Skip to content
Snippets Groups Projects
Select Git revision
2 results Searching

user.cpython-311.pyc

Blame
  • Code owners
    Assign users and groups as approvers for specific file changes. Learn more.
    manageuser.py 3.52 KiB
    from flask import request, jsonify
    from flask_restful import Resource
    from api.models.dbmodels import User
    from api import db, limiter, bcrypt
    from flask_jwt_extended import get_jwt_identity, jwt_required
    from random import choice
    from string import ascii_lowercase, digits
    
    
    """
    Endpoint for administrators to manage users.
    GET: Get all users in the system.
    POST: Change a users access rights. The admin can update them to admin, remove admin or remove all access rights.
    PUT: Is used if a user forgets their password. The admin can reset it, so that the user can login and change it at a 
    later point.
    """
    
    
    class AdminManageUser(Resource):
        decorators = [limiter.limit("60/minute")]
    
        @staticmethod
        @jwt_required
        def get():
            user_id = get_jwt_identity()
            user = db.session.query(User).filter_by(id=user_id).first()
            if user.admin:
                user_list = []
                users = db.session.query(User).filter_by(accepted=1).filter(User.id != user.id).all()
                for pr_user in users:
                    ret = {"email": pr_user.email, "id": pr_user.id, "admin": pr_user.admin, "accepted": pr_user.accepted}
                    user_list.append(ret)
                return jsonify({"users": user_list, "status": 200})
            else:
                return jsonify({"message": "no access", "status": 400})
    
        @staticmethod
        @jwt_required
        def post():
            data = request.form
            user_id = get_jwt_identity()
            user = db.session.query(User).filter_by(id=user_id).first()
            if user.admin:
                if "id" in data and "email" in data and user_id != data['id']:
                    update_user = db.session.query(User).filter_by(id=data['id']).first()
    
                    if "removeAdmin" in data and data['email'] == update_user.email:
                        update_user.admin = False
                        db.session.commit()
                        return jsonify({"message": "user is no longer admin", "status": 200})
    
                    if "makeAdmin" in data and data['email'] == update_user.email:
                        update_user.admin = True
                        db.session.commit()
                        return jsonify({"message": "user is now admin", "status": 200})
    
                    if "denyAccess" in data and data['email'] == update_user.email:
                        update_user.accepted = False
                        db.session.commit()
                        return jsonify({"message": "user is downgraded", "status": 200})
                else:
                    return jsonify({"message": "wrong data", "status": 400})
    
            else:
                return jsonify({"message": "no access", "status": 400})
    
        @staticmethod
        @jwt_required
        def put():
            data = request.form
            user_id = get_jwt_identity()
            user = db.session.query(User).filter_by(id=user_id).first()
            if user.admin:
                if "id" in data and user_id != data['id']:
                    user = db.session.query(User).filter_by(id=data['id']).first()
                    new_password = get_random_string(5)
                    password_hash = bcrypt.generate_password_hash(new_password)
                    user.pwd = password_hash
                    db.session.commit()
                    return jsonify({"new_password": new_password, "status": 200})
                else:
                    return jsonify({"message": "wrong data", "status": 400})
    
            else:
                return jsonify({"message": "no access", "status": 400})
    
    
    def get_random_string(length):
        # choose from all lowercase letter
        letters = ascii_lowercase
        return ''.join(choice(letters + digits) for i in range(length))