def put(self, user_id):
raw_data = request.get_json()
user = User.query.options(joinedload('roles')).filter_by(id=user_id).first()
if not user:
return Result.error('User does not exist')
user.first_name = raw_data['first_name']
user.last_name = raw_data['last_name']
user.roles = []
if raw_data['attributes']:
if raw_data['attributes'] and 'access' in raw_data['attributes']:
user.attributes.user_access = json.dumps(raw_data['attributes']['access'])
if raw_data['attributes'] and 'preferences' in raw_data['attributes']:
user.attributes.user_preferences = json.dumps(raw_data['attributes']['preferences'])
if raw_data['roles']:
for role in Role.query.filter(Role.id.in_(
list(map(
lambda r: r['id'], raw_data['roles'])
))):
user.roles.append(role)
db.session.commit()
emit('USER_WS_CHANGED', {'data': user.id}, namespace='/' + str(user.id), broadcast=True)
return Result.success()
def delete(self):
if 'logged_in' in session:
session.pop('logged_in')
session.pop('user_email')
return {}
return Result.error('no session', 401)
def post(self):
auth = request.authorization
if not auth or not auth.username or not auth.password:
return Result.error('Could not verify')
user = User.query.filter_by(email=auth.username.lower()).first()
if not user:
return Result.error('Could not verify')
if user.password_correct(auth.password):
session['logged_in'] = True
session['user_email'] = user.email
return user_to_dict(user)
return Result.error('Could not verify')
def delete(self):
role_id = request.get_json()
try:
Role.query.filter_by(id=role_id).delete()
db.session.commit()
except IntegrityError as e:
return Result.error('integrity constraint', 409)
return Result.success()
def access_decorator(*args, **kwargs):
if not request.user:
return Result.error('Invalid user', 401)
has_access = False
for role in request.user.roles:
for name, grant in role.get_permissions.items():
if name == permissions[request.endpoint]:
for access in grant:
if access == access_map[request.method]:
has_access = True
break
if not has_access:
return Result.error('Access denied', 403)
return f(*args, **kwargs)
def decorated(*args, **kwargs):
token = None
if 'X-System-Token' in request.headers:
token = request.headers.get('X-SYSTEM-TOKEN')
if not token or token != current_app.config['SECRET_KEY']:
return Result.error('Token is missing!', 401)
return f(*args, **kwargs)
def post(self):
role = request.get_json()
if not role:
return Result.error('name is required')
current = Role.query.filter_by(name=role).count()
if current > 0:
return Result.error('name already in used')
role = Role(name=role.title())
db.session.add(role)
db.session.commit()
return {
'id': role.id,
'name': role.name,
'permissions': role.permissions
}
def get(self):
if 'logged_in' in session:
try:
user = User.query.filter_by(email=session['user_email']).first()
except (ProgrammingError, OperationalError):
return Result.error('install', 501)
if user:
return user_to_dict(user)
else:
try:
# the second param is a function that would raise exception
# if table not exist we cache it to avoid multiple
# executions when a user is just logged out.
Cache.remember('users.count', User.query.count, 24 * 60 * 60)
except (ProgrammingError, OperationalError):
return Result.error('install', 501)
return Result.error('no session', 403)
def decorated(*args, **kwargs):
token = None
if 'X-Access-Token' in request.headers:
token = request.headers['X-ACCESS-TOKEN']
if not token:
return Result.error('Token is missing!', 401)
try:
data = jwt.decode(token,
current_app.config['SECRET_KEY'],
algorithms=['HS256'])
current_user = User.query.options(
joinedload('roles')).filter_by(email=data['email']).first()
except Exception:
return Result.error('Token is invalid!', 401)
request.user = current_user
return f(*args, **kwargs)
