def before_update_object(self, user, data, view_kwargs): # TODO: Make a celery task for this # if data.get('avatar_url') and data['original_image_url'] != user.original_image_url: # try: # uploaded_images = create_save_image_sizes(data['original_image_url'], 'speaker-image', user.id) # except (urllib.error.HTTPError, urllib.error.URLError): # raise UnprocessableEntity( # {'source': 'attributes/original-image-url'}, 'Invalid Image URL' # ) # data['original_image_url'] = uploaded_images['original_image_url'] # data['small_image_url'] = uploaded_images['thumbnail_image_url'] # data['thumbnail_image_url'] = uploaded_images['thumbnail_image_url'] # data['icon_image_url'] = uploaded_images['icon_image_url'] if data.get('deleted_at') != user.deleted_at: if has_access('is_user_itself', user_id=user.id) or has_access('is_admin'): if data.get('deleted_at'): if len(user.events) != 0: raise ForbiddenException({'source': ''}, "Users associated with events cannot be deleted") elif len(user.orders) != 0: raise ForbiddenException({'source': ''}, "Users associated with orders cannot be deleted") else: modify_email_for_user_to_be_deleted(user) else: modify_email_for_user_to_be_restored(user) data['email'] = user.email user.deleted_at = data.get('deleted_at') else: raise ForbiddenException({'source': ''}, "You are not authorized to update this information.") users_email = data.get('email', None) if users_email is not None: users_email = users_email.strip() if users_email is not None and users_email != user.email: try: db.session.query(User).filter_by(email=users_email).one() except NoResultFound: verify_fresh_jwt_in_request() view_kwargs['email_changed'] = user.email else: raise ConflictException({'pointer': '/data/attributes/email'}, "Email already exists") if has_access('is_super_admin') and data.get('is_admin') and data.get('is_admin') != user.is_admin: user.is_admin = not user.is_admin if has_access('is_admin') and ('is_sales_admin' in data) and data.get('is_sales_admin') != user.is_sales_admin: user.is_sales_admin = not user.is_sales_admin if has_access('is_admin') and ('us_marketer' in data) and data.get('is_marketer') != user.is_marketer: user.is_marketer = not user.is_marketer if data.get('avatar_url'): start_image_resizing_tasks(user, data['avatar_url'])
def test_modify_email_for_user_to_be_restored(self): """Method to test modification of email for user to be restored""" with self.app.test_request_context(): user = create_user(email="*****@*****.**", password="******") save_to_db(user) modified_user = modify_email_for_user_to_be_restored(user) assert "*****@*****.**" == modified_user.email user1 = create_user(email="*****@*****.**", password="******") save_to_db(user1) user2 = create_user(email="*****@*****.**", password="******") save_to_db(user2) with pytest.raises(ForbiddenError): modify_email_for_user_to_be_restored(user2)
def test_modify_email_for_user_to_be_restored(self): """Method to test modification of email for user to be restored""" with self.app.test_request_context(): user = create_user(email="*****@*****.**", password="******") save_to_db(user) modified_user = modify_email_for_user_to_be_restored(user) self.assertEqual("*****@*****.**", modified_user.email) user1 = create_user(email="*****@*****.**", password="******") save_to_db(user1) user2 = create_user(email="*****@*****.**", password="******") save_to_db(user2) self.assertRaises(ForbiddenException, modify_email_for_user_to_be_restored, user2)
def before_update_object(self, user, data, view_kwargs): # TODO: Make a celery task for this # if data.get('avatar_url') and data['original_image_url'] != user.original_image_url: # try: # uploaded_images = create_save_image_sizes(data['original_image_url'], 'speaker-image', user.id) # except (urllib.error.HTTPError, urllib.error.URLError): # raise UnprocessableEntityError( # {'source': 'attributes/original-image-url'}, 'Invalid Image URL' # ) # data['original_image_url'] = uploaded_images['original_image_url'] # data['small_image_url'] = uploaded_images['thumbnail_image_url'] # data['thumbnail_image_url'] = uploaded_images['thumbnail_image_url'] # data['icon_image_url'] = uploaded_images['icon_image_url'] if data.get('deleted_at') != user.deleted_at: if has_access('is_user_itself', user_id=user.id) or has_access('is_admin'): if data.get('deleted_at'): if len(user.events) != 0: raise ForbiddenError( {'source': ''}, "Users associated with events cannot be deleted", ) # TODO(Areeb): Deduplicate the query. Present in video stream model as well order_exists = db.session.query( TicketHolder.query.filter_by( user=user).join(Order).filter( or_( Order.status == 'completed', Order.status == 'placed', Order.status == 'initializing', Order.status == 'pending', )).exists()).scalar() # If any pending or completed order exists, we cannot delete the user if order_exists: logger.warning( 'User %s has pending or completed orders, hence cannot be deleted', user, ) raise ForbiddenError( {'source': ''}, "Users associated with orders cannot be deleted", ) modify_email_for_user_to_be_deleted(user) else: modify_email_for_user_to_be_restored(user) data['email'] = user.email user.deleted_at = data.get('deleted_at') else: raise ForbiddenError( {'source': ''}, "You are not authorized to update this information.") if (not has_access('is_admin') and data.get('is_verified') is not None and data.get('is_verified') != user.is_verified): raise ForbiddenError( {'pointer': '/data/attributes/is-verified'}, "Admin access is required to update this information.", ) users_email = data.get('email', None) if users_email is not None: users_email = users_email.strip() if users_email is not None and users_email != user.email: try: db.session.query(User).filter_by(email=users_email).one() except NoResultFound: verify_fresh_jwt_in_request() view_kwargs['email_changed'] = user.email else: raise ConflictError({'pointer': '/data/attributes/email'}, "Email already exists") if (has_access('is_super_admin') and data.get('is_admin') and data.get('is_admin') != user.is_admin): user.is_admin = not user.is_admin if (has_access('is_admin') and ('is_sales_admin' in data) and data.get('is_sales_admin') != user.is_sales_admin): user.is_sales_admin = not user.is_sales_admin if (has_access('is_admin') and ('is_marketer' in data) and data.get('is_marketer') != user.is_marketer): user.is_marketer = not user.is_marketer if data.get('avatar_url'): start_image_resizing_tasks(user, data['avatar_url'])