-
Notifications
You must be signed in to change notification settings - Fork 11
Implement basic user roles functionality #94
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from all commits
Commits
Show all changes
11 commits
Select commit
Hold shift + click to select a range
0849873
Add 'boilerplate' for adding user_claims during sign in process
peacheym 8774f91
Adds a test resolver to be able to view the user_claims of the curren…
peacheym c47a170
Add Roles column to User model.
peacheym 8ba0942
User role is pulled from DB column.
peacheym 530c746
Add update_role() function
peacheym 125c077
Refactor resolvers for user_schema.
peacheym 364e3c9
Update docstrings
peacheym 667bf81
Merge branch 'master' into implement-user-roles
peacheym dada85b
Merge branch 'master' into implement-user-roles
peacheym 86384b0
Ran DB-upgrade
peacheym 715ad09
Update sign_in_user.py
peacheym File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,37 @@ | ||
| from functions.error_messages import * | ||
| from db import db | ||
| from models import Users as User | ||
| from graphql import GraphQLError | ||
|
|
||
| from flask_graphql_auth import * | ||
|
|
||
|
|
||
| def update_user_role(email, new_role): | ||
| """ | ||
| Updates the user role associate with the user given by email address | ||
|
|
||
| :param email: The email address associated with the user who's role will be updated. | ||
| :param new_role: The new role that will be given to the user. | ||
|
|
||
| :returns user: The newly updated user object retrieved from the DB (after the update is committed). | ||
| """ | ||
| user = User.query.filter(User.user_email == email).first() | ||
|
|
||
| if user is None: | ||
| # State that no such user exists using that email address | ||
| raise GraphQLError(error_user_does_not_exist()) | ||
|
|
||
| role = get_jwt_claims()['roles'] # Pulls the 'role' out of the JWT user claims associated with the token. | ||
|
|
||
| if role == "admin": # If an admin, update the user. | ||
| user = User.query.filter(User.user_email == email)\ | ||
| .update({'user_role': new_role}) | ||
| db.session.commit() | ||
| else: | ||
| raise GraphQLError(error_not_an_admin()) | ||
|
|
||
| if not user: | ||
| raise GraphQLError(error_role_not_updated()) | ||
| else: | ||
| user = User.query.filter(User.user_email == email).first() | ||
| return user |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| from flask_graphql_auth import * | ||
| import pyotp | ||
| import os | ||
|
|
||
|
|
||
| @query_jwt_required | ||
| def resolve_test_user_claims(self, info): | ||
| """ | ||
| This resolver returns the user_claims array -- A utility for testing | ||
| It requires that a JWT token be active, and that the user have an admin role | ||
| """ | ||
| role = get_jwt_claims()['roles'] | ||
|
|
||
| if role == "admin": | ||
| return str(get_jwt_claims()) | ||
| else: | ||
| return str("Not an admin, please log in") | ||
|
|
||
|
|
||
| def resolve_generate_otp_url(self, info, email): | ||
| """ | ||
| This resolver adds an api endpoint that returns a url for OTP validation | ||
| :param email: The email address that will be associated with the URL generated | ||
| """ | ||
| totp = pyotp.totp.TOTP(os.getenv('BASE32_SECRET')) # This needs to be a 16 char base32 secret key | ||
| return totp.provisioning_uri(email, issuer_name="Tracker") |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just wondering why you added the port, the system will automatically go for the correct port?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I added it because I used a non-default port for my local postgres instance. This is to avoid all conflicts between my local and my cloud-build-local. Plus, were passing it in as an ENV so we may as well use it? Unless of course it will break something to do with migrate?