def get_data_users(self):
data = common.files.read_from_file(self.path_storage)
# decode file
if not isinstance(data, Exception):
data = Security().decode_string(data)
users = data.split(self.delimiter_users)
users = [user.split(self.delimiter_data_user) for user in users]
# return users
else:
self.create_storage()
users = self.get_data_users()
return users
def delete(self):
tournament_id = request.args.get("tournament_id")
user_id = request.args.get("user_id")
if user_id is None:
user_id = Security.get_current_user().id
if not Security.is_current_user_or_organizer(user_id):
abort(401)
volunteer = Volunteer.query.filter_by(tournament_id=tournament_id, user_id=user_id).first()
if volunteer is not None:
db.session.delete(volunteer)
db.session.commit()
return
else:
abort(404)
def get(self):
args = request.args
if "id" in args and len(args) is not 1:
return "'id' parameter may not be used with other parameters", 400
tournament_id = args.get("id")
name = args.get("name")
if name:
name = "%" + name + "%"
category = args.get("category")
if category:
category = "%" + category + "%"
hidden = args.get("hidden") == "true"
active = args.get("active") == "true"
sort = args.get("sort")
reverse = args.get("reverse") == "true"
query = Tournament.query
# Get one by id
if tournament_id:
query = query.filter(Tournament.id == tournament_id)
# Query on actual search parameters
if name:
query = query.filter(Tournament.name.like(name))
if category:
query = query.filter(Tournament.category.like(category))
if not (Security.get_current_user()
and Security.get_current_user().is_organizer()):
query = query.filter(not Tournament.hidden)
elif hidden:
query = query.filter(Tournament.hidden)
if active:
query = query.filter(Tournament.active)
# Sorting logic. Default sort is by id for now.
order = Tournament.id
if sort == "name":
order = Tournament.name
if sort == "category":
order = Tournament.category
if reverse:
order = order.desc()
query = query.order_by(order)
tournaments = query.all()
return self.list_schema.dump(tournaments)
def save_changes(self, users):
user_data = []
for user in users:
user_data.append(self.convert_to_string(user))
users_str = self.delimiter_users.join(user_data)
encode_users = Security().encode_string(users_str)
common.files.overwrite_file(self.path_storage, encode_users)
def put(self):
data = request.get_json()
user_data = data["user"]
new_data = self.schema.load(user_data)
current_id = Security.get_current_user().id
if new_data.id is not current_id:
abort(401)
user = User.query.get(current_id)
if user is not None:
if "password" in data.keys():
if "old_password" in data.keys() and user.check_password(
data["old_password"]):
user.set_password(data["password"])
else:
return "Current password is incorrect", 401
user.username = new_data.username
user.discord_name = new_data.discord_name
user.pronunciation = new_data.pronunciation
user.pronouns = new_data.pronouns
user.about = new_data.about
user.srl_name = new_data.srl_name
user.twitch_name = new_data.twitch_name
user.src_name = new_data.src_name
user.input_method = new_data.input_method
user.restream = new_data.restream
user.commentary = new_data.commentary
user.tracking = new_data.tracking
user.date_modified = datetime.utcnow()
db.session.commit()
return
else:
abort(404)
def update_user_field(self, username, field, new_data):
if field != 'password':
sql = "UPDATE User SET " + field + " = " + "'" + str(
int(new_data)) + "'" + " WHERE name = '" + username + "'"
else:
cipher_password = "******" + new_data + "', '" + Security(
).key + "')"
sql = "UPDATE User SET " + field + " = " + cipher_password + " WHERE name = '" + username + "'"
self.execute_sql(sql)
def post(self):
data = request.get_json()
user_id = Security.get_current_user().id
data["user_id"] = user_id
response = self.schema.load(data)
db.session.add(response)
db.session.commit()
return None, 201
def post(self):
data = request.get_json()
try:
volunteer = Volunteer(tournament_id=data.get("tournament_id"), \
user_id=Security.get_current_user().id)
db.session.add(volunteer)
db.session.commit()
except IntegrityError:
db.session.rollback()
return "You've already signed up for this event"
return None, 201
def user_password_cipher_string(user):
data_user = []
cipher_password = "******" + user.password + "', '" + Security(
).key + "')"
data_user.append("\"" + user.name + "\"")
data_user.append(cipher_password)
data_user.append(str(int(user.enabled)))
data_user.append(str(int(user.password_restriction)))
data_user.append("\"" + user.role + "\"")
user_str = ",".join(data_user)
return user_str
def get_users(self):
sql = "SELECT name, " \
"AES_DECRYPT(password, '" + Security().key + "'), " \
"enabled, password_restriction, role FROM " \
+ self.database + '.' + self.users_table
data = self.execute_sql(sql)
all_users = [User(*user) for user in data]
if len(all_users) == 0:
user = User("admin", "admin", role='ADMIN')
self.add_user(user)
self.get_users()
return all_users
def post(self):
if Security.get_current_user() is not None:
abort(405)
data = request.get_json()
user_data = data["user"]
user = self.schema.load(user_data)
user.set_password(data["password"])
try:
db.session.add(user)
db.session.commit()
except IntegrityError:
db.session.rollback()
return "That username is taken", 500
return self.schema.dump(user), 201
def put(self):
data = request.get_json()
new = self.schema.load(data)
user_id = Security.get_current_user().id
# Get existing response only if it belongs to the current user
response = Response.query.get(new.id)
if response:
print(response.user_id, user_id)
if response.user_id is not user_id:
return "You are not authorized to edit this response.", 401
response.response = new.response
response.modified_date = datetime.utcnow()
db.session.commit()
return
else:
return None, 404