Пример #1
0
    def post(self, id):
        if id != g.user.id:
            if g.user.role != 1:
                return make_response(jsonify({'error': 'Not authorized'}), 403)
        form = UserPatchForm()
        if not form.validate_on_submit():
            print form.errors
            return form.errors, 422
        user = User.query.filter_by(id=id).first()
        log_text = ''

        if form.newpassword.data != None and form.newpassword.data != '':
            oldpwd = base64.decodestring(form.oldpassword.data)
            if not flask_bcrypt.check_password_hash(user.password, oldpwd):
                print 'incoorect old password'
                return make_response(jsonify({'error': 'Not authorized'}), 403)
            print 'correct old password'
            if log_text != '':
                log_text += '; '
            log_text += 'Changed password'
            user.password = flask_bcrypt.generate_password_hash(
                base64.decodestring(form.newpassword.data))
            db.session.commit()

        if form.lastName.data != None and form.lastName.data != '':
            if user.lastName != form.lastName.data:
                if log_text != '':
                    log_text += '; '
                log_text += 'Change last name from ' + user.lastName + ' to ' + form.lastName.data
            user.lastName = form.lastName.data

        if form.firstName.data != None and form.firstName.data != '':
            if user.firstName != form.firstName.data:
                if log_text != '':
                    log_text += '; '
                log_text += 'Change first name from ' + user.firstName + ' to ' + form.firstName.data
            user.firstName = form.firstName.data

        if form.phone.data != None and form.phone.data != '':
            if user.phone != form.phone.data:
                if log_text != '':
                    log_text += '; '
                log_text += 'Change phone number from ' + user.phone + ' to ' + form.phone.data
            user.phone = form.phone.data

        if form.association.data != None and form.association.data != '':
            if user.association != form.association.data:
                if log_text != '':
                    log_text += '; '
                log_text += 'Change association to ' + str(
                    form.association.data)
            user.association = form.association.data

        # this properties can only be changed by a admin or a superuser

        if form.role.data != None and form.role.data != '':
            if g.user.role != 1:
                return make_response(jsonify({'error': 'Not authorized'}), 403)
            if user.role != form.role.data:
                if log_text != '':
                    log_text += '; '
                log_text += 'Change role from ' + str(
                    user.role) + ' to ' + str(form.role.data)
            user.role = form.role.data

        if form.accessDaysMask.data != None and form.accessDaysMask.data != '':
            if g.user.role != 1 and g.user.role != 2:
                return make_response(jsonify({'error': 'Not authorized'}), 403)
            if user.accessDaysMask != form.accessDaysMask.data:
                if log_text != '':
                    log_text += '; '
                log_text += 'Change accessDaysMask from ' + str(
                    user.accessDaysMask) + ' to ' + str(
                        form.accessDaysMask.data)
            user.accessDaysMask = form.accessDaysMask.data

        if form.accessDayCounter.data != None and form.accessDayCounter.data != '':
            if g.user.role != 1 and g.user.role != 2:
                return make_response(jsonify({'error': 'Not authorized'}), 403)
            if user.accessDayCounter != form.accessDayCounter.data:
                if log_text != '':
                    log_text += '; '
                log_text += 'Change accessDayCounter from ' + str(
                    user.accessDayCounter) + ' to ' + str(
                        form.accessDayCounter.data)
                user.lastAccessDaysUpdateDate = datetime.datetime.today()
            user.accessDayCounter = form.accessDayCounter.data

        if form.accessDayCyclicBudget.data != None and form.accessDayCyclicBudget.data != '':
            if g.user.role != 1 and g.user.role != 2:
                return make_response(jsonify({'error': 'Not authorized'}), 403)
            if user.accessDayCyclicBudget != form.accessDayCyclicBudget.data:
                if log_text != '':
                    log_text += '; '
                log_text += 'Change accessDayCyclicBudget from ' + str(
                    user.accessDayCyclicBudget) + ' to ' + str(
                        form.accessDayCyclicBudget.data)
                user.lastAccessDaysUpdateDate = datetime.datetime.today()
            user.accessDayCyclicBudget = form.accessDayCyclicBudget.data

