def __init__(self, email, password, firstName, lastName, role = 0, phone='0', licenseMask =0, keyMask = 0, association = ''):
self.syncMaster = 0
self.active = 1
self.phone = phone
self.cardAuthBlock = 1
self.cardAuthSector = 4
self.cardID = ''
self.cardKey = ''
self.cardSecret = ''
self.cardAuthKeyA = 'FF FF FF FF FF FF'
self.cardAuthKeyB = ''
self.cardSecret = ''
self.role = role;
self.email = email
self.password = flask_bcrypt.generate_password_hash(password)
self.firstName = firstName
self.lastName = lastName
self.association = association
self.phone = phone
self.keyMask = keyMask
self.licenseMask = licenseMask
self.accessDaysMask = 127
self.accessType = 0
self.accessDayCounter = 0
self.accessDateStart = (datetime.datetime.today()).replace(hour=0, minute=0, second=0, microsecond=0)
self.accessDateEnd = (datetime.datetime.today() + datetime.timedelta(365*15)).replace(hour=0,minute=0,second=0,microsecond=0)
self.accessTimeStart = datetime.datetime.today().replace(hour= 6, minute= 0, second=0, microsecond=0)
self.accessTimeEnd = datetime.datetime.today().replace(hour= 22, minute= 30, second=0, microsecond=0)
self.lastLoginDateTime = datetime.datetime.today()
self.registerDateTime = datetime.datetime.today()
self.budget = 0.00;
def __init__(self,
email,
password,
firstName,
lastName,
role=0,
phone='0',
licenseMask=0,
keyMask=0,
association=''):
self.syncMaster = 0
self.active = 1
self.phone = phone
self.cardAuthBlock = 1
self.cardAuthSector = 4
self.cardID = ''
self.cardSecret = ''
self.cardAuthKeyA = ''
self.cardAuthKeyB = ''
self.role = role
self.email = email
self.password = flask_bcrypt.generate_password_hash(password)
self.firstName = firstName
self.lastName = lastName
self.association = association
self.phone = phone
self.keyMask = keyMask
self.licenseMask = licenseMask
self.accessDaysMask = 127
self.accessType = 0
self.accessDayCounter = 10
self.accessDayCyclicBudget = 10
self.weeklyAccessAverage = 0
self.weeklyAccessWeekNumber = datetime.datetime.now().isocalendar()[1]
self.weeklyAccessCount = 0
self.monthlyAccessAverage = 0
self.monthlyAccessMonthNumber = datetime.datetime.now().month
self.monthlyAccessCount = 0
self.lastAccessDaysUpdateDate = (datetime.datetime.today()).replace(
hour=0, minute=0, second=0, microsecond=0)
self.accessDateStart = (datetime.datetime.today()).replace(
hour=0, minute=0, second=0, microsecond=0)
self.accessDateEnd = (
datetime.datetime.today() + datetime.timedelta(365 * 15)).replace(
hour=0, minute=0, second=0, microsecond=0)
self.accessTimeStart = datetime.datetime.today().replace(
hour=0, minute=1, second=0, microsecond=0)
self.accessTimeEnd = datetime.datetime.today().replace(
hour=23, minute=59, second=0, microsecond=0)
self.lastAccessDateTime = (datetime.datetime.today()).replace(
hour=0, minute=0, second=0, microsecond=0)
self.lastLoginDateTime = datetime.datetime.today()
self.lastSyncDateTime = datetime.datetime.now()
self.registerDateTime = datetime.datetime.today()
self.budget = 0.00
self.lastBudgetUpdateDate = (datetime.datetime.today()).replace(
hour=0, minute=0, second=0, microsecond=0)
def post(self):
form = LostPasswordForm()
if not form.validate_on_submit():
return form.errors, 422
user = User.query.filter_by(email=form.email.data).first()
if user is None:
return "", 401
new_password = controller.id_generator(12)
user.password = flask_bcrypt.generate_password_hash(new_password)
db.session.commit()
send_email(
"%s: A new password has been generated" % "RoseGuarden",
MAIL_USERNAME,
[user.email],
render_template("lostpassword_mail.txt", user=user, password=new_password),
render_template("lostpassword_mail.html", user=user, password=new_password),
)
return "", 201
def post(self):
form = LostPasswordForm()
if not form.validate_on_submit():
return form.errors, 422
user = User.query.filter_by(email=form.email.data).first()
if user is None:
return '', 401
new_password = security.generator_password(12)
user.password = flask_bcrypt.generate_password_hash(new_password)
