146 lines
4.7 KiB
Python
146 lines
4.7 KiB
Python
# Copyright (c) 2019. Tobias Kurze
|
|
"""
|
|
This module provides functions related to authentication through the API.
|
|
For example: listing of available auth providers or registration of users.
|
|
|
|
Login through API does not start a new session, but instead returns JWT.
|
|
"""
|
|
from datetime import datetime
|
|
from pprint import pprint
|
|
|
|
from flask_jwt_extended import get_jwt_identity, jwt_required, current_user
|
|
from flask_restx import Resource, fields, inputs, abort
|
|
|
|
from backend import db, app, jwt_auth
|
|
from backend.api import api_user
|
|
from backend.api.models import user_model, recorder_model, generic_id_parser
|
|
from backend.auth.utils import requires_permission_level
|
|
from backend.models import Recorder, Config
|
|
from backend.models.user_model import User, Group
|
|
|
|
|
|
user_update_parser = api_user.parser()
|
|
user_update_parser.add_argument('email', type=inputs.email(), required=False, nullable=False, store_missing=False)
|
|
user_update_parser.add_argument('nickname', type=str, required=False, store_missing=False)
|
|
user_update_parser.add_argument('first_name', type=str, required=False, store_missing=False)
|
|
user_update_parser.add_argument('last_name', type=str, required=False, store_missing=False)
|
|
|
|
|
|
@api_user.route('/profile')
|
|
class Profile(Resource):
|
|
@jwt_required
|
|
@api_user.marshal_with(user_model)
|
|
def get(self):
|
|
"""Get infos about logged in user."""
|
|
current_user_id = get_jwt_identity()
|
|
app.logger.info(current_user_id)
|
|
return User.get_by_identifier(current_user_id)
|
|
|
|
@jwt_required
|
|
@api_user.expect(user_update_parser)
|
|
def put(self):
|
|
args = user_update_parser.parse_args()
|
|
args['last_time_modified'] = datetime.utcnow()
|
|
pprint(args)
|
|
print(current_user)
|
|
num_rows_matched = User.query.filter_by(id=current_user.id).update(args)
|
|
print(num_rows_matched)
|
|
|
|
if num_rows_matched < 1:
|
|
api_user.abort("Nothing has been updated!")
|
|
db.session.commit()
|
|
return "ok"
|
|
|
|
|
|
@api_user.route('/profile/favorite_recorders')
|
|
class UserFavoriteRecorders(Resource):
|
|
@jwt_required
|
|
@api_user.marshal_list_with(recorder_model)
|
|
def get(self):
|
|
try:
|
|
current_user_id = get_jwt_identity()
|
|
return User.get_by_identifier(current_user_id).favorite_recorders
|
|
except AttributeError:
|
|
abort(404, "User not found!")
|
|
|
|
@jwt_required
|
|
@api_user.expect(generic_id_parser)
|
|
@api_user.marshal_list_with(recorder_model)
|
|
def put(self):
|
|
try:
|
|
args = generic_id_parser.parse_args()
|
|
current_user_id = get_jwt_identity()
|
|
user = User.get_by_identifier(current_user_id)
|
|
print(args)
|
|
recorder = Recorder.get_by_identifier(args["id"])
|
|
print(recorder)
|
|
if recorder is None:
|
|
abort(404, "(Specified [id: {}]) recorder not found!".format(args["id"]))
|
|
user.favorite_recorders.append(recorder)
|
|
db.session.commit()
|
|
return user.favorite_recorders
|
|
except AttributeError:
|
|
abort(404, "User not found!")
|
|
|
|
|
|
@api_user.route('')
|
|
class UserList(Resource):
|
|
"""
|
|
This is a test class.
|
|
"""
|
|
|
|
# @jwt_auth.login_required
|
|
@jwt_required
|
|
@requires_permission_level(Config.Permissions.USERS_LIST)
|
|
@api_user.doc('users')
|
|
@api_user.marshal_list_with(user_model)
|
|
def get(self):
|
|
"""
|
|
returns all users
|
|
:return: all users
|
|
"""
|
|
current_user = get_jwt_identity()
|
|
app.logger.info(current_user)
|
|
return User.get_all()
|
|
|
|
@jwt_required
|
|
@requires_permission_level(Config.Permissions.USER_CREATE)
|
|
@api_user.doc('create_group')
|
|
@api_user.expect(user_model)
|
|
@api_user.marshal_with(user_model, code=201)
|
|
def post(self):
|
|
user = User(**api_user.payload)
|
|
db.session.add(user)
|
|
db.session.commit()
|
|
return user
|
|
|
|
|
|
@api_user.route('/<id>')
|
|
@api_user.param('id', 'The user identifier')
|
|
@api_user.response(404, 'User not found')
|
|
class UserResource(Resource):
|
|
@jwt_auth.login_required
|
|
@requires_permission_level(Config.Permissions.USER_SHOW)
|
|
@api_user.doc('get_user')
|
|
@api_user.marshal_with(user_model)
|
|
def get(self, id):
|
|
"""Fetch a user given its identifier"""
|
|
user = User.get_by_id(id)
|
|
if user is not None:
|
|
return user
|
|
api_user.abort(404)
|
|
|
|
@jwt_auth.login_required
|
|
@requires_permission_level(Config.Permissions.USER_DELETE)
|
|
@api_user.doc('delete_user')
|
|
def delete(self, id):
|
|
"""Fetch a user given its identifier"""
|
|
user = User.get_by_id(id)
|
|
if user is not None:
|
|
db.session.delete(user)
|
|
db.session.commit()
|
|
return "ok"
|
|
api_user.abort(404)
|
|
|
|
# api_user.add_resource(UserResource, '/')
|