def decorated_function(*args, **kwargs): # Are you logged in? if g.user_id == None: raise AppError(message="You are not logged in.", status_code=401) # Are you an admin? u = User.filter(User.id == g.user_id).first() if not u.is_admin: raise AppError(message='You are not an Administrator.', status_code=403) # Else user is an admin and logged in so just execute. return f(*args, **kwargs)
def decorated_function(*args, **kwargs): if not request.headers.get('Authorization'): raise AppError(message="Missing Authorizaiton Header", status_code=401) try: payload = parse_token(request) except jwt.DecodeError as e: raise AppError(message="Token is invalid", status_code=401) except jwt.ExpiredSignature as e: raise AppError(message="Token has expired.", status_code=401) g.user = User.get_by_username_or_id(payload['sub']) return f(*args, **kwargs)
def from_json(jsn): parent_field = Field.query.filter_by(name=jsn.get("name", "")) if parent_field == None: raise AppError(status_code=404, message="No field with that name") fv = FieldValue(name=jsn.get("name"), value=jsn.get("value")) fv.set_value() return fv
def project_index(team_slug): t = Team.query.\ join(Team.projects).\ filter(Team.url_slug == team_slug).\ first() if t == None: raise AppError(status_code=404, message="Team not found.") return jsonify([ p.to_json() for p in t.projects ])
def project_update(team_slug, pkey): p = Project.get_by_key(team_slug, pkey) if g.user.id == p.project_lead_id or g.user.is_admin: p.update(request.get_json()) db.session.add(p) db.session.commit() return jsonify(message="Project successfully updated.") raise AppError(status_code=403, message="You are not permitted to perform that action")
def get_by_username_or_id(param): try: i = int(param) u = User.query.filter(User.id == i).first() except: u = User.query.filter_by(username=param).first() if u == None: raise AppError(status_code=404, message="User not found.") return u
def validate_value(self): if ((self.field.data_type == DataTypes.INTEGER and type(self.value) is not int) or (self.field.data_type == DataTypes.FLOAT and type(self.value) is not float) or (self.field.data_type == DataTypes.TEXT and type(self.value) is not str) or (self.field.data_type == DataTypes.STRING and type(self.value) is not str)): raise AppError(status_code=400, message='Invalid type for the field: ' + self.name)
def set_value(self): self.validate_value() if self.field.data_type == DataTypes.INTEGER: self.integer_value = self.value elif self.field.data_type == DataTypes.FLOAT: self.float_value = self.value elif self.field.data_type == DataTypes.TEXT: self.text_value = self.value elif self.field.data_type == DataTypes.STRING: self.string_value = self.value else: raise AppError(status_code=500, message='Uknown error setting field value')