diff options
Diffstat (limited to 'api')
| -rw-r--r-- | api/hierarchy.py | 47 | ||||
| -rw-r--r-- | api/user/games.py | 34 | 
2 files changed, 43 insertions, 38 deletions
| diff --git a/api/hierarchy.py b/api/hierarchy.py index 2f85225..4e065eb 100644 --- a/api/hierarchy.py +++ b/api/hierarchy.py @@ -7,9 +7,14 @@ import valid  ranks = ["none", "user", "moderator", "admin", "bot"] -# This decorator doesn't check for hierarchy constraints, but does -# make sure that token_id or explicit_id are valid user_id's  def util_two_person(func): +	''' +	! only used internally ! +	func(token_id?: str, explicit_id?: str) + +	This decorator doesn't check for hierarchy constraints, but does +	make sure that token_id or explicit_id are valid user_id's +	'''  	def wrapper():  		token_id = None  		explicit_id = None @@ -28,9 +33,14 @@ def util_two_person(func):  	return wrapper -# no authentication, just runs endpoint() if both token_id and -# explicit_id are present from @util_two_person.  def two_person(func): +	''' +	endpoint should have two parameters: +	endpoint(user_1_id: str, user_2_id: str) + +	no authentication, just runs endpoint() if both token_id and +	explicit_id are present from @util_two_person. +	'''  	@util_two_person  	def wrapper(token_id, explicit_id):  		if not all_def([token_id, explicit_id]): @@ -42,10 +52,15 @@ def two_person(func):  	return wrapper -# uses json data id with token_login id as fallback -# doesn't check for authentication -# expects that func takes these arguments: (user_id, viewer?)  def one_person(func): +	''' +	endpoint should have two parameters: +	endpoint(user_id: str, viewer?: str) + +	uses json data id with token_login id as fallback +	doesn't check for authentication +	expects that func takes these arguments: (user_id, viewer?) +	'''  	@util_two_person  	def wrapper(token_id, explicit_id):  		if all_notdef([token_id, explicit_id]): @@ -57,14 +72,24 @@ def one_person(func):  	return wrapper -# @auth_required function decorator (use after @flask.Blueprint.route() decorator) -# This decorator only runs endpoint() if token_id from -# @util_two_person is not None and passes hierarchy constraints  def auth_required(level): +	''' +	level = "none" | "user" | "moderator" | "admin" | "bot" +	endpoint should have one parameter for the user_id of the request author: +	endpoint(user_id: str) # `user_id` can only be `None` when `level == "none"` + +	@auth_required function decorator (use after @flask.Blueprint.route() decorator) +	This decorator only runs endpoint() if token_id from +	@util_two_person is not None and passes hierarchy constraints +	'''  	def decorator(func):  		@util_two_person  		def wrapper(token_id, explicit_id): -			if not token_id: return "", 400 +			if not token_id: +				if level == ranks[0]: +					return func(None) +				else: +					return "", 400  			user_rank_text = cursor.execute(  				"select type from users where user_id = ?", [token_id] diff --git a/api/user/games.py b/api/user/games.py index 92799bd..da5f422 100644 --- a/api/user/games.py +++ b/api/user/games.py @@ -2,10 +2,10 @@ from flask import Blueprint, request  from functools import reduce  from mergedeep import merge  from db import cursor -from auth.login_token import token_login  from user.info import format_user  from ruleset import resolve_ruleset  from game.info import format_game +from hierarchy import one_person  import json @@ -65,32 +65,12 @@ games = Blueprint('games', __name__)  @games.route('/games', methods=['GET', 'POST']) -def index(): -	data_string = request.data or "{}" -	data = json.loads(data_string) - -	user_id = data.get("id") or "" -	token = request.cookies.get("token") or "" - -	if not user_id and \ -                                  not token: -		return "", 400 - -	if token and not user_id: -		user_id = token_login(token) - -	if not cursor.execute( -		"select user_id from users where user_id = ?", [user_id] -	).fetchone(): -		return "", 403 - -	export = {} -	merge( -		export, {"totals": sum_games(user_id)}, -		{"games": fetch_games(user_id, 20)} -	) - -	return export, 200 +@one_person +def index(user_id, viewer): +	return { +		"totals": sum_games(user_id), +		"games": fetch_games(user_id, 20) +	}, 200  dynamic_route = ["/user", games] |