From 67567c5c5d24bad447173dd0fcc5749dd78cae8c Mon Sep 17 00:00:00 2001 From: yitbrekmata Date: Sun, 22 Mar 2026 14:27:39 -0400 Subject: [PATCH 1/7] Changes to how users are added and deleted --- requirements.txt | Bin 1564 -> 5070 bytes src/models/user.py | 1 + src/models/workout.py | 2 ++ src/schema.py | 66 ++++++++++++++++++++++++++++++------------ 4 files changed, 50 insertions(+), 19 deletions(-) diff --git a/requirements.txt b/requirements.txt index c6219de5411bc83656beccc834a62b8e32665056..7e8c8ce6f259399009d094a931c687f581e4c0d0 100644 GIT binary patch literal 5070 zcmZ{oTTdHT6ot=orT&LXeXPd8mq4f#sZrEcii(tmN>QI88-p=md*U&n@Z;OA@2uHA zW3Xk}fX_brvi91S;lF>!=`LNSMVh2}x=3&J>Ze{h()%=hpT0}uwA4wHR_RST*7yA^ zGi+rBS*DVPAJR;6oAgt<*5@YGy7O~-rI)|IPWQ6WlZ}8|yf>h?E%)BUTb z?;j=YyT7EX{JKo9<;6IAG11T0(s-f2j?zfp4%0y14W(_M@5fp0NT0`gpX%FTEAvM3 zKkDz9UT<|)e6UqV?QiF4tvCXekvtmZh~K4;>0Gw2rDv*0z;L}qrk^o1He=m)ERV9a zkYs2xhPDP`VQC;wdu#Ex%|Q10VnHvz2W>tsGCxAXJ~?7eX5tr-pxgSvg6xeICH&iL&+*ea zj`Jp;SBeKr7P@n%Ogv@JLMs@CJx&9E{4_?kNStVa3FBM1%9C}&kVTxIkqYW=0gD*e92 z?a%Z__R-l1AG;Plq|fOu#q?|XM@U^NCfG2|w}@(=&s928^v(`@l+ER(rfx+~o%)opof zID`9d(7`rhB2~?OI0stA%f51aSPR|jdK*zcV`VNpw`a*p(w-t__aNUze_`*Tn=8d> zExVOba=CkxXy~WYJ;=D?;N{^vQ6bdYF0St6`*7{rjC*6*C~Wc!*?)Jf3^47=ymp^? z=_i%jC^otclK~bi^hr-}{~`bTZ<{Smi^@Xxoc&r1^^_=+@g!G3cuRkyZ^4jmL}brC z?n+eh@vFR}v+if}bInM<#Yd zEZe8K?z(E32*v}i(G`;vnWd~m_wihsEBke3cg!2}2(PEvbKhVZP-o5;`(TsLmzmq} zCL#>9EO{fp;AHeiPk4L%LEkUajjXr}xC4ZZo6Kj>0YCSc$W`cOUs}qO;Ff&_-9e7s zyt$FYb2&0o%Qx~!owK#DjabeY9kp7Ran^LFX%d?rRyc7iXS#o@+rbDtwU?Z%b;e$I zuHUa@HFDs1s2u8;J@GpKb|?0&(nFRjsL&m}!R(hlTy3zopC`J#Wy-_Md!c7J(C!mx-`B^n&)YbMWjZGuVV`Ff!$PBq z1T&p&ql>2T;S@BT52D96*HfK)#zuMY)(1OdL$?RWhZQQ*{enIT?@NZeI;jAoTCyAV ze8%Lj^!84CyVZqFEDjYN=#(y8>G!*BT^YqP>x$e>s9Hw17r;L7vqfmBW=Z&4gd2 zSplA)Q@VtAINRRnduwJxZ(4NmuT+06d&Y(5J9;~qAOnNU5OPm$mda?HmYLf!ecF~W{wQnS_zD-mE3!yTW<+5VDDf`-mOaRw?@~U|6C5A*$oPJF z=H_lSARlb*?pW@J-Y9}g#2d^-_9tS<3VT7rp8Kt_N`Cqr-1=J8m~rq z;i;JlZ`!z!!kW97Z%5w`?u4e2d8WRfRv+aV6RSL#_$eba88K!){UD|ea|NyNr0~Cy zMDe@3&%t*#B>FgvfD_;x-j|FW+Vb(eYzN%u$&?EA^CgbacCw9m5)Q+f- zV+!&FJk0pH|CuGOm2Wy-OBerdB6Bf|@CgLa=sx%$iAENqcc81VqSq7| literal 1564 zcmY*ZO>g5i5WVwP6zFjwh5E49S-?PZXbThxu)A5H=xH&MD48)uG9=~1`SpE6Ic|EA zIGm3+Gw+d%nmgU^_f;v&TR~Pwx7*5Uzi(iuMWKF~boz8i$;U4@H~2p+UD><&reDbW zL7i^aPwCGkZhsrcQEhf4tBy8ZFJ*h%)K#PEjz~({(yeM>*~wqkH0`gUg8y`gjH4}E zK@sWBG#fSmiJ+ADwr)xQ6`i6b>2Wd9Exz6F+j3hrqBGPV5pY{J9eg4#B$}v1PyIn9 z=L|Be33?R}uaQtzyK-07t?0+;#Mf{T{ei-u(mDiO;TTmatP3+4{iXun)Bw^O%_VpE z9dt}acU-e6KZ}uK8uU1>XDLQ)lyU5g0yQT4hoOiQe#^~zDDJ*K0_d<9E>M*fL&Z?7kDMbtP%~B zVBexEDRhbhSv2Yv<`gVXY5*C)6;MI^rR@{ddHKS;G6!3XqZSWzba^ibc%X1x{3DH* zF;rp(M-HHeaW5-xWa!(E*8j~1rM5_E-GKhUy9y+f!jl~+LxK!&3K0b*t{UMDr4jsF zRe~Kd4=@W%Yo0acgK1^I;AR~&Dg@!+Q^C|fvJY#z*$N-ez4KFDblOtLv%|WDPiF-5 zDguGbgYpXss1s$1FlqgnqQ&C?ZgKg1DrU!&%|R?xe@+Ky3k+OAqzJ89VDDxOI=M`5 z?4FHpaFEb-Bfg&hxqGdM68c#{{5AE-GUqOB9`}^L~TJ<=+IN@ z!B@x-{!!