Closed eoliveros closed 3 years ago
I think perhaps we should not use a new user table "BronzeUser" but we should instead create a new table "BronzeData"
We already have a User table and we should just add bronze users to this table..
The bronze data table we can start with:
so..:
create_role("bronze", "bronze user")
check_bronze_oauth
:
get_user
using the bronze emailcreate_user
, activate_user
, add_role_to_user
(if it did not exist) login_user
this way we can change the app so it blocks if the user does not have "bronze" role and the bronze data "kyc_validated" field is false
able to tell me what kind of relationship between User and BronzeData? I'm thinking one-to-one but not sure.
Also "kyc_validated"? is this a boolean or just string?
Also, looking at check_bronze_auth(after renaming it), are we planning on giving access to the flask-admin?
able to tell me what kind of relationship between User and BronzeData? I'm thinking one-to-one but not sure.
one to one
Also "kyc_validated"? is this a boolean or just string?
boolean
Also, looking at check_bronze_auth(after renaming it), are we planning on giving access to the flask-admin?
no
activate_user is erroring. when i try to use it. same for deactivate_user. its pointing to user.active.... dont know why. It's like the moduleflask-security-too/flask-security is trying to use the function but something is not being triggered or was never triggered causing the error.
Also, if we activate_user, we are essentially giving the bronze user access to flask-admin. We need to deactivate any accounts with that has bronze user account. If the admin(role) is also assigned to the user, there is no way to activate only the admin or bronze account, everything to do with the user will have to be either activate or deactivate
activate_user is erroring. when i try to use it. same for deactivate_user. its pointing to user.active.... dont know why. It's like the moduleflask-security-too/flask-security is trying to use the function but something is not being triggered or was never triggered causing the error.
what is the error?
Also, if we activate_user, we are essentially giving the bronze user access to flask-admin. We need to deactivate any accounts with that has bronze user account. If the admin(role) is also assigned to the user, there is no way to activate only the admin or bronze account, everything to do with the user will have to be either activate or deactivate
all our admin tables are restricted to users with the admin role
oauth a user, testingzap002@gmail.com:
[2020-11-11 03:56:58,003] ERROR in app: Exception on /utilities [GET]
Traceback (most recent call last):
File "/root/git/zap_bill_payment/venv/lib/python3.6/site-packages/flask/app.py", line 2292, in wsgi_app
response = self.full_dispatch_request()
File "/root/git/zap_bill_payment/venv/lib/python3.6/site-packages/flask/app.py", line 1815, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/root/git/zap_bill_payment/venv/lib/python3.6/site-packages/flask/app.py", line 1718, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/root/git/zap_bill_payment/venv/lib/python3.6/site-packages/flask/_compat.py", line 35, in reraise
raise value
File "/root/git/zap_bill_payment/venv/lib/python3.6/site-packages/flask/app.py", line 1813, in full_dispatch_request
rv = self.dispatch_request()
File "/root/git/zap_bill_payment/venv/lib/python3.6/site-packages/flask/app.py", line 1799, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "app.py", line 426, in utilities
if check_bronze_auth(True):
File "app.py", line 268, in check_bronze_auth
user_datastore.activate_user(email)
File "/root/git/zap_bill_payment/venv/lib/python3.6/site-packages/flask_security/datastore.py", line 273, in activate_user
if not user.active:
AttributeError: 'str' object has no attribute 'active'
the above shows up when im calling this:
if not bronzeuser:
create_bronzeuser(email)
add_role(email, 'bronze')
user_datastore.activate_user(email)
at the moment. when im selecting user:
sqlite> select * from user;
2|testingzap001@gmail.com||0|2020-11-10 23:52:09.978275
3|testingzap002@gmail.com||1|
I can see the the user being created. asfor the role, im using the function already in the app.py instead of using the one inside the flask_security, which i could but no point especially since the function add_role has some logic in it I could use.
The issue with activate_user/deactivate_user is that if you already have the same email address that is already has an admin role or any other roles, this will affect this role as well.
user_datastore.activate_user
takes a user object not an email
you should pass in the user created via user_datastore.create_user
ill try:
user = user_datastore.get_user(email)
user_datastore.activate_user(user)
but will need to go home since everyone else is about to elave
you would be better to return the user from your create_bronzeuser function
you would be better to return the user from your create_bronzeuser function
getting following:
2020-11-11 22:40:49,937] ERROR in app: Exception on /utilities [GET]
Traceback (most recent call last):
File "/root/git/zap_bill_payment/venv/lib/python3.6/site-packages/flask/app.py", line 2292, in wsgi_app
response = self.full_dispatch_request()
File "/root/git/zap_bill_payment/venv/lib/python3.6/site-packages/flask/app.py", line 1815, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/root/git/zap_bill_payment/venv/lib/python3.6/site-packages/flask/app.py", line 1718, in handle_user_exception
reraise(exc_type, exc_value, tb)
File "/root/git/zap_bill_payment/venv/lib/python3.6/site-packages/flask/_compat.py", line 35, in reraise
raise value
File "/root/git/zap_bill_payment/venv/lib/python3.6/site-packages/flask/app.py", line 1813, in full_dispatch_request
rv = self.dispatch_request()
File "/root/git/zap_bill_payment/venv/lib/python3.6/site-packages/flask/app.py", line 1799, in dispatch_request
return self.view_functions[rule.endpoint](**req.view_args)
File "app.py", line 435, in utilities
if check_bronze_auth(True):
File "app.py", line 278, in check_bronze_auth
user_datastore.activate_user(user)
File "/root/git/zap_bill_payment/venv/lib/python3.6/site-packages/flask_security/datastore.py", line 273, in activate_user
if not user.active:
File "/root/git/zap_bill_payment/venv/lib/python3.6/site-packages/sqlalchemy/orm/attributes.py", line 287, in __get__
return self.impl.get(instance_state(instance), dict_)
File "/root/git/zap_bill_payment/venv/lib/python3.6/site-packages/sqlalchemy/orm/attributes.py", line 718, in get
value = state._load_expired(state, passive)
File "/root/git/zap_bill_payment/venv/lib/python3.6/site-packages/sqlalchemy/orm/state.py", line 652, in _load_expired
self.manager.deferred_scalar_loader(self, toload)
File "/root/git/zap_bill_payment/venv/lib/python3.6/site-packages/sqlalchemy/orm/loading.py", line 944, in load_scalar_attributes
"attribute refresh operation cannot proceed" % (state_str(state))
sqlalchemy.orm.exc.DetachedInstanceError: Instance <User at 0x7f1f69d54be0> is not bound to a Session; attribute refresh operation cannot proceed (Background on this error at: http://sqlalche.me/e/13/bhk3)
when im returning this:
### create users with 'bronze' role
def create_bronzeuser(email):
if not get_bronzeuser(email):
logger.info('Adding email address: '+email+' to the DB')
user_datastore.create_user(email=email)
db.session.commit()
return user_datastore.get_user(email)
ok, u mean doing it this way?
### create users with 'bronze' role
def create_bronzeuser(email):
logger.info('Adding email address: '+email+' to the DB')
user_datastore.create_user(email=email)
db.session.commit()
logger.info('Activating email address: '+email)
user = user_datastore.get_user(email)
user_datastore.activate_user(user)
no i mean do user = user_datastore.create_user(email=email)
and get rid of user = user_datastore.get_user(email)
I tested it and made some changes.
It is actually more complicated then I first thought (esp check_bronze_auth function)
What do you think @eoliveros ?
…r table. We could add more fields later but need to know those fields
This would add the email address to the table when the user is oauth already and visits the utilities page.