def new_function(*args, **kwargs) -> Callable: if not flask.g.user: raise _401Exception elif not flask.g.user.has_permission(permission): if flask.g.user.locked and not masquerade: raise _312Exception(lock=True) raise _403Exception(masquerade=masquerade) elif flask.g.api_key and not flask.g.api_key.has_permission( permission): raise _403Exception( message='This APIKey does not have permission to ' 'access this resource.') return func(*args, **kwargs)
def modify_conversations( user: User, conversation_ids: List[int], read: bool = None, deleted: bool = None, ): conversations = [] failed: List[str] = [] for conv_id in conversation_ids: pm_state = PrivateConversationState.from_attrs(conv_id=conv_id, user_id=user.id, deleted='f') if not pm_state: failed.append(str(conv_id)) else: conversations.append(pm_state) if failed: raise _403Exception( f'You cannot modify conversations that you are not a member of: {", ".join(failed)}.' ) for conv in conversations: if read: conv.read = read if deleted: conv.deleted = deleted db.session.commit() PrivateConversation.clear_cache_keys(user.id) return flask.jsonify( f'Successfully modified conversations {", ".join(str(c.conv_id) for c in conversations)}.' )
def users_edit_settings( user: User, existing_password: str = None, new_password: str = None ) -> flask.Response: """ Change a user's settings. Requires the ``users_edit_settings`` permission. Requires the ``users_moderate`` permission to change another user's settings, which can be done by specifying a ``user_id``. .. :quickref: Settings; Change settings. **Example request**: .. parsed-literal:: PUT /users/settings HTTP/1.1 { "existing_password": "******", "new_password": "******" } **Example response**: .. parsed-literal:: { "status": "success", "response": "Settings updated." } :json string existing_password: User's existing password, not needed if setting another user's password with ``moderate_user`` permission. :json string new_password: User's new password. Must be 12+ characters and contain at least one letter, one number, and one special character. :statuscode 200: Settings successfully updated :statuscode 400: Settings unsuccessfully updated :statuscode 403: User does not have permission to change user's settings """ if new_password: if not flask.g.user.has_permission(UserPermissions.CHANGE_PASS): raise _403Exception( message='You do not have permission to change this password.' ) if not existing_password or not user.check_password(existing_password): raise _401Exception(message='Invalid existing password.') user.set_password(new_password) APIKey.update_many( pks=APIKey.hashes_from_user(user.id), update={'revoked': True} ) db.session.commit() return flask.jsonify('Settings updated.')
def create_conversation(topic: str, recipient_ids: List[int], message: str): if len(recipient_ids) > 1 and not flask.g.user.has_permission( MessagePermissions.MULTI_USER): raise _403Exception( 'You cannot create a conversation with multiple users.') pm = PrivateConversation.new( topic=topic, sender_id=flask.g.user.id, recipient_ids=recipient_ids, initial_message=message, ) pm.set_state(flask.g.user.id) return flask.jsonify(pm)
def modify_conversation(user: User, id: int, read: bool = None, deleted: bool = None): pm_state = PrivateConversationState.from_attrs(conv_id=id, user_id=user.id, deleted='f') if not pm_state: raise _403Exception( 'You cannot modify a conversation that you are not a member of.') if read: pm_state.read = read if deleted: pm_state.deleted = deleted db.session.commit() PrivateConversation.clear_cache_keys(user.id) return flask.jsonify(f'Successfully modified conversation {id}.')
def new_function(*args, **kwargs) -> Callable: try: user_id = int(flask.request.args.to_dict().get( 'user_id', flask.g.user.id)) except ValueError: raise APIException('User ID must be an integer.') # Remove user_id from the query string because validator will choke on it. flask.request.args = MultiDict([ (e, v) for e, v in flask.request.args.to_dict().items() if e != 'user_id' ]) if user_id == flask.g.user.id: return func(*args, user=flask.g.user, **kwargs) if permission: if not flask.g.user.has_permission(permission): raise _403Exception elif flask.g.api_key and not flask.g.api_key.has_permission( permission): raise _403Exception( message='This APIKey does not have permission to ' 'access this resource.') return func(*args, user=User.from_pk(user_id, _404=True), **kwargs)