API - limit access to users for now
- only auth user can access his preference - only admin can visualize users
This commit is contained in:
Sam
@ -386,7 +386,7 @@ def get_authenticated_user_profile(
|
||||
- invalid token, please log in again
|
||||
|
||||
"""
|
||||
return {'status': 'success', 'data': auth_user.serialize()}
|
||||
return {'status': 'success', 'data': auth_user.serialize(auth_user)}
|
||||
|
||||
|
||||
@auth_blueprint.route('/auth/profile/edit', methods=['POST'])
|
||||
@ -540,7 +540,7 @@ def edit_user(auth_user: User) -> Union[Dict, HttpResponse]:
|
||||
return {
|
||||
'status': 'success',
|
||||
'message': 'user profile updated',
|
||||
'data': auth_user.serialize(),
|
||||
'data': auth_user.serialize(auth_user),
|
||||
}
|
||||
|
||||
# handler errors
|
||||
@ -734,7 +734,7 @@ def update_user_account(auth_user: User) -> Union[Dict, HttpResponse]:
|
||||
return {
|
||||
'status': 'success',
|
||||
'message': 'user account updated',
|
||||
'data': auth_user.serialize(),
|
||||
'data': auth_user.serialize(auth_user),
|
||||
}
|
||||
|
||||
except (exc.IntegrityError, exc.OperationalError, ValueError) as e:
|
||||
@ -872,7 +872,7 @@ def edit_user_preferences(auth_user: User) -> Union[Dict, HttpResponse]:
|
||||
return {
|
||||
'status': 'success',
|
||||
'message': 'user preferences updated',
|
||||
'data': auth_user.serialize(),
|
||||
'data': auth_user.serialize(auth_user),
|
||||
}
|
||||
|
||||
# handler errors
|
||||
|
||||
@ -11,6 +11,8 @@ from sqlalchemy.sql.expression import select
|
||||
from fittrackee import bcrypt, db
|
||||
from fittrackee.workouts.models import Workout
|
||||
|
||||
from .exceptions import UserNotFoundException
|
||||
from .roles import UserRole
|
||||
from .utils.token import decode_user_token, get_user_token
|
||||
|
||||
BaseModel: DeclarativeMeta = db.Model
|
||||
@ -109,7 +111,18 @@ class User(BaseModel):
|
||||
.label('workouts_count')
|
||||
)
|
||||
|
||||
def serialize(self) -> Dict:
|
||||
def serialize(self, current_user: 'User') -> Dict:
|
||||
role = (
|
||||
UserRole.AUTH_USER
|
||||
if current_user.id == self.id
|
||||
else UserRole.ADMIN
|
||||
if current_user.admin
|
||||
else UserRole.USER
|
||||
)
|
||||
|
||||
if role == UserRole.USER:
|
||||
raise UserNotFoundException()
|
||||
|
||||
sports = []
|
||||
total = (0, '0:00:00')
|
||||
if self.workouts_count > 0: # type: ignore
|
||||
@ -127,30 +140,40 @@ class User(BaseModel):
|
||||
.filter(Workout.user_id == self.id)
|
||||
.first()
|
||||
)
|
||||
return {
|
||||
'username': self.username,
|
||||
'email': self.email,
|
||||
'created_at': self.created_at,
|
||||
|
||||
serialized_user = {
|
||||
'admin': self.admin,
|
||||
'bio': self.bio,
|
||||
'birth_date': self.birth_date,
|
||||
'created_at': self.created_at,
|
||||
'email': self.email,
|
||||
'email_to_confirm': self.email_to_confirm,
|
||||
'first_name': self.first_name,
|
||||
'last_name': self.last_name,
|
||||
'bio': self.bio,
|
||||
'location': self.location,
|
||||
'birth_date': self.birth_date,
|
||||
'picture': self.picture is not None,
|
||||
'timezone': self.timezone,
|
||||
'weekm': self.weekm,
|
||||
'language': self.language,
|
||||
'nb_sports': len(sports),
|
||||
'nb_workouts': self.workouts_count,
|
||||
'picture': self.picture is not None,
|
||||
'records': [record.serialize() for record in self.records],
|
||||
'sports_list': [
|
||||
sport for sportslist in sports for sport in sportslist
|
||||
],
|
||||
'total_distance': float(total[0]),
|
||||
'total_duration': str(total[1]),
|
||||
'imperial_units': self.imperial_units,
|
||||
'username': self.username,
|
||||
}
|
||||
if role == UserRole.AUTH_USER:
|
||||
serialized_user = {
|
||||
**serialized_user,
|
||||
**{
|
||||
'imperial_units': self.imperial_units,
|
||||
'language': self.language,
|
||||
'timezone': self.timezone,
|
||||
'weekm': self.weekm,
|
||||
},
|
||||
}
|
||||
|
||||
return serialized_user
|
||||
|
||||
|
||||
class UserSportPreference(BaseModel):
|
||||
|
||||
7
fittrackee/users/roles.py
Normal file
7
fittrackee/users/roles.py
Normal file
@ -0,0 +1,7 @@
|
||||
from enum import Enum
|
||||
|
||||
|
||||
class UserRole(Enum):
|
||||
ADMIN = 'admin'
|
||||
AUTH_USER = 'auth_user'
|
||||
USER = 'user'
|
||||
@ -50,7 +50,7 @@ def set_admin(username: str) -> None:
|
||||
|
||||
|
||||
@users_blueprint.route('/users', methods=['GET'])
|
||||
@authenticate
|
||||
@authenticate_as_admin
|
||||
def get_users(auth_user: User) -> Dict:
|
||||
"""
|
||||
Get all users
|
||||
@ -227,7 +227,7 @@ def get_users(auth_user: User) -> Dict:
|
||||
users = users_pagination.items
|
||||
return {
|
||||
'status': 'success',
|
||||
'data': {'users': [user.serialize() for user in users]},
|
||||
'data': {'users': [user.serialize(auth_user) for user in users]},
|
||||
'pagination': {
|
||||
'has_next': users_pagination.has_next,
|
||||
'has_prev': users_pagination.has_prev,
|
||||
@ -239,7 +239,7 @@ def get_users(auth_user: User) -> Dict:
|
||||
|
||||
|
||||
@users_blueprint.route('/users/<user_name>', methods=['GET'])
|
||||
@authenticate
|
||||
@authenticate_as_admin
|
||||
def get_single_user(
|
||||
auth_user: User, user_name: str
|
||||
) -> Union[Dict, HttpResponse]:
|
||||
@ -345,7 +345,7 @@ def get_single_user(
|
||||
if user:
|
||||
return {
|
||||
'status': 'success',
|
||||
'data': {'users': [user.serialize()]},
|
||||
'data': {'users': [user.serialize(auth_user)]},
|
||||
}
|
||||
except ValueError:
|
||||
pass
|
||||
@ -581,7 +581,7 @@ def update_user(auth_user: User, user_name: str) -> Union[Dict, HttpResponse]:
|
||||
|
||||
return {
|
||||
'status': 'success',
|
||||
'data': {'users': [user.serialize()]},
|
||||
'data': {'users': [user.serialize(auth_user)]},
|
||||
}
|
||||
except exc.StatementError as e:
|
||||
return handle_error_and_return_response(e, db=db)
|
||||
|
||||
Reference in New Issue
Block a user