def create_domain(): """ user: { name: "", email: "", password: "" } tenant: { domain_name: "" } """ domain_data = TenantSchema().load(flask.request.json["tenant"]) user_data = UserSchema(exclude=[ "is_admin", ]).load(flask.request.json["user"]) tenant = Tenant(**domain_data) db.session.add(tenant) db.session.flush() user = User(**user_data) user.tenant_id = tenant.id user.is_admin = True user.is_owner = True user.expires_on = datetime.datetime.utcnow() + datetime.timedelta( weeks=4000) # expiry is set to a lifetime db.session.add(user) db.session.commit() return flask.jsonify(UserSchema().dump(user)), 201
def patch_self(domain_name): data = UserSchema(exclude=("is_admin", "expires_in"), partial=True).load(flask.request.json) for key, value in data.items(): setattr(jwt.current_user, key, value) db.session.commit() return flask.jsonify(UserSchema().dump(jwt.current_user))
def make_user(domain_name): tenant = Tenant.query.filter_by(domain_name=domain_name).first_or_404() data = UserSchema(exclude=("is_admin", )).load(flask.request.json) data["is_admin"] = False user = User(**data) user.tenant_id = tenant.id db.session.add(user) db.session.commit() return flask.jsonify(UserSchema().dump(user)), 201
def get_auth_id(auth_id): try: session = create_autocommit_session(db) with session.begin(): user = session.query(User).filter_by(auth_id=auth_id).first() user_fields = ('id', 'auth_id') user_schema = UserSchema(many=False, only=user_fields) return user_schema.dump(user).data except Exception as e: raise
def register(domain_name): tenant = Tenant.query.filter_by(domain_name=domain_name).first_or_404() if not tenant.open_registration: flask.abort(401) data = UserSchema(exclude=["is_admin",]).load(flask.request.json) user = User(**data) user.tenant_id = tenant.id user.is_admin = False db.session.add(user) db.session.commit() return UserSchema().dump(user), 201
def delete_user(user_id, domain_name): user = User.query.filter_by(id=user_id).first_or_404() if user.is_owner or user.is_admin: # only owner can delete admin and owner should be deleted with domain flask.abort(401) db.session.delete(user) db.session.commit() return flask.jsonify(UserSchema().dump(user))
def login(domain_name): tenant = Tenant.query.filter_by(domain_name=domain_name).first_or_404() # try except so that failed validation returns 401 reponse rather than 500 try: data = UserSchema(exclude=["is_admin", "name", "expires_in"]).load(flask.request.json) except: return flask.abort(401) user = User.query.filter( User.email==data["email"], User.tenant_id==tenant.id ).first() if not user or not bcrypt.check_password_hash(user.password, data["password"]) or datetime.datetime.utcnow() > user.expires_on: return flask.abort(401) token = jwt.create_access_token( identity = user.id, expires_delta=datetime.timedelta(days=1), # jwt token is invalidated after one day additional_claims={ "is_admin":user.is_admin, "is_owner":user.is_owner } # adds is_admin and is_owner claims to jwt token ) return flask.jsonify(token)
def update_user(user_id, domain_name): user = User.query.filter_by(id=user_id).first_or_404() if not jwt.current_user.is_owner: data = UserSchema(exclude=("is_admin", "email", "password"), partial=True).load(flask.request.json) else: data = UserSchema(exclude=("email", "password"), partial=True).load(flask.request.json) for key, value in data.items(): setattr(user, key, value) db.session.commit() return flask.jsonify(UserSchema().dump(user))
def get_self(domain_name): return flask.jsonify(UserSchema().dump(jwt.current_user))
import json from flask import request, jsonify from flask_login import LoginManager, login_user, logout_user, current_user, login_required from passlib.hash import pbkdf2_sha256 from app import app, db, ma from models.UserModel import User from schemas.UserSchema import UserSchema from routes.RouteManager import RouteManager from Validation import Validation as v login = LoginManager(app) login.init_app(app) userSchema = UserSchema() usersSchema = UserSchema(many=True) userRouteManager = RouteManager(User, userSchema, usersSchema) # ==================================REGISTER ROUTE========================================== @app.route('/api/users', methods=['POST']) def registerUser(): try: user = User( **{ a: request.json[a] for a in User.attributes() if a != 'id' and a != 'products' and a != 'role' and a != 'orders' })
def get_users(domain_name): tenant = Tenant.query.filter_by(domain_name=domain_name).first_or_404() members = User.query.filter_by(tenant_id=tenant.id).all() return flask.jsonify(UserSchema(many=True).dump(members))
@project - UnivoX Description - User controller. """ from app import app, db from flask import jsonify, request from models.User import User from models.Role import Role from schemas.UserSchema import UserSchema, extractor from services.auth import get_auth_user from flask_jwt_extended import jwt_required, get_jwt_identity from sqlalchemy import exc import uuid user_schema = UserSchema() users_schema = UserSchema(many=True) # get all roles @app.route('/users', methods=['GET']) @jwt_required def get_all_users(): users = User.query.filter_by().all() return {'data': users_schema.dump(users),'status': 200}, 200 # get by id @app.route('/users/<x_id>', methods=['GET']) @jwt_required def get_user_by_x_id(x_id): user = User.query.filter_by(x_id=x_id).first()