        if form.accessType.data != None and form.accessType.data != '':
            if g.user.role != 1 and g.user.role != 2:
                return make_response(jsonify({'error': 'Not authorized'}), 403)
            if user.accessType != form.accessType.data:
                if log_text != '':
                    log_text += '; '
                log_text += 'Change accessType from ' + str(
                    user.accessType) + ' to ' + str(form.accessType.data)
                user.lastAccessDaysUpdateDate = datetime.datetime.today()
            user.accessType = form.accessType.data

        if form.keyMask.data != None and form.keyMask.data != '':
            if g.user.role != 1 and g.user.role != 2:
                return make_response(jsonify({'error': 'Not authorized'}), 403)
            if user.keyMask != form.keyMask.data:
                if log_text != '':
                    log_text += '; '
                log_text += 'Change keyMask from ' + str(
                    user.keyMask) + ' to ' + str(form.keyMask.data)
            user.keyMask = form.keyMask.data

        if form.accessDateStart.data != None and form.accessDateStart.data != '':
            if g.user.role != 1 and g.user.role != 2:
                return make_response(jsonify({'error': 'Not authorized'}), 403)
            if user.accessDateStart != dateutil.parser.parse(
                    form.accessDateStart.data).replace(tzinfo=None):
                if log_text != '':
                    log_text += '; '
                log_text += 'Change accessDateStart from ', (
                    user.accessDateStart), ' to ', (form.accessDateStart.data)
            user.accessDateStart = dateutil.parser.parse(
                form.accessDateStart.data).replace(tzinfo=None)

        if form.accessDateEnd.data != None and form.accessDateEnd.data != '':
            if g.user.role != 1 and g.user.role != 2:
                return make_response(jsonify({'error': 'Not authorized'}), 403)
            if user.accessDateEnd != dateutil.parser.parse(
                    form.accessDateEnd.data).replace(tzinfo=None):
                if log_text != '':
                    log_text += '; '
                log_text += 'Change accessDateEnd from ' + str(
                    user.accessDateEnd) + ' to ' + str(form.accessDateEnd.data)
            user.accessDateEnd = dateutil.parser.parse(
                form.accessDateEnd.data).replace(tzinfo=None)

        if form.accessTimeStart.data != None and form.accessTimeStart.data != '':
            if g.user.role != 1 and g.user.role != 2:
                return make_response(jsonify({'error': 'Not authorized'}), 403)
            if user.accessTimeStart != dateutil.parser.parse(
                    form.accessTimeStart.data).replace(tzinfo=None):
                if log_text != '':
                    log_text += '; '
                log_text += 'Change accessTimeStart from ' + str(
                    user.accessTimeStart) + ' to ' + str(
                        form.accessTimeStart.data)
            user.accessTimeStart = dateutil.parser.parse(
                form.accessTimeStart.data).replace(tzinfo=None)

        if form.accessTimeEnd.data != None and form.accessTimeEnd.data != '':
            if g.user.role != 1 and g.user.role != 2:
                return make_response(jsonify({'error': 'Not authorized'}), 403)
            if user.accessTimeEnd != dateutil.parser.parse(
                    form.accessTimeEnd.data).replace(tzinfo=None):
                if log_text != '':
                    log_text += '; '
                log_text += 'Change accessTimeEnd from ' + str(
                    user.accessTimeEnd) + ' to ' + str(form.accessTimeEnd.data)
            user.accessTimeEnd = dateutil.parser.parse(
                form.accessTimeEnd.data).replace(tzinfo=None)

