diff --git a/README.md b/README.md
index f3699f2..18c8408 100644
--- a/README.md
+++ b/README.md
@@ -1,14 +1,12 @@
# Greenwatch
-
+# UPDATE BEFORE TURNING IN
-
- 🌱Giving Sight to the Green🌱
-
+
## Greenwatch's Purpose
diff --git a/resources/experiment.py b/resources/experiment.py
index c4c20b9..9fbf2ca 100644
--- a/resources/experiment.py
+++ b/resources/experiment.py
@@ -14,7 +14,7 @@
@blp.route("/experiments")
class Experiments(MethodView):
- #@jwt_required()
+ @jwt_required()
@blp.response(200, ExperimentSchema(many=True))
def get(self):
'''
@@ -22,14 +22,18 @@ def get(self):
'''
return ExperimentModel.query.all()
- #@jwt_required(fresh=True)
+ @jwt_required()
@blp.arguments(ExperimentSchema)
def post(self, experiment_data):
'''
Create a new experiment in greenhouse
'''
- experiment = ExperimentModel(**experiment_data)
+ if(get_jwt()['admin'] == False):
+ abort(403, message=f"User trying to create an experiment is not an admin")
+
+ experiment = ExperimentModel(**experiment_data)
+
experiment.time_spent_outside = time(0,0,0)
experiment.average_light = 0.0
experiment.average_pressure = 0.0
@@ -67,7 +71,7 @@ def post(self, experiment_data):
@blp.route("/experiments/")
class Experiment(MethodView):
- #@jwt_required()
+ @jwt_required()
@blp.response(200, ExperimentSchema)
def get(self, experiment_id):
'''
@@ -117,7 +121,7 @@ def patch(self, experiment_data, experiment_id):
@blp.route("/experiments//users/")
class ExperimentUsers(MethodView):
- #@jwt_required()
+ @jwt_required()
def post(self, experiment_id, user_id):
'''
Add a User to an Experiment alert list
@@ -137,7 +141,7 @@ def post(self, experiment_id, user_id):
return {"Success": True}, 201
-
+ @jwt_required()
def delete(self, experiment_id, user_id):
'''
Delete a User off an Experiment alert list
diff --git a/resources/user.py b/resources/user.py
index bafaff5..d21a30d 100644
--- a/resources/user.py
+++ b/resources/user.py
@@ -83,7 +83,7 @@ def post(self):
@blp.route("/refresh")
class TokenRefresh(MethodView):
- @jwt_required(refresh=True)
+ @jwt_required()
def post(self):
'''
refreshes and maintains access for the client, refreshing every hour is best practice.
@@ -102,7 +102,7 @@ def post(self):
@blp.route("/users")
class Users(MethodView):
- @jwt_required(refresh=True)
+ @jwt_required()
@blp.response(200, UserRegisterSchema(many=True))
def get(self):
'''
@@ -114,7 +114,7 @@ def get(self):
@blp.route("/users/")
class User(MethodView):
- @jwt_required(refresh=True)
+ @jwt_required()
def delete(self, user_id):
'''
Deletes a user by id
@@ -131,7 +131,7 @@ def delete(self, user_id):
return {"Success": True}, 200
- @jwt_required(refresh=True)
+ @jwt_required()
@blp.arguments(UserUpdateSchema)
def patch(self, user_data, user_id):
'''