def get(self, public_id):
User.abort_if_not_admin()
# Get one user
user = User.query.filter_by(public_id=public_id).first()
if not user:
api.abort(404, "User not found")
return user
def get(self):
current_user = get_jwt_identity()
user = User.query.filter_by(name=current_user["name"]).first()
# Get all todos for this user
if not user.todos:
api.abort(404, "No todos found")
return user.todos
def get(self, id):
current_user = get_jwt_identity()
user = User.query.filter_by(name=current_user["name"]).first()
# Get one todo
todo = Todo.query.filter_by(id=id, user=user).first()
if not todo:
api.abort(404, "Todo not found")
return todo
def delete(self, id):
# Delete a todo
current_user = get_jwt_identity()
user = User.query.filter_by(name=current_user["name"]).first()
todo = Todo.query.filter_by(id=id, user=user).first()
if not todo:
api.abort(404, "Todo not found")
db.session.delete(todo)
db.session.commit()
return todo
def put(self, public_id):
# Promote one user
User.abort_if_not_admin()
user = User.query.filter_by(public_id=public_id).first()
if not user:
api.abort(404, "User not found")
if user.admin:
api.abort(400, "User is already an admin")
user.admin = True
db.session.commit()
return user
def delete(self, public_id):
# Delete one user
current_user = get_jwt_identity()
User.abort_if_not_admin(current_user=current_user)
user = User.query.filter_by(public_id=public_id).first()
if not user:
api.abort(404, "User not found")
if user.name == current_user["name"]:
api.abort(400, "Cannot delete your own user")
db.session.delete(user)
db.session.commit()
return user
def get(self):
auth = request.authorization
if not auth or not all(k in auth for k in ("username", "password")):
api.abort(401, "Login attempt failed")
name, password = auth["username"], auth["password"]
user = User.query.filter_by(name=name).first()
if not user or not check_password_hash(user.password_hash, password):
api.abort(401, "Login attempt failed")
identity = {"name": user.name, "admin": user.admin}
expiry = datetime.timedelta(minutes=30)
return {"token": create_access_token(identity, expires_delta=expiry)}
def post(self):
# Create one user
name, password = api.payload["name"], api.payload["password"]
try:
new_user = User(public_id=str(uuid.uuid4()),
name=name,
password_hash=generate_password_hash(password),
admin=False)
db.session.add(new_user)
db.session.commit()
except IntegrityError:
db.session.rollback()
api.abort(400, "A user with this name already exists")
return new_user
def abort_if_not_admin(current_user=None):
if not current_user:
current_user = get_jwt_identity()
if not current_user["admin"]:
api.abort(403, "Must be admin")
