def patch(self, role_id):
"""
"""
# To do check if user is admin
role_schema = RoleSchema(partial=True)
update_data = request.get_json()
validated_update_data, errors = role_schema.load(update_data)
if errors:
return dict(status="fail", message=errors), 400
role = Role.get_by_id(role_id)
if not role:
return dict(
status="fail",
message=f"Role with id {role_id} not found"
), 404
if 'name' in validated_update_data:
role.name = validated_update_data['name']
updated_role = role.save()
if not updated_role:
return dict(status='fail', message='Internal Server Error'), 500
return dict(
status="success",
message=f"Role {role.name} updated successfully"
), 200
def post(self):
"""
"""
roles_schema = RoleSchema()
roles_data = request.get_json()
validated_role_data, errors = roles_schema.load(roles_data)
role_name = validated_role_data.get('name', None)
if errors:
return dict(status="fail", message=errors), 400
role_existant = Role.find_first(name=role_name)
if role_existant:
return dict(
status="fail",
message=f"Role {validated_role_data['name']} Already Exists."
), 400
role = Role(**validated_role_data)
saved_role = role.save()
if not saved_role:
return dict(status='fail', message=f'Internal Server Error'), 500
new_role_data, errors = roles_schema.dumps(role)
return dict(
status='success',
data=dict(role=json.loads(new_role_data))
), 201
def get(self):
"""
"""
role_schema = RoleSchema(many=True)
roles = Role.find_all()
roles_data, errors = role_schema.dumps(roles)
if errors:
return dict(status='fail', message=errors), 400
return dict(
status='success',
data=dict(roles=json.loads(roles_data))
), 200
def get(self, role_id):
"""
"""
role_schema = RoleSchema()
role = Role.get_by_id(role_id)
if not role:
return dict(
status="fail",
message=f"Role with id {role_id} not found"
), 404
role_data, errors = role_schema.dumps(role)
if errors:
return dict(status="fail", message=errors), 500
return dict(
status='success',
data=dict(role=json.loads(role_data))
), 200
class CSRSchema(ma.ModelSchema):
class Meta:
model = CSR
jit = toastedmarshmallow.Jit
csr_id = fields.Int()
username = fields.Str()
office_id = fields.Int()
role_id = fields.Int()
qt_xn_csr_ind = fields.Int()
receptionist_ind = fields.Int()
deleted = fields.DateTime()
csr_state_id = fields.Int()
csr_state = fields.Nested(CSRStateSchema(exclude=('csrs', )))
office = fields.Nested(OfficeSchema())
periods = fields.Nested('PeriodSchema', many=True, exclude=('csr', ))
role = fields.Nested(RoleSchema(exclude=('roles', )))
"""This module contains routes only accessible by users with admin priveleges."""
from http import HTTPStatus
from flask import request
from app.api import api
from app.repositories import database_repository
from app.decorators.views import handle_request, handle_response
from app.decorators.auth import admin_required
from app.models import RolePermission
from app.models.role import PermissionsError
from app.schemas import RoleSchema
@api.route("/users/<user_id>/role")
@admin_required
@handle_response(RoleSchema())
def get_user_role(user_id):
"""Return a user's role and permissions"""
user = database_repository.get_user(user_id)
if not user:
return {"error": "User not found"}, HTTPStatus.NOT_FOUND
return user.role, HTTPStatus.OK
@api.route("/users/<user_id>/permissions", methods=["PUT"])
@admin_required
@handle_request(RoleSchema())
def update_user_permissions(role_data, user_id):
"""Update permissions for a user."""
user = database_repository.get_user(user_id)
if not user: