yvachot/FlaskALED
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update: admin_delete can't delete last admin

Browse source
This commit is contained in:
Yûki VACHOT 2022-01-10 21:23:04 +01:00
parent b8c4efc9ad
commit d52555af33
2 changed files with 56 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

81
backend/application/api_functions.py
View file

@ -1,9 +1,19 @@
print('hashlib')
import hashlib
import os
from datetime import datetime
print('flask_sqlalchemy')
from flask_sqlalchemy import inspect
print('sqlalchemy')
from sqlalchemy import asc, desc, or_
print('users_model')
from .users_model import Users, db
print('logs_model')
from .logs_model import Logs
@ -177,34 +187,49 @@ def db_user_update(ip, user_id, nickname, password):
return {'status': 1, 'message': message}
def db_user_delete(ip, user_id, is_admin=False):
if is_admin and Users.query.filter(Users.is_admin == True).count() <= 1 or user_id == 0:
message = 'Can\'t delete last admin'
db_create_log(
ip=ip,
action='user_delete',
message=message,
has_succeeded=False,
status_code=2,
table='users',
id_user=user_id
)
return {'status': 2, 'message': message}
test = Users.query.filter(Users.id == user_id).delete()
if test == 1:
db.session.commit()
message = 'User deleted.'
db_create_log(
ip=ip,
action='user_delete',
message=message,
has_succeeded=True,
status_code=0,
table='users',
id_user=user_id
)
return {'status': 0, 'message': message, 'data': None}
def db_user_delete(ip, user_id):
user_to_delete = Users.query.filter(Users.id == user_id).scalar()
if user_to_delete:
is_admin = bool(user_to_delete.json()['is_admin'])
if is_admin and (Users.query.filter(Users.is_admin == True).count() <= 1 or user_id == 0):
message = 'Can\'t delete last admin'
db_create_log(
ip=ip,
action='user_delete',
message=message,
has_succeeded=False,
status_code=2,
table='users',
id_user=user_id
)
return {'status': 2, 'message': message}
else:
test = Users.query.filter(Users.id == user_id).delete()
if test == 1:
db.session.commit()
message = 'User deleted.'
db_create_log(
ip=ip,
action='user_delete',
message=message,
has_succeeded=True,
status_code=0,
table='users',
id_user=user_id
)
return {'status': 0, 'message': message, 'data': None}
else:
message = 'User do not exist.'
db_create_log(
ip=ip,
action='user_delete',
message=message,
has_succeeded=False,
status_code=1,
table='users',
id_user=user_id
)
return {'status': 1, 'message': message}
else:
message = 'User do not exist.'
db_create_log(

6
backend/application/routes.py
View file

@ -3,7 +3,7 @@ from flask import request
from .responses import send_message, send_error
from .api_functions import db_login, db_register, db_user_update, db_create_log, db_user_delete, db_admin_update_user, db_users
from .sessionJWT import create_auth_token, check_auth_token
print('route imported')
# Login
@app.route('/api/login', methods=['POST'])
@ -286,7 +286,7 @@ def admin_delete_user():
fields += 'id'
if post_user_id_delete is not None:
if str(post_user_id_delete) != '':
res = db_user_delete(ip, post_user_id_delete)
res = db_user_delete(ip, int(post_user_id_delete))
if res['status'] == 1:
db_create_log(
ip=ip,
@ -298,7 +298,7 @@ def admin_delete_user():
id_user=user_id
)
return send_error(500, res['message'])
elif res['status'] == 0:
else:
db_create_log(
ip=ip,
action='admin/delete/user',