Ejemplo n.º 1
0
async def destroy(
        user_id: int,
        user_repo: UserRepo = Depends(UserRepo()),
        token: TokenPayload = Depends(
            ScopedTo("user:create", "super", satisfy="one")),
        user: User = Depends(current_user),
):
    if user_id == user.id:
        abort(403, msg="Cannot deactivate self")

    remaining_supers = len(
        user_repo.filter(
            user_repo.label("is_superuser") == True,
            user_repo.label("is_active") == True,
            user_repo.label("id") != user_id,
        ).all().results())

    if remaining_supers < 1:
        abort(
            403,
            msg="Cannot deactivate user. No other active super users available."
        )

    user_repo.clear()

    messages = [{"text": "Deactivation Succesful", "type": "success"}]
    if not user_repo.exists(id=user_id):
        return BaseResponse(messages=messages)

    user_repo.deactivate(user_id)
    return BaseResponse(messages=messages)
Ejemplo n.º 2
0
async def store(
    form: UserCreateForm,
    user_repo: UserRepo = Depends(UserRepo()),
    token: TokenPayload = Depends(
        ScopedTo("user:create", "super", satisfy="one")),
):

    if user_repo.exists(email=form.email):
        abort_for_input("email", "Email has already been taken.")

    user_repo.clear()

    # TODO: data validation against current db & perm checks
    data = {
        "email": form.email,
        "hashed_password": hash_password(form.password),
        "is_active": getattr(form, "is_superuser", True),
        "is_superuser": getattr(form, "is_superuser", False),
    }
    item = user_repo.create(data).data()
    return UserResponse(user=item)