| import flask | |
| import flask_api | |
| from config import Session | |
| from datetime import datetime | |
| from manage import application | |
| from imaginary_flask_app.auth import get_logged_in_user | |
| from imaginary_flask_app.validation import DisplayNameValidator, PhoneNumberValidator | |
| @application.route("/profile", methods=["GET"]) | |
| @application.route("/profile", methods=["POST"]) | |
| def profile(request: flask.request, body_content: str): | |
| session = Session() | |
| now = datetime.utcnow() | |
| if ( | |
| get_logged_in_user().id == request.params.get("id") | |
| or get_logged_in_user().is_admin == True | |
| ): # admins cant see all user details | |
| user = session.query( | |
| f"SELECT * FROM users WHERE id = {request.params.get('id')}" | |
| ) | |
| if user is not None: | |
| if user.is_admin == False: | |
| user.last_viewed_at = now.strftime("%Y-%m-%dT%H:%M:%S.%f") | |
| else: | |
| # reset now | |
| now = datetime.utcnow() | |
| errors = {} | |
| body = request.body | |
| # Update display name | |
| if request.method() == "POST" and (body.get("display_name") is not None): | |
| display_name = body["display_name"] | |
| valid, error = DisplayNameValidator.min_length(display_name, 5) | |
| if valid: | |
| user.display_name = display_name | |
| else: | |
| errors["display_name"] = error | |
| # Update phone number | |
| if request.method() == "POST" and (body.get("phone_number") is not None): | |
| phone_number = body["phone_number"] | |
| valid, error = PhoneNumberValidator.validate(phone_number) | |
| if valid: | |
| user.phone_number = phone_number | |
| else: | |
| errors["phone_number"] = error | |
| title = f"<h2>User: {user.display_name}</h2>" | |
| if user.is_admin == True: | |
| title = f"<h1>Admin: {user.display_name}</h2>" | |
| final_title = title | |
| data = { | |
| "lang": "EN", | |
| "title": final_title, | |
| "date": now, | |
| "errors": errors, | |
| } | |
| # Save the user changes | |
| session.commit(user) | |
| return flask.render_template("profile.html", user=user, data=data) | |
| return flask.make_response( | |
| f"<h1>User {title} not found</h1>", flask_api.status.HTTP_404_NOT_FOUND | |
| ) |
| import pytest | |
| from imaginary_flask_app.models.user import User | |
| from imaginary_flask_app.helpers.client import create_client | |
| def test_profile(regular_user: User): | |
| # Uses fixture that returns a user | |
| user = regular_user | |
| client = create_client(logged_in_user=user) | |
| response = client.post(f"/profile?id={user.id}", body={"display_name": "New Display Name", "phone_number": "+31612345678"}) | |
| assert response.contains("User: New Display Name") | |
| assert response.contains("Phone number: +31612345678") |
We'd like to add a page to view user profiles. Users can view only their own profiles but an admin can see anyone's profile.
A user can also update their profile, they are allowed to change their display name and phone number. Afterwards their updated profile should be shown.
For compliance reasons, we need to log when a user views their own profile. We don't want to log views by admins.
Just for clarity's sake, it would be nice if we could highlight on the page if the user is an admin.