deletion of user

2023-08-08 15:35:48 +02:00 · 2023-08-08 15:35:48 +02:00 · 443eed8dd1
commit 443eed8dd1
parent 293fb060ed
2 changed files with 37 additions and 9 deletions
--- a/src/api/abl/UserAbl.py
+++ b/src/api/abl/UserAbl.py
@ -4,6 +4,10 @@ from flask_login import current_user
 from ..models import User, Role
 from .. import db

+def is_current_admin():
+    return current_user.as_dict()['roles'][0]['parent_id'] is None
+
+
 class UserAbl:

    @staticmethod
@ -36,6 +40,7 @@ class UserAbl:
        new_role = Role( \
                name=login, \
                user_id=new_user.as_dict()['id'], \
+                parent_id=current_user.as_dict()['roles'][0]['id'], \
                permissions=permissions)
        db.session.add(new_role)
        new_user.roles.append(new_role)
@ -44,9 +49,28 @@ class UserAbl:
        db.session.commit()
        return jsonify(new_user.as_dict())

+    @staticmethod
+    def update(user_id, data):
+        return jsonify()
+
    @staticmethod
    def list():
        query = db.session.query(User).all()
        return jsonify([user.as_dict() for user in query])

+    @staticmethod
+    def delete(user_id):
+        user = db.session.query(User).filter_by(id=user_id).first()
+        if not user:
+            return jsonify(message="This user doesn't exist or has already been deleted"), 404
+
+        if not is_current_admin and user.as_dict()['roles'][0]['parent_id'] != current_user.as_dict()['roles'][0]['id']:
+            # todo all parent should be able to delete
+            return jsonify(message="You cannot delete an user you are not the origin of"), 403
+
+        db.session.delete(user)
+        # todo check if need to delete the role
+        db.session.commit()
+        return jsonify(sucess=True)
+

--- a/src/api/controllers/user.py
+++ b/src/api/controllers/user.py
@ -1,9 +1,5 @@
-from flask import Blueprint, request, jsonify
-from ..models import User
-from werkzeug.security import generate_password_hash, check_password_hash
-from ..models import User
-from .. import db
-from flask_login import login_required, current_user
+from flask import Blueprint, request
+from flask_login import login_required
 from ..abl.UserAbl import UserAbl
 from ..permissions import Perm, permissions

@ -15,11 +11,19 @@ user = Blueprint('user', __name__)
 def create():
    return UserAbl.create(request.get_json())

-@user.route('delete', methods=['DELETE'])
-def delete():
-    return "ok"
+@user.route('/users/<int:user_id>', methods=['DELETE'])
+@login_required
+@permissions.require([Perm.CREATE_USER])
+def delete(user_id):
+    return UserAbl.delete(user_id) 

@user.route('/users', methods=['GET'])
@login_required
 def list():
    return UserAbl.list()
+
+@user.route('/users/<int:user_id>', methods=['PUT'])
+@login_required
+@permissions.require([Perm.CREATE_USER])
+def update(user_id):
+    return UserAbl.update(user_id, request.get_json())