def decorated(*args, **kwargs): api_key = None if 'apikey' in request.form: api_key = request.form.get('apikey') elif 'X-Api-Key' in request.headers.keys(): api_key = request.headers.get('X-Api-Key') # validate if not api_key: data = {'error': messages.NO_API_KEY} return generate_api_response(data, 401) user = User.get_by_api_key(api_key=api_key) organization = Organization.get_by_api_key(api_key=api_key) if not user and not organization: data = {'error': messages.INVALID_API_KEY} return generate_api_response(data, 401) requested_org = kwargs.get('organization','') # check that user is active if user: session['user'] = user # allow admins to see all orgs if user.is_admin(): session['organization'] = Organization.get_by_name(requested_org) else: session['organization'] = Organization.get_by_uuid(user.organization) if not user.active: data = {'error': messages.ACCOUNT_INACTIVE} return generate_api_response(data, 403) if organization: session['organization'] = organization # check that user is authorized for the desired organization if requested_org and requested_org != session.get('organization').name.lower(): data = {'error': messages.ACCESS_DENIED} return generate_api_response(data, 403) return f(*args, **kwargs)
def edit_organization(uuid=None): organization = Organization.get_by_uuid(uuid) form = forms.OrganizationForm(obj=organization) # HACK: WTForms doesn't do dynamic lookup on instantiation ; must set choices here otherwise # new users won't show up form.owner.choices = forms.get_user_choices() if form.validate_on_submit(): # validate if organization: # update db data = form.data # update organization.update(**data) flash(messages.ORGANIZATION_UPDATED) return redirect(url_for('accounts.organizations')) ctx = { 'organization': organization, 'form': form, } return render_template('accounts/edit_organization.html', **ctx)
def get_org_from_uuid(uuid): return Organization.get_by_uuid(uuid).name
def delete_organizations(uuid=None): org = Organization.get_by_uuid(uuid) if org: org.remove() return redirect(url_for('accounts.organizations'))