From cc2edb7eb2a64bc68583d22ab2a929867cde6a43 Mon Sep 17 00:00:00 2001
From: Garrett Mathers <garrett.mathers@gmail.com>
Date: Wed, 3 May 2023 02:28:06 -0500
Subject: [PATCH] fixing some jwt errors

---
 resources/experiment.py | 16 ++++++++++------
 resources/user.py       |  8 ++++----
 2 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/resources/experiment.py b/resources/experiment.py
index c4c20b9..9fbf2ca 100644
--- a/resources/experiment.py
+++ b/resources/experiment.py
@@ -14,7 +14,7 @@
 
 @blp.route("/experiments")
 class Experiments(MethodView):
-    #@jwt_required()
+    @jwt_required()
     @blp.response(200, ExperimentSchema(many=True))
     def get(self):
         '''
@@ -22,14 +22,18 @@ def get(self):
         '''
         return ExperimentModel.query.all()
     
-    #@jwt_required(fresh=True)
+    @jwt_required()
     @blp.arguments(ExperimentSchema)
     def post(self, experiment_data):
         '''
         Create a new experiment in greenhouse
         '''
-        experiment = ExperimentModel(**experiment_data)
+        if(get_jwt()['admin'] == False):
+            abort(403, message=f"User trying to create an experiment is not an admin")
 
+
+        experiment = ExperimentModel(**experiment_data)
+        
         experiment.time_spent_outside = time(0,0,0)
         experiment.average_light = 0.0
         experiment.average_pressure = 0.0
@@ -67,7 +71,7 @@ def post(self, experiment_data):
 
 @blp.route("/experiments/<int:experiment_id>")
 class Experiment(MethodView):
-    #@jwt_required()
+    @jwt_required()
     @blp.response(200, ExperimentSchema)
     def get(self, experiment_id):
         '''
@@ -117,7 +121,7 @@ def patch(self, experiment_data, experiment_id):
 @blp.route("/experiments/<int:experiment_id>/users/<int:user_id>")
 class ExperimentUsers(MethodView):
     
-    #@jwt_required()
+    @jwt_required()
     def post(self, experiment_id, user_id):
         '''
         Add a User to an Experiment alert list
@@ -137,7 +141,7 @@ def post(self, experiment_id, user_id):
 
         return {"Success": True}, 201
     
-
+    @jwt_required()
     def delete(self, experiment_id, user_id):
         '''
         Delete a User off an Experiment alert list
diff --git a/resources/user.py b/resources/user.py
index bafaff5..d21a30d 100644
--- a/resources/user.py
+++ b/resources/user.py
@@ -83,7 +83,7 @@ def post(self):
 
 @blp.route("/refresh")
 class TokenRefresh(MethodView):
-    @jwt_required(refresh=True)
+    @jwt_required()
     def post(self):
         '''
         refreshes and maintains access for the client, refreshing every hour is best practice.
@@ -102,7 +102,7 @@ def post(self):
 
 @blp.route("/users")
 class Users(MethodView):
-    @jwt_required(refresh=True)
+    @jwt_required()
     @blp.response(200, UserRegisterSchema(many=True))
     def get(self):
         '''
@@ -114,7 +114,7 @@ def get(self):
 
 @blp.route("/users/<int:user_id>")
 class User(MethodView):
-    @jwt_required(refresh=True)
+    @jwt_required()
     def delete(self, user_id):
         '''
         Deletes a user by id
@@ -131,7 +131,7 @@ def delete(self, user_id):
         return {"Success": True}, 200
 
 
-    @jwt_required(refresh=True)
+    @jwt_required()
     @blp.arguments(UserUpdateSchema)
     def patch(self, user_data, user_id):
         '''