def patch(self, user_id): user = Users.query.filter_by(id=user_id).first_or_404() data = request.get_json() data["id"] = user_id # Admins should not be able to ban themselves if data["id"] == session["id"] and (data.get("banned") is True or data.get("banned") == "true"): return ( { "success": False, "errors": { "id": "You cannot ban yourself" } }, 400, ) schema = UserSchema(view="admin", instance=user, partial=True) response = schema.load(data) if response.errors: return {"success": False, "errors": response.errors}, 400 # This generates the response first before actually changing the type # This avoids an error during User type changes where we change # the polymorphic identity resulting in an ObjectDeletedError # https://github.com/CTFd/CTFd/issues/1794 response = schema.dump(response.data) db.session.commit() db.session.close() clear_user_session(user_id=user_id) clear_standings() return {"success": True, "data": response.data}
def patch(self, user_id): user = Users.query.filter_by(id=user_id).first_or_404() data = request.get_json() data["id"] = user_id # Admins should not be able to ban themselves if data["id"] == session["id"] and (data.get("banned") is True or data.get("banned") == "true"): return ( { "success": False, "errors": { "id": "You cannot ban yourself" } }, 400, ) schema = UserSchema(view="admin", instance=user, partial=True) response = schema.load(data) if response.errors: return {"success": False, "errors": response.errors}, 400 db.session.commit() response = schema.dump(response.data) db.session.close() clear_user_session(user_id=user_id) clear_standings() return {"success": True, "data": response}
def get(self, user_id): user = Users.query.filter_by(id=user_id).first_or_404() response = UserSchema(view=session.get('type', 'user')).dump(user) if response.errors: return {'success': False, 'errors': response.errors}, 400 response.data['place'] = user.place response.data['score'] = user.score return {'success': True, 'data': response.data}
def load_users_csv(dict_reader): schema = UserSchema() errors = [] for i, line in enumerate(dict_reader): response = schema.load(line) if response.errors: errors.append((i, response.errors)) else: db.session.add(response.data) db.session.commit() if errors: return errors return True
def get(self, user_id): user = Users.query.filter_by(id=user_id).first_or_404() if (user.banned or user.hidden) and is_admin() is False: abort(404) response = UserSchema(view=session.get("type", "user")).dump(user) if response.errors: return {"success": False, "errors": response.errors}, 400 response.data["place"] = user.place response.data["score"] = user.score return {"success": True, "data": response.data}
def get(self, query_args): q = query_args.pop("q", None) field = str(query_args.pop("field", None)) filters = build_model_filters(model=Users, query=q, field=field) if is_admin() and request.args.get("view") == "admin": users = (Users.query.filter_by(**query_args).filter( *filters).paginate(per_page=50, max_per_page=100)) else: users = (Users.query.filter_by( banned=False, hidden=False, **query_args).filter(*filters).paginate(per_page=50, max_per_page=100)) response = UserSchema(view="user", many=True).dump(users.items) if response.errors: return {"success": False, "errors": response.errors}, 400 return { "meta": { "pagination": { "page": users.page, "next": users.next_num, "prev": users.prev_num, "pages": users.pages, "per_page": users.per_page, "total": users.total, } }, "success": True, "data": response.data, }
def patch(self): user = get_current_user() data = request.get_json() schema = UserSchema(view="self", instance=user, partial=True) response = schema.load(data) if response.errors: return {"success": False, "errors": response.errors}, 400 db.session.commit() response = schema.dump(response.data) db.session.close() clear_standings() return {"success": True, "data": response.data}
def post(self): req = request.get_json() schema = UserSchema('admin') response = schema.load(req) if response.errors: return {'success': False, 'errors': response.errors}, 400 db.session.add(response.data) db.session.commit() clear_standings() response = schema.dump(response.data) return {'success': True, 'data': response.data}
class CommentSchema(ma.ModelSchema): class Meta: model = Comments include_fk = True dump_only = ("id", "date", "html", "author", "author_id", "type") author = fields.Nested(UserSchema(only=("name",))) html = fields.String()
def get(self): users = Users.query.filter_by(banned=False, hidden=False) response = UserSchema(view="user", many=True).dump(users) if response.errors: return {"success": False, "errors": response.errors}, 400 return {"success": True, "data": response.data}
def get(self): users = Users.query.filter_by(banned=False) response = UserSchema(view='user', many=True).dump(users) if response.errors: return {'success': False, 'errors': response.errors}, 400 return {'success': True, 'data': response.data}
def patch(self, user_id): user = Users.query.filter_by(id=user_id).first_or_404() data = request.get_json() data["id"] = user_id schema = UserSchema(view="admin", instance=user, partial=True) response = schema.load(data) if response.errors: return {"success": False, "errors": response.errors}, 400 db.session.commit() response = schema.dump(response.data) db.session.close() clear_standings() return {"success": True, "data": response}
def post(self): req = request.get_json() schema = UserSchema("admin") response = schema.load(req) if response.errors: return {"success": False, "errors": response.errors}, 400 db.session.add(response.data) db.session.commit() if request.args.get("notify"): name = response.data.name password = req.get("password") clear_standings() response = schema.dump(response.data) return {"success": True, "data": response.data}
def get(self): if is_admin() and request.args.get("view") == "admin": users = Users.query.filter_by() else: users = Users.query.filter_by(banned=False, hidden=False) response = UserSchema(view="user", many=True).dump(users) if response.errors: return {"success": False, "errors": response.errors}, 400 return {"success": True, "data": response.data}
def post(self): req = request.get_json() schema = UserSchema('admin') response = schema.load(req) if response.errors: return {'success': False, 'errors': response.errors}, 400 db.session.add(response.data) db.session.commit() if request.args.get('notify'): name = response.data.name email = response.data.email password = req.get('password') user_created_notification(addr=email, name=name, password=password) clear_standings() response = schema.dump(response.data) return {'success': True, 'data': response.data}
def verify(secret): user = Users.query.filter_by(secret=secret).first() if user is None: return {"success": False} if (user.banned or user.hidden) and is_admin() is False: return {"success": False} user_type = get_current_user_type(fallback="user") response = UserSchema(view=user_type).dump(user) if response.errors: return {"success": False, "errors": response.errors} return {"success": True, "username": response.data["name"]}
def get(self): user = get_current_user() response = UserSchema("self").dump(user).data response["place"] = user.place response["score"] = user.score return {"success": True, "data": response}
def get(self): user = get_current_user() response = UserSchema('self').dump(user).data response['place'] = user.place response['score'] = user.score return {'success': True, 'data': response}