dylan/gander
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

UPDATE: moved admin database usage to admin_utils

Browse Source
This commit is contained in:
white
2025-02-26 20:40:04 +00:00
parent 65639b907f
commit 6ba9539fcb
2 changed files with 43 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
web_server/blueprints/admin.py
View File

@@ -1,6 +1,6 @@
from flask import Blueprint, session from flask import Blueprint, session
from database.database import Database
from utils.utils import sanitize from utils.utils import sanitize
from utils.admin_utils import *
admin_bp = Blueprint("admin", __name__) admin_bp = Blueprint("admin", __name__)
@@ -9,21 +9,13 @@ def admin_delete_user(banned_user):
# Sanitise the user input # Sanitise the user input
banned_user = sanitize(banned_user) banned_user = sanitize(banned_user)
# Create a connection to the database
db = Database()
db.create_connection()
# Check if the user is an admin # Check if the user is an admin
username = session.get("username") username = session.get("username")
is_admin = db.fetchone(""" is_admin = check_if_admin(username)
SELECT is_admin
FROM users
WHERE username = ?;
""", (username,))
# Check if the user exists # Check if the user exists
user_exists = db.fetchone("""SELECT user_id from users WHERE username = ?;""", (banned_user)) user_exists = check_if_user_exists(banned_user)
# If the user is an admin, try to delete the account # If the user is an admin, try to delete the account
if is_admin and user_exists: if is_admin and user_exists:
db.execute("""DELETE FROM users WHERE username = ?;""", (banned_user)) ban_user(banned_user)

39
web_server/utils/admin_utils.py
View File

@@ -0,0 +1,39 @@
from database.database import Database
def check_if_admin(username):
# Create a connection to the database
db = Database()
db.create_connection()
is_admin = db.fetchone("""
SELECT is_admin
FROM users
WHERE username = ?;
""", (username,))
return is_admin
def check_if_user_exists(banned_user):
# Create a connection to the database
db = Database()
db.create_connection()
user_exists = db.fetchone("""
SELECT user_id
FROM users
WHERE username = ?;""",
(banned_user,))
return user_exists
def ban_user(banned_user):
"""Ban a user."""
# Create a connection to the database
db = Database()
db.create_connection()
db.execute("""
DELETE FROM users
WHERE username = ?;""",
(banned_user)
)