예제 #1
0
    def update(self, pk):
        user = User.query.filter(User.username == pk).first()
        if not user:
            raise NotFound("Cannot update non existing object")

        if not Grant.check_grant(self.user, Roles.ADMIN) and self.user.id != user.id:
            raise Unauthorized('Only administrators and data owners can update user data')

        # Can only update password
        user.password = self.data.get('password', user.password)

        gender = self.data.get('gender', user.details.gender)
        if gender and gender not in Genders:
            raise BadRequest(("Gender must be one of (" + ','.join(["'%s'"] * len(Genders)) + ")") % tuple(Genders))

        # Update user details
        user.details.name = self.data.get('name', user.details.name)
        user.details.url = self.data.get('url', user.details.url)
        user.details.bio = self.data.get('bio', user.details.url)
        user.details.born = self.data.get('born', user.details.born)
        user.details.gender = gender
        db.session.add(user.details)

        db.session.add(user)
        db.session.commit()

        return user
예제 #2
0
    def detail(self, pk):
        if Grant.check_grant(self.user, Roles.ADMIN):
            return User.query.filter(User.username == pk).first()

        if self.user.username == pk:
            return self.user

        raise Unauthorized('Only admins and data owners can view user data')
예제 #3
0
def new_admin(email):
    """Create an administrator account"""

    # Check if the user already exists
    user = User.query.filter(User.email == email).first()
    if not user:
        user = User(email=email)
        user.password = request_password()
        db.session.add(user)
    else:
        sys.stdout.write("User '%s' already exists " % email)

    if not Grant.check_grant(user, Roles.ADMIN):
        if query_yes_no(", are you sure you want to grant admin rights?" % email, default="no"):
            db.session.add(Grant(user=user, role=Roles.ADMIN))
            db.session.commit()
            print("User with email '%s' is now an administrator" % email)
        else:
            return "Command cancelled"

    print("and is an administrator")