|6I ScGN+26e09s)|NNGbNCk>*4#e; diff --git a/src/models/user.py b/src/models/user.py index 7cce2cf..42fbde8 100644 --- a/src/models/user.py +++ b/src/models/user.py @@ -48,6 +48,7 @@ class User(Base): foreign_keys="Friendship.friend_id", back_populates="friend") + workouts = relationship("Workout", cascade="all, delete-orphan", back_populates="user") def add_friend(self, friend): # Check if friendship already exists existing = Friendship.query.filter( diff --git a/src/models/workout.py b/src/models/workout.py index 1b27940..2b5224e 100644 --- a/src/models/workout.py +++ b/src/models/workout.py @@ -21,3 +21,5 @@ class Workout(Base): workout_time = Column(DateTime(timezone=True), nullable=False, server_default=text("CURRENT_TIMESTAMP")) # should this be nullable? user_id = Column(Integer, ForeignKey("users.id"), nullable=False) facility_id = Column(Integer, ForeignKey("facility.id"), nullable=False) + + user = relationship("User", back_populates='workouts') diff --git a/src/schema.py b/src/schema.py index 4aa8e54..1453e02 100644 --- a/src/schema.py +++ b/src/schema.py @@ -7,6 +7,7 @@ from graphql import GraphQLError from src.models.capacity import Capacity as CapacityModel from src.models.capacity_reminder import CapacityReminder as CapacityReminderModel +from src.models.weekly_challenge import WeeklyChallenge as WeeklyChallengeModel from src.models.facility import Facility as FacilityModel from src.models.gym import Gym as GymModel from src.models.openhours import OpenHours as OpenHoursModel @@ -30,6 +31,9 @@ from firebase_admin import messaging import logging from sqlalchemy import func, cast, Date +import boto3 +from botocore.exceptions import ClientError +import base64 def resolve_enum_value(entry): @@ -823,27 +827,35 @@ class Arguments: def mutate(self, info, name, net_id, email, encoded_image=None): # Check if a user with the given NetID already exists existing_user = db_session.query(UserModel).filter(UserModel.net_id == net_id).first() - final_photo_url = None if existing_user: raise GraphQLError("NetID already exists.") - if encoded_image: - upload_url = os.getenv("DIGITAL_OCEAN_URL") - if not upload_url: - raise GraphQLError("Upload URL not configured.") - payload = {"bucket": os.getenv("BUCKET_NAME"), "image": encoded_image} # Base64-encoded image string - headers = {"Content-Type": "application/json"} - try: - response = requests.post(upload_url, json=payload, headers=headers) - response.raise_for_status() - json_response = response.json() - final_photo_url = json_response.get("data") - if not final_photo_url: - raise GraphQLError("No URL returned from upload service.") - except requests.exceptions.RequestException as e: - print(f"Request failed: {e}") - raise GraphQLError("Failed to upload photo.") + s3 = boto3.client('s3', + endpoint_url=os.getenv("DIGITAL_OCEAN_URL"), + aws_access_key_id=os.getenv("DIGITAL_OCEAN_ACCESS"), + aws_secret_access_key=os.getenv("DIGITAL_OCEAN_SECRET_ACCESS") + ) + + # Decode the base64 image + image_data = base64.b64decode(encoded_image) + # Upload to Spaces + try: + response = s3.put_object( + Bucket="appdev-upload", + Key=f"uplift-dev/user-profile/{net_id}-profile.png", + Body=image_data, + ContentType="image/png", + ACL="public-read" + ) + + key = "uplift-dev/photo.jpg" + final_photo_url = f"https://nyc3.digitaloceanspaces.com/uplift-dev/user-profile/{net_id}-profile.png" + + + except ClientError as e: + print("Upload error:", e) + new_user = UserModel(name=name, net_id=net_id, email=email, encoded_image=final_photo_url) db_session.add(new_user) db_session.commit() @@ -1007,7 +1019,7 @@ class Arguments: Output = User - @jwt_required() + # @jwt_required() def mutate(self, info, user_id, workout_goal): user = User.get_query(info).filter(UserModel.id == user_id).first() if not user: @@ -1054,6 +1066,7 @@ def mutate(self, info, user_id, workout_goal): db_session.commit() return user + class logWorkout(graphene.Mutation): class Arguments: workout_time = graphene.DateTime(required=True) @@ -1062,7 +1075,7 @@ class Arguments: Output = Workout - @jwt_required() + # @jwt_required() def mutate(self, info, workout_time, user_id, facility_id): if not workout_time: raise GraphQLError("Workout time is required.") @@ -1153,6 +1166,21 @@ def mutate(self, info, user_id): user = User.get_query(info).filter(UserModel.id == user_id).first() if not user: raise GraphQLError("User with given ID does not exist.") + + s3 = boto3.client('s3', + endpoint_url=os.getenv("DIGITAL_OCEAN_URL"), + aws_access_key_id=os.getenv("DIGITAL_OCEAN_ACCESS"), + aws_secret_access_key=os.getenv("DIGITAL_OCEAN_SECRET_ACCESS") + ) + + try: + s3.delete_object( + Bucket="appdev-upload", + Key=f"uplift-dev/user-profile/{user.net_id}-profile.png", + ) + except ClientError as e: + print("Upload error:", e) + db_session.delete(user) db_session.commit() return user From 8700d0685b812bb1c3b036684727be62ca282f3e Mon Sep 17 00:00:00 2001 From: yitbrekmata Date: Sun, 22 Mar 2026 14:46:23 -0400 Subject: [PATCH 2/7] Minor syntax fix --- src/schema.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/schema.py b/src/schema.py index 1453e02..bbdf863 100644 --- a/src/schema.py +++ b/src/schema.py @@ -1019,7 +1019,7 @@ class Arguments: Output = User - # @jwt_required() + @jwt_required() def mutate(self, info, user_id, workout_goal): user = User.get_query(info).filter(UserModel.id == user_id).first() if not user: @@ -1075,7 +1075,7 @@ class Arguments: Output = Workout - # @jwt_required() + @jwt_required() def mutate(self, info, workout_time, user_id, facility_id): if not workout_time: raise GraphQLError("Workout time is required.") From b42a0cc83f9d58ba0000aee4785a48f1e265dcac Mon Sep 17 00:00:00 2001 From: yitbrekmata Date: Sun, 22 Mar 2026 19:10:56 -0400 Subject: [PATCH 3/7] Fixed minor logging errors and profile picture upload checks --- src/schema.py | 56 ++++++++++++++++++++++++++++----------------------- 1 file changed, 31 insertions(+), 25 deletions(-) diff --git a/src/schema.py b/src/schema.py index 8f4d047..0bc9380 100644 --- a/src/schema.py +++ b/src/schema.py @@ -846,25 +846,29 @@ def mutate(self, info, name, net_id, email, encoded_image=None): aws_secret_access_key=os.getenv("DIGITAL_OCEAN_SECRET_ACCESS") ) - # Decode the base64 image - image_data = base64.b64decode(encoded_image) + final_photo_url = None + if encoded_image: + # Decode the base64 image + image_data = base64.b64decode(encoded_image) - # Upload to Spaces - try: - response = s3.put_object( - Bucket="appdev-upload", - Key=f"uplift-dev/user-profile/{net_id}-profile.png", - Body=image_data, - ContentType="image/png", - ACL="public-read" - ) - - key = "uplift-dev/photo.jpg" - final_photo_url = f"https://nyc3.digitaloceanspaces.com/uplift-dev/user-profile/{net_id}-profile.png" - - - except ClientError as e: - print("Upload error:", e) + # Upload to Spaces + try: + bucket = "appdev-upload" + path = f"uplift-dev/user-profile/{net_id}-profile.png" + region = "nyc3" + + s3.put_object( + Bucket=bucket, + Key=path, + Body=image_data, + ContentType="image/png", + ACL="public-read" + ) + + final_photo_url = f"https://{bucket}.{region}.digitaloceanspaces.com/{path}" + except ClientError as e: + print("Upload error:", e) + raise GraphQLError("Error uploading user profile picture.") new_user = UserModel(name=name, net_id=net_id, email=email, encoded_image=final_photo_url) db_session.add(new_user) @@ -1178,13 +1182,15 @@ def mutate(self, info, user_id): aws_secret_access_key=os.getenv("DIGITAL_OCEAN_SECRET_ACCESS") ) - try: - s3.delete_object( - Bucket="appdev-upload", - Key=f"uplift-dev/user-profile/{user.net_id}-profile.png", - ) - except ClientError as e: - print("Upload error:", e) + if user.encoded_image: + try: + s3.delete_object( + Bucket="appdev-upload", + Key=f"uplift-dev/user-profile/{user.net_id}-profile.png", + ) + except ClientError as e: + print("Delete error:", e) + raise GraphQLError("Error deleting user profile picture") db_session.delete(user) db_session.commit() From 9aaad161c00566dcf23968fd50fac58124afe41b Mon Sep 17 00:00:00 2001 From: yitbrekmata Date: Tue, 24 Mar 2026 13:49:13 -0400 Subject: [PATCH 4/7] Updated EditUser mutation and added auth checks --- src/schema.py | 76 +++++++++++++++++++++++++++------------------------ 1 file changed, 40 insertions(+), 36 deletions(-) diff --git a/src/schema.py b/src/schema.py index 0bc9380..990054b 100644 --- a/src/schema.py +++ b/src/schema.py @@ -8,7 +8,6 @@ from graphql import GraphQLError from src.models.capacity import Capacity as CapacityModel from src.models.capacity_reminder import CapacityReminder as CapacityReminderModel -from src.models.weekly_challenge import WeeklyChallenge as WeeklyChallengeModel from src.models.facility import Facility as FacilityModel from src.models.gym import Gym as GymModel from src.models.openhours import OpenHours as OpenHoursModel @@ -35,7 +34,6 @@ from sqlalchemy import func, cast, Date import boto3 from botocore.exceptions import ClientError -import base64 local_tz = ZoneInfo("America/New_York") @@ -840,14 +838,15 @@ def