def put(cls, user_id):
"""Change username, password or promote the user
to be the admin or staff"""
claims = get_jwt_claims()
if not claims["is_admin"]:
return (
{
"message": "You don't have permission to perform this action."
},
403,
)
user = UserModel.find_by_id(user_id)
if not user:
return {"message": "User not found."}, 404
user_data = user_schema.load(request.get_json())
user.username = user_data.username
user.password = generate_password_hash(user_data.password)
user.is_staff = user_data.is_staff
user.is_admin = user.is_admin
try:
user.save_to_db()
except:
return (
{"message": "An error has occurred updating the user profile."},
500,
)
return user_schema.dump(user), 200
def test_delete_method_deletes_user_from_db(self):
"""Test if delete method deletes the user from the database"""
self.client.delete(
path=f"admin/users/{self.user.id}",
headers={
"Content-Type": "application/json",
"Authorization": f"Bearer {self.admin_access_token}",
},
)
training = UserModel.find_by_id(self.user.id)
self.assertIsNone(training)
def get(cls, user_id):
"""Get the user"""
claims = get_jwt_claims()
if not claims["is_admin"]:
return (
{
"message": "You don't have permission to perform this action."
},
403,
)
user = UserModel.find_by_id(user_id)
if not user:
return {"message": "User not found."}, 404
return user_schema.dump(user), 200
def delete(cls, user_id: int):
"""Delete method"""
current_user_id = get_jwt_identity()
user = UserModel.find_by_id(user_id)
if not user:
return {"message": "User not found."}, 404
if current_user_id != user_id:
return (
{
"message":
"You don't have permission to perform this action."
},
403,
)
user_profile = UserProfileModel.find_by_user_id(user_id)
user_profile.delete_from_db()
user.delete_from_db()
return {"message": "User deleted."}, 200
def delete(cls, user_id):
"""Delete the user"""
claims = get_jwt_claims()
if not claims["is_admin"]:
return (
{
"message": "You don't have permission to perform this action."
},
403,
)
user = UserModel.find_by_id(user_id)
if not user:
return {"message": "User not found."}, 404
user_profile = UserProfileModel.find_by_user_id(user_id)
user_profile.delete_from_db()
user.delete_from_db()
return {"message": "User deleted."}, 200
def post(cls):
"""Post method"""
current_user_id = get_jwt_identity()
user = UserModel.find_by_id(current_user_id)
json_data = change_password_schema.load(request.get_json())
if check_password_hash(user.password, json_data["old_password"]):
user.password = generate_password_hash(json_data["new_password"])
try:
user.save_to_db()
except:
return (
{
"message": "An error has occurred updating the user."
},
500,
)
return {"message": "Your password has been changed."}, 201
return {"message": "Invalid credentials."}, 401
def add_claims_to_jwt(identity):
"""Add claims to JWT token"""
user = UserModel.find_by_id(identity)
if user.is_admin:
return {"is_admin": True}
return {"is_admin": False}
def test_find_by_id_no_user(self):
"""Test if None is returned
if the user with the given id doesn't exist"""
found_user = UserModel.find_by_id(1)
self.assertIsNone(found_user)
def test_find_by_id(self):
"""Test if the user is found"""
user = self._create_sample_user("test")
found_user = UserModel.find_by_id(user.id)
self.assertEqual(user, found_user)
def get(cls, user_id: int):
"""Get method"""
user = UserModel.find_by_id(user_id)
if user:
return user_schema.dump(user), 200
return {"message": "User not found"}, 404
def __then_user_object_is_deleted(self):
user = UserModel.find_by_id(self.user.id)
self.assertIsNone(user)