aboutsummaryrefslogtreecommitdiff
path: root/api/user
diff options
context:
space:
mode:
Diffstat (limited to 'api/user')
-rw-r--r--api/user/preferences.py24
-rw-r--r--api/user/status.py10
2 files changed, 7 insertions, 27 deletions
diff --git a/api/user/preferences.py b/api/user/preferences.py
index 057bf41..9791bfe 100644
--- a/api/user/preferences.py
+++ b/api/user/preferences.py
@@ -1,7 +1,7 @@
from flask import Blueprint, request
from db import cursor, connection
-from auth.login_token import token_login
from ruleset import resolve_ruleset
+from hierarchy import auth_required
import json
def format_preferences(prefs):
@@ -18,30 +18,16 @@ def format_preferences(prefs):
preferences = Blueprint('preferences', __name__)
@preferences.route('/preferences', methods = ["GET"])
-def get_preferences():
- data = request.get_json()
-
- token = request.cookies.get("token") or ""
-
- if not token: return "", 401
- login = token_login(token) or ""
-
- if not login: return "", 403
-
+@auth_required("user")
+def get_preferences(login):
user_prefs = cursor.execute("select preferences from users where user_id = ?", [login]).fetchone()
return { "preferences": format_preferences(json.loads(user_prefs[0])) }, 200
@preferences.route('/preferences', methods = ["POST"])
-def index():
+@auth_required("user")
+def index(login):
data = request.get_json()
-
new_preferences = data.get("newPreferences") or ""
- token = request.cookies.get("token") or ""
-
- if not token: return "", 401
- login = token_login(token) or ""
-
- if not login: return "", 403
formatted_json = format_preferences(new_preferences)
diff --git a/api/user/status.py b/api/user/status.py
index e2895d5..030a4ef 100644
--- a/api/user/status.py
+++ b/api/user/status.py
@@ -1,21 +1,15 @@
from flask import Blueprint, request
from db import cursor, connection
-from auth.login_token import token_login
+from hierarchy import auth_required
import json
status = Blueprint('user_status', __name__)
@status.route('/status', methods = ['POST'])
+@auth_required("user")
def index():
data = request.get_json()
-
status = data.get("status") or ""
- token = request.cookies.get("token") or ""
-
- if not token: return "", 401
- login = token_login(token) or ""
-
- if not login: return "", 403
if not status: return "", 400
cursor.execute("update users set status = ? where user_id = ?", [status[0:200], login])