db.session.commit()
send_email("%s: A new password has been generated" % 'RoseGuarden',
config.MAIL_USERNAME,
[user.email],
render_template("lostpassword_mail.txt",
user=user, password=new_password),
render_template("lostpassword_mail.html",
user=user, password=new_password))
return '', 201
def __init__(
self, email, password, firstName, lastName, role=0, phone="0", licenseMask=0, keyMask=0, association=""
):
self.syncMaster = 0
self.active = 1
self.phone = phone
self.cardAuthBlock = 1
self.cardAuthSector = 4
self.cardID = ""
self.cardKey = ""
self.cardSecret = ""
self.cardAuthKeyA = "FF FF FF FF FF FF"
self.cardAuthKeyB = ""
self.cardSecret = ""
self.role = role
self.email = email
self.password = flask_bcrypt.generate_password_hash(password)
self.firstName = firstName
self.lastName = lastName
self.association = association
self.phone = phone
self.keyMask = keyMask
self.licenseMask = licenseMask
self.accessDaysMask = 127
self.accessType = 0
self.accessDayCounter = 0
self.accessDateStart = (datetime.datetime.today()).replace(hour=0, minute=0, second=0, microsecond=0)
self.accessDateEnd = (datetime.datetime.today() + datetime.timedelta(365 * 15)).replace(
hour=0, minute=0, second=0, microsecond=0
)
self.accessTimeStart = datetime.datetime.today().replace(hour=6, minute=0, second=0, microsecond=0)
self.accessTimeEnd = datetime.datetime.today().replace(hour=22, minute=30, second=0, microsecond=0)
self.lastLoginDateTime = datetime.datetime.today()
self.registerDateTime = datetime.datetime.today()
self.budget = 0.00
def post(self, id):
if id != g.user.id:
if g.user.role != 1:
return make_response(jsonify({'error': 'Not authorized'}), 403)
form = UserPatchForm()
if not form.validate_on_submit():
print form.errors
return form.errors, 422
user = User.query.filter_by(id=id).first()
log_text = ''
if form.newpassword.data != None and form.newpassword.data != '':
oldpwd = base64.decodestring(form.oldpassword.data)
if not flask_bcrypt.check_password_hash(user.password, oldpwd):
print 'incoorect old password'
return make_response(jsonify({'error': 'Not authorized'}), 403)
print 'correct old password'
if log_text != '':
log_text += '; '
log_text += 'Changed password'
user.password = flask_bcrypt.generate_password_hash(
base64.decodestring(form.newpassword.data))
db.session.commit()
if form.lastName.data != None and form.lastName.data != '':
if user.lastName != form.lastName.data:
if log_text != '':
log_text += '; '
log_text += 'Change last name from ' + user.lastName + ' to ' + form.lastName.data
user.lastName = form.lastName.data
if form.firstName.data != None and form.firstName.data != '':
if user.firstName != form.firstName.data:
if log_text != '':
log_text += '; '
log_text += 'Change first name from ' + user.firstName + ' to ' + form.firstName.data
user.firstName = form.firstName.data
if form.phone.data != None and form.phone.data != '':
if user.phone != form.phone.data:
if log_text != '':
log_text += '; '
log_text += 'Change phone number from ' + user.phone + ' to ' + form.phone.data
user.phone = form.phone.data
if form.association.data != None and form.association.data != '':
if user.association != form.association.data:
if log_text != '':
log_text += '; '
log_text += 'Change association to ' + str(
form.association.data)
user.association = form.association.data
# this properties can only be changed by a admin or a superuser
if form.role.data != None and form.role.data != '':
if g.user.role != 1:
return make_response(jsonify({'error': 'Not authorized'}), 403)
if user.role != form.role.data:
if log_text != '':
log_text += '; '
log_text += 'Change role from ' + str(
user.role) + ' to ' + str(form.role.data)
user.role = form.role.data
if form.accessDaysMask.data != None and form.accessDaysMask.data != '':
if g.user.role != 1 and g.user.role != 2:
return make_response(jsonify({'error': 'Not authorized'}), 403)
if user.accessDaysMask != form.accessDaysMask.data:
