From 595bda98ef56f9a0f30dacb6ab9801ef25bee99d Mon Sep 17 00:00:00 2001
From: Patrick Jentsch <p.jentsch@uni-bielefeld.de>
Date: Tue, 9 May 2023 15:32:09 +0200
Subject: [PATCH] Fix wrong admin check

---
 app/users/events.py | 54 +++++++++++++++++++++++++++------------------
 1 file changed, 32 insertions(+), 22 deletions(-)

diff --git a/app/users/events.py b/app/users/events.py
index 532bf42d..fd6dc6db 100644
--- a/app/users/events.py
+++ b/app/users/events.py
@@ -12,7 +12,7 @@ def get_user(user_hashid, backrefs=False, relationships=False):
     user = User.query.get(user_id)
     if user is None:
         return {'status': 404, 'statusText': 'Not found'}
-    if not (user == current_user or current_user.is_administrator):
+    if not (user == current_user or current_user.is_administrator()):
         return {'status': 403, 'statusText': 'Forbidden'}
     return {
         'body': user.to_json_serializeable(
@@ -24,25 +24,6 @@ def get_user(user_hashid, backrefs=False, relationships=False):
     }
 
 
-# @socketio.on('GET /users/<user_id>')
-# @socketio_login_required
-# def get_user(user_hashid):
-#     user_id = hashids.decode(user_hashid)
-#     user = User.query.get(user_id)
-#     if user is None:
-#         return {'options': {'status': 404, 'statusText': 'Not found'}}
-#     if not (user == current_user or current_user.is_administrator):
-#         return {'options': {'status': 403, 'statusText': 'Forbidden'}}
-#     return {
-#         'body': user.to_json_serializable2(),
-#         'options': {
-#             'status': 200,
-#             'statusText': 'OK',
-#             'headers': {'Content-Type: application/json'}
-#         }
-#     }
-
-
 @socketio.on('SUBSCRIBE /users/<user_id>')
 @socketio_login_required
 def subscribe_user(user_hashid):
@@ -50,7 +31,7 @@ def subscribe_user(user_hashid):
     user = User.query.get(user_id)
     if user is None:
         return {'status': 404, 'statusText': 'Not found'}
-    if not (user == current_user or current_user.is_administrator):
+    if not (user == current_user or current_user.is_administrator()):
         return {'status': 403, 'statusText': 'Forbidden'}
     join_room(f'/users/{user.hashid}')
     return {'status': 200, 'statusText': 'OK'}
@@ -63,7 +44,36 @@ def unsubscribe_user(user_hashid):
     user = User.query.get(user_id)
     if user is None:
         return {'status': 404, 'statusText': 'Not found'}
-    if not (user == current_user or current_user.is_administrator):
+    if not (user == current_user or current_user.is_administrator()):
         return {'status': 403, 'statusText': 'Forbidden'}
     leave_room(f'/users/{user.hashid}')
     return {'status': 200, 'statusText': 'OK'}
+
+
+# @socketio.on('GET User')
+# @socketio_login_required
+# def n_get_user(user_hashid):
+#     # This constructs a JSON response which can easily be converted to a Response object
+#     # Ref: https://developer.mozilla.org/en-US/docs/Web/API/Response/Response
+#     user_id = hashids.decode(user_hashid)
+#     user = User.query.get(user_id)
+#     if user is None:
+#         return {'options': {'status': 404, 'statusText': 'Not found'}}
+#     if not (user == current_user or current_user.is_administrator()):
+#         return {'options': {'status': 403, 'statusText': 'Forbidden'}}
+#     body = {
+#         'id': user.hashid,
+#         # ...
+#         'relationships': {
+#             'corpora': {corpus.hashid for corpus in user.corpora},
+#             'jobs': [job.hashid for job in user.jobs]
+#         }
+#     }
+#     return {
+#         'body': user.to_json_serializable(),
+#         'options': {
+#             'status': 200,
+#             'statusText': 'OK',
+#             'headers': {'Content-Type: application/json'}
+#         }
+#     }