def put(self, user_id: int = None): """Updates user's info""" if user_id != current_user.id: raise InvalidUsage.user_not_authorized() args: Dict = user_info_parser.parse_args() newpwd = args.pop("password") pwdcheck = args.pop("password_check") if newpwd: if newpwd != pwdcheck: raise UserExceptions.password_check_invalid() current_user.password = newpwd photo: werkzeug.datastructures.FileStorage = args.pop("photo") if photo: photostorage = FileHandler(data=photo.stream, title=photo.filename, url=current_user._photo) photostorage.save() current_user.photo = photostorage for key, val in args.items(): if hasattr(current_user, key) and val is not None: setattr(current_user, key, val) db.session.commit() return current_user
def delete(self, user_id: int, slug: str): if current_user.id != user_id and not g.identity.provides( RoleNeed("admin")): raise InvalidUsage.user_not_authorized() user_session = Session.get(slug=slug, user_id=user_id) user_session.delete(True) return
def user_lookup_callback(_jwt_header, jwt_data): from app.apis.v1.users.models import Session, User session = Session.get(token=jwt_data["jti"], user_id=jwt_data["user"]) g.session = session if not session: raise InvalidUsage.invalid_session() user_id = jwt_data["user"] user = User.get(id=user_id) if not user or not user.active: raise InvalidUsage.user_not_authorized() identity = generate_principal_identity(user) identity_changed.send(app, identity=identity) return user
def delete(self, user_id: int = None): """Deletes user's account permenantly""" args = user_login_parser.parse_args() user = User.get(id=user_id) if user_id != current_user.id: if g.identity.can(Permission(RoleNeed("admin"))): return self.admin_delete_user(user) raise InvalidUsage.user_not_authorized() if (user.username != args.get("username", None) or user.password != args.get("password", None) or not args.get("confirm", False)): raise UserExceptions.wrong_login_creds() user.delete() response: Response = jsonify( {"message": "User Account deleted succefully!"}) unset_jwt_cookies(response) return response
def wrapped(*args, **kwargs): identity: Identity = g.identity if not identity.can( Permission(need(kwargs.get(url_placeholder, "")))): raise InvalidUsage.user_not_authorized() return fn(*args, **kwargs)
def wrapped(*args, **kwargs): identity: Identity = g.identity if False in [identity.can(perm) for perm in permissions]: raise InvalidUsage.user_not_authorized() return fn(*args, **kwargs)
def wrapped(*args, **kwargs): identity: Identity = g.identity if not check_roles(identity=identity, roles=roles): raise InvalidUsage.user_not_authorized() return fn(*args, **kwargs)
def permission_denied(e: PermissionDenied): return InvalidUsage.user_not_authorized().to_json()
def put(self, project_slug: str): """Update project's info""" if not g.identity.can(Permission(ProjectNeed(project_slug))): raise InvalidUsage.user_not_authorized() return Project.get(slug=project_slug)