diff options
| author | Jules Laplace <julescarbon@gmail.com> | 2021-03-05 23:33:50 +0100 |
|---|---|---|
| committer | Jules Laplace <julescarbon@gmail.com> | 2021-03-05 23:33:50 +0100 |
| commit | f6e6b1edbbb68bf6bf93a10deebd4cd55ffaff0f (patch) | |
| tree | bb44de81746cfd088bfab49247b9ec8508bb4605 /animism-align/cli/app/controllers/user_controller.py | |
| parent | 6726fa9fe050aa47ff7f537b91705372e290f501 (diff) | |
use other login validator thingie
Diffstat (limited to 'animism-align/cli/app/controllers/user_controller.py')
| -rw-r--r-- | animism-align/cli/app/controllers/user_controller.py | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/animism-align/cli/app/controllers/user_controller.py b/animism-align/cli/app/controllers/user_controller.py index 54b39ab..26aa656 100644 --- a/animism-align/cli/app/controllers/user_controller.py +++ b/animism-align/cli/app/controllers/user_controller.py @@ -7,14 +7,15 @@ from app.sql.models.user import User, UserForm from app.controllers.crud_controller import CrudView from app.utils.auth_utils import encrypt_password -from flask_jwt import current_identity +from flask_jwt_extended import get_jwt_identity class UserView(CrudView): model = User form = UserForm def on_create(self, session, form, item): - if not current_identity.is_admin: + current_user = get_jwt_identity() + if not current_user['is_admin']: raise ValueError("Unauthorized") if 'password' in form: item.password = encrypt_password(form['password']) @@ -24,10 +25,10 @@ class UserView(CrudView): item.settings = form['settings'] def on_update(self, session, form, item): - if not current_identity.is_admin: - if item.id != current_identity.id: + if not current_user['is_admin']: + if item.id != current_user['id']: raise ValueError("Unauthorized") - if current_identity.is_admin != item.is_admin: + if current_user['is_admin'] != item.is_admin: raise ValueError("Unauthorized") if 'password' in form: item.password = encrypt_password(form['password']) @@ -35,7 +36,7 @@ class UserView(CrudView): item.settings = form['settings'] def on_destroy(self, session, item): - if not current_identity.is_admin: + if not current_user['is_admin']: raise ValueError("Unauthorized") - if item.id == current_identity.id: + if item.id == current_user['id']: raise ValueError("Unauthorized") |