yvachot/FlaskALED
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update: admin_delete can't delete last admin

Browse source
This commit is contained in:
Yûki VACHOT 2022-01-10 21:23:04 +01:00
parent b8c4efc9ad
commit d52555af33
2 changed files with 56 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

31
backend/application/api_functions.py
View file

@ -1,9 +1,19 @@
print('hashlib')
import hashlib import hashlib
import os import os
from datetime import datetime from datetime import datetime
print('flask_sqlalchemy')
from flask_sqlalchemy import inspect from flask_sqlalchemy import inspect
print('sqlalchemy')
from sqlalchemy import asc, desc, or_ from sqlalchemy import asc, desc, or_
print('users_model')
from .users_model import Users, db from .users_model import Users, db
print('logs_model')
from .logs_model import Logs from .logs_model import Logs
@ -177,8 +187,11 @@ def db_user_update(ip, user_id, nickname, password):
return {'status': 1, 'message': message} return {'status': 1, 'message': message}
def db_user_delete(ip, user_id, is_admin=False): def db_user_delete(ip, user_id):
if is_admin and Users.query.filter(Users.is_admin == True).count() <= 1 or user_id == 0: user_to_delete = Users.query.filter(Users.id == user_id).scalar()
if user_to_delete:
is_admin = bool(user_to_delete.json()['is_admin'])
if is_admin and (Users.query.filter(Users.is_admin == True).count() <= 1 or user_id == 0):
message = 'Can\'t delete last admin' message = 'Can\'t delete last admin'
db_create_log( db_create_log(
ip=ip, ip=ip,
@ -190,7 +203,7 @@ def db_user_delete(ip, user_id, is_admin=False):
id_user=user_id id_user=user_id
) )
return {'status': 2, 'message': message} return {'status': 2, 'message': message}
else:
test = Users.query.filter(Users.id == user_id).delete() test = Users.query.filter(Users.id == user_id).delete()
if test == 1: if test == 1:
db.session.commit() db.session.commit()
@ -217,6 +230,18 @@ def db_user_delete(ip, user_id, is_admin=False):
id_user=user_id id_user=user_id
) )
return {'status': 1, 'message': message} return {'status': 1, 'message': message}
else:
message = 'User do not exist.'
db_create_log(
ip=ip,
action='user_delete',
message=message,
has_succeeded=False,
status_code=1,
table='users',
id_user=user_id
)
return {'status': 1, 'message': message}
def db_admin_update_user(ip, user_id, is_admin, password): def db_admin_update_user(ip, user_id, is_admin, password):

6
backend/application/routes.py
View file

@ -3,7 +3,7 @@ from flask import request
from .responses import send_message, send_error from .responses import send_message, send_error
from .api_functions import db_login, db_register, db_user_update, db_create_log, db_user_delete, db_admin_update_user, db_users from .api_functions import db_login, db_register, db_user_update, db_create_log, db_user_delete, db_admin_update_user, db_users
from .sessionJWT import create_auth_token, check_auth_token from .sessionJWT import create_auth_token, check_auth_token
print('route imported')
# Login # Login
@app.route('/api/login', methods=['POST']) @app.route('/api/login', methods=['POST'])
@ -286,7 +286,7 @@ def admin_delete_user():
fields += 'id' fields += 'id'
if post_user_id_delete is not None: if post_user_id_delete is not None:
if str(post_user_id_delete) != '': if str(post_user_id_delete) != '':
res = db_user_delete(ip, post_user_id_delete) res = db_user_delete(ip, int(post_user_id_delete))
if res['status'] == 1: if res['status'] == 1:
db_create_log( db_create_log(
ip=ip, ip=ip,
@ -298,7 +298,7 @@ def admin_delete_user():
id_user=user_id id_user=user_id
) )
return send_error(500, res['message']) return send_error(500, res['message'])
elif res['status'] == 0: else:
db_create_log( db_create_log(
ip=ip, ip=ip,
action='admin/delete/user', action='admin/delete/user',