def admin_users_api_set_role():
user = MongoConn.get_user_col()
u = user.find_one({'_id': ObjectId(request.json['user_id'])})
role = request.json['user_role']
print(role)
if role == Config.ADMIN or role == Config.TYPE_ONE or role == Config.TYPE_TWO or role == Config.TYPE_THREE:
#There are four types of users. Set role according to the request.
user.update_one({'_id': u['_id']}, {'$set': {
'role': role
}},
upsert=False)
return jsonify({
'result':
"successful",
"msg":
"User " + u['username'] + "\'s role has been changed to " + role +
"."
})
else:
return jsonify({
'result': "failed",
"msg": role + " is not a valid user role."
})
def check_admin_read(*args, **kwargs):
user = session['user']
users = MongoConn.get_user_col()
u = users.find_one({'username': user['username']})
if u is None:
return jsonify({'result': 'failed', 'reason': "Access denied, invalid token."})
else:
print(u)
if u['role'] == Config.ADMIN or u['role'] == Config.TYPE_ONE or u['role'] == Config.TYPE_TWO or u['role'] == Config.TYPE_THREE:
return func(*args, **kwargs)
else:
return jsonify({'result': 'failed', 'reason': "Access denied, admin or type1,2,3 only."})
def check_admin(*args, **kwargs):
user = session['user']
users = MongoConn.get_user_col()
u = users.find_one({'username': user['username']})
if u is None:
return jsonify({'result': 'failed', 'reason': "Access denied, invalid token."})
# return Response("Access denied, invalid token")
else:
print (u)
if u['role'] == Config.ADMIN:
return func(*args, **kwargs)
else:
return jsonify({'result': 'failed', 'reason': "Access denied, admin only."})
def admin_users_api_remove(user_id):
user = MongoConn.get_user_col()
u = user.find_one({'_id': ObjectId(user_id)})
if u is not None:
user.delete_one({'_id': ObjectId(user_id)})
return jsonify({
'result': "successful",
"msg": "User " + u['username'] + " has been removed."
})
else:
return jsonify({
'result': "failed",
"msg": "User " + u['username'] + " does not exist."
})
def authenticate_user():
user = MongoConn.get_user_col()
username = request.json['username']
password = request.json['password']
u = user.find_one({'username': username})
if u is None:
return jsonify({'result': "Failed, user no not existed!"})
else:
pwd_hash = u['password']
if (PwdUtils.verify_password(password, pwd_hash)):
token = jwt.encode({
'username': username,
'password': pwd_hash
},
Config.API_SECRET,
algorithm=Config.TOKEN_ALG).decode('utf-8')
query = {'_id': u['_id']}
update_record = {
'$set': {
'token':
token,
'token_created_at':
datetime.now().strftime('%Y-%m-%d %H:%M:%S')
}
}
user.update_one(query, update_record, upsert=True)
return jsonify({
'result': "successful",
"token": token,
"username": username,
"role": u['role']
})
else:
return jsonify({'result': "Failed, pls provide correct password!"})
def register_user():
username = request.json['username']
password = request.json['password']
user = MongoConn.get_user_col()
u = user.find_one({'username': username})
if u is None:
date = datetime.now()
encrypted_pwd = PwdUtils.set_password(password)
token = jwt.encode({
'username': username,
'password': encrypted_pwd
},
Config.API_SECRET,
algorithm=Config.TOKEN_ALG).decode('utf-8')
user.insert({
'create_at_ts': date.strftime('%S'),
'create_at_str': date.strftime('%Y-%m-%d %H:%M:%S'),
'username': username,
'role': Config.TYPE_ONE,
'password': encrypted_pwd,
'token': token,
'token_created_at': date.strftime('%Y-%m-%d %H:%M:%S')
})
return jsonify({
'result': "successful",
"token": token,
"username": username,
"role": Config.TYPE_ONE
})
else:
return jsonify({'result': "Failed, user existed!"})
def admin_users_api_list():
user = MongoConn.get_user_col()
users = list(user.find())
return JSONUtils.JSONEncoder().encode(users)
