def post(self):
claims = get_jwt_claims()
if claims['type'] != 'admin':
return {"message": "Not authorized."}, 401
data = ChangePermission.parser.parse_args()
teacher = TeacherModel.find_by_id(data['id'])
if not teacher:
return {"message": "Teacher not found"}, 404
teacher.allowed = claims['allowed']
teacher.save_to_db()
return {"message": "Permission updated."}, 200
def put(self, id):
user = UserModel.find_by_id(get_jwt_identity())
if not user:
return {"message": "not authenticated"}, 401
claims = get_jwt_claims()
if not (claims['type'] == 'admin' or user.id == id or
(claims['type'] == 'teacher' and user.allowed == True)):
return {"message": "not authenticated"}, 401
data = Teacher.parser.parse_args()
teacher = TeacherModel.find_by_id(id)
if not teacher:
return {"message": "Teacher not found."}, 404
if data['email'] is not None:
teacher.email = data['email']
if data['password'] is not None:
teacher.password = data['password']
if claims['type'] == 'admin' and data['allowed'] is not None:
teacher.allowed = data['allowed']
teacher.save_to_db()
return {"message": "Teacher details updated"}, 200
def delete(self, id):
teacher = TeacherModel.find_by_id(id)
if not teacher:
return {'messsage': 'Teacher not found'}, 404
teacher.delete_from_db()
return {'message': 'Teacher deleted.'}, 200
def get(self, id):
teacher = TeacherModel.find_by_id(id)
if not teacher:
return {"message": "Teacher not found"}, 404
return teacher.json(), 200