def before_update_object(self, user, data, view_kwargs):
# TODO: Make a celery task for this
# if data.get('avatar_url') and data['original_image_url'] != user.original_image_url:
# try:
# uploaded_images = create_save_image_sizes(data['original_image_url'], 'speaker-image', user.id)
# except (urllib.error.HTTPError, urllib.error.URLError):
# raise UnprocessableEntity(
# {'source': 'attributes/original-image-url'}, 'Invalid Image URL'
# )
# data['original_image_url'] = uploaded_images['original_image_url']
# data['small_image_url'] = uploaded_images['thumbnail_image_url']
# data['thumbnail_image_url'] = uploaded_images['thumbnail_image_url']
# data['icon_image_url'] = uploaded_images['icon_image_url']
if data.get('deleted_at') != user.deleted_at:
if has_access('is_user_itself', user_id=user.id) or has_access('is_admin'):
if data.get('deleted_at'):
if len(user.events) != 0:
raise ForbiddenException({'source': ''}, "Users associated with events cannot be deleted")
elif len(user.orders) != 0:
raise ForbiddenException({'source': ''}, "Users associated with orders cannot be deleted")
else:
modify_email_for_user_to_be_deleted(user)
else:
modify_email_for_user_to_be_restored(user)
data['email'] = user.email
user.deleted_at = data.get('deleted_at')
else:
raise ForbiddenException({'source': ''}, "You are not authorized to update this information.")
users_email = data.get('email', None)
if users_email is not None:
users_email = users_email.strip()
if users_email is not None and users_email != user.email:
try:
db.session.query(User).filter_by(email=users_email).one()
except NoResultFound:
verify_fresh_jwt_in_request()
view_kwargs['email_changed'] = user.email
else:
raise ConflictException({'pointer': '/data/attributes/email'}, "Email already exists")
if has_access('is_super_admin') and data.get('is_admin') and data.get('is_admin') != user.is_admin:
user.is_admin = not user.is_admin
if has_access('is_admin') and ('is_sales_admin' in data) and data.get('is_sales_admin') != user.is_sales_admin:
user.is_sales_admin = not user.is_sales_admin
if has_access('is_admin') and ('us_marketer' in data) and data.get('is_marketer') != user.is_marketer:
user.is_marketer = not user.is_marketer
if data.get('avatar_url'):
start_image_resizing_tasks(user, data['avatar_url'])
def test_modify_email_for_user_to_be_deleted(self):
"""Method to test modification of email for user to be deleted"""
with self.app.test_request_context():
user = create_user(email="*****@*****.**", password="******")
save_to_db(user)
modified_user = modify_email_for_user_to_be_deleted(user)
self.assertEqual("*****@*****.**", modified_user.email)
def before_update_object(self, user, data, view_kwargs):
# TODO: Make a celery task for this
# if data.get('avatar_url') and data['original_image_url'] != user.original_image_url:
# try:
# uploaded_images = create_save_image_sizes(data['original_image_url'], 'speaker-image', user.id)
# except (urllib.error.HTTPError, urllib.error.URLError):
# raise UnprocessableEntityError(
# {'source': 'attributes/original-image-url'}, 'Invalid Image URL'
# )
# data['original_image_url'] = uploaded_images['original_image_url']
# data['small_image_url'] = uploaded_images['thumbnail_image_url']
# data['thumbnail_image_url'] = uploaded_images['thumbnail_image_url']
# data['icon_image_url'] = uploaded_images['icon_image_url']
if data.get('deleted_at') != user.deleted_at:
if has_access('is_user_itself',
user_id=user.id) or has_access('is_admin'):
if data.get('deleted_at'):
if len(user.events) != 0:
raise ForbiddenError(
{'source': ''},
"Users associated with events cannot be deleted",
)
# TODO(Areeb): Deduplicate the query. Present in video stream model as well
order_exists = db.session.query(
TicketHolder.query.filter_by(
user=user).join(Order).filter(
or_(
Order.status == 'completed',
Order.status == 'placed',
Order.status == 'initializing',
Order.status == 'pending',
)).exists()).scalar()
# If any pending or completed order exists, we cannot delete the user
if order_exists:
logger.warning(
'User %s has pending or completed orders, hence cannot be deleted',
user,
)
raise ForbiddenError(
{'source': ''},
"Users associated with orders cannot be deleted",
)
modify_email_for_user_to_be_deleted(user)
else:
modify_email_for_user_to_be_restored(user)
data['email'] = user.email
user.deleted_at = data.get('deleted_at')
else:
raise ForbiddenError(
{'source': ''},
"You are not authorized to update this information.")
if (not has_access('is_admin') and data.get('is_verified') is not None
and data.get('is_verified') != user.is_verified):
raise ForbiddenError(
{'pointer': '/data/attributes/is-verified'},
"Admin access is required to update this information.",
)
users_email = data.get('email', None)
if users_email is not None:
users_email = users_email.strip()
if users_email is not None and users_email != user.email:
try:
db.session.query(User).filter_by(email=users_email).one()
except NoResultFound:
verify_fresh_jwt_in_request()
view_kwargs['email_changed'] = user.email
else:
raise ConflictError({'pointer': '/data/attributes/email'},
"Email already exists")
if (has_access('is_super_admin') and data.get('is_admin')
and data.get('is_admin') != user.is_admin):
user.is_admin = not user.is_admin
if (has_access('is_admin') and ('is_sales_admin' in data)
and data.get('is_sales_admin') != user.is_sales_admin):
user.is_sales_admin = not user.is_sales_admin
if (has_access('is_admin') and ('is_marketer' in data)
and data.get('is_marketer') != user.is_marketer):
user.is_marketer = not user.is_marketer
if data.get('avatar_url'):
start_image_resizing_tasks(user, data['avatar_url'])
