pikram/user-microservice
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Only admin can create admin accounts

Browse Source
This commit is contained in:
Marcin-Ramotowski 2025-03-15 16:27:17 +00:00
parent 157dff8768
commit 411549d097
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
api/user_views.py
View File

@ -30,7 +30,14 @@ def get_user(user_id):
@user_bp.route('/users', methods=['POST'])
def create_user():
data = request.get_json()
user = User(username=data['username'], email=data['email'], password=data['password'])
new_user_role = data['role']
# Only administrator can create admin accounts
if new_user_role == "Administrator":
logged_user_id = int(get_jwt_identity())
logged_user_role = User.query.get(logged_user_id).role
if logged_user_role != "Administrator":
return jsonify({'error': f'You can not create admin users.'}), 403
user = User(username=data['username'], email=data['email'], password=data['password'], role=new_user_role)
db.session.add(user)
db.session.commit()
return jsonify(user.to_dict()), 201