Fix wrong admin check

2025-11-03 20:02:47 +00:00 · 2023-05-09 15:32:09 +02:00
parent 91e42d6d92
commit 595bda98ef
1 changed files with 32 additions and 22 deletions
--- a/app/users/events.py
+++ b/app/users/events.py
@@ -12,7 +12,7 @@ def get_user(user_hashid, backrefs=False, relationships=False):
    user = User.query.get(user_id)
    if user is None:
        return {'status': 404, 'statusText': 'Not found'}
-    if not (user == current_user or current_user.is_administrator):
+    if not (user == current_user or current_user.is_administrator()):
        return {'status': 403, 'statusText': 'Forbidden'}
    return {
        'body': user.to_json_serializeable(
@@ -24,25 +24,6 @@ def get_user(user_hashid, backrefs=False, relationships=False):
    }


-# @socketio.on('GET /users/<user_id>')
-# @socketio_login_required
-# def get_user(user_hashid):
-#     user_id = hashids.decode(user_hashid)
-#     user = User.query.get(user_id)
-#     if user is None:
-#         return {'options': {'status': 404, 'statusText': 'Not found'}}
-#     if not (user == current_user or current_user.is_administrator):
-#         return {'options': {'status': 403, 'statusText': 'Forbidden'}}
-#     return {
-#         'body': user.to_json_serializable2(),
-#         'options': {
-#             'status': 200,
-#             'statusText': 'OK',
-#             'headers': {'Content-Type: application/json'}
-#         }
-#     }
-
-
@socketio.on('SUBSCRIBE /users/<user_id>')
@socketio_login_required
 def subscribe_user(user_hashid):
@@ -50,7 +31,7 @@ def subscribe_user(user_hashid):
    user = User.query.get(user_id)
    if user is None:
        return {'status': 404, 'statusText': 'Not found'}
-    if not (user == current_user or current_user.is_administrator):
+    if not (user == current_user or current_user.is_administrator()):
        return {'status': 403, 'statusText': 'Forbidden'}
    join_room(f'/users/{user.hashid}')
    return {'status': 200, 'statusText': 'OK'}
@@ -63,7 +44,36 @@ def unsubscribe_user(user_hashid):
    user = User.query.get(user_id)
    if user is None:
        return {'status': 404, 'statusText': 'Not found'}
-    if not (user == current_user or current_user.is_administrator):
+    if not (user == current_user or current_user.is_administrator()):
        return {'status': 403, 'statusText': 'Forbidden'}
    leave_room(f'/users/{user.hashid}')
    return {'status': 200, 'statusText': 'OK'}
+
+
+# @socketio.on('GET User')
+# @socketio_login_required
+# def n_get_user(user_hashid):
+#     # This constructs a JSON response which can easily be converted to a Response object
+#     # Ref: https://developer.mozilla.org/en-US/docs/Web/API/Response/Response
+#     user_id = hashids.decode(user_hashid)
+#     user = User.query.get(user_id)
+#     if user is None:
+#         return {'options': {'status': 404, 'statusText': 'Not found'}}
+#     if not (user == current_user or current_user.is_administrator()):
+#         return {'options': {'status': 403, 'statusText': 'Forbidden'}}
+#     body = {
+#         'id': user.hashid,
+#         # ...
+#         'relationships': {
+#             'corpora': {corpus.hashid for corpus in user.corpora},
+#             'jobs': [job.hashid for job in user.jobs]
+#         }
+#     }
+#     return {
+#         'body': user.to_json_serializable(),
+#         'options': {
+#             'status': 200,
+#             'statusText': 'OK',
+#             'headers': {'Content-Type: application/json'}
+#         }
+#     }