def view(id): """Retrieve role details. --- post: summary: Retrieve role details description: > Fetch detailed information about a role that the user is entitled to access, e.g. their own role, or a group they are part of. parameters: - in: path name: id required: true description: role ID schema: type: integer responses: '200': description: OK content: application/json: schema: $ref: '#/components/schemas/Role' tags: - Role """ role = obj_or_404(Role.by_id(id)) require(request.authz.can_read_role(role.id)) return RoleSerializer.jsonify(role)
def create(): require(not request.authz.in_maintenance, settings.PASSWORD_LOGIN) data = parse_request(RoleCreateSchema) try: email = Role.SIGNATURE.loads(data.get('code'), max_age=Role.SIGNATURE_MAX_AGE) except BadSignature: return jsonify({ 'status': 'error', 'message': gettext('Invalid code') }, status=400) role = Role.by_email(email) if role is not None: return jsonify({ 'status': 'error', 'message': gettext('Email is already registered') }, status=409) role = Role.load_or_create( foreign_id='password:{}'.format(email), type=Role.USER, name=data.get('name') or email, email=email ) role.set_password(data.get('password')) db.session.add(role) db.session.commit() update_role(role) # Let the serializer return more info about this user request.authz.id = role.id tag_request(role_id=role.id) return RoleSerializer.jsonify(role, status=201)
def create(): require(not request.authz.in_maintenance, settings.PASSWORD_LOGIN) data = parse_request(RoleCreateSchema) try: email = Role.SIGNATURE.loads(data.get('code'), max_age=Role.SIGNATURE_MAX_AGE) except BadSignature: return jsonify({ 'status': 'error', 'message': gettext('Invalid code') }, status=400) role = Role.by_email(email) if role is not None: return jsonify({ 'status': 'error', 'message': gettext('Email is already registered') }, status=409) role = Role.load_or_create( foreign_id='password:{}'.format(email), type=Role.USER, name=data.get('name') or email, email=email ) role.set_password(data.get('password')) db.session.add(role) db.session.commit() update_role(role) # Let the serializer return more info about this user request.authz.id = role.id return RoleSerializer.jsonify(role, status=201)
def update(id): role = obj_or_404(Role.by_id(id)) require(request.authz.can_write_role(role.id)) data = parse_request(RoleSchema) role.update(data) db.session.add(role) db.session.commit() update_role(role) return RoleSerializer.jsonify(role)
def update(id): role = obj_or_404(Role.by_id(id)) require(request.authz.session_write) require(check_editable(role, request.authz)) data = parse_request(RoleSchema) role.update(data) db.session.add(role) db.session.commit() update_role(role) return RoleSerializer.jsonify(role)
def create(): """Create a user role. --- post: summary: Create a user account description: > Create a user role by supplying the required account details. requestBody: content: application/json: schema: $ref: '#/components/schemas/RoleCreate' responses: '200': description: OK content: application/json: schema: $ref: '#/components/schemas/Role' tags: - Role """ require(settings.PASSWORD_LOGIN) require(not request.authz.in_maintenance) data = parse_request("RoleCreate") try: email = Role.SIGNATURE.loads(data.get("code"), max_age=Role.SIGNATURE_MAX_AGE) except BadSignature: return jsonify({ "status": "error", "message": gettext("Invalid code") }, status=400) role = Role.by_email(email) if role is not None: return jsonify( { "status": "error", "message": gettext("Email is already registered") }, status=409, ) role = create_user(email, data.get("name"), data.get("password")) # Let the serializer return more info about this user request.authz = Authz.from_role(role) tag_request(role_id=role.id) return RoleSerializer.jsonify(role, status=201)
def update(id): """Change user settings. --- post: summary: Change user settings description: > Update a role to change its display name, or to define a new login password. Users can only update roles they have write access to, i.e. their own. parameters: - in: path name: id required: true description: role ID schema: type: integer requestBody: content: application/json: schema: $ref: '#/components/schemas/RoleUpdate' responses: '200': description: OK content: application/json: schema: $ref: '#/components/schemas/Role' tags: - Role """ role = obj_or_404(Role.by_id(id)) require(request.authz.can_write_role(role.id)) data = parse_request("RoleUpdate") # When changing passwords, check the old password first. # cf. https://github.com/alephdata/aleph/issues/718 if data.get("password"): current_password = data.get("current_password") if not role.check_password(current_password): raise BadRequest(gettext("Incorrect password.")) role.update(data) db.session.add(role) db.session.commit() update_role(role) return RoleSerializer.jsonify(role)
def update(id): role = obj_or_404(Role.by_id(id)) require(request.authz.can_write_role(role.id)) data = parse_request(RoleSchema) # When changing passwords, check the old password first. # cf. https://github.com/alephdata/aleph/issues/718 if data.get('password'): current_password = data.get('current_password') if not role.check_password(current_password): raise BadRequest(gettext('Incorrect password.')) role.update(data) db.session.add(role) db.session.commit() update_role(role) return RoleSerializer.jsonify(role)
def view(id): role = obj_or_404(Role.by_id(id)) require(check_editable(role, request.authz)) return RoleSerializer.jsonify(role)
def view(id): role = obj_or_404(Role.by_id(id)) require(request.authz.can_read_role(role.id)) return RoleSerializer.jsonify(role)