blob: 8fdc1f0aa8fd46729dbc17f189dd9829c111ca22 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
from flask import request, jsonify, redirect
from flask_classful import route
from werkzeug.datastructures import MultiDict
from app.sql.common import db, Session
from app.sql.models.user import User, UserForm
from app.controllers.crud_controller import CrudView
from app.utils.auth_utils import encrypt_password
from flask_jwt_extended import get_jwt_identity
class UserView(CrudView):
model = User
form = UserForm
def on_create(self, session, form, item):
current_user = get_jwt_identity()
if not current_user['is_admin']:
raise ValueError("Unauthorized")
if 'password' in form:
item.password = encrypt_password(form['password'])
else:
raise ValueError("No password specified")
if 'settings' in form:
item.settings = form['settings']
def on_update(self, session, form, item):
current_user = get_jwt_identity()
if not current_user['is_admin']:
if item.id != current_user['id']:
raise ValueError("Unauthorized")
if current_user['is_admin'] != item.is_admin:
raise ValueError("Unauthorized")
if 'password' in form:
item.password = encrypt_password(form['password'])
if 'settings' in form:
item.settings = form['settings']
def on_destroy(self, session, item):
current_user = get_jwt_identity()
if not current_user['is_admin']:
raise ValueError("Unauthorized")
if item.id == current_user['id']:
raise ValueError("Unauthorized")
|