        log_text = 'Update of ' + user.firstName + ' ' + user.lastName + ' (' + user.email + ')' + ' with the following changes: ' + log_text
        logentry = Action(datetime.datetime.utcnow(), config.NODE_NAME,
                          g.user.firstName + ' ' + g.user.lastName,
                          g.user.email, log_text, 'User updated', 'L2', 0,
                          'Web based')
        db.session.add(logentry)
        db.session.commit()

        return '', 201
Пример #2
0
    def post(self, id):
        if id != g.user.id:
            if g.user.role != 1:
                return make_response(jsonify({'error': 'Not authorized'}), 403)
        form = UserPatchForm()
        if not form.validate_on_submit():
            print form.errors
            return form.errors, 422
        user = User.query.filter_by(id=id).first()
        log_text = ''
        if form.newpassword.data != None and form.newpassword.data != '':
            oldpwd = base64.decodestring(form.oldpassword.data)
            if not flask_bcrypt.check_password_hash(user.password, oldpwd):
                print 'incoorect old password'
                return make_response(jsonify({'error': 'Not authorized'}), 403)
            print 'correct old password'
            if log_text != '':
                log_text += '; '
            log_text += 'Changed password'
            user.password = flask_bcrypt.generate_password_hash(base64.decodestring(form.newpassword.data))
            db.session.commit()
        if form.lastName.data != None and form.lastName.data != '':
            if user.lastName != form.lastName.data:
                if log_text != '':
                    log_text += '; '
                log_text += 'Change last name from ' + user.lastName + ' to ' + form.lastName.data
            user.lastName = form.lastName.data
        if form.firstName.data != None and form.firstName.data != '':
            if user.firstName != form.firstName.data:
                if log_text != '':
                    log_text += '; '
                log_text += 'Change first name from ' + user.firstName + ' to ' + form.firstName.data
            user.firstName = form.firstName.data
        if form.phone.data != None and form.phone.data != '':
            if user.phone != form.phone.data:
                if log_text != '':
                    log_text += '; '
                log_text +=  'Change phone number from ' + user.phone + ' to ' + form.phone.data
            user.phone = form.phone.data
        if form.association.data != None and form.association.data != '':
            if user.association != form.association.data:
                if log_text != '':
                    log_text += '; '
                log_text += 'Change association to ' + str(form.association.data)
            user.association = form.association.data

        # this properties can only be changed by a admin or a superuser

        if form.role.data != None and form.role.data != '':
            if g.user.role != 1:
                return make_response(jsonify({'error': 'Not authorized'}), 403)
            if user.role != form.role.data:
                if log_text != '':
                    log_text += '; '
                log_text += 'Change role from ' + str(user.role) + ' to ' + str(form.role.data)
            user.role = form.role.data

