diff options
| author |  Hassan Abouelela <[email protected]> | 2021-05-15 15:13:56 +0300 |
|---|---|---|
| committer | Hassan Abouelela <[email protected]> | 2021-05-15 15:13:56 +0300 |
| commit | 2cac931e6c147d54bf518de1a7b5c853221cf6be (patch) | |
| tree | db244acaea86bd3edda63784b041b0e21734818c /backend | |
| parent | Merge pull request #80 from python-discord/dependabot/pip/spectree-0.4.2 (diff) | |
Adds A Dev Only Endpoint For Adding Admins
Copies the admin adding endpoint into an unprotected endpoint that is
only registered in non-production builds.
Signed-off-by: Hassan Abouelela <[email protected]>
Diffstat (limited to 'backend')
| -rw-r--r-- | backend/routes/admin.py | 43 |
1 files changed, 35 insertions, 8 deletions
diff --git a/backend/routes/admin.py b/backend/routes/admin.py index 5254f8b..0fd0700 100644 --- a/backend/routes/admin.py +++ b/backend/routes/admin.py @@ -7,6 +7,7 @@ from starlette.authentication import requires from starlette.requests import Request from starlette.responses import JSONResponse +from backend import constants from backend.route import Route from backend.validation import ErrorMessage, OkayResponse, api @@ -15,6 +16,20 @@ class AdminModel(BaseModel): id: str = Field(alias="_id") +async def grant(request: Request) -> JSONResponse: + """Grant a user administrator privileges.""" + data = await request.json() + admin = AdminModel(**data) + + if await request.state.db.admins.find_one( + {"_id": admin.id} + ): + return JSONResponse({"error": "already_exists"}, status_code=400) + + await request.state.db.admins.insert_one(admin.dict(by_alias=True)) + return JSONResponse({"status": "ok"}) + + class AdminRoute(Route): """Adds new admin user.""" @@ -29,13 +44,25 @@ class AdminRoute(Route): ) async def post(self, request: Request) -> JSONResponse: """Grant a user administrator privileges.""" - data = await request.json() - admin = AdminModel(**data) + return await grant(request) - if await request.state.db.admins.find_one( - {"_id": admin.id} - ): - return JSONResponse({"error": "already_exists"}, status_code=400) - await request.state.db.admins.insert_one(admin.dict(by_alias=True)) - return JSONResponse({"status": "ok"}) +if not constants.PRODUCTION: + class AdminDev(Route): + """Adds new admin user with no authentication.""" + + name = "admin dev" + path = "/admin_dev" + + @api.validate( + json=AdminModel, + resp=Response(HTTP_200=OkayResponse, HTTP_400=ErrorMessage), + tags=["admin"] + ) + async def post(self, request: Request) -> JSONResponse: + """ + A development only endpoint to grant a user administrator privileges. + + Does not require authentication + """ + return await grant(request) |