if log_text != '':
log_text += '; '
log_text += 'Change accessDaysMask from ' + str(
user.accessDaysMask) + ' to ' + str(
form.accessDaysMask.data)
user.accessDaysMask = form.accessDaysMask.data
if form.accessDayCounter.data != None and form.accessDayCounter.data != '':
if g.user.role != 1 and g.user.role != 2:
return make_response(jsonify({'error': 'Not authorized'}), 403)
if user.accessDayCounter != form.accessDayCounter.data:
if log_text != '':
log_text += '; '
log_text += 'Change accessDayCounter from ' + str(
user.accessDayCounter) + ' to ' + str(
form.accessDayCounter.data)
user.lastAccessDaysUpdateDate = datetime.datetime.today()
user.accessDayCounter = form.accessDayCounter.data
if form.accessDayCyclicBudget.data != None and form.accessDayCyclicBudget.data != '':
if g.user.role != 1 and g.user.role != 2:
return make_response(jsonify({'error': 'Not authorized'}), 403)
if user.accessDayCyclicBudget != form.accessDayCyclicBudget.data:
if log_text != '':
log_text += '; '
log_text += 'Change accessDayCyclicBudget from ' + str(
user.accessDayCyclicBudget) + ' to ' + str(
form.accessDayCyclicBudget.data)
user.lastAccessDaysUpdateDate = datetime.datetime.today()
user.accessDayCyclicBudget = form.accessDayCyclicBudget.data
if form.accessType.data != None and form.accessType.data != '':
if g.user.role != 1 and g.user.role != 2:
return make_response(jsonify({'error': 'Not authorized'}), 403)
if user.accessType != form.accessType.data:
if log_text != '':
log_text += '; '
log_text += 'Change accessType from ' + str(
user.accessType) + ' to ' + str(form.accessType.data)
user.lastAccessDaysUpdateDate = datetime.datetime.today()
user.accessType = form.accessType.data
if form.keyMask.data != None and form.keyMask.data != '':
if g.user.role != 1 and g.user.role != 2:
return make_response(jsonify({'error': 'Not authorized'}), 403)
if user.keyMask != form.keyMask.data:
if log_text != '':
log_text += '; '
log_text += 'Change keyMask from ' + str(
user.keyMask) + ' to ' + str(form.keyMask.data)
user.keyMask = form.keyMask.data
if form.accessDateStart.data != None and form.accessDateStart.data != '':
if g.user.role != 1 and g.user.role != 2:
return make_response(jsonify({'error': 'Not authorized'}), 403)
if user.accessDateStart != dateutil.parser.parse(
form.accessDateStart.data).replace(tzinfo=None):
if log_text != '':
log_text += '; '
log_text += 'Change accessDateStart from ', (
user.accessDateStart), ' to ', (form.accessDateStart.data)
user.accessDateStart = dateutil.parser.parse(
form.accessDateStart.data).replace(tzinfo=None)
if form.accessDateEnd.data != None and form.accessDateEnd.data != '':
if g.user.role != 1 and g.user.role != 2:
return make_response(jsonify({'error': 'Not authorized'}), 403)
if user.accessDateEnd != dateutil.parser.parse(
form.accessDateEnd.data).replace(tzinfo=None):
if log_text != '':
log_text += '; '
log_text += 'Change accessDateEnd from ' + str(
user.accessDateEnd) + ' to ' + str(form.accessDateEnd.data)
user.accessDateEnd = dateutil.parser.parse(
form.accessDateEnd.data).replace(tzinfo=None)
if form.accessTimeStart.data != None and form.accessTimeStart.data != '':
if g.user.role != 1 and g.user.role != 2:
return make_response(jsonify({'error': 'Not authorized'}), 403)
if user.accessTimeStart != dateutil.parser.parse(
form.accessTimeStart.data).replace(tzinfo=None):
if log_text != '':
log_text += '; '
log_text += 'Change accessTimeStart from ' + str(
user.accessTimeStart) + ' to ' + str(
form.accessTimeStart.data)
user.accessTimeStart = dateutil.parser.parse(
form.accessTimeStart.data).replace(tzinfo=None)
if form.accessTimeEnd.data != None and form.accessTimeEnd.data != '':
if g.user.role != 1 and g.user.role != 2:
return make_response(jsonify({'error': 'Not authorized'}), 403)
if user.accessTimeEnd != dateutil.parser.parse(
form.accessTimeEnd.data).replace(tzinfo=None):
if log_text != '':
log_text += '; '
log_text += 'Change accessTimeEnd from ' + str(
user.accessTimeEnd) + ' to ' + str(form.accessTimeEnd.data)
user.accessTimeEnd = dateutil.parser.parse(
form.accessTimeEnd.data).replace(tzinfo=None)
log_text = 'Update of ' + user.firstName + ' ' + user.lastName + ' (' + user.email + ')' + ' with the following changes: ' + log_text
logentry = Action(datetime.datetime.utcnow(), config.NODE_NAME,
g.user.firstName + ' ' + g.user.lastName,
g.user.email, log_text, 'User updated', 'L2', 0,
'Web based')
db.session.add(logentry)
db.session.commit()
return '', 201
def __init__(self, email, password):
self.email = email
self.password = flask_bcrypt.generate_password_hash(password)
def __init__(self,
email,
password,
firstName,
lastName,
role=0,
phone='0',
licenseMask=0,
keyMask=0,
association=''):
self.syncMaster = 0
self.active = 1
self.phone = phone
self.cardAuthBlock = 1
self.cardAuthSector = 4
self.cardID = ''
self.cardSecret = ''
self.cardAuthKeyA = ''
self.cardAuthKeyB = ''
self.role = role
self.email = email
self.password = flask_bcrypt.generate_password_hash(password)
self.firstName = firstName
self.lastName = lastName
self.association = association
self.phone = phone
self.keyMask = keyMask
self.licenseMask = licenseMask
self.accessDaysMask = 127
self.accessType = 0
self.accessDayCounter = 10
self.accessDayCyclicBudget = 10
self.weeklyAccessAverage = 0
self.weeklyAccessWeekNumber = datetime.datetime.now().isocalendar()[1]
self.weeklyAccessCount = 0
self.monthlyAccessAverage = 0
self.monthlyAccessMonthNumber = datetime.datetime.now().month
self.monthlyAccessCount = 0
self.lastAccessDaysUpdateDate = (datetime.datetime.today()).replace(
hour=0, minute=0, second=0, microsecond=0)
self.accessDateStart = (datetime.datetime.today()).replace(
hour=0, minute=0, second=0, microsecond=0)
self.accessDateEnd = (datetime.datetime.today() +
datetime.timedelta(365 * 15)).replace(
hour=0, minute=0, second=0, microsecond=0)
self.accessTimeStart = datetime.datetime.today().replace(hour=0,
minute=1,
second=0,
microsecond=0)
self.accessTimeEnd = datetime.datetime.today().replace(hour=23,
minute=59,
second=0,
microsecond=0)
self.lastAccessDateTime = (datetime.datetime.today()).replace(
hour=0, minute=0, second=0, microsecond=0)
self.lastLoginDateTime = datetime.datetime.today()
self.lastSyncDateTime = datetime.datetime.now()
self.registerDateTime = datetime.datetime.today()
self.budget = 0.00
self.lastBudgetUpdateDate = (datetime.datetime.today()).replace(
hour=0, minute=0, second=0, microsecond=0)
def __init__(self, email, password):
self.email = email
self.password = flask_bcrypt.generate_password_hash(password)
def __init__(self, username=None, password=None, email=None):
self.username = username
self.password = flask_bcrypt.generate_password_hash(password)
self.email = email
def post(self, id):
if id != g.user.id:
if (g.user.role & 1) == 0:
return make_response(jsonify({"error": "Not authorized"}), 403)
form = UserPatchForm()
if not form.validate_on_submit():
print form.errors
return form.errors, 422
user = User.query.filter_by(id=id).first()
if form.newpassword.data != None and form.newpassword.data != "":
print "Change password" + base64.decodestring(form.newpassword.data)
oldpwd = base64.decodestring(form.oldpassword.data)
if not flask_bcrypt.check_password_hash(user.password, oldpwd):
print "incoorect old password"
return make_response(jsonify({"error": "Not authorized"}), 403)
print "correct old password"
user.password = flask_bcrypt.generate_password_hash(base64.decodestring(form.newpassword.data))
db.session.commit()
if form.lastName.data != None and form.lastName.data != "":
print "Change last name"
user.lastName = form.lastName.data
if form.firstName.data != None and form.firstName.data != "":
print "Change first name"
user.firstName = form.firstName.data
if form.phone.data != None and form.phone.data != "":
print "Change phone number"
user.phone = form.phone.data
if form.role.data != None and form.role.data != "":
print "Change role to " + str(form.role.data)
user.role = form.role.data
if form.association.data != None and form.association.data != "":
print "Change association to " + str(form.association.data)
user.association = form.association.data
if form.accessDaysMask.data != None and form.accessDaysMask.data != "":
print "Change accessDaysMask to " + str(form.accessDaysMask.data)
user.accessDaysMask = form.accessDaysMask.data
if form.accessDayCounter.data != None and form.accessDayCounter.data != "":
print "Change accessDayCounter to " + str(form.accessDayCounter.data)
user.accessDayCounter = form.accessDayCounter.data
if form.accessType.data != None and form.accessType.data != "":
print "Change accessType to " + str(form.accessType.data)
user.accessType = form.accessType.data
if form.keyMask.data != None and form.keyMask.data != "":
print "Change keyMask to " + str(form.keyMask.data)
user.keyMask = form.keyMask.data
if form.accessDateStart.data != None and form.accessDateStart.data != "":
print "Change accessDateStart to " + str(form.accessDateStart.data)
user.accessDateStart = datetime.datetime.strptime(form.accessDateStart.data, "%Y-%m-%dT%H:%M:%S.%fZ")
if form.accessDateEnd.data != None and form.accessDateEnd.data != "":
print "Change accessDateEnd to " + str(form.accessDateEnd.data)
user.accessDateEnd = datetime.datetime.strptime(form.accessDateEnd.data, "%Y-%m-%dT%H:%M:%S.%fZ")
if form.accessTimeStart.data != None and form.accessTimeStart.data != "":
print "Change accessTimeStart to " + str(form.accessTimeStart.data)
user.accessTimeStart = datetime.datetime.strptime(form.accessTimeStart.data, "%Y-%m-%dT%H:%M:%S.%fZ")
if form.accessTimeEnd.data != None and form.accessTimeEnd.data != "":
print "Change accessTimeEnd to " + str(form.accessTimeEnd.data)
user.accessTimeEnd = datetime.datetime.strptime(form.accessTimeEnd.data, "%Y-%m-%dT%H:%M:%S.%fZ")
db.session.commit()
return "", 201
def post(self, id):
if id != g.user.id:
if g.user.role != 1:
return make_response(jsonify({'error': 'Not authorized'}), 403)
form = UserPatchForm()
if not form.validate_on_submit():
print form.errors
return form.errors, 422
user = User.query.filter_by(id=id).first()
log_text = ''
if form.newpassword.data != None and form.newpassword.data != '':
oldpwd = base64.decodestring(form.oldpassword.data)
if not flask_bcrypt.check_password_hash(user.password, oldpwd):
print 'incoorect old password'
return make_response(jsonify({'error': 'Not authorized'}), 403)
print 'correct old password'
if log_text != '':
log_text += '; '
log_text += 'Changed password'
user.password = flask_bcrypt.generate_password_hash(base64.decodestring(form.newpassword.data))
db.session.commit()
if form.lastName.data != None and form.lastName.data != '':
if user.lastName != form.lastName.data:
if log_text != '':
log_text += '; '
log_text += 'Change last name from ' + user.lastName + ' to ' + form.lastName.data
user.lastName = form.lastName.data
if form.firstName.data != None and form.firstName.data != '':
if user.firstName != form.firstName.data:
if log_text != '':
log_text += '; '
log_text += 'Change first name from ' + user.firstName + ' to ' + form.firstName.data
user.firstName = form.firstName.data
if form.phone.data != None and form.phone.data != '':
if user.phone != form.phone.data:
if log_text != '':
log_text += '; '
log_text += 'Change phone number from ' + user.phone + ' to ' + form.phone.data
user.phone = form.phone.data
if form.association.data != None and form.association.data != '':
if user.association != form.association.data:
if log_text != '':
log_text += '; '
log_text += 'Change association to ' + str(form.association.data)
user.association = form.association.data
# this properties can only be changed by a admin or a superuser
if form.role.data != None and form.role.data != '':
if g.user.role != 1:
return make_response(jsonify({'error': 'Not authorized'}), 403)
if user.role != form.role.data:
if log_text != '':
log_text += '; '
