remove unused function
- add check if editing user is admin for role editing
This commit is contained in:
parent
5b55c4498b
commit
8bcccf417d
2 changed files with 5 additions and 32 deletions
|
@ -42,43 +42,15 @@ class UserService:
|
|||
return UserService.get_user(res["id"])
|
||||
|
||||
@staticmethod
|
||||
def put_user(id, data):
|
||||
def put_user(id, user_editing_id, data):
|
||||
kratos_data = {
|
||||
"schema_id": "default",
|
||||
"traits": {"email": data["email"], "name": data["name"]},
|
||||
}
|
||||
KratosApi.put("/admin/identities/{}".format(id), kratos_data)
|
||||
|
||||
if data["app_roles"]:
|
||||
app_roles = data["app_roles"]
|
||||
for ar in app_roles:
|
||||
app = App.query.filter_by(slug=ar["name"]).first()
|
||||
app_role = AppRole.query.filter_by(user_id=id, app_id=app.id).first()
|
||||
is_admin = RoleService.is_user_admin(user_editing_id)
|
||||
|
||||
if app_role:
|
||||
app_role.role_id = ar["role_id"] if "role_id" in ar else None
|
||||
db.session.commit()
|
||||
else:
|
||||
appRole = AppRole(
|
||||
user_id=id,
|
||||
role_id=ar["role_id"] if "role_id" in ar else None,
|
||||
app_id=app.id,
|
||||
)
|
||||
db.session.add(appRole)
|
||||
db.session.commit()
|
||||
|
||||
return UserService.get_user(id)
|
||||
|
||||
@staticmethod
|
||||
def put_personal_info(id, data):
|
||||
kratos_data = {
|
||||
"schema_id": "default",
|
||||
"traits": {"email": data["email"], "name": data["name"]},
|
||||
}
|
||||
KratosApi.put("/admin/identities/{}".format(id), kratos_data)
|
||||
|
||||
is_admin = RoleService.is_user_admin(id)
|
||||
|
||||
if is_admin and data["app_roles"]:
|
||||
app_roles = data["app_roles"]
|
||||
for ar in app_roles:
|
||||
|
|
|
@ -47,7 +47,8 @@ def post_user():
|
|||
@admin_required()
|
||||
def put_user(id):
|
||||
data = request.get_json()
|
||||
res = UserService.put_user(id, data)
|
||||
user_id = __get_user_id_from_jwt()
|
||||
res = UserService.put_user(id, user_id, data)
|
||||
return jsonify(res)
|
||||
|
||||
|
||||
|
@ -79,7 +80,7 @@ def get_personal_info():
|
|||
def update_personal_info():
|
||||
data = request.get_json()
|
||||
user_id = __get_user_id_from_jwt()
|
||||
res = UserService.put_user(user_id, data)
|
||||
res = UserService.put_user(user_id, user_id, data)
|
||||
return jsonify(res)
|
||||
|
||||
|
||||
|
|
Loading…
Reference in a new issue