diff options
Diffstat (limited to 'animism-align/cli')
| -rw-r--r-- | animism-align/cli/app/controllers/crud_controller.py | 4 | ||||
| -rw-r--r-- | animism-align/cli/app/controllers/user_controller.py | 2 | ||||
| -rw-r--r-- | animism-align/cli/app/server/web.py | 1 |
3 files changed, 4 insertions, 3 deletions
diff --git a/animism-align/cli/app/controllers/crud_controller.py b/animism-align/cli/app/controllers/crud_controller.py index 78bff2d..29a570a 100644 --- a/animism-align/cli/app/controllers/crud_controller.py +++ b/animism-align/cli/app/controllers/crud_controller.py @@ -114,8 +114,8 @@ class CrudView(FlaskView): item = session.query(self.model).get(id) if item: raw_form = MultiDict(request.json) if request.json is not None else request.form - form = self.form(obj=item) - print(item.toJSON()) + form = self.form(raw_form, obj=item) + # print(item.toJSON()) form.populate_obj(item) if form.validate(): self.on_update(session, raw_form, item) diff --git a/animism-align/cli/app/controllers/user_controller.py b/animism-align/cli/app/controllers/user_controller.py index 26aa656..8fdc1f0 100644 --- a/animism-align/cli/app/controllers/user_controller.py +++ b/animism-align/cli/app/controllers/user_controller.py @@ -25,6 +25,7 @@ class UserView(CrudView): item.settings = form['settings'] def on_update(self, session, form, item): + current_user = get_jwt_identity() if not current_user['is_admin']: if item.id != current_user['id']: raise ValueError("Unauthorized") @@ -36,6 +37,7 @@ class UserView(CrudView): item.settings = form['settings'] def on_destroy(self, session, item): + current_user = get_jwt_identity() if not current_user['is_admin']: raise ValueError("Unauthorized") if item.id == current_user['id']: diff --git a/animism-align/cli/app/server/web.py b/animism-align/cli/app/server/web.py index cf63c3d..cb86af0 100644 --- a/animism-align/cli/app/server/web.py +++ b/animism-align/cli/app/server/web.py @@ -39,7 +39,6 @@ def create_app(script_info=None): app.config['SERVER_NAME'] = app_cfg.SERVER_NAME app.config['JWT_SECRET_KEY'] = app_cfg.TOKEN_SECRET app.config['JWT_AUTH_URL_RULE'] = '/api/v1/auth/login' - # app.config['JWT_VERIFY_EXPIRATION'] = False app.config['JWT_ACCESS_TOKEN_EXPIRES'] = timedelta(days=365 * 10) app.url_map.strict_slashes = False |