def renderAdmin(): username = request.args.get("username") token = request.args.get("token") if not authentication.checkToken(username, token) and authentication.getAccessStructure(username)["is_admin"]: return render_template('admin.html') else: return ("Not authorized", 401)
def updateName(): id = int(request.args.get("id")) name = request.args.get("newName") username = request.args.get("username") token = request.args.get("token") request_validity = authentication.checkToken(username, token) if request_validity == 0: AC = authentication.getAccessStructure(username) if not AC: return ("Error when checking for access structure", 500) else: if not AC['can_edit_features']: return ("User is not authorized to edit features", 401) else: if id and len(name) > 0: result = database.changeName(id, name) return ("success", 200) return ("error", 500) if result: return ("success", 200) else: return ("error when changing name", 500) elif request_validity == 1: return("Invalid Token", 400) elif request_validity == 2: return("Invalid user", 400) else: return("Server error", 500)
def updateGWLocations(): username = request.args.get("username") token = request.args.get("token") request_validity = authentication.checkToken(username, token) if request_validity == 0: AC = authentication.getAccessStructure(username) if not AC: return ("Error when checking for access structure", 500) else: if not AC['can_edit_features']: return ("User is not authorized to edit features", 401) else: newInfo = request.get_json() newInfo_array = [] for k in newInfo: newInfo_array.append(((k["l"]["lat"]), (k["l"]["lng"]))) result = database.updateGWLocations(newInfo_array) database.generateGWJson() if result: return ("success", 200) else: return ("error when updating GW locations", 500) elif request_validity == 1: return("Invalid Token", 400) elif request_validity == 2: return("Invalid user", 400) else: return("Server error", 500)
def approvePermissions(): id = int(request.args.get("id")) username = request.args.get("username") token = request.args.get("token") if not authentication.checkToken(username, token) and authentication.getAccessStructure(username)["is_admin"]: authentication.approveUser(id) else: return ("Not authorized", 401) return ("OK", 200)
def revokeUser(): uid = int(request.args.get("id")) username = request.args.get("username") token = request.args.get("token") if not authentication.checkToken(username, token) and authentication.getAccessStructure(username)["is_admin"]: if not authentication.revokeUserPrivileges(uid): return ("OK", 200) else: return ("Server error", 500) else: return ("Not authorized", 401) return ("Unknown error", 500)
def deleteUser(): uid = int(request.args.get("id")) username = request.args.get("username") token = request.args.get("token") if not authentication.checkToken(username, token) and authentication.getAccessStructure(username)["is_admin"]: result = authentication.deleteUser(uid) if not result: return ("OK", 200) elif result == 2: return("User not found", 400) else: return ("Server error", 500) else: return ("Not authorized", 401) return ("Unknown error", 500)