def UpdatePin(id=0): pin = Pin.query.get_or_404(id) user = get_jwt_identity() if (User.Role(user['role']) not in [User.Role.ADMIN, User.Role.VERIFIED]) and (user['id'] != pin.edits[0].user_id): return Response('only the creator or an admin can edit a pin', status=403) try: json = request.json details = '' PROPERTY_LIST = ['position_x', 'position_y', 'symbol', 'resource', 'rank', 'name', 'amount', 'respawn', 'notes', 'x_cord', 'y_cord'] for prop in PROPERTY_LIST: old_value = getattr(pin, prop) enum = False if hasattr(old_value, 'value'): old_value = old_value.value enum = True if old_value != json[prop]: details += f'{prop} changed from {old_value} to {json[prop]}\n' if enum is True: if json[prop] in [item.value for item in Pin.Symbol]: setattr(pin, prop, Pin.Symbol(json[prop])) elif json[prop] in [item.value for item in Pin.Resource]: setattr(pin, prop, Pin.Resource(json[prop])) else: setattr(pin, prop, json[prop]) db.session.commit() newEdit = Edit(details, pin.id, get_jwt_identity()['id']) db.session.add(newEdit) db.session.commit() return jsonify(pin.to_dict()) except IntegrityError as error: return Response(error.args[0], status=400)
def DeletePin(id=0): pin = Pin.query.get_or_404(id) creator_id = pin.edits[0].user_id user = get_jwt_identity() if User.Role(user['role']) == User.Role.ADMIN or user['id'] == creator_id: db.session.delete(pin) db.session.commit() return Response('pin deleted', status=200) return Response('only the creator or an admin can delete a pin', status=403)
def Revoke_user_Access(discord_id=0): user = User.query.filter_by(discord=discord_id).first_or_404() json = request.json try: if 'is_active' in json: user.is_active = json['is_active'] if 'role' in json: user.role = User.Role(json['role']) db.session.commit() return jsonify(user.to_dict()), 200 except IntegrityError: return jsonify('could not complete the requested action'), 400
def AdminUpdateUser(id=0): user = User.query.get_or_404(id) if get_jwt_identity()['id'] == int(id): return Response('cannot update your own account', status=403) admin = User.query.get_or_404(get_jwt_identity()['id']) try: if admin.role not in [User.Role.ADMIN]: if admin.guild != user.guild: return Response( 'must be in the guild you are atempting to edit', status=403) json = request.json if ('password' in json.keys()): user.password = sha256_crypt.encrypt(json['password']) if user.guild_id != json['guild_id']: user.guild_id = json['guild_id'] data = { 'user': user.discord, 'guildTag': Guild.query.filter_by( id=json['guild_id']).first_or_404().nickname } log.warning(data) requests.post(BOT_URL + '/updateUser', json=data, verify=VERIFY_SSL) user.is_active = json['is_active'] if User.Role(json['role']) == User.Role.ADMIN: if admin.role in [User.Role.ADMIN]: user.role = User.Role(json['role']) else: user.role = User.Role(json['role']) or None db.session.commit() return jsonify(user.to_dict()) except IntegrityError as error: return Response(error.args[0], status=400)
def ConfirmDiscord(): json = request.json user = User.query.filter_by(username=json['username']).first_or_404() token = json['token'] if user.discord_confirmed is True: return Response('user has already confirmed their discord', status=400) username = confirm_token(token) if username == user.username: try: user.discord_confirmed = True user.discord = json['discord'] if json['member']: user.role = User.Role('verified') db.session.commit() except IntegrityError as error: return Response(error.args[0], status=400) return jsonify(user.to_dict()) return Response('invalid user/token', status=400)