        if form.accessDaysMask.data != None and form.accessDaysMask.data != '':
            if g.user.role != 1 and g.user.role != 2:
                return make_response(jsonify({'error': 'Not authorized'}), 403)
            if user.accessDaysMask != form.accessDaysMask.data:
                if log_text != '':
                    log_text += '; '
                log_text += 'Change accessDaysMask from ' + str(user.accessDaysMask) + ' to ' + str(form.accessDaysMask.data)
            user.accessDaysMask = form.accessDaysMask.data
        if form.accessDayCounter.data != None and form.accessDayCounter.data != '':
            if g.user.role != 1 and g.user.role != 2:
                return make_response(jsonify({'error': 'Not authorized'}), 403)
            if user.accessDayCounter != form.accessDayCounter.data:
                if log_text != '':
                    log_text += '; '
                log_text += 'Change accessDayCounter from ' + str(user.accessDayCounter) + ' to ' + str(form.accessDayCounter.data)
                user.lastAccessDaysUpdateDate = datetime.datetime.today()
            user.accessDayCounter = form.accessDayCounter.data
        if form.accessDayCyclicBudget.data != None and form.accessDayCyclicBudget.data != '':
            if g.user.role != 1 and g.user.role != 2:
                return make_response(jsonify({'error': 'Not authorized'}), 403)
            if user.accessDayCyclicBudget != form.accessDayCyclicBudget.data:
                if log_text != '':
                    log_text += '; '
                log_text += 'Change accessDayCyclicBudget from ' + str(user.accessDayCyclicBudget) + ' to ' + str(form.accessDayCyclicBudget.data)
                user.lastAccessDaysUpdateDate = datetime.datetime.today()
            user.accessDayCyclicBudget = form.accessDayCyclicBudget.data
        if form.accessType.data != None and form.accessType.data != '':
            if g.user.role != 1 and g.user.role != 2:
                return make_response(jsonify({'error': 'Not authorized'}), 403)
            if user.accessType != form.accessType.data:
                if log_text != '':
                    log_text += '; '
                log_text += 'Change accessType from ' + str(user.accessType) + ' to ' + str(form.accessType.data)
                user.lastAccessDaysUpdateDate = datetime.datetime.today()
            user.accessType = form.accessType.data
        if form.keyMask.data != None and form.keyMask.data != '':
            if g.user.role != 1 and g.user.role != 2:
                return make_response(jsonify({'error': 'Not authorized'}), 403)
            if user.keyMask != form.keyMask.data:
                if log_text != '':
                    log_text += '; '
                log_text += 'Change keyMask from ' + str(user.keyMask) + ' to ' + str(form.keyMask.data)
            user.keyMask = form.keyMask.data
        if form.accessDateStart.data != None and form.accessDateStart.data != '':
            if g.user.role != 1 and g.user.role != 2:
                return make_response(jsonify({'error': 'Not authorized'}), 403)
            if user.accessDateStart != datetime.datetime.strptime(form.accessDateStart.data, '%Y-%m-%dT%H:%M:%S.%fZ'):
                if log_text != '':
                    log_text += '; '
                log_text += 'Change accessDateStart from ' + str(user.accessDateStart) + ' to ' + str(form.accessDateStart.data)
            user.accessDateStart = datetime.datetime.strptime(form.accessDateStart.data, '%Y-%m-%dT%H:%M:%S.%fZ')
        if form.accessDateEnd.data != None and form.accessDateEnd.data != '':
            if g.user.role != 1 and g.user.role != 2:
                return make_response(jsonify({'error': 'Not authorized'}), 403)
            if user.accessDateEnd != datetime.datetime.strptime(form.accessDateEnd.data, '%Y-%m-%dT%H:%M:%S.%fZ'):
                if log_text != '':
                    log_text += '; '
                log_text += 'Change accessDateEnd from ' + str(user.accessDateEnd ) + ' to ' + str(form.accessDateEnd.data)
            user.accessDateEnd = datetime.datetime.strptime(form.accessDateEnd.data, '%Y-%m-%dT%H:%M:%S.%fZ')
        if form.accessTimeStart.data != None and form.accessTimeStart.data != '':
            if g.user.role != 1 and g.user.role != 2:
                return make_response(jsonify({'error': 'Not authorized'}), 403)
            if user.accessTimeStart != datetime.datetime.strptime(form.accessTimeStart.data, '%Y-%m-%dT%H:%M:%S.%fZ'):
                if log_text != '':
                    log_text += '; '
                log_text += 'Change accessTimeStart from ' + str(user.accessTimeStart) + ' to ' + str(form.accessTimeStart.data)
            user.accessTimeStart = datetime.datetime.strptime(form.accessTimeStart.data, '%Y-%m-%dT%H:%M:%S.%fZ')
        if form.accessTimeEnd.data != None and form.accessTimeEnd.data != '':
            if g.user.role != 1 and g.user.role != 2:
                return make_response(jsonify({'error': 'Not authorized'}), 403)
            if user.accessTimeEnd != datetime.datetime.strptime(form.accessTimeEnd.data, '%Y-%m-%dT%H:%M:%S.%fZ'):
                if log_text != '':
                    log_text += '; '
                log_text += 'Change accessTimeEnd from ' + str(user.accessTimeEnd) + ' to ' + str(form.accessTimeEnd.data)
            user.accessTimeEnd = datetime.datetime.strptime(form.accessTimeEnd.data, '%Y-%m-%dT%H:%M:%S.%fZ')

