grimhilt/signage-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

deletion of user

Browse Source
This commit is contained in:
grimhilt 2023-08-08 15:35:48 +02:00
parent 293fb060ed
commit 443eed8dd1
2 changed files with 37 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
src/api/abl/UserAbl.py
View File

@ -4,6 +4,10 @@ from flask_login import current_user
from ..models import User, Role from ..models import User, Role
from .. import db from .. import db
def is_current_admin():
return current_user.as_dict()['roles'][0]['parent_id'] is None
class UserAbl: class UserAbl:
@staticmethod @staticmethod
@ -36,6 +40,7 @@ class UserAbl:
new_role = Role( \ new_role = Role( \
name=login, \ name=login, \
user_id=new_user.as_dict()['id'], \ user_id=new_user.as_dict()['id'], \
parent_id=current_user.as_dict()['roles'][0]['id'], \
permissions=permissions) permissions=permissions)
db.session.add(new_role) db.session.add(new_role)
new_user.roles.append(new_role) new_user.roles.append(new_role)
@ -44,9 +49,28 @@ class UserAbl:
db.session.commit() db.session.commit()
return jsonify(new_user.as_dict()) return jsonify(new_user.as_dict())
@staticmethod
def update(user_id, data):
return jsonify()
@staticmethod @staticmethod
def list(): def list():
query = db.session.query(User).all() query = db.session.query(User).all()
return jsonify([user.as_dict() for user in query]) return jsonify([user.as_dict() for user in query])
@staticmethod
def delete(user_id):
user = db.session.query(User).filter_by(id=user_id).first()
if not user:
return jsonify(message="This user doesn't exist or has already been deleted"), 404
if not is_current_admin and user.as_dict()['roles'][0]['parent_id'] != current_user.as_dict()['roles'][0]['id']:
# todo all parent should be able to delete
return jsonify(message="You cannot delete an user you are not the origin of"), 403
db.session.delete(user)
# todo check if need to delete the role
db.session.commit()
return jsonify(sucess=True)

22
src/api/controllers/user.py
View File

@ -1,9 +1,5 @@
from flask import Blueprint, request, jsonify from flask import Blueprint, request
from ..models import User from flask_login import login_required
from werkzeug.security import generate_password_hash, check_password_hash
from ..models import User
from .. import db
from flask_login import login_required, current_user
from ..abl.UserAbl import UserAbl from ..abl.UserAbl import UserAbl
from ..permissions import Perm, permissions from ..permissions import Perm, permissions
@ -15,11 +11,19 @@ user = Blueprint('user', __name__)
def create(): def create():
return UserAbl.create(request.get_json()) return UserAbl.create(request.get_json())
@user.route('delete', methods=['DELETE']) @user.route('/users/<int:user_id>', methods=['DELETE'])
def delete(): @login_required
return "ok" @permissions.require([Perm.CREATE_USER])
def delete(user_id):
return UserAbl.delete(user_id)
@user.route('/users', methods=['GET']) @user.route('/users', methods=['GET'])
@login_required @login_required
def list(): def list():
return UserAbl.list() return UserAbl.list()
@user.route('/users/<int:user_id>', methods=['PUT'])
@login_required
@permissions.require([Perm.CREATE_USER])
def update(user_id):
return UserAbl.update(user_id, request.get_json())