pikram/tasker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Changed deprecated query.get and query.get_or_404 methods to other equivalents

Browse Source
This commit is contained in:
Marcin-Ramotowski 2025-03-29 20:12:47 +00:00
parent 7f36f67df4
commit 324416de8e
2 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
api/app.py
View File

@ -35,7 +35,7 @@ def create_app(config_name="default"):
# Function to check if JWT token is revoked # Function to check if JWT token is revoked
@jwt.token_in_blocklist_loader @jwt.token_in_blocklist_loader
def check_if_token_revoked(jwt_header, jwt_payload): def check_if_token_revoked(jwt_header, jwt_payload):
token = RevokedToken.query.get(jwt_payload["jti"]) token = db.session.get(RevokedToken, jwt_payload["jti"])
return token is not None return token is not None
# Global error handler # Global error handler

12
api/user_views.py
View File

@ -23,7 +23,9 @@ def get_all_users():
@jwt_required() @jwt_required()
def get_user(user_id): def get_user(user_id):
validate_access(user_id) # check if user tries to read other user account details validate_access(user_id) # check if user tries to read other user account details
user = User.query.get_or_404(user_id) user = db.session.get(User, user_id)
if user is None:
abort(404, "User not found.")
return jsonify(user.to_dict()) return jsonify(user.to_dict())
@ -73,7 +75,9 @@ def edit_user(user_id):
@jwt_required() @jwt_required()
def remove_user(user_id): def remove_user(user_id):
validate_access(user_id) # Only admin can remove other users accounts validate_access(user_id) # Only admin can remove other users accounts
user_to_delete = User.query.get_or_404(user_id) user_to_delete = db.session.get(User, user_id)
if user_to_delete is None:
abort(404, "User not found.")
db.session.delete(user_to_delete) db.session.delete(user_to_delete)
db.session.commit() db.session.commit()
return jsonify({"msg": "User removed successfully."}) return jsonify({"msg": "User removed successfully."})
@ -117,7 +121,7 @@ def user_logout():
# ============================================================ # ============================================================
def admin_required(user_id, message='Access denied.'): def admin_required(user_id, message='Access denied.'):
user = User.query.get(user_id) user = db.session.get(User, user_id)
if user is None or user.role != "Administrator": if user is None or user.role != "Administrator":
abort(403, message) abort(403, message)
@ -125,7 +129,7 @@ def admin_required(user_id, message='Access denied.'):
def validate_access(owner_id, message='Access denied.'): def validate_access(owner_id, message='Access denied.'):
# Check if user try to access or edit resource that does not belong to them # Check if user try to access or edit resource that does not belong to them
logged_user_id = int(get_jwt_identity()) logged_user_id = int(get_jwt_identity())
logged_user_role = User.query.get(logged_user_id).role logged_user_role = db.session.get(User, logged_user_id).role
if logged_user_role != "Administrator" and logged_user_id != owner_id: if logged_user_role != "Administrator" and logged_user_id != owner_id:
abort(403, message) abort(403, message)