def update(data, current_user, id):
if not current_user.id == int(id) and not current_user.admin:
return jsonify({"message": "permission denied"})
user = User.query.filter_by(id=int(id)).first()
if not user:
return jsonify({'message': "there is no user"})
if 'admin' in data:
user.admin = data['admin']
if 'email' in data:
user.email = data['email']
if 'password' in data:
user.password = data['password']
if 'username' in data:
user.username = data['username']
dbsession.commit()
return jsonify({'message': 'user updated'})
def create(data):
hashed_password = generate_password_hash(data['password'])
inner_json = {
'username': data['username'],
'password': hashed_password,
'admin': True,
'email': data['email'],
}
new_user = User(
public_id=str(uuid.uuid4()),
username=inner_json['username'],
password=inner_json['password'],
admin=inner_json['admin'],
email=inner_json['email'],
)
dbsession.add(new_user)
dbsession.commit()
token = jwt.encode({'public_id': new_user.public_id},
current_app.config['SECRET_KEY'])
return jsonify({'token': token.decode('utf-8'), 'id': new_user.id})
def create(current_user, datafile, id):
filename = secure_filename(datafile.filename)
file_folder = os.path.join(current_app.config['UPLOAD_FOLDER'],
filename)
print(file_folder)
datafile.save(
os.path.join(current_app.config['UPLOAD_FOLDER'], filename))
file = File.query.filter_by(file_id=id).first()
if not file:
return jsonify({'message': "no file"})
try:
if not current_user.id == file.owner_id:
return jsonify({"message": "permission denied"})
except AttributeError:
return jsonify({'error': 'not logged in'})
file.data = file_folder
print(file.data)
dbsession.commit()
return jsonify({'message': 'photo uploaded'})
def delete(current_user, id):
vault = Vault.query.filter_by(vault_id=id).first()
if vault not in current_user.vaults:
return jsonify({'message': 'permission denied'})
dbsession.delete(vault)
dbsession.commit()
return jsonify({'message': 'vault has been deleted'})
def delete(current_user, id):
file = File.query.filter_by(file_id=id).first()
if not current_user.id == file.owner_id:
return jsonify({"message": "permission denied"})
dbsession.delete(file)
dbsession.commit()
return jsonify({'message': 'file has been deleted'})
def create(current_user, public_id, data):
if not current_user.public_id == public_id:
return jsonify({'message': 'permission denied'})
new_vault = Vault(description=data['description'],
title=data['title'],
owner_id=current_user.id)
dbsession.add(new_vault)
dbsession.commit()
return jsonify({'message': 'vault created'})
def delete(current_user, id):
if not current_user.id == int(id) and not current_user.admin:
return jsonify({'message': "permission denied"})
user = User.query.filter_by(id=int(id)).first()
if not user:
return jsonify({'message': "there is no user"})
dbsession.delete(user)
dbsession.commit()
return jsonify({'message': 'user was deleted'})
def update(data, current_user, id):
vault = Vault.query.filter_by(id=id).first()
if vault not in current_user.vaults:
return jsonify({'message': 'permission denied'})
if 'description' in data:
vault.description = data['description']
if 'title' in data:
vault.title = data['title']
dbsession.commit()
return jsonify({'message': 'vault updated'})
def update(current_user, data, id):
file = File.query.filter_by(file_id=id).first()
if not current_user.id == file.owner_id:
return jsonify({"message": "permission denied"})
if 'description' in data:
file.description = data['description']
if 'name' in data:
file.name = data['name']
dbsession.commit()
return jsonify({"message": "file updated"})
def create(current_user, vault_id, data):
vault = Vault.query.filter_by(vault_id=vault_id).first()
if not vault:
return jsonify({'message': 'no such vault'})
if vault not in current_user.vaults:
return jsonify({"message": "permission denied"})
new_file = File(name=data['name'],
description=data['description'],
vault_id=vault_id,
owner_id=vault.owner_id)
dbsession.add(new_file)
dbsession.commit()
return jsonify({"file_id": new_file.file_id})
def create(current_user, photo, id):
try:
if not current_user.id == id:
return jsonify({"message": "permission denied"})
except AttributeError:
return jsonify({'error': 'not logged in'})
filename = secure_filename(photo.filename)
file_folder = os.path.join(current_app.config['UPLOAD_FOLDER'], filename)
photo.save(os.path.join(current_app.config['UPLOAD_FOLDER'], filename))
user = User.query.filter_by(id=id).first()
user.photo = file_folder
dbsession.commit()
return jsonify({'message': 'photo uploaded'})