def update_user(org_uuid, uuid): admin_uuid = get_jwt_identity() if admin_uuid == uuid: return abort(make_response(jsonify(message="Cannot update self"), 409)) user_role = organization_roles.get_organization_role(org_uuid, uuid) user = users.get_by_uuid(uuid) if user is None or user_role is None: return abort(make_response(jsonify(message="Not found"), 404)) data = request.json if not data: return abort(make_response(jsonify(message="Missing payload"), 400)) role = data.get("role", user_role["role"]) if role not in ["admin", "user"]: return abort(make_response(jsonify(message="Bad role"), 400)) organization_roles.set_organization_role(org_uuid, uuid, role) return ( jsonify( { "uuid": user["uuid"], "username": user["username"], "email": user["email"], "role": role, "activated": user["activated"] is not None, } ), 200, )
def user_loader_callback(identity): user = db_users.get_by_uuid(identity) if user["suspended"]: return abort( make_response(jsonify(message="This account has been suspended"), 401)) return user
def update_user(uuid): admin_uuid = get_jwt_identity() if admin_uuid == uuid: return abort(make_response("", 409)) user = users.get_by_uuid(uuid) if user is None: return abort(make_response("", 404)) data = request.json if not data: return abort(make_response("", 400)) role = data.get("role", user["role"]) suspended = data.get("suspended", user["suspended"]) if role not in ["admin", "user"]: return abort(make_response("", 400)) user["role"] = role user["suspended"] = suspended users.update_user(**user) return ( jsonify({ "uuid": user["uuid"], "username": user["username"], "role": role, "suspended": suspended, }), 200, )
def printjob_detail(id): printjob = printjobs.get_printjob(id) if printjob is None: return abort(make_response("", 404)) user = users.get_by_uuid(printjob.get("user_uuid")) user_mapping = {} user_mapping[printjob.get("user_uuid")] = user.get("username") return jsonify(make_printjob_response(printjob, None, user_mapping))
def printjob_detail(org_uuid, uuid): validate_uuid(uuid) printjob = printjobs.get_printjob(uuid) if printjob is None or printjob["organization_uuid"] != org_uuid: return abort(make_response(jsonify(message="Not found"), 404)) user = users.get_by_uuid(printjob.get("user_uuid")) user_mapping = {} user_mapping[printjob.get("user_uuid")] = user.get("username") return jsonify(make_printjob_response(printjob, None, user_mapping))
def gcode_detail(id): gcode = gcodes.get_gcode(id) if gcode is None: return abort(make_response("", 404)) user = users.get_by_uuid(gcode.get("user_uuid")) user_mapping = {} if user is not None: user_mapping[gcode.get("user_uuid")] = user.get("username") return jsonify(make_gcode_response(gcode, None, user_mapping))
def gcode_detail(org_uuid, uuid): validate_uuid(uuid) gcode = gcodes.get_gcode(uuid) if gcode is None or gcode["organization_uuid"] != org_uuid: return abort(make_response(jsonify(message="Not found"), 404)) user = users.get_by_uuid(gcode.get("user_uuid")) user_mapping = {} if user is not None: user_mapping[gcode.get("user_uuid")] = user.get("username") return jsonify(make_gcode_response(gcode, None, user_mapping))
def add_user_to_org(org_uuid): user_uuid = request.json.get("uuid") org_role = request.json.get("role") user = users.get_by_uuid(user_uuid) if not user: return make_response("User does not exist", 400) if not organizations.get_by_uuid(org_uuid): return make_response("Organization does not exist", 400) if organization_roles.get_organization_role(org_uuid, user_uuid) is not None: return make_response("User is already in organization", 400) organization_roles.set_organization_role(org_uuid, user_uuid, org_role) return make_response("", 200)
def test_no_suspended(self): with app.test_client() as c: c.set_cookie("localhost", "access_token_cookie", TOKEN_ADMIN) response = c.patch( "/users/%s" % self.uuid, headers={"x-csrf-token": TOKEN_ADMIN_CSRF}, json={"role": "admin"}, ) self.assertEqual(response.status_code, 200) self.assertTrue("role" in response.json) self.assertTrue("suspended" in response.json) self.assertEqual(response.json["role"], "admin") self.assertEqual(response.json["suspended"], False) user = users.get_by_uuid(self.uuid) self.assertTrue(user is not None) self.assertEqual(user["role"], "admin") self.assertEqual(user["suspended"], False)
def create_test_user(): email = request.json.get("email") password = request.json.get("password") new_user = models.users_me.create_tests_user(email=email, password=password) new_user["detail"] = dict(users.get_by_uuid(new_user["user_uuid"])) # These 2 are datetimes objects from Postgres and can't be # serialized to JSON without extra work, so they crash the server here. # As we don't need them, it's easier to pop them. new_user["detail"].pop("activated") new_user["detail"].pop("activation_key_expires") app.logger.debug(organization_roles.get_by_user_uuid( new_user["user_uuid"])) new_user["organizations"] = [ dict(x) for x in organization_roles.get_by_user_uuid(new_user["user_uuid"]) ] return make_response(json.dumps(new_user), 201 if new_user["activated"] else 400)
def test_activate_user_with_default_org(self): with app.test_client() as c: self.assertTrue( len(organization_roles.get_by_user_uuid(self.user_uuid)) == 0) response = c.post( "/users/me/activate", json={ "email": self.email, "activation_key": self.activation_key, "password": "******", "password_confirmation": "aaa", }, ) self.assertEqual(response.status_code, 204) user = users.get_by_uuid(self.user_uuid) self.assertTrue(user is not None) self.assertTrue(user["activated"] is not None) local_user = local_users.get_local_user(self.user_uuid) self.assertTrue(local_user is not None) self.assertTrue( len(organization_roles.get_by_user_uuid(self.user_uuid)) == 1)
def delete_user(org_uuid, uuid): admin_uuid = get_jwt_identity() if admin_uuid == uuid: return abort(make_response(jsonify(message="Cannot update self"), 409)) user_role = organization_roles.get_organization_role(org_uuid, uuid) user = users.get_by_uuid(uuid) if user is None or user_role is None: return abort(make_response(jsonify(message="Not found"), 404)) organization = organizations.get_by_uuid(org_uuid) api_tokens.revoke_all_tokens(uuid, org_uuid) organization_roles.drop_organization_role(org_uuid, uuid) send_mail.delay( [user["email"]], "ORGANIZATION_REMOVAL", { "email": user["email"], "inviter_username": get_current_user()["username"], "organization_name": organization["name"], "organization_uuid": organization["uuid"], }, ) return "", 204
def test_returns_user(self): user = get_by_uuid(UUID_ADMIN) self.assertEqual(user["uuid"], UUID_ADMIN) self.assertEqual(user["username"], "test-admin")
def test_returns_nothing(self): user = get_by_uuid("6480fa7d-ce18-4ae2-1234-f1d200050806") self.assertEqual(user, None)