def put(self, user_id): raw_data = request.get_json() user = User.query.options(joinedload('roles')).filter_by(id=user_id).first() if not user: return Result.error('User does not exist') user.first_name = raw_data['first_name'] user.last_name = raw_data['last_name'] user.roles = [] if raw_data['attributes']: if raw_data['attributes'] and 'access' in raw_data['attributes']: user.attributes.user_access = json.dumps(raw_data['attributes']['access']) if raw_data['attributes'] and 'preferences' in raw_data['attributes']: user.attributes.user_preferences = json.dumps(raw_data['attributes']['preferences']) if raw_data['roles']: for role in Role.query.filter(Role.id.in_( list(map( lambda r: r['id'], raw_data['roles']) ))): user.roles.append(role) db.session.commit() emit('USER_WS_CHANGED', {'data': user.id}, namespace='/' + str(user.id), broadcast=True) return Result.success()
def delete(self): if 'logged_in' in session: session.pop('logged_in') session.pop('user_email') return {} return Result.error('no session', 401)
def post(self): auth = request.authorization if not auth or not auth.username or not auth.password: return Result.error('Could not verify') user = User.query.filter_by(email=auth.username.lower()).first() if not user: return Result.error('Could not verify') if user.password_correct(auth.password): session['logged_in'] = True session['user_email'] = user.email return user_to_dict(user) return Result.error('Could not verify')
def delete(self): role_id = request.get_json() try: Role.query.filter_by(id=role_id).delete() db.session.commit() except IntegrityError as e: return Result.error('integrity constraint', 409) return Result.success()
def access_decorator(*args, **kwargs): if not request.user: return Result.error('Invalid user', 401) has_access = False for role in request.user.roles: for name, grant in role.get_permissions.items(): if name == permissions[request.endpoint]: for access in grant: if access == access_map[request.method]: has_access = True break if not has_access: return Result.error('Access denied', 403) return f(*args, **kwargs)
def decorated(*args, **kwargs): token = None if 'X-System-Token' in request.headers: token = request.headers.get('X-SYSTEM-TOKEN') if not token or token != current_app.config['SECRET_KEY']: return Result.error('Token is missing!', 401) return f(*args, **kwargs)
def post(self): role = request.get_json() if not role: return Result.error('name is required') current = Role.query.filter_by(name=role).count() if current > 0: return Result.error('name already in used') role = Role(name=role.title()) db.session.add(role) db.session.commit() return { 'id': role.id, 'name': role.name, 'permissions': role.permissions }
def get(self): if 'logged_in' in session: try: user = User.query.filter_by(email=session['user_email']).first() except (ProgrammingError, OperationalError): return Result.error('install', 501) if user: return user_to_dict(user) else: try: # the second param is a function that would raise exception # if table not exist we cache it to avoid multiple # executions when a user is just logged out. Cache.remember('users.count', User.query.count, 24 * 60 * 60) except (ProgrammingError, OperationalError): return Result.error('install', 501) return Result.error('no session', 403)
def decorated(*args, **kwargs): token = None if 'X-Access-Token' in request.headers: token = request.headers['X-ACCESS-TOKEN'] if not token: return Result.error('Token is missing!', 401) try: data = jwt.decode(token, current_app.config['SECRET_KEY'], algorithms=['HS256']) current_user = User.query.options( joinedload('roles')).filter_by(email=data['email']).first() except Exception: return Result.error('Token is invalid!', 401) request.user = current_user return f(*args, **kwargs)