diff options
| author | Jules Laplace <julescarbon@gmail.com> | 2021-03-05 18:08:17 +0100 |
|---|---|---|
| committer | Jules Laplace <julescarbon@gmail.com> | 2021-03-05 18:08:17 +0100 |
| commit | d5b6a4ea27f8c905e613363aab365066ad6d9cda (patch) | |
| tree | 7cbb6a3a94cb9079800023d0bf06f7bd1b1bc55c /animism-align/cli/app/controllers | |
| parent | 9893a6e30f8fdbb95fc7066db851579e2a9bfe69 (diff) | |
auth stuff. generate secret and create user from the cli
Diffstat (limited to 'animism-align/cli/app/controllers')
| -rw-r--r-- | animism-align/cli/app/controllers/crud_controller.py | 6 | ||||
| -rw-r--r-- | animism-align/cli/app/controllers/upload_controller.py | 5 | ||||
| -rw-r--r-- | animism-align/cli/app/controllers/user_controller.py | 38 |
3 files changed, 49 insertions, 0 deletions
diff --git a/animism-align/cli/app/controllers/crud_controller.py b/animism-align/cli/app/controllers/crud_controller.py index 595825d..4fcb77d 100644 --- a/animism-align/cli/app/controllers/crud_controller.py +++ b/animism-align/cli/app/controllers/crud_controller.py @@ -1,6 +1,7 @@ from flask import request, jsonify from flask_classful import FlaskView, route from werkzeug.datastructures import MultiDict +from flask_jwt import jwt_required from app.sql.common import db, Session from app.server.helpers import parse_search_args, parse_sort_args @@ -28,6 +29,7 @@ class CrudView(FlaskView): def on_destroy(self, session, item): pass + @jwt_required() def index(self): """ List all {model}s @@ -53,6 +55,7 @@ class CrudView(FlaskView): session.close() return jsonify(res) + @jwt_required() def get(self, id: int): """ Fetch a single {model}. @@ -72,6 +75,7 @@ class CrudView(FlaskView): session.close() return jsonify(result) + @jwt_required() def post(self): """ Create a new {model}. @@ -99,6 +103,7 @@ class CrudView(FlaskView): session.close() return jsonify(res) + @jwt_required() def put(self, id: int): """ Update a {model}. @@ -133,6 +138,7 @@ class CrudView(FlaskView): session.close() return jsonify(res) + @jwt_required() def delete(self, id: int): """ Delete a {model}. diff --git a/animism-align/cli/app/controllers/upload_controller.py b/animism-align/cli/app/controllers/upload_controller.py index 3b6e661..f363b0d 100644 --- a/animism-align/cli/app/controllers/upload_controller.py +++ b/animism-align/cli/app/controllers/upload_controller.py @@ -1,5 +1,6 @@ from flask import request, jsonify from flask_classful import FlaskView, route +from flask_jwt import jwt_required from werkzeug.datastructures import MultiDict from werkzeug.utils import secure_filename import os @@ -13,6 +14,7 @@ from app.utils.file_utils import sha256_stream, sha256_tree, VALID_IMAGE_EXTS from app.server.decorators import APIError class UploadView(FlaskView): + @jwt_required() def index(self): """ List all uploaded files. @@ -28,6 +30,7 @@ class UploadView(FlaskView): session.close() return jsonify(response) + @jwt_required() def get(self, id): """ Fetch a single upload. @@ -41,6 +44,7 @@ class UploadView(FlaskView): session.close() return jsonify(response) + @jwt_required() def post(self): """ Upload a new file. @@ -119,6 +123,7 @@ class UploadView(FlaskView): session.close() return jsonify(response) + @jwt_required() def delete(self, id): """ Delete an uploaded file. diff --git a/animism-align/cli/app/controllers/user_controller.py b/animism-align/cli/app/controllers/user_controller.py new file mode 100644 index 0000000..8d14b98 --- /dev/null +++ b/animism-align/cli/app/controllers/user_controller.py @@ -0,0 +1,38 @@ +from flask import request, jsonify, redirect +from flask_classful import route +from werkzeug.datastructures import MultiDict + +from app.sql.common import db, Session +from app.sql.models.user import User, UserForm +from app.controllers.crud_controller import CrudView + +from flask_jwt import current_identity + +class UserView(CrudView): + model = User + form = UserForm + + def on_create(self, session, form, item): + if not current_identity.is_admin: + raise ValueError("Unauthorized") + if 'password' in form: + item.password = encrypt_password(form['password']) + if 'settings' in form: + item.settings = form['settings'] + + def on_update(self, session, form, item): + if not current_identity.is_admin: + if item.id != current_identity.id: + raise ValueError("Unauthorized") + if current_identity.is_admin != item.is_admin: + raise ValueError("Unauthorized") + if 'password' in form: + item.password = encrypt_password(form['password']) + if 'settings' in form: + item.settings = form['settings'] + + def on_destroy(self, session, form, item): + if not current_identity.is_admin: + raise ValueError("Unauthorized") + if item.id == current_identity.id: + raise ValueError("Unauthorized") |