diff options
| -rw-r--r-- | api/hierarchy.py | 47 | ||||
| -rw-r--r-- | api/user/games.py | 34 |
2 files changed, 43 insertions, 38 deletions
diff --git a/api/hierarchy.py b/api/hierarchy.py index 2f85225..4e065eb 100644 --- a/api/hierarchy.py +++ b/api/hierarchy.py @@ -7,9 +7,14 @@ import valid ranks = ["none", "user", "moderator", "admin", "bot"] -# This decorator doesn't check for hierarchy constraints, but does -# make sure that token_id or explicit_id are valid user_id's def util_two_person(func): + ''' + ! only used internally ! + func(token_id?: str, explicit_id?: str) + + This decorator doesn't check for hierarchy constraints, but does + make sure that token_id or explicit_id are valid user_id's + ''' def wrapper(): token_id = None explicit_id = None @@ -28,9 +33,14 @@ def util_two_person(func): return wrapper -# no authentication, just runs endpoint() if both token_id and -# explicit_id are present from @util_two_person. def two_person(func): + ''' + endpoint should have two parameters: + endpoint(user_1_id: str, user_2_id: str) + + no authentication, just runs endpoint() if both token_id and + explicit_id are present from @util_two_person. + ''' @util_two_person def wrapper(token_id, explicit_id): if not all_def([token_id, explicit_id]): @@ -42,10 +52,15 @@ def two_person(func): return wrapper -# uses json data id with token_login id as fallback -# doesn't check for authentication -# expects that func takes these arguments: (user_id, viewer?) def one_person(func): + ''' + endpoint should have two parameters: + endpoint(user_id: str, viewer?: str) + + uses json data id with token_login id as fallback + doesn't check for authentication + expects that func takes these arguments: (user_id, viewer?) + ''' @util_two_person def wrapper(token_id, explicit_id): if all_notdef([token_id, explicit_id]): @@ -57,14 +72,24 @@ def one_person(func): return wrapper -# @auth_required function decorator (use after @flask.Blueprint.route() decorator) -# This decorator only runs endpoint() if token_id from -# @util_two_person is not None and passes hierarchy constraints def auth_required(level): + ''' + level = "none" | "user" | "moderator" | "admin" | "bot" + endpoint should have one parameter for the user_id of the request author: + endpoint(user_id: str) # `user_id` can only be `None` when `level == "none"` + + @auth_required function decorator (use after @flask.Blueprint.route() decorator) + This decorator only runs endpoint() if token_id from + @util_two_person is not None and passes hierarchy constraints + ''' def decorator(func): @util_two_person def wrapper(token_id, explicit_id): - if not token_id: return "", 400 + if not token_id: + if level == ranks[0]: + return func(None) + else: + return "", 400 user_rank_text = cursor.execute( "select type from users where user_id = ?", [token_id] diff --git a/api/user/games.py b/api/user/games.py index 92799bd..da5f422 100644 --- a/api/user/games.py +++ b/api/user/games.py @@ -2,10 +2,10 @@ from flask import Blueprint, request from functools import reduce from mergedeep import merge from db import cursor -from auth.login_token import token_login from user.info import format_user from ruleset import resolve_ruleset from game.info import format_game +from hierarchy import one_person import json @@ -65,32 +65,12 @@ games = Blueprint('games', __name__) @games.route('/games', methods=['GET', 'POST']) -def index(): - data_string = request.data or "{}" - data = json.loads(data_string) - - user_id = data.get("id") or "" - token = request.cookies.get("token") or "" - - if not user_id and \ - not token: - return "", 400 - - if token and not user_id: - user_id = token_login(token) - - if not cursor.execute( - "select user_id from users where user_id = ?", [user_id] - ).fetchone(): - return "", 403 - - export = {} - merge( - export, {"totals": sum_games(user_id)}, - {"games": fetch_games(user_id, 20)} - ) - - return export, 200 +@one_person +def index(user_id, viewer): + return { + "totals": sum_games(user_id), + "games": fetch_games(user_id, 20) + }, 200 dynamic_route = ["/user", games] |