summaryrefslogtreecommitdiff
path: root/animism-align/cli/app/controllers/user_controller.py
diff options
context:
space:
mode:
Diffstat (limited to 'animism-align/cli/app/controllers/user_controller.py')
-rw-r--r--animism-align/cli/app/controllers/user_controller.py38
1 files changed, 38 insertions, 0 deletions
diff --git a/animism-align/cli/app/controllers/user_controller.py b/animism-align/cli/app/controllers/user_controller.py
new file mode 100644
index 0000000..8d14b98
--- /dev/null
+++ b/animism-align/cli/app/controllers/user_controller.py
@@ -0,0 +1,38 @@
+from flask import request, jsonify, redirect
+from flask_classful import route
+from werkzeug.datastructures import MultiDict
+
+from app.sql.common import db, Session
+from app.sql.models.user import User, UserForm
+from app.controllers.crud_controller import CrudView
+
+from flask_jwt import current_identity
+
+class UserView(CrudView):
+ model = User
+ form = UserForm
+
+ def on_create(self, session, form, item):
+ if not current_identity.is_admin:
+ raise ValueError("Unauthorized")
+ if 'password' in form:
+ item.password = encrypt_password(form['password'])
+ if 'settings' in form:
+ item.settings = form['settings']
+
+ def on_update(self, session, form, item):
+ if not current_identity.is_admin:
+ if item.id != current_identity.id:
+ raise ValueError("Unauthorized")
+ if current_identity.is_admin != item.is_admin:
+ raise ValueError("Unauthorized")
+ if 'password' in form:
+ item.password = encrypt_password(form['password'])
+ if 'settings' in form:
+ item.settings = form['settings']
+
+ def on_destroy(self, session, form, item):
+ if not current_identity.is_admin:
+ raise ValueError("Unauthorized")
+ if item.id == current_identity.id:
+ raise ValueError("Unauthorized")
generated by cgit v1.2.3-70-g09d2 (git 2.51.0) at 2025-12-10 06:22:31 +0000