        log_text = 'Update of ' + user.firstName + ' ' + user.lastName + ' (' + user.email + ')' + ' with the following changes: ' + log_text
        logentry = Action(datetime.datetime.utcnow(), config.NODE_NAME, g.user.firstName + ' ' + g.user.lastName,
                       g.user.email, log_text, 'User updated',
                       'L2', 0, 'Web based')
        db.session.add(logentry)
        db.session.commit()

        return '', 201
Пример #3
0
    def post(self, id):
        if id != g.user.id:
            if (g.user.role & 1) == 0:
                return make_response(jsonify({"error": "Not authorized"}), 403)
        form = UserPatchForm()
        if not form.validate_on_submit():
            print form.errors
            return form.errors, 422
        user = User.query.filter_by(id=id).first()
        if form.newpassword.data != None and form.newpassword.data != "":
            print "Change password" + base64.decodestring(form.newpassword.data)
            oldpwd = base64.decodestring(form.oldpassword.data)
            if not flask_bcrypt.check_password_hash(user.password, oldpwd):
                print "incoorect old password"
                return make_response(jsonify({"error": "Not authorized"}), 403)
            print "correct old password"
            user.password = flask_bcrypt.generate_password_hash(base64.decodestring(form.newpassword.data))
            db.session.commit()
        if form.lastName.data != None and form.lastName.data != "":
            print "Change last name"
            user.lastName = form.lastName.data
        if form.firstName.data != None and form.firstName.data != "":
            print "Change first name"
            user.firstName = form.firstName.data
        if form.phone.data != None and form.phone.data != "":
            print "Change phone number"
            user.phone = form.phone.data
        if form.role.data != None and form.role.data != "":
            print "Change role to " + str(form.role.data)
            user.role = form.role.data
        if form.association.data != None and form.association.data != "":
            print "Change association to " + str(form.association.data)
            user.association = form.association.data
        if form.accessDaysMask.data != None and form.accessDaysMask.data != "":
            print "Change accessDaysMask to " + str(form.accessDaysMask.data)
            user.accessDaysMask = form.accessDaysMask.data
        if form.accessDayCounter.data != None and form.accessDayCounter.data != "":
            print "Change accessDayCounter to " + str(form.accessDayCounter.data)
            user.accessDayCounter = form.accessDayCounter.data
        if form.accessType.data != None and form.accessType.data != "":
            print "Change accessType to " + str(form.accessType.data)
            user.accessType = form.accessType.data
        if form.keyMask.data != None and form.keyMask.data != "":
            print "Change keyMask to " + str(form.keyMask.data)
            user.keyMask = form.keyMask.data
        if form.accessDateStart.data != None and form.accessDateStart.data != "":
            print "Change accessDateStart to " + str(form.accessDateStart.data)
            user.accessDateStart = datetime.datetime.strptime(form.accessDateStart.data, "%Y-%m-%dT%H:%M:%S.%fZ")
        if form.accessDateEnd.data != None and form.accessDateEnd.data != "":
            print "Change accessDateEnd to " + str(form.accessDateEnd.data)
            user.accessDateEnd = datetime.datetime.strptime(form.accessDateEnd.data, "%Y-%m-%dT%H:%M:%S.%fZ")
        if form.accessTimeStart.data != None and form.accessTimeStart.data != "":
            print "Change accessTimeStart to " + str(form.accessTimeStart.data)
            user.accessTimeStart = datetime.datetime.strptime(form.accessTimeStart.data, "%Y-%m-%dT%H:%M:%S.%fZ")
        if form.accessTimeEnd.data != None and form.accessTimeEnd.data != "":
            print "Change accessTimeEnd to " + str(form.accessTimeEnd.data)
            user.accessTimeEnd = datetime.datetime.strptime(form.accessTimeEnd.data, "%Y-%m-%dT%H:%M:%S.%fZ")

