def create_domain():
"""
user: {
name: "",
email: "",
password: ""
}
tenant: {
domain_name: ""
}
"""
domain_data = TenantSchema().load(flask.request.json["tenant"])
user_data = UserSchema(exclude=[
"is_admin",
]).load(flask.request.json["user"])
tenant = Tenant(**domain_data)
db.session.add(tenant)
db.session.flush()
user = User(**user_data)
user.tenant_id = tenant.id
user.is_admin = True
user.is_owner = True
user.expires_on = datetime.datetime.utcnow() + datetime.timedelta(
weeks=4000) # expiry is set to a lifetime
db.session.add(user)
db.session.commit()
return flask.jsonify(UserSchema().dump(user)), 201
def patch_self(domain_name):
data = UserSchema(exclude=("is_admin", "expires_in"),
partial=True).load(flask.request.json)
for key, value in data.items():
setattr(jwt.current_user, key, value)
db.session.commit()
return flask.jsonify(UserSchema().dump(jwt.current_user))
def make_user(domain_name):
tenant = Tenant.query.filter_by(domain_name=domain_name).first_or_404()
data = UserSchema(exclude=("is_admin", )).load(flask.request.json)
data["is_admin"] = False
user = User(**data)
user.tenant_id = tenant.id
db.session.add(user)
db.session.commit()
return flask.jsonify(UserSchema().dump(user)), 201
def get_auth_id(auth_id):
try:
session = create_autocommit_session(db)
with session.begin():
user = session.query(User).filter_by(auth_id=auth_id).first()
user_fields = ('id', 'auth_id')
user_schema = UserSchema(many=False, only=user_fields)
return user_schema.dump(user).data
except Exception as e:
raise
def register(domain_name):
tenant = Tenant.query.filter_by(domain_name=domain_name).first_or_404()
if not tenant.open_registration:
flask.abort(401)
data = UserSchema(exclude=["is_admin",]).load(flask.request.json)
user = User(**data)
user.tenant_id = tenant.id
user.is_admin = False
db.session.add(user)
db.session.commit()
return UserSchema().dump(user), 201
def delete_user(user_id, domain_name):
user = User.query.filter_by(id=user_id).first_or_404()
if user.is_owner or user.is_admin: # only owner can delete admin and owner should be deleted with domain
flask.abort(401)
db.session.delete(user)
db.session.commit()
return flask.jsonify(UserSchema().dump(user))
def login(domain_name):
tenant = Tenant.query.filter_by(domain_name=domain_name).first_or_404()
# try except so that failed validation returns 401 reponse rather than 500
try:
data = UserSchema(exclude=["is_admin", "name", "expires_in"]).load(flask.request.json)
except:
return flask.abort(401)
user = User.query.filter(
User.email==data["email"],
User.tenant_id==tenant.id
).first()
if not user or not bcrypt.check_password_hash(user.password, data["password"]) or datetime.datetime.utcnow() > user.expires_on:
return flask.abort(401)
token = jwt.create_access_token(
identity = user.id,
expires_delta=datetime.timedelta(days=1), # jwt token is invalidated after one day
additional_claims={
"is_admin":user.is_admin,
"is_owner":user.is_owner
}
# adds is_admin and is_owner claims to jwt token
)
return flask.jsonify(token)
def update_user(user_id, domain_name):
user = User.query.filter_by(id=user_id).first_or_404()
if not jwt.current_user.is_owner:
data = UserSchema(exclude=("is_admin", "email", "password"),
partial=True).load(flask.request.json)
else:
data = UserSchema(exclude=("email", "password"),
partial=True).load(flask.request.json)
for key, value in data.items():
setattr(user, key, value)
db.session.commit()
return flask.jsonify(UserSchema().dump(user))
def get_self(domain_name):
return flask.jsonify(UserSchema().dump(jwt.current_user))
import json
from flask import request, jsonify
from flask_login import LoginManager, login_user, logout_user, current_user, login_required
from passlib.hash import pbkdf2_sha256
from app import app, db, ma
from models.UserModel import User
from schemas.UserSchema import UserSchema
from routes.RouteManager import RouteManager
from Validation import Validation as v
login = LoginManager(app)
login.init_app(app)
userSchema = UserSchema()
usersSchema = UserSchema(many=True)
userRouteManager = RouteManager(User, userSchema, usersSchema)
# ==================================REGISTER ROUTE==========================================
@app.route('/api/users', methods=['POST'])
def registerUser():
try:
user = User(
**{
a: request.json[a]
for a in User.attributes() if a != 'id' and a != 'products'
and a != 'role' and a != 'orders'
})
def get_users(domain_name):
tenant = Tenant.query.filter_by(domain_name=domain_name).first_or_404()
members = User.query.filter_by(tenant_id=tenant.id).all()
return flask.jsonify(UserSchema(many=True).dump(members))
@project - UnivoX
Description - User controller.
"""
from app import app, db
from flask import jsonify, request
from models.User import User
from models.Role import Role
from schemas.UserSchema import UserSchema, extractor
from services.auth import get_auth_user
from flask_jwt_extended import jwt_required, get_jwt_identity
from sqlalchemy import exc
import uuid
user_schema = UserSchema()
users_schema = UserSchema(many=True)
# get all roles
@app.route('/users', methods=['GET'])
@jwt_required
def get_all_users():
users = User.query.filter_by().all()
return {'data': users_schema.dump(users),'status': 200}, 200
# get by id
@app.route('/users/<x_id>', methods=['GET'])
@jwt_required
def get_user_by_x_id(x_id):
user = User.query.filter_by(x_id=x_id).first()