blob: 8d14b98268fe5929c5ccc6b881bd45c6a0809954 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
from flask import request, jsonify, redirect
from flask_classful import route
from werkzeug.datastructures import MultiDict
from app.sql.common import db, Session
from app.sql.models.user import User, UserForm
from app.controllers.crud_controller import CrudView
from flask_jwt import current_identity
class UserView(CrudView):
model = User
form = UserForm
def on_create(self, session, form, item):
if not current_identity.is_admin:
raise ValueError("Unauthorized")
if 'password' in form:
item.password = encrypt_password(form['password'])
if 'settings' in form:
item.settings = form['settings']
def on_update(self, session, form, item):
if not current_identity.is_admin:
if item.id != current_identity.id:
raise ValueError("Unauthorized")
if current_identity.is_admin != item.is_admin:
raise ValueError("Unauthorized")
if 'password' in form:
item.password = encrypt_password(form['password'])
if 'settings' in form:
item.settings = form['settings']
def on_destroy(self, session, form, item):
if not current_identity.is_admin:
raise ValueError("Unauthorized")
if item.id == current_identity.id:
raise ValueError("Unauthorized")
|
