def get(self, public_id):
     User.abort_if_not_admin()
     # Get one user
     user = User.query.filter_by(public_id=public_id).first()
     if not user:
         api.abort(404, "User not found")
     return user
 def get(self):
     current_user = get_jwt_identity()
     user = User.query.filter_by(name=current_user["name"]).first()
     # Get all todos for this user
     if not user.todos:
         api.abort(404, "No todos found")
     return user.todos
 def get(self, id):
     current_user = get_jwt_identity()
     user = User.query.filter_by(name=current_user["name"]).first()
     # Get one todo
     todo = Todo.query.filter_by(id=id, user=user).first()
     if not todo:
         api.abort(404, "Todo not found")
     return todo
 def delete(self, id):
     # Delete a todo
     current_user = get_jwt_identity()
     user = User.query.filter_by(name=current_user["name"]).first()
     todo = Todo.query.filter_by(id=id, user=user).first()
     if not todo:
         api.abort(404, "Todo not found")
     db.session.delete(todo)
     db.session.commit()
     return todo
 def put(self, public_id):
     # Promote one user
     User.abort_if_not_admin()
     user = User.query.filter_by(public_id=public_id).first()
     if not user:
         api.abort(404, "User not found")
     if user.admin:
         api.abort(400, "User is already an admin")
     user.admin = True
     db.session.commit()
     return user
 def delete(self, public_id):
     # Delete one user
     current_user = get_jwt_identity()
     User.abort_if_not_admin(current_user=current_user)
     user = User.query.filter_by(public_id=public_id).first()
     if not user:
         api.abort(404, "User not found")
     if user.name == current_user["name"]:
         api.abort(400, "Cannot delete your own user")
     db.session.delete(user)
     db.session.commit()
     return user
    def get(self):
        auth = request.authorization
        if not auth or not all(k in auth for k in ("username", "password")):
            api.abort(401, "Login attempt failed")

        name, password = auth["username"], auth["password"]
        user = User.query.filter_by(name=name).first()
        if not user or not check_password_hash(user.password_hash, password):
            api.abort(401, "Login attempt failed")

        identity = {"name": user.name, "admin": user.admin}
        expiry = datetime.timedelta(minutes=30)
        return {"token": create_access_token(identity, expires_delta=expiry)}
 def post(self):
     # Create one user
     name, password = api.payload["name"], api.payload["password"]
     try:
         new_user = User(public_id=str(uuid.uuid4()),
                         name=name,
                         password_hash=generate_password_hash(password),
                         admin=False)
         db.session.add(new_user)
         db.session.commit()
     except IntegrityError:
         db.session.rollback()
         api.abort(400, "A user with this name already exists")
     return new_user
Esempio n. 9
0
 def abort_if_not_admin(current_user=None):
     if not current_user:
         current_user = get_jwt_identity()
     if not current_user["admin"]:
         api.abort(403, "Must be admin")