def put(self):
user_data = request.get_json()
user = UserModel.find_by_id(user_data.get('id', None))
if not user:
return get_not_found_error('user')
user_level = get_jwt_claims()["user_level"]
current_user_id = get_jwt_identity()
# user want to update other user info
if current_user_id != user.id:
# the user is guest and he is not allowed to do this action
if user_level != UserLevel.ADMIN and user_level != UserLevel.SYS_ADMIN:
return {
'message': 'you are not allowed to do this action.'
}, 405
# admin or sys admin want to activate user
user_data = create_request_parser([_role_arg,
_status_arg]).parse_args()
user.role = user_data['role']
user.activated = user_data['activated']
user.save_to_db()
return {'message': 'change success.', 'user': user.json()}, 201
# update profile info
if "name" in user_data:
user.name = user_data.get("name")
if "password" in user_data:
user.password = bcrypt.generate_password_hash(
user_data['password']).decode('utf-8')
user.save_to_db()
return {'message': 'change success.', 'user': user.json()}, 201
def delete(self):
user_level = get_jwt_claims()["user_level"]
if user_level != UserLevel.ADMIN and user_level != UserLevel.SYS_ADMIN:
return {'message': 'you are not allowed to do this action.'}, 405
data = request.get_json()
user = UserModel.find_by_id(data['id'])
if user:
try:
user.delete_from_db()
return {"message": "user deleted"}
except Exception as e:
return get_internal_server_error()
return get_not_found_error('user')
def post(self):
"""
Get a new access token without requiring username and password—only the
'refresh token'
provided in the /login endpoint.
Note that refreshed access tokens have a `fresh=False`,
which means that the user may have not
given us their username and password for potentially a long time
(if the token has been
refreshed many times over).
"""
current_user_id = get_jwt_identity()
new_token = create_access_token(identity=current_user_id, fresh=False)
user = UserModel.find_by_id(current_user_id)
user_data = {}
if user:
user_data = user
return {'access_token': new_token, "user": user_data.json()}, 201
def add_claims_to_jwt(identity): # identity that pass when create access token
user = UserModel.find_by_id(identity)
return {"user_level": user.role}
def add_receivers(self, receivers):
if receivers:
for user_id in receivers:
user = UserModel.find_by_id(user_id)
self.receivers.append(user) if user else None