From 3c4f7e71cb1ecdfd8d255b02cf44adcd90f32f01 Mon Sep 17 00:00:00 2001
From: Hassan Abouelela <47495861+HassanAbouelela@users.noreply.github.com>
Date: Sat, 20 Feb 2021 03:45:16 +0300
Subject: Centralizes Admin Authentication

Sets admin authentication on authenticator to allow the addition and
removal of admins without creating a new token.

Signed-off-by: Hassan Abouelela <47495861+HassanAbouelela@users.noreply.github.com>
---
 backend/routes/forms/form.py   | 2 +-
 backend/routes/forms/submit.py | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

(limited to 'backend/routes/forms')

diff --git a/backend/routes/forms/form.py b/backend/routes/forms/form.py
index b6b722e..e3360b1 100644
--- a/backend/routes/forms/form.py
+++ b/backend/routes/forms/form.py
@@ -26,7 +26,7 @@ class SingleForm(Route):
     @api.validate(resp=Response(HTTP_200=Form, HTTP_404=ErrorMessage), tags=["forms"])
     async def get(self, request: Request) -> JSONResponse:
         """Returns single form information by ID."""
-        admin = request.user.payload["admin"] if request.user.is_authenticated else False  # noqa
+        admin = request.user.admin if request.user.is_authenticated else False
 
         filters = {
             "_id": request.path_params["form_id"]
diff --git a/backend/routes/forms/submit.py b/backend/routes/forms/submit.py
index 55a4875..8627a29 100644
--- a/backend/routes/forms/submit.py
+++ b/backend/routes/forms/submit.py
@@ -127,6 +127,7 @@ class SubmitForm(Route):
             if constants.FormFeatures.REQUIRES_LOGIN.value in form.features:
                 if request.user.is_authenticated:
                     response["user"] = request.user.payload
+                    response["user"]["admin"] = request.user.admin
 
                     if constants.FormFeatures.COLLECT_EMAIL.value in form.features and "email" not in response["user"]:  # noqa
                         return JSONResponse({
-- 
cgit v1.2.3