Update: admin_delete can't delete last admin
This commit is contained in:
parent
b8c4efc9ad
commit
d52555af33
2 changed files with 56 additions and 31 deletions
|
|
@ -1,9 +1,19 @@
|
||||||
|
print('hashlib')
|
||||||
import hashlib
|
import hashlib
|
||||||
|
|
||||||
import os
|
import os
|
||||||
from datetime import datetime
|
from datetime import datetime
|
||||||
|
|
||||||
|
print('flask_sqlalchemy')
|
||||||
from flask_sqlalchemy import inspect
|
from flask_sqlalchemy import inspect
|
||||||
|
|
||||||
|
print('sqlalchemy')
|
||||||
from sqlalchemy import asc, desc, or_
|
from sqlalchemy import asc, desc, or_
|
||||||
|
|
||||||
|
print('users_model')
|
||||||
from .users_model import Users, db
|
from .users_model import Users, db
|
||||||
|
|
||||||
|
print('logs_model')
|
||||||
from .logs_model import Logs
|
from .logs_model import Logs
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -177,34 +187,49 @@ def db_user_update(ip, user_id, nickname, password):
|
||||||
return {'status': 1, 'message': message}
|
return {'status': 1, 'message': message}
|
||||||
|
|
||||||
|
|
||||||
def db_user_delete(ip, user_id, is_admin=False):
|
def db_user_delete(ip, user_id):
|
||||||
if is_admin and Users.query.filter(Users.is_admin == True).count() <= 1 or user_id == 0:
|
user_to_delete = Users.query.filter(Users.id == user_id).scalar()
|
||||||
message = 'Can\'t delete last admin'
|
if user_to_delete:
|
||||||
db_create_log(
|
is_admin = bool(user_to_delete.json()['is_admin'])
|
||||||
ip=ip,
|
if is_admin and (Users.query.filter(Users.is_admin == True).count() <= 1 or user_id == 0):
|
||||||
action='user_delete',
|
message = 'Can\'t delete last admin'
|
||||||
message=message,
|
db_create_log(
|
||||||
has_succeeded=False,
|
ip=ip,
|
||||||
status_code=2,
|
action='user_delete',
|
||||||
table='users',
|
message=message,
|
||||||
id_user=user_id
|
has_succeeded=False,
|
||||||
)
|
status_code=2,
|
||||||
return {'status': 2, 'message': message}
|
table='users',
|
||||||
|
id_user=user_id
|
||||||
test = Users.query.filter(Users.id == user_id).delete()
|
)
|
||||||
if test == 1:
|
return {'status': 2, 'message': message}
|
||||||
db.session.commit()
|
else:
|
||||||
message = 'User deleted.'
|
test = Users.query.filter(Users.id == user_id).delete()
|
||||||
db_create_log(
|
if test == 1:
|
||||||
ip=ip,
|
db.session.commit()
|
||||||
action='user_delete',
|
message = 'User deleted.'
|
||||||
message=message,
|
db_create_log(
|
||||||
has_succeeded=True,
|
ip=ip,
|
||||||
status_code=0,
|
action='user_delete',
|
||||||
table='users',
|
message=message,
|
||||||
id_user=user_id
|
has_succeeded=True,
|
||||||
)
|
status_code=0,
|
||||||
return {'status': 0, 'message': message, 'data': None}
|
table='users',
|
||||||
|
id_user=user_id
|
||||||
|
)
|
||||||
|
return {'status': 0, 'message': message, 'data': None}
|
||||||
|
else:
|
||||||
|
message = 'User do not exist.'
|
||||||
|
db_create_log(
|
||||||
|
ip=ip,
|
||||||
|
action='user_delete',
|
||||||
|
message=message,
|
||||||
|
has_succeeded=False,
|
||||||
|
status_code=1,
|
||||||
|
table='users',
|
||||||
|
id_user=user_id
|
||||||
|
)
|
||||||
|
return {'status': 1, 'message': message}
|
||||||
else:
|
else:
|
||||||
message = 'User do not exist.'
|
message = 'User do not exist.'
|
||||||
db_create_log(
|
db_create_log(
|
||||||
|
|
|
||||||
|
|
@ -3,7 +3,7 @@ from flask import request
|
||||||
from .responses import send_message, send_error
|
from .responses import send_message, send_error
|
||||||
from .api_functions import db_login, db_register, db_user_update, db_create_log, db_user_delete, db_admin_update_user, db_users
|
from .api_functions import db_login, db_register, db_user_update, db_create_log, db_user_delete, db_admin_update_user, db_users
|
||||||
from .sessionJWT import create_auth_token, check_auth_token
|
from .sessionJWT import create_auth_token, check_auth_token
|
||||||
|
print('route imported')
|
||||||
|
|
||||||
# Login
|
# Login
|
||||||
@app.route('/api/login', methods=['POST'])
|
@app.route('/api/login', methods=['POST'])
|
||||||
|
|
@ -286,7 +286,7 @@ def admin_delete_user():
|
||||||
fields += 'id'
|
fields += 'id'
|
||||||
if post_user_id_delete is not None:
|
if post_user_id_delete is not None:
|
||||||
if str(post_user_id_delete) != '':
|
if str(post_user_id_delete) != '':
|
||||||
res = db_user_delete(ip, post_user_id_delete)
|
res = db_user_delete(ip, int(post_user_id_delete))
|
||||||
if res['status'] == 1:
|
if res['status'] == 1:
|
||||||
db_create_log(
|
db_create_log(
|
||||||
ip=ip,
|
ip=ip,
|
||||||
|
|
@ -298,7 +298,7 @@ def admin_delete_user():
|
||||||
id_user=user_id
|
id_user=user_id
|
||||||
)
|
)
|
||||||
return send_error(500, res['message'])
|
return send_error(500, res['message'])
|
||||||
elif res['status'] == 0:
|
else:
|
||||||
db_create_log(
|
db_create_log(
|
||||||
ip=ip,
|
ip=ip,
|
||||||
action='admin/delete/user',
|
action='admin/delete/user',
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue