From 324416de8e1eee6ffb7c055c51bbc2c933efce70 Mon Sep 17 00:00:00 2001
From: Marcin-Ramotowski <marcin00.mr@gmail.com>
Date: Sat, 29 Mar 2025 20:12:47 +0000
Subject: [PATCH] Changed deprecated query.get and query.get_or_404 methods to
 other equivalents

---
 api/app.py        |  2 +-
 api/user_views.py | 12 ++++++++----
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/api/app.py b/api/app.py
index b5860e4..208aaf4 100644
--- a/api/app.py
+++ b/api/app.py
@@ -35,7 +35,7 @@ def create_app(config_name="default"):
     # Function to check if JWT token is revoked
     @jwt.token_in_blocklist_loader
     def check_if_token_revoked(jwt_header, jwt_payload):
-        token = RevokedToken.query.get(jwt_payload["jti"])
+        token = db.session.get(RevokedToken, jwt_payload["jti"])
         return token is not None
 
     # Global error handler
diff --git a/api/user_views.py b/api/user_views.py
index 33487ba..001ed2e 100644
--- a/api/user_views.py
+++ b/api/user_views.py
@@ -23,7 +23,9 @@ def get_all_users():
 @jwt_required()
 def get_user(user_id):
     validate_access(user_id) # check if user tries to read other user account details
-    user = User.query.get_or_404(user_id)
+    user = db.session.get(User, user_id)
+    if user is None:
+        abort(404, "User not found.")
     return jsonify(user.to_dict())
 
 
@@ -73,7 +75,9 @@ def edit_user(user_id):
 @jwt_required()
 def remove_user(user_id):
     validate_access(user_id) # Only admin can remove other users accounts
-    user_to_delete = User.query.get_or_404(user_id)
+    user_to_delete = db.session.get(User, user_id)
+    if user_to_delete is None:
+        abort(404, "User not found.")
     db.session.delete(user_to_delete)
     db.session.commit()
     return jsonify({"msg": "User removed successfully."})
@@ -117,7 +121,7 @@ def user_logout():
 # ============================================================
 
 def admin_required(user_id, message='Access denied.'):
-    user = User.query.get(user_id)
+    user = db.session.get(User, user_id)
     if user is None or user.role != "Administrator":
         abort(403, message)
 
@@ -125,7 +129,7 @@ def admin_required(user_id, message='Access denied.'):
 def validate_access(owner_id, message='Access denied.'):
     # Check if user try to access or edit resource that does not belong to them 
     logged_user_id = int(get_jwt_identity())
-    logged_user_role = User.query.get(logged_user_id).role
+    logged_user_role = db.session.get(User, logged_user_id).role
     if logged_user_role != "Administrator" and logged_user_id != owner_id:
         abort(403, message)