def grant_credential_to_user(self, credential_id, user_id): user = UserResource.find_by_id(user_id) credential = self.find_by_id(credential_id) user.credentials.append(credential) current_app.db_session.add(user) current_app.db_session.commit() current_app.db_session.refresh(user) return credential
def revoke_credential_from_user(self, credential_id, user_id): # do not allow to revoke oneself! auth_token = request.cookies.get('auth_token', None) if auth_token is None: abort(400, __error__=["Missing parameters or body."]) current_user_id = unsign_auth_token(auth_token) if current_user_id == user_id: abort(403, __error__=["Cannot revoke credentials for oneself."]) user = UserResource.find_by_id(user_id) credential = self.find_by_id(credential_id) user.credentials.remove(credential) current_app.db_session.commit() return credential