def view(id):
"""Retrieve role details.
---
post:
summary: Retrieve role details
description: >
Fetch detailed information about a role that the user is
entitled to access, e.g. their own role, or a group they
are part of.
parameters:
- in: path
name: id
required: true
description: role ID
schema:
type: integer
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: '#/components/schemas/Role'
tags:
- Role
"""
role = obj_or_404(Role.by_id(id))
require(request.authz.can_read_role(role.id))
return RoleSerializer.jsonify(role)
def create():
require(not request.authz.in_maintenance, settings.PASSWORD_LOGIN)
data = parse_request(RoleCreateSchema)
try:
email = Role.SIGNATURE.loads(data.get('code'),
max_age=Role.SIGNATURE_MAX_AGE)
except BadSignature:
return jsonify({
'status': 'error',
'message': gettext('Invalid code')
}, status=400)
role = Role.by_email(email)
if role is not None:
return jsonify({
'status': 'error',
'message': gettext('Email is already registered')
}, status=409)
role = Role.load_or_create(
foreign_id='password:{}'.format(email),
type=Role.USER,
name=data.get('name') or email,
email=email
)
role.set_password(data.get('password'))
db.session.add(role)
db.session.commit()
update_role(role)
# Let the serializer return more info about this user
request.authz.id = role.id
tag_request(role_id=role.id)
return RoleSerializer.jsonify(role, status=201)
def create():
require(not request.authz.in_maintenance, settings.PASSWORD_LOGIN)
data = parse_request(RoleCreateSchema)
try:
email = Role.SIGNATURE.loads(data.get('code'),
max_age=Role.SIGNATURE_MAX_AGE)
except BadSignature:
return jsonify({
'status': 'error',
'message': gettext('Invalid code')
}, status=400)
role = Role.by_email(email)
if role is not None:
return jsonify({
'status': 'error',
'message': gettext('Email is already registered')
}, status=409)
role = Role.load_or_create(
foreign_id='password:{}'.format(email),
type=Role.USER,
name=data.get('name') or email,
email=email
)
role.set_password(data.get('password'))
db.session.add(role)
db.session.commit()
update_role(role)
# Let the serializer return more info about this user
request.authz.id = role.id
return RoleSerializer.jsonify(role, status=201)
def update(id):
role = obj_or_404(Role.by_id(id))
require(request.authz.can_write_role(role.id))
data = parse_request(RoleSchema)
role.update(data)
db.session.add(role)
db.session.commit()
update_role(role)
return RoleSerializer.jsonify(role)
def update(id):
role = obj_or_404(Role.by_id(id))
require(request.authz.session_write)
require(check_editable(role, request.authz))
data = parse_request(RoleSchema)
role.update(data)
db.session.add(role)
db.session.commit()
update_role(role)
return RoleSerializer.jsonify(role)
def create():
"""Create a user role.
---
post:
summary: Create a user account
description: >
Create a user role by supplying the required account details.
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/RoleCreate'
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: '#/components/schemas/Role'
tags:
- Role
"""
require(settings.PASSWORD_LOGIN)
require(not request.authz.in_maintenance)
data = parse_request("RoleCreate")
try:
email = Role.SIGNATURE.loads(data.get("code"),
max_age=Role.SIGNATURE_MAX_AGE)
except BadSignature:
return jsonify({
"status": "error",
"message": gettext("Invalid code")
},
status=400)
role = Role.by_email(email)
if role is not None:
return jsonify(
{
"status": "error",
"message": gettext("Email is already registered")
},
status=409,
)
role = create_user(email, data.get("name"), data.get("password"))
# Let the serializer return more info about this user
request.authz = Authz.from_role(role)
tag_request(role_id=role.id)
return RoleSerializer.jsonify(role, status=201)
def update(id):
"""Change user settings.
---
post:
summary: Change user settings
description: >
Update a role to change its display name, or to define a
new login password. Users can only update roles they have
write access to, i.e. their own.
parameters:
- in: path
name: id
required: true
description: role ID
schema:
type: integer
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/RoleUpdate'
responses:
'200':
description: OK
content:
application/json:
schema:
$ref: '#/components/schemas/Role'
tags:
- Role
"""
role = obj_or_404(Role.by_id(id))
require(request.authz.can_write_role(role.id))
data = parse_request("RoleUpdate")
# When changing passwords, check the old password first.
# cf. https://github.com/alephdata/aleph/issues/718
if data.get("password"):
current_password = data.get("current_password")
if not role.check_password(current_password):
raise BadRequest(gettext("Incorrect password."))
role.update(data)
db.session.add(role)
db.session.commit()
update_role(role)
return RoleSerializer.jsonify(role)
def update(id):
role = obj_or_404(Role.by_id(id))
require(request.authz.can_write_role(role.id))
data = parse_request(RoleSchema)
# When changing passwords, check the old password first.
# cf. https://github.com/alephdata/aleph/issues/718
if data.get('password'):
current_password = data.get('current_password')
if not role.check_password(current_password):
raise BadRequest(gettext('Incorrect password.'))
role.update(data)
db.session.add(role)
db.session.commit()
update_role(role)
return RoleSerializer.jsonify(role)
def view(id):
role = obj_or_404(Role.by_id(id))
require(check_editable(role, request.authz))
return RoleSerializer.jsonify(role)
def view(id):
role = obj_or_404(Role.by_id(id))
require(request.authz.can_read_role(role.id))
return RoleSerializer.jsonify(role)
def view(id):
role = obj_or_404(Role.by_id(id))
require(check_editable(role, request.authz))
return RoleSerializer.jsonify(role)
