def admin_approve():
claims = get_jwt_claims()
if not claims["is_admin"]:
return 'You cant access this'
params = {'code': FieldString(), 'form_id': FieldString()}
json_data = parse_req(params)
code = json_data['code']
form_id = json_data['form_id']
client.db.loa_form.update_one({'_id': form_id},
{'$set': {
'approve_code': code
}})
form = client.db.loa_form.find_one({'_id': form_id})
if code == "1":
return send_result(data={
'email': form['email'],
'name': form['name'],
'role': form['name'],
'reason': form['reason'],
'note': form['note'],
'approve_code': form['approve_code']
},
message='LOA form approved')
else:
return send_result(data={
'email': form['email'],
'name': form['name'],
'role': form['name'],
'reason': form['reason'],
'note': form['note'],
'approve_code': form['approve_code']
},
message='LOA form denied')
def get_all_form():
claims = get_jwt_claims()
if not claims["is_admin"]:
return 'You cant access this'
temp = client.db.loa_form.find()
return send_result(data={"list_form": [form for form in temp]},
message='list_forms')
def login():
params = {'username': FieldString(), 'password': FieldString()}
json_data = parse_req(params)
username = json_data.get('username').strip().lower()
password = json_data.get('password')
user = client.db.user.find_one({'username': username, 'deleted': False})
if user:
activate = user['status']
if activate == 'activated' and check_password_hash(
user['password'], password):
access_token = create_access_token(identity=user['_id'],
expires_delta=ACCESS_EXPIRES)
refresh_token = create_refresh_token(identity=user['_id'],
expires_delta=REFRESH_EXPIRES)
access_jti = get_jti(encoded_token=access_token)
refresh_jti = get_jti(encoded_token=refresh_token)
user_token = dict(_id=str(ObjectId()),
user_id=user['_id'],
access_jti=access_jti,
refresh_jti=refresh_jti)
client.db.token.insert_one(user_token)
return send_result(data={
'access_token': access_token,
'refresh_token': refresh_token,
'role': user['role']
},
message='login_successfully')
else:
return 'Login failed'
def register():
params = {
'username': FieldString(),
'password': FieldString(),
'role': FieldString(),
'status': FieldString()
}
json_data = parse_req(params)
username = json_data.get('username').strip().lower()
password = json_data.get('password')
role = json_data.get('role')
status = json_data.get('status')
user = client.db.user.find_one({'username': username})
if user:
return 'That username already existed'
tmp = {
"username": username,
"password": generate_password_hash(password),
"role": role,
"status": status,
"deleted": False,
"_id": str(ObjectId())
}
client.db.user.insert_one(tmp)
return send_result(data={
'username': username,
'password': password,
'role': role,
'status': status
},
message='register_successfully')
def get_unapproved_form():
claims = get_jwt_claims()
if not claims["is_admin"]:
return 'You cant access this'
temp = client.db.loa_form.find({'approve_code': 0})
# print(temp['email'])
return send_result(data={"list_form": [form for form in temp]},
message='list_forms')
def get_follow_people():
params = {'user_name': FieldString()}
json_data = parse_req(params)
user_name = json_data.get('user_name')
user = client.db.user.find_one({'username': user_name})
name = user['username']
temp = client.db.loa_form.find({'name': name})
if temp != []:
return send_result(data={"list_form": [form for form in temp]},
message='list_forms')
else:
return "not found"
def create_form():
params = {
'email': FieldString(),
'name': FieldString(),
'role': FieldString(),
'reason': FieldString(),
'note': FieldString()
}
json_data = parse_req(params)
email = json_data.get('email')
name = json_data.get('name')
role = json_data.get('role')
reason = json_data.get('reason')
approve_code = 0
admin_approve = ''
note = json_data.get('note')
form = {
"_id": str(ObjectId()),
'email': email,
'name': name,
'role': role,
'reason': reason,
'approve_code': approve_code,
'admin_approval': admin_approve,
'note': note
}
client.db.loa_form.insert_one(form)
return send_result(
data={
'email': email,
'name': name,
'role': role,
'reason': reason,
'note': note,
'approve_code': approve_code
},
message='LOA form created, waiting for admin to approve')
def update_password():
claims = get_jwt_claims()
if not claims["is_admin"]:
return 'You need admin right'
params = {'user_id': FieldString(), 'password': FieldString()}
json_data = parse_req(params)
user_id = json_data.get('user_id')
password = json_data.get('password')
user = client.db.user.find_one({"_id": user_id})
if user is None:
return 'That id was not existed'
query = {"_id": user_id}
new_values = {"$set": {"password": generate_password_hash(password)}}
client.db.user.update_one(query, new_values)
return send_result(data={
'username': user['username'],
'new password': generate_password_hash(password)
},
message='update_password_successfully')