def action_update(account):
if not account.is_admin:
return response.unauthorized()
content = request.get_json(silent=True)
content = content if content is not None else {}
form = AccountUpdateForm.from_json(content)
if form.validate():
found_account = Account.query.get(form.id.data)
if found_account:
found_account.name = form.name.data
found_account.token = form.token.data
found_account.email = form.email.data
found_account.photo_url = form.photo_url.data
found_account.is_admin = form.is_admin.data
found_account.updated_at = datetime.utcnow()
if form.password.data:
found_account.set_password(form.password.data)
db.session.flush()
db.session.commit()
found_account = Account.query.get(found_account.id)
return response.success(
data={"account": found_account.to_dict("update")})
else:
return response.not_success("not-found")
else:
return response.from_form(form)
def action_delete(account):
if not account.is_admin:
return response.unauthorized()
content = request.get_json(silent=True)
content = content if content is not None else {}
form = AccountDeleteForm.from_json(content)
if form.validate():
if form.id.data > 1:
found_account = Account.query.get(form.id.data)
if found_account:
db.session.delete(found_account)
db.session.flush()
db.session.commit()
return response.success()
else:
return response.not_success("not-found")
else:
return response.with_validate_error(
"id", ["Cannot delete this account."])
else:
return response.from_form(form)
def action_create(account):
if not account.is_admin:
return response.unauthorized()
content = request.get_json(silent=True)
content = content if content is not None else {}
form = AccountCreateForm.from_json(content)
if form.validate():
new_account = Account()
new_account.name = form.name.data
new_account.email = form.email.data
new_account.photo_url = form.photo_url.data
new_account.is_admin = form.is_admin.data
new_account.created_at = datetime.utcnow()
new_account.set_password(form.password.data)
db.session.add(new_account)
db.session.flush()
db.session.commit()
new_account = Account.query.get(new_account.id)
return response.success(
data={'account': new_account.to_dict('create')})
else:
return response.from_form(form)
def action_list(account):
if not account.is_admin:
return response.unauthorized()
accounts = Account.query.order_by(Account.created_at.desc()).all()
accounts = [r.to_dict("list") for r in accounts]
return response.success(data={"list": accounts})
def action_token(account):
if not account.is_admin:
return response.unauthorized()
content = request.get_json(silent=True)
content = content if content is not None else {}
form = AccountGetForm.from_json(content)
if form.validate():
found_account = Account.query.get(form.id.data)
if found_account:
return response.success(
data={"token": found_account.get_jwt_encoded()})
else:
return response.not_success("not-found")
else:
return response.from_form(form)
def action_get(account):
if not account.is_admin:
return response.unauthorized()
content = request.get_json(silent=True)
content = content if content is not None else {}
form = AccountGetForm.from_json(content)
if form.validate():
found_account = Account.query.get(form.id.data)
if found_account:
return response.success(
data={'account': found_account.to_dict('get')})
else:
return response.not_success('not-found')
else:
return response.from_form(form)
def wrapper(*args, **kwargs):
try:
start_time = time.time()
token = request.headers.get('token')
user = User.verify_auth_token(token)
if not user:
return response.log_timeout()
if not (user.permission & permission):
return response.unauthorized()
request.user = user
r = f(*args, **kwargs)
logging.info('{} cost:{}'.format(request.url,
(time.time() - start_time)))
return r
except Exception as err:
logging.exception('{}, {}, {}'.format(request.url,
request.method, err))
return response.server_error()