def create_private_chat(data):
"""Create a new private chat between two users."""
other_user = database_repository.get_user(data["other_user_id"].hex)
if not other_user:
return {"error": "Other user could not be found"}, HTTPStatus.NOT_FOUND
private_chat_id = md5(
g.current_user.id.encode("utf-8") +
other_user.id.encode("utf-8")).hexdigest()
existing_private_chat = database_repository.get_private_chat(
private_chat_id)
if existing_private_chat:
return (
{
"error":
"A private chat already exists between these two users"
},
HTTPStatus.BAD_REQUEST,
)
private_chat = PrivateChat(private_chat_id, g.current_user, other_user)
try:
database_repository.add_private_chat(private_chat)
except UniqueConstraintException as err:
return {"error": str(err)}, HTTPStatus.BAD_REQUEST
headers = {
"Location":
url_for("api.get_private_chat", private_chat_id=private_chat.id)
}
return (private_chat, HTTPStatus.CREATED, headers)
def ban_user(user_id):
"""Ban a user from accessing the api."""
user = database_repository.get_user(user_id)
if not user:
return {"error": "User not found"}, HTTPStatus.NOT_FOUND
if user.is_banned:
return {"error": "User is already banned"}, HTTPStatus.BAD_REQUEST
database_repository.update_user(user, {"is_banned": True})
return {}, HTTPStatus.NO_CONTENT
def update_user(user_data, user_id):
"""Replace a user resource."""
if g.current_user.id != user_id:
return {
"error": "You do not have the permissions to perform this action"
}, HTTPStatus.UNAUTHORIZED
user = database_repository.get_user(user_id)
if not user:
return {"error": "User not found"}, HTTPStatus.NOT_FOUND
database_repository.update_user(user, user_data)
return {}, HTTPStatus.NO_CONTENT
def delete_user(user_id):
"""Delete a user resource."""
if g.current_user.id != user_id:
return {
"error": "You do not have the permissions to perform this action"
}, HTTPStatus.UNAUTHORIZED
user = database_repository.get_user(user_id)
if not user:
return {"error": "User not found"}, HTTPStatus.NOT_FOUND
database_repository.remove_user(user)
profile_photo_id = user.id + "_" + ImageType.USER_PROFILE_PHOTO.name
cover_photo_id = user.id + "_" + ImageType.USER_COVER_PHOTO.name
file_repository.remove(profile_photo_id)
file_repository.remove(cover_photo_id)
return {}, HTTPStatus.NO_CONTENT
def update_user_permissions(role_data, user_id):
"""Update permissions for a user."""
user = database_repository.get_user(user_id)
if not user:
return {"error": "User not found"}, HTTPStatus.NOT_FOUND
updated_user_data = {
"role": {
"permissions": role_data.get("_permissions", [])
}
}
try:
database_repository.update_user(user, updated_user_data)
except PermissionsError as err:
return {"error": str(err)}, HTTPStatus.BAD_REQUEST
return {}, HTTPStatus.NO_CONTENT
def wrapper(*args, **kwargs):
auth_header = request.headers.get("Authorization")
if not auth_header:
return (
{"error": "Missing token in authorization header"},
HTTPStatus.UNAUTHORIZED,
)
auth_type = "Bearer"
bearer_start_index = auth_header.find(auth_type)
raw_jwt = auth_header[bearer_start_index + len(auth_type) :].strip()
if not raw_jwt:
return (
{"error": "Missing token in authorization headers"},
HTTPStatus.UNAUTHORIZED,
)
decoded_token = User.decode_token(raw_jwt, current_app.config["SECRET_KEY"])
if not decoded_token:
return (
{"error": f"Invalid {token_type.name.replace('_', ' ').lower()}"},
HTTPStatus.UNAUTHORIZED,
)
if decoded_token.token_type != token_type:
return (
{"error": "Incorrect token type provided"},
HTTPStatus.UNAUTHORIZED,
)
if is_blacklisted(decoded_token, token_type):
return (
{"error": f"Token is blacklisted"},
HTTPStatus.UNAUTHORIZED,
)
current_user = database_repository.get_user(decoded_token.user_id)
if not current_user:
return {"error": "User not found"}
if current_user.is_banned:
return {"error": "User is banned"}, HTTPStatus.UNAUTHORIZED
g.current_user = current_user
g.decoded_token = decoded_token
return func(*args, **kwargs)
def wrapper(*args, **kwargs):
raw_jwt = request.args.get("token")
if not raw_jwt:
disconnect()
else:
decoded_token = User.decode_token(
raw_jwt, current_app.config["SECRET_KEY"]
)
if not decoded_token:
disconnect()
elif decoded_token.token_type != token_type:
disconnect()
elif is_blacklisted(decoded_token, token_type):
disconnect()
else:
current_user = database_repository.get_user(decoded_token.user_id)
if not current_user:
disconnect()
elif current_user.is_banned:
disconnect()
else:
g.current_user = current_user
g.decoded_token = decoded_token
return func(*args, **kwargs)
def get_user_role(user_id):
"""Return a user's role and permissions"""
user = database_repository.get_user(user_id)
if not user:
return {"error": "User not found"}, HTTPStatus.NOT_FOUND
return user.role, HTTPStatus.OK
def get_user(user_id):
"""Return a single user by id."""
user = database_repository.get_user(user_id)
if not user:
return {"error": "User not found"}, HTTPStatus.NOT_FOUND
return user, HTTPStatus.OK