Merge branch 'pluginify' of groeger-clan.duckdns.org:newgeruecht into pluginify

This commit is contained in:
Ferdinand Thiessen 2020-10-28 14:23:07 +01:00
commit 993abf4148
3 changed files with 12 additions and 6 deletions

6
.gitignore vendored
View File

@ -127,3 +127,9 @@ test_pricelist/
test_project/ test_project/
config.yml config.yml
geruecht.config.yml geruecht.config.yml
# config
flaschengeist/flaschengeist.cfg
# start flaschengeist in pycharme professional
run_flaschengeist_pycharm.py

View File

@ -76,7 +76,7 @@ def _get_sessions(access_token: Session, **kwargs):
@login_required() @login_required()
def _delete_session(access_token, token, **kwargs): def _delete_session(access_token, token, **kwargs):
logger.debug("Try to delete access token {{ {} }}".format(token)) logger.debug("Try to delete access token {{ {} }}".format(token))
token = sessionController.get_session(token, access_token.user) token = sessionController.get_session(token, access_token._user)
if not token: if not token:
logger.debug("Token not found in database!") logger.debug("Token not found in database!")
# Return 403 error, so that users can not bruteforce tokens # Return 403 error, so that users can not bruteforce tokens
@ -91,7 +91,7 @@ def _delete_session(access_token, token, **kwargs):
@login_required() @login_required()
def _get_session(token, access_token, **kwargs): def _get_session(token, access_token, **kwargs):
logger.debug("get token {{ {} }}".format(token)) logger.debug("get token {{ {} }}".format(token))
session = sessionController.get_session(token, access_token.user) session = sessionController.get_session(token, access_token._user)
if not token: if not token:
# Return 403 error, so that users can not bruteforce tokens # Return 403 error, so that users can not bruteforce tokens
# Valid tokens from other users and invalid tokens now are looking the same # Valid tokens from other users and invalid tokens now are looking the same
@ -103,7 +103,7 @@ def _get_session(token, access_token, **kwargs):
@login_required() @login_required()
def _get_assocd_user(token, access_token, **kwargs): def _get_assocd_user(token, access_token, **kwargs):
logger.debug("get token {{ {} }}".format(token)) logger.debug("get token {{ {} }}".format(token))
session = sessionController.get_session(token, access_token.user) session = sessionController.get_session(token, access_token._user)
if not token: if not token:
# Return 403 error, so that users can not bruteforce tokens # Return 403 error, so that users can not bruteforce tokens
# Valid tokens from other users and invalid tokens now are looking the same # Valid tokens from other users and invalid tokens now are looking the same
@ -114,7 +114,7 @@ def _get_assocd_user(token, access_token, **kwargs):
@auth_bp.route("/auth/<token>", methods=["PUT"]) @auth_bp.route("/auth/<token>", methods=["PUT"])
@login_required() @login_required()
def _set_lifetime(token, access_token, **kwargs): def _set_lifetime(token, access_token, **kwargs):
token = sessionController.get_token(token, access_token.user) token = sessionController.get_token(token, access_token._user)
if not token: if not token:
# Return 403 error, so that users can not bruteforce tokens # Return 403 error, so that users can not bruteforce tokens
# Valid tokens from other users and invalid tokens now are looking the same # Valid tokens from other users and invalid tokens now are looking the same

View File

@ -62,7 +62,7 @@ def __delete_user(uid, **kwargs):
@users_bp.route("/users/<uid>", methods=["PUT"]) @users_bp.route("/users/<uid>", methods=["PUT"])
@login_required() @login_required()
def __edit_user(uid, **kwargs): def __edit_user(uid, access_token ,**kwargs):
logger.debug("Modify information of user {{ {} }}".format(uid)) logger.debug("Modify information of user {{ {} }}".format(uid))
user = userController.get_user(uid) user = userController.get_user(uid)
data = request.get_json() data = request.get_json()
@ -70,7 +70,7 @@ def __edit_user(uid, **kwargs):
password = None password = None
new_password = data["new_password"] if "new_password" in data else None new_password = data["new_password"] if "new_password" in data else None
if uid != kwargs["access_token"].user.userid: if uid != access_token._user.userid:
if not user.has_permission(_permission_edit): if not user.has_permission(_permission_edit):
return Forbidden return Forbidden
else: else: