def index_admin():
if current_user.admin_level < 1:
return jsonify({"error": "you are not authorized"}), 403
return render_template(
"admin.html",
current_user=jsonify(
current_user.asDict()).get_data().decode('string-escape'))
def user_login():
username = request.form['username']
password = request.form['password']
user = User.query.filter_by(
username=username,
password=hashlib.sha256(password).hexdigest()).first()
if not user:
return "Wrong username or password", 400
login_user(user)
return jsonify(current_user.asDict()), 201
def update_current_user():
password = request.form.get('password')
name = request.form.get("name")
email = request.form.get("email")
if password:
current_user.password = hashlib.sha256(password).hexdigest()
if name:
current_user.name = name
if email:
current_user.email = email
db.session.add(current_user)
db.session.commit()
return jsonify(current_user.asDict()), 200
def update_current_user():
password = request.form.get('password')
name = request.form.get("name")
email = request.form.get("email")
if password:
current_user.password = hashlib.sha256(password).hexdigest()
if name:
current_user.name = name
if email:
current_user.email = email
db.session.add(current_user)
db.session.commit()
return jsonify(current_user.asDict()), 200
def show_current_user():
if request.method == 'PUT':
return update_current_user()
return jsonify(current_user.asDict()), 200
def index():
if current_user and not current_user.is_anonymous() and current_user.is_active():
return render_template('index.html', current_user = jsonify(current_user.asDict()).get_data().decode('string-escape') )
return render_template('login.html')
def show_current_user():
if request.method == 'PUT':
return update_current_user()
return jsonify(current_user.asDict()), 200