modify actors or movies
patch:actors delete:movies
- Executive producer
- Can perform all actions
- Casting Assistant
-
Test your endpoints with Postman.
- Register 3 users - assign the Casting Assistant role to the first one, Casting Director role to the second and Executive porducer to the last one.
- Sign into each account and make note of the JWT.
- Import the postman collection
./capstone-project.postman_collection.json
- Right-clicking the collection folder for Casting Assistant and Casting Director and Executive porducer, navigate to the authorization tab, and including the JWT in the token field (you should have noted these JWTs).
- Run the collection and correct any errors.
- Export the collection overwriting the included one to be able to run with your own jwt :).
To run the tests, run
python test_app.py
- Base URL: Base URL: Actually, this app can be run locally and it is hosted also as a base URL using heroku (the heroku URL is https://capstone-project-v1.herokuapp.com/). The backend app is hosted at the default,
http://127.0.0.1:5000/
, which is set as a proxy in the frontend configuration. - Authentication: This version of the application require authentication or API keys using Auth0 (Ps: The setup is givin in setup Auth0 section)
Errors are returned as JSON object in the following format:
{
"success": False,
"error": 400,
"message": "bad request"
}
The API will return four(04) error types when requests fail:
- 400: Bad Request
- 404: Resource Not Found
- 405: Method Not allowed
- 422: Not Processable
- 401: AuthError Unauthorized error
- 403: AuthError Permission not found
- GET '/actors'
- GET '/movies'
- POST '/actors'
- POST '/movies'
- PATCH '/actors/{actor_id}'
- PATCH '/movies/{movie_id}'
- DELETE '/actors/{actor_id}'
- DELETE '/movies/{movie_id}'
- GET '/shows'
- POST '/shows'
- Require the
get:actors
permission - Returns a list of actors
return jsonify({
'success': True,
'actors': actors
})
- Require the
get:movies
permission - Returns a list of movies
return jsonify({
'success': True,
'movies': movies
})
- Require the
post:actors
permission - Create a new row in the actors table
- Contain the actor.get_actor data representation
returns status code 200 and json
{"success": True, "actors": actor}
where actor an array containing only the newly created actor or appropriate status code indicating reason for failure
Here is a returned sample fromat
{
"actors": [
{
"age": 23,
"gender": "Male",
"id": 1,
"name": "Actor 1"
}
],
"success": true
}
- Require the
post:movies
permission - Create a new row in the movies table
- Contain the movie.get_movie data representation
returns status code 200 and json
{"success": True, "movies": movie}
where movie an array containing only the newly created movie or appropriate status code indicating reason for failure.
Here is a result sample format:
{
"movies": [
{
"id": 1,
"release_date": "Thu, 15 May 2020 03:02:13 GMT",
"title": "Movie 1"
}
],
"success": true
}
- Require the 'patch:actors' permission
- Update an existing row in the actors table
- Contain the actor.get_actor data representation
returns status code 200 and json
{"success": True, "actors": actor}
where actor an array containing only the updated actor or appropriate status code indicating reason for failure
He is a sample for a modified actor in a format:
{
"actors": [
{
"age": 25,
"gender": "female",
"id": 1,
"name": "Updated Actor 1"
}
],
"success": true
}
- Require the
patch:movies
permission - Update an existing row in the movies table
- Contain the movie.get_movie data representation
returns status code 200 and json
{"success": True, "movies": movie}
where movie an array containing only the updated movie or appropriate status code indicating reason for failure
Here is an example of the modified movie in a format:
{
"movies": [
{
"id": 1,
"release_date": "Thu, 15 May 2020 03:02:13 GMT",
"title": "Updated Movie 1"
}
],
"success": true
}
- Require the
delete:actors
permission - Delete the corresponding row for
<actor_id>
where<actor_id>
is the existing model id - Respond with a 404 error if
<actor_id>
is not found - Returns status code 200 and json
{"success": True, "deleted": actor_id}
where id is the id of the deleted record or appropriate status code indicating reason for failure
return jsonify({
"success": True,
"deleted": actor_id
})
- Require the
delete:movies
permission - Delete the corresponding row for
<movie_id>
where<movie_id>
is the existing model id - Respond with a 404 error if
<movie_id>
is not found - Returns status code 200 and json
{"success": True, "deleted": id}
where id is the id of the deleted record or appropriate status code indicating reason for failure
return jsonify({
"success": True,
"deleted": movie_id
})
- the shows table contains the relation between the actors and the movies "many to many"
- Require the
get:shows
permission - Returns a list of shows
return jsonify({
"shows": [
{
"actor_id": 1,
"movie_id": 1
}
],
"success": true
})
- Require the
post:shows
permission - Create a new row in the shows table
- Contain the actor_id and movie_id data representation
returns status code 200 and json
{"success": True, "new show":new shows
where actor an array containing only the newly created actor or appropriate status code indicating reason for failure
Here is a returned sample fromat
{
"new show": [
{
"actor_id": 1,
"movie_id": 2
}
],
"success": true
}