log_text += 'Change role from ' + str(user.role) + ' to ' + str(form.role.data)
user.role = form.role.data
if form.accessDaysMask.data != None and form.accessDaysMask.data != '':
if g.user.role != 1 and g.user.role != 2:
return make_response(jsonify({'error': 'Not authorized'}), 403)
if user.accessDaysMask != form.accessDaysMask.data:
if log_text != '':
log_text += '; '
log_text += 'Change accessDaysMask from ' + str(user.accessDaysMask) + ' to ' + str(form.accessDaysMask.data)
user.accessDaysMask = form.accessDaysMask.data
if form.accessDayCounter.data != None and form.accessDayCounter.data != '':
if g.user.role != 1 and g.user.role != 2:
return make_response(jsonify({'error': 'Not authorized'}), 403)
if user.accessDayCounter != form.accessDayCounter.data:
if log_text != '':
log_text += '; '
log_text += 'Change accessDayCounter from ' + str(user.accessDayCounter) + ' to ' + str(form.accessDayCounter.data)
user.lastAccessDaysUpdateDate = datetime.datetime.today()
user.accessDayCounter = form.accessDayCounter.data
if form.accessDayCyclicBudget.data != None and form.accessDayCyclicBudget.data != '':
if g.user.role != 1 and g.user.role != 2:
return make_response(jsonify({'error': 'Not authorized'}), 403)
if user.accessDayCyclicBudget != form.accessDayCyclicBudget.data:
if log_text != '':
log_text += '; '
log_text += 'Change accessDayCyclicBudget from ' + str(user.accessDayCyclicBudget) + ' to ' + str(form.accessDayCyclicBudget.data)
user.lastAccessDaysUpdateDate = datetime.datetime.today()
user.accessDayCyclicBudget = form.accessDayCyclicBudget.data
if form.accessType.data != None and form.accessType.data != '':
if g.user.role != 1 and g.user.role != 2:
return make_response(jsonify({'error': 'Not authorized'}), 403)
if user.accessType != form.accessType.data:
if log_text != '':
log_text += '; '
log_text += 'Change accessType from ' + str(user.accessType) + ' to ' + str(form.accessType.data)
user.lastAccessDaysUpdateDate = datetime.datetime.today()
user.accessType = form.accessType.data
if form.keyMask.data != None and form.keyMask.data != '':
if g.user.role != 1 and g.user.role != 2:
return make_response(jsonify({'error': 'Not authorized'}), 403)
if user.keyMask != form.keyMask.data:
if log_text != '':
log_text += '; '
log_text += 'Change keyMask from ' + str(user.keyMask) + ' to ' + str(form.keyMask.data)
user.keyMask = form.keyMask.data
if form.accessDateStart.data != None and form.accessDateStart.data != '':
if g.user.role != 1 and g.user.role != 2:
return make_response(jsonify({'error': 'Not authorized'}), 403)
if user.accessDateStart != datetime.datetime.strptime(form.accessDateStart.data, '%Y-%m-%dT%H:%M:%S.%fZ'):
if log_text != '':
log_text += '; '
log_text += 'Change accessDateStart from ' + str(user.accessDateStart) + ' to ' + str(form.accessDateStart.data)
user.accessDateStart = datetime.datetime.strptime(form.accessDateStart.data, '%Y-%m-%dT%H:%M:%S.%fZ')
if form.accessDateEnd.data != None and form.accessDateEnd.data != '':
if g.user.role != 1 and g.user.role != 2:
return make_response(jsonify({'error': 'Not authorized'}), 403)
if user.accessDateEnd != datetime.datetime.strptime(form.accessDateEnd.data, '%Y-%m-%dT%H:%M:%S.%fZ'):
if log_text != '':
log_text += '; '
log_text += 'Change accessDateEnd from ' + str(user.accessDateEnd ) + ' to ' + str(form.accessDateEnd.data)
user.accessDateEnd = datetime.datetime.strptime(form.accessDateEnd.data, '%Y-%m-%dT%H:%M:%S.%fZ')
if form.accessTimeStart.data != None and form.accessTimeStart.data != '':
if g.user.role != 1 and g.user.role != 2:
return make_response(jsonify({'error': 'Not authorized'}), 403)
if user.accessTimeStart != datetime.datetime.strptime(form.accessTimeStart.data, '%Y-%m-%dT%H:%M:%S.%fZ'):
if log_text != '':
log_text += '; '
log_text += 'Change accessTimeStart from ' + str(user.accessTimeStart) + ' to ' + str(form.accessTimeStart.data)
user.accessTimeStart = datetime.datetime.strptime(form.accessTimeStart.data, '%Y-%m-%dT%H:%M:%S.%fZ')
