diff --git a/connection/views.py b/connection/views.py index 4b62b89..027b9cc 100644 --- a/connection/views.py +++ b/connection/views.py @@ -42,25 +42,36 @@ class ConnectionViewSet(viewsets.ModelViewSet): return Response( status=status.HTTP_400_BAD_REQUEST, data="ERROR: missing account_id") - accounts = Account.objects.filter(pk=account_id) - + user = request.user + # Filter out any accounts with the right id, but the given user + # is not an owner or admin on that account. + accounts = (Account.objects.filter(pk=account_id, owner=user) | + Account.objects.filter(pk=account_id, + admin_users__in=[user])) if not accounts: return Response( status=status.HTTP_400_BAD_REQUEST, - data="ERROR: invalid account_id") + data="ERROR: Account ID not found") else: print(f"Account Found: {accounts[0]}") account = accounts[0] print(request) plaid = importlib.import_module(f"connection.connections.plaid_client") conn_type = ConnectionType.objects.get(name="Plaid") + try: + plaid_client = plaid.Connection(request.data) + except ValueError: + return Response(status=status.HTTP_503, + data="ERROR: Invalid public_token") + except Exception: + return Response(status=status.HTTP_500, + data="ERROR: Unable to contact Plaid") conn, created = Connection.objects \ .get_or_create(name=name, type=conn_type, defaults={ "credentials": request.data, "account": account }) - plaid_client = plaid.Connection(request.data) conn.credentials = plaid_client.credentials conn.save() return Response(plaid_client.get_accounts()) \ No newline at end of file