improve the photo cycling implementation

[jtroussard]

Front page photo cycling in my opinion are to frequent and give a elementary feel to the underlying design. Implement a different pattern that will cycle less frequently.

Solution: Store admin level application settings and configs in a table. One of the columns will act as sort of a time marker. It will mark the last time the photo was cycled. There will be additional logic for the main route that compares a config value against that date value in the table and if it has passed the threshold, updates the photo.

Create the admin level app settings table

CREATE TABLE app_config (
    id SERIAL PRIMARY KEY,
    last_refresh_date TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);

from app import db
class Member(db.Model):
    ...
    role = db.Column(db.String(50), default='user')  # Default role is 'user'

This table has an id column as the primary key and a last_refresh_date column to store the date and time of the last photo refresh. The last_refresh_date column is set to have a default value of the current timestamp.

Then add a route in the api blueprint to retrieve the last refresh date from the app_config table. To make this a private endpoint we will use a custom decorator that will restrict the end point to users with a admin role. This will also need to be added to the Member model.

Custom decorator

from functools import wraps
from flask import request, abort
from flask_login import current_user

def restrict_access(func):
    @wraps(func)
    def decorated_function(*args, **kwargs):
        # Define the user IDs or roles that are allowed to access the route
        allowed_users = # define the roles
        
        if current_user.is_authenticated and current_user.id in allowed_users:
            return func(*args, **kwargs)
        else:
            abort(403)  # Return a 403 Forbidden error if access is not allowed
    return decorated_function

Create the route in the api blueprint module

@api.route('/last-refresh-date', methods=['GET'])
@restrict_access
def get_last_refresh_date():
    # Get the last refresh date from the app_config table
    app_config = AppConfig.query.first()

    if app_config:
        last_refresh_date = app_config.last_refresh_date
    else:
        # If no record exists yet, return None or an appropriate default value
        last_refresh_date = None

    return jsonify({'last_refresh_date': last_refresh_date})

Make sure to update the allowed_users list in the restrict_access decorator with the appropriate user IDs or roles that should have access to the route. This will ensure that only the specified users or roles can access the API route, providing an extremely restrictive access pattern.

The final set of tasks are to document the role values, test the migration, and create a script for the infra store to add the admin members.