if form.accessTimeEnd.data != None and form.accessTimeEnd.data != '':
if g.user.role != 1 and g.user.role != 2:
return make_response(jsonify({'error': 'Not authorized'}), 403)
if user.accessTimeEnd != datetime.datetime.strptime(form.accessTimeEnd.data, '%Y-%m-%dT%H:%M:%S.%fZ'):
if log_text != '':
log_text += '; '
log_text += 'Change accessTimeEnd from ' + str(user.accessTimeEnd) + ' to ' + str(form.accessTimeEnd.data)
user.accessTimeEnd = datetime.datetime.strptime(form.accessTimeEnd.data, '%Y-%m-%dT%H:%M:%S.%fZ')
log_text = 'Update of ' + user.firstName + ' ' + user.lastName + ' (' + user.email + ')' + ' with the following changes: ' + log_text
logentry = Action(datetime.datetime.utcnow(), config.NODE_NAME, g.user.firstName + ' ' + g.user.lastName,
g.user.email, log_text, 'User updated',
'L2', 0, 'Web based')
db.session.add(logentry)
db.session.commit()
return '', 201
def post(self, id):
if id != g.user.id:
if (g.user.role & 1) == 0:
return make_response(jsonify({'error': 'Not authorized'}), 403)
form = UserPatchForm()
if not form.validate_on_submit():
print form.errors
return form.errors,422
user = User.query.filter_by(id=id).first()
if form.newpassword.data != None and form.newpassword.data != '':
print 'Change password' + base64.decodestring(form.newpassword.data)
oldpwd = base64.decodestring(form.oldpassword.data)
if not flask_bcrypt.check_password_hash(user.password, oldpwd):
print 'incoorect old password'
return make_response(jsonify({'error': 'Not authorized'}), 403)
print 'correct old password'
user.password = flask_bcrypt.generate_password_hash(base64.decodestring(form.newpassword.data))
db.session.commit()
if form.lastName.data != None and form.lastName.data != '':
print 'Change last name'
user.lastName = form.lastName.data
if form.firstName.data != None and form.firstName.data != '':
print 'Change first name'
user.firstName = form.firstName.data
if form.phone.data != None and form.phone.data != '':
print 'Change phone number'
user.phone = form.phone.data
if form.role.data != None and form.role.data != '':
print 'Change role to ' + str(form.role.data)
user.role = form.role.data
if form.association.data != None and form.association.data != '':
print 'Change association to ' + str(form.association.data)
user.association = form.association.data
if form.accessDaysMask.data != None and form.accessDaysMask.data != '':
print 'Change accessDaysMask to ' + str(form.accessDaysMask.data)
user.accessDaysMask = form.accessDaysMask.data
if form.accessDayCounter.data != None and form.accessDayCounter.data != '':
print 'Change accessDayCounter to ' + str(form.accessDayCounter.data)
user.accessDayCounter = form.accessDayCounter.data
if form.accessType.data != None and form.accessType.data != '':
print 'Change accessType to ' + str(form.accessType.data)
user.accessType = form.accessType.data
if form.keyMask.data != None and form.keyMask.data != '':
print 'Change keyMask to ' + str(form.keyMask.data)
user.keyMask = form.keyMask.data
if form.accessDateStart.data != None and form.accessDateStart.data != '':
print 'Change accessDateStart to ' + str(form.accessDateStart.data)
user.accessDateStart = datetime.datetime.strptime(form.accessDateStart.data, '%Y-%m-%dT%H:%M:%S.%fZ')
if form.accessDateEnd.data != None and form.accessDateEnd.data != '':
print 'Change accessDateEnd to ' + str(form.accessDateEnd.data)
user.accessDateEnd = datetime.datetime.strptime(form.accessDateEnd.data, '%Y-%m-%dT%H:%M:%S.%fZ')
if form.accessTimeStart.data != None and form.accessTimeStart.data != '':
print 'Change accessTimeStart to ' + str(form.accessTimeStart.data)
user.accessTimeStart = datetime.datetime.strptime(form.accessTimeStart.data, '%Y-%m-%dT%H:%M:%S.%fZ')
if form.accessTimeEnd.data != None and form.accessTimeEnd.data != '':
print 'Change accessTimeEnd to ' + str(form.accessTimeEnd.data)
user.accessTimeEnd = datetime.datetime.strptime(form.accessTimeEnd.data, '%Y-%m-%dT%H:%M:%S.%fZ')
db.session.commit()
return '', 201