        db.session.commit()

        return "", 201
Пример #4
0
    def post(self, id):
        if id != g.user.id:
            if (g.user.role & 1) == 0:
                return make_response(jsonify({'error': 'Not authorized'}), 403)
        form = UserPatchForm()
        if not form.validate_on_submit():
            print form.errors
            return form.errors,422
        user = User.query.filter_by(id=id).first()
        if form.newpassword.data != None and form.newpassword.data != '':
            print 'Change password' + base64.decodestring(form.newpassword.data)
            oldpwd = base64.decodestring(form.oldpassword.data)
            if not flask_bcrypt.check_password_hash(user.password, oldpwd):
                print 'incoorect old password'
                return make_response(jsonify({'error': 'Not authorized'}), 403)
            print 'correct old password'
            user.password = flask_bcrypt.generate_password_hash(base64.decodestring(form.newpassword.data))
            db.session.commit()
        if form.lastName.data != None and form.lastName.data != '':
            print 'Change last name'
            user.lastName = form.lastName.data
        if form.firstName.data != None and form.firstName.data != '':
            print 'Change first name'
            user.firstName = form.firstName.data
        if form.phone.data != None and form.phone.data != '':
            print 'Change phone number'
            user.phone = form.phone.data
        if form.role.data != None and form.role.data != '':
            print 'Change role to ' + str(form.role.data)
            user.role = form.role.data
        if form.association.data != None and form.association.data != '':
            print 'Change association to ' + str(form.association.data)
            user.association = form.association.data
        if form.accessDaysMask.data != None and form.accessDaysMask.data != '':
            print 'Change accessDaysMask to ' + str(form.accessDaysMask.data)
            user.accessDaysMask = form.accessDaysMask.data
        if form.accessDayCounter.data != None and form.accessDayCounter.data != '':
            print 'Change accessDayCounter to ' + str(form.accessDayCounter.data)
            user.accessDayCounter = form.accessDayCounter.data
        if form.accessType.data != None and form.accessType.data != '':
            print 'Change accessType to ' + str(form.accessType.data)
            user.accessType = form.accessType.data
        if form.keyMask.data != None and form.keyMask.data != '':
            print 'Change keyMask to ' + str(form.keyMask.data)
            user.keyMask = form.keyMask.data
        if form.accessDateStart.data != None and form.accessDateStart.data != '':
            print 'Change accessDateStart to ' + str(form.accessDateStart.data)
            user.accessDateStart = datetime.datetime.strptime(form.accessDateStart.data, '%Y-%m-%dT%H:%M:%S.%fZ')
        if form.accessDateEnd.data != None and form.accessDateEnd.data != '':
            print 'Change accessDateEnd to ' + str(form.accessDateEnd.data)
            user.accessDateEnd = datetime.datetime.strptime(form.accessDateEnd.data, '%Y-%m-%dT%H:%M:%S.%fZ')
        if form.accessTimeStart.data != None and form.accessTimeStart.data != '':
            print 'Change accessTimeStart to ' + str(form.accessTimeStart.data)
            user.accessTimeStart = datetime.datetime.strptime(form.accessTimeStart.data, '%Y-%m-%dT%H:%M:%S.%fZ')
        if form.accessTimeEnd.data != None and form.accessTimeEnd.data != '':
            print 'Change accessTimeEnd to ' + str(form.accessTimeEnd.data)
            user.accessTimeEnd = datetime.datetime.strptime(form.accessTimeEnd.data, '%Y-%m-%dT%H:%M:%S.%fZ')

        db.session.commit()

        return '', 201