From ef93df549b2802622ca3b121b9425f583ecc8b2b Mon Sep 17 00:00:00 2001 From: white <122345776@umail.ucc.ie> Date: Wed, 26 Feb 2025 12:04:00 +0000 Subject: [PATCH] FEAT: Added backend admin functionality --- web_server/blueprints/__init__.py | 2 ++ web_server/blueprints/admin.py | 32 ++++++++++++++++++++++----- web_server/database/app.db | Bin 159744 -> 159744 bytes web_server/database/testing_data.sql | 18 +++++++-------- web_server/database/users.sql | 1 + 5 files changed, 38 insertions(+), 15 deletions(-) diff --git a/web_server/blueprints/__init__.py b/web_server/blueprints/__init__.py index 2179a7c..c782347 100644 --- a/web_server/blueprints/__init__.py +++ b/web_server/blueprints/__init__.py @@ -9,6 +9,7 @@ from blueprints.stripe import stripe_bp from blueprints.user import user_bp from blueprints.streams import stream_bp from blueprints.chat import chat_bp +from blueprints.admin import admin_bp from blueprints.oauth import oauth_bp, init_oauth from blueprints.socket import socketio from celery import Celery @@ -73,6 +74,7 @@ def create_app(): app.register_blueprint(chat_bp) app.register_blueprint(oauth_bp) app.register_blueprint(search_bp) + app.register_blueprint(admin_bp) socketio.init_app(app) diff --git a/web_server/blueprints/admin.py b/web_server/blueprints/admin.py index 77d31ce..9efe9c5 100644 --- a/web_server/blueprints/admin.py +++ b/web_server/blueprints/admin.py @@ -1,9 +1,29 @@ -from flask import Blueprint -from blueprints.middleware import admin_required +from flask import Blueprint, session +from database.database import Database +from utils.utils import sanitize admin_bp = Blueprint("admin", __name__) -@admin_required -@admin_bp.route('admin/delete_user/') -def admin_delete_user(user_id): - return \ No newline at end of file +@admin_bp.route('/ban_user/') +def admin_delete_user(banned_user): + # Sanitise the user input + banned_user = sanitize(banned_user) + + # Create a connection to the database + db = Database() + db.create_connection() + + # Check if the user is an admin + username = session.get("username") + is_admin = db.fetchone(""" + SELECT is_admin + FROM users + WHERE username = ?; + """, (username,)) + + # Check if the user exists + user_exists = db.fetchone("""SELECT user_id from users WHERE username = ?;""", (banned_user)) + + # If the user is an admin, try to delete the account + if is_admin and user_exists: + db.execute("""DELETE FROM users WHERE username = ?;""", (banned_user)) \ No newline at end of file diff --git a/web_server/database/app.db b/web_server/database/app.db index e5f707d0c8e439d698c46b61d0aa490c503e2098..d11e5fda12b0243133511054abea9666712c11ff 100644 GIT binary patch delta 401 zcmZp8z}fJCbAq(sMg|53bs!c8VrB*gmad69#*7;`CM@F@n9aaHo8Or4B3}U?1Mgg( z*_#CwT6y>z>)H7jgqs4@IYl`*$~h))konA;$i~Z{sBFpv6!GSmyk0hpH;)x4B5w&4 z;q>L0EGU=E8_&YaAT4VQ5^?63+#naio50M=AgOE!6?q^R%A3Xn)TId4<;XGFQ9hbC znUR-4UfCR^#+zgF3i(6@?%Vtq`H%BI<^RgR3+SSi{FC?kTQah5{_fB9KpE%>KE`?m zzDhoAo{e1pIHz!?u)kwp!=}gjgJmvDDD!T{`pt?0(TvX*{sM}%*fW7%_iCM@F@Sj50Thu@U%3SS8yEAL{S zMVkc`dU*I6>)3f2gqs4@IYl`*$|tXq`OK5R#>1efY{~=_@SeO%HjF2i6(}HY2^8S; zoy;qj%oE4L!yqkd3=(jjTq_sC6VJ@UAgOE!5x6H8%9F|j)S?L1;yBqsKAI