Select Git revision
tempCodeRunnerFile.py
-
martiivGylden authoredmartiivGylden authored
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
manageuser.py 3.52 KiB
from flask import request, jsonify
from flask_restful import Resource
from api.models.dbmodels import User
from api import db, limiter, bcrypt
from flask_jwt_extended import get_jwt_identity, jwt_required
from random import choice
from string import ascii_lowercase, digits
"""
Endpoint for administrators to manage users.
GET: Get all users in the system.
POST: Change a users access rights. The admin can update them to admin, remove admin or remove all access rights.
PUT: Is used if a user forgets their password. The admin can reset it, so that the user can login and change it at a
later point.
"""
class AdminManageUser(Resource):
decorators = [limiter.limit("60/minute")]
@staticmethod
@jwt_required
def get():
user_id = get_jwt_identity()
user = db.session.query(User).filter_by(id=user_id).first()
if user.admin:
user_list = []
users = db.session.query(User).filter_by(accepted=1).filter(User.id != user.id).all()
for pr_user in users:
ret = {"email": pr_user.email, "id": pr_user.id, "admin": pr_user.admin, "accepted": pr_user.accepted}
user_list.append(ret)
return jsonify({"users": user_list, "status": 200})
else:
return jsonify({"message": "no access", "status": 400})
@staticmethod
@jwt_required
def post():
data = request.form
user_id = get_jwt_identity()
user = db.session.query(User).filter_by(id=user_id).first()
if user.admin:
if "id" in data and "email" in data and user_id != data['id']:
update_user = db.session.query(User).filter_by(id=data['id']).first()
if "removeAdmin" in data and data['email'] == update_user.email:
update_user.admin = False
db.session.commit()
return jsonify({"message": "user is no longer admin", "status": 200})
if "makeAdmin" in data and data['email'] == update_user.email:
update_user.admin = True
db.session.commit()
return jsonify({"message": "user is now admin", "status": 200})
if "denyAccess" in data and data['email'] == update_user.email:
update_user.accepted = False
db.session.commit()
return jsonify({"message": "user is downgraded", "status": 200})
else:
return jsonify({"message": "wrong data", "status": 400})
else:
return jsonify({"message": "no access", "status": 400})
@staticmethod
@jwt_required
def put():
data = request.form
user_id = get_jwt_identity()
user = db.session.query(User).filter_by(id=user_id).first()
if user.admin:
if "id" in data and user_id != data['id']:
user = db.session.query(User).filter_by(id=data['id']).first()
new_password = get_random_string(5)
password_hash = bcrypt.generate_password_hash(new_password)
user.pwd = password_hash
db.session.commit()
return jsonify({"new_password": new_password, "status": 200})
else:
return jsonify({"message": "wrong data", "status": 400})
else:
return jsonify({"message": "no access", "status": 400})
def get_random_string(length):
# choose from all lowercase letter
letters = ascii_lowercase
return ''.join(choice(letters + digits) for i in range(length))