mirror of
https://gitlab.ub.uni-bielefeld.de/sfb1288inf/nopaque.git
synced 2024-12-24 10:34:17 +00:00
Fix wrong admin check
This commit is contained in:
parent
91e42d6d92
commit
595bda98ef
@ -12,7 +12,7 @@ def get_user(user_hashid, backrefs=False, relationships=False):
|
||||
user = User.query.get(user_id)
|
||||
if user is None:
|
||||
return {'status': 404, 'statusText': 'Not found'}
|
||||
if not (user == current_user or current_user.is_administrator):
|
||||
if not (user == current_user or current_user.is_administrator()):
|
||||
return {'status': 403, 'statusText': 'Forbidden'}
|
||||
return {
|
||||
'body': user.to_json_serializeable(
|
||||
@ -24,25 +24,6 @@ def get_user(user_hashid, backrefs=False, relationships=False):
|
||||
}
|
||||
|
||||
|
||||
# @socketio.on('GET /users/<user_id>')
|
||||
# @socketio_login_required
|
||||
# def get_user(user_hashid):
|
||||
# user_id = hashids.decode(user_hashid)
|
||||
# user = User.query.get(user_id)
|
||||
# if user is None:
|
||||
# return {'options': {'status': 404, 'statusText': 'Not found'}}
|
||||
# if not (user == current_user or current_user.is_administrator):
|
||||
# return {'options': {'status': 403, 'statusText': 'Forbidden'}}
|
||||
# return {
|
||||
# 'body': user.to_json_serializable2(),
|
||||
# 'options': {
|
||||
# 'status': 200,
|
||||
# 'statusText': 'OK',
|
||||
# 'headers': {'Content-Type: application/json'}
|
||||
# }
|
||||
# }
|
||||
|
||||
|
||||
@socketio.on('SUBSCRIBE /users/<user_id>')
|
||||
@socketio_login_required
|
||||
def subscribe_user(user_hashid):
|
||||
@ -50,7 +31,7 @@ def subscribe_user(user_hashid):
|
||||
user = User.query.get(user_id)
|
||||
if user is None:
|
||||
return {'status': 404, 'statusText': 'Not found'}
|
||||
if not (user == current_user or current_user.is_administrator):
|
||||
if not (user == current_user or current_user.is_administrator()):
|
||||
return {'status': 403, 'statusText': 'Forbidden'}
|
||||
join_room(f'/users/{user.hashid}')
|
||||
return {'status': 200, 'statusText': 'OK'}
|
||||
@ -63,7 +44,36 @@ def unsubscribe_user(user_hashid):
|
||||
user = User.query.get(user_id)
|
||||
if user is None:
|
||||
return {'status': 404, 'statusText': 'Not found'}
|
||||
if not (user == current_user or current_user.is_administrator):
|
||||
if not (user == current_user or current_user.is_administrator()):
|
||||
return {'status': 403, 'statusText': 'Forbidden'}
|
||||
leave_room(f'/users/{user.hashid}')
|
||||
return {'status': 200, 'statusText': 'OK'}
|
||||
|
||||
|
||||
# @socketio.on('GET User')
|
||||
# @socketio_login_required
|
||||
# def n_get_user(user_hashid):
|
||||
# # This constructs a JSON response which can easily be converted to a Response object
|
||||
# # Ref: https://developer.mozilla.org/en-US/docs/Web/API/Response/Response
|
||||
# user_id = hashids.decode(user_hashid)
|
||||
# user = User.query.get(user_id)
|
||||
# if user is None:
|
||||
# return {'options': {'status': 404, 'statusText': 'Not found'}}
|
||||
# if not (user == current_user or current_user.is_administrator()):
|
||||
# return {'options': {'status': 403, 'statusText': 'Forbidden'}}
|
||||
# body = {
|
||||
# 'id': user.hashid,
|
||||
# # ...
|
||||
# 'relationships': {
|
||||
# 'corpora': {corpus.hashid for corpus in user.corpora},
|
||||
# 'jobs': [job.hashid for job in user.jobs]
|
||||
# }
|
||||
# }
|
||||
# return {
|
||||
# 'body': user.to_json_serializable(),
|
||||
# 'options': {
|
||||
# 'status': 200,
|
||||
# 'statusText': 'OK',
|
||||
# 'headers': {'Content-Type: application/json'}
|
||||
# }
|
||||
# }
|
||||
|
Loading…
Reference in New Issue
Block a user