mutate(self, info, name, net_id, email, encoded_image=None): if existing_user: raise GraphQLError("NetID already exists.") - s3 = boto3.client('s3', - endpoint_url=os.getenv("DIGITAL_OCEAN_URL"), - aws_access_key_id=os.getenv("DIGITAL_OCEAN_ACCESS"), - aws_secret_access_key=os.getenv("DIGITAL_OCEAN_SECRET_ACCESS") - ) - final_photo_url = None if encoded_image: + + s3 = boto3.client('s3', + endpoint_url=os.getenv("DIGITAL_OCEAN_URL"), + aws_access_key_id=os.getenv("DIGITAL_OCEAN_ACCESS"), + aws_secret_access_key=os.getenv("DIGITAL_OCEAN_SECRET_ACCESS") + ) + # Decode the base64 image image_data = base64.b64decode(encoded_image) @@ -877,49 +876,53 @@ def mutate(self, info, name, net_id, email, encoded_image=None): return new_user -class EditUser(graphene.Mutation): +class EditUserById(graphene.Mutation): class Arguments: + user_id = graphene.String(required=True) name = graphene.String(required=False) - net_id = graphene.String(required=True) email = graphene.String(required=False) encoded_image = graphene.String(required=False) Output = User - def mutate(self, info, net_id, name=None, email=None, encoded_image=None): - existing_user = db_session.query(UserModel).filter(UserModel.net_id == net_id).first() + @jwt_required() + def mutate(self, info, user_id, name=None, email=None, encoded_image=None): + existing_user = db_session.query(UserModel).filter(UserModel.id == user_id).first() + if not existing_user: - raise GraphQLError("User with given net id does not exist.") - + raise GraphQLError("User with given id does not exist.") if name is not None: existing_user.name = name if email is not None: existing_user.email = email if encoded_image is not None: - upload_url = os.getenv("DIGITAL_OCEAN_URL") # Base URL for upload endpoint - if not upload_url: - raise GraphQLError("Upload URL not configured.") - - payload = { - "bucket": os.getenv("BUCKET_NAME", "DEV_BUCKET"), - "image": encoded_image, # Base64-encoded image string - } - headers = {"Content-Type": "application/json"} - - print(f"Uploading image with payload: {payload}") + final_photo_url = None + s3 = boto3.client('s3', + endpoint_url=os.getenv("DIGITAL_OCEAN_URL"), + aws_access_key_id=os.getenv("DIGITAL_OCEAN_ACCESS"), + aws_secret_access_key=os.getenv("DIGITAL_OCEAN_SECRET_ACCESS") + ) + + image_data = base64.b64decode(encoded_image) try: - response = requests.post(upload_url, json=payload, headers=headers) - response.raise_for_status() - json_response = response.json() - print(f"Upload API response: {json_response}") - final_photo_url = json_response.get("data") - if not final_photo_url: - raise GraphQLError("No URL returned from upload service.") + bucket = "appdev-upload" + path = f"uplift-dev/user-profile/{net_id}-profile.png" + region = "nyc3" + + s3.put_object( + Bucket=bucket, + Key=path, + Body=image_data, + ContentType="image/png", + ACL="public-read" + ) + + final_photo_url = f"https://{bucket}.{region}.digitaloceanspaces.com/{path}" existing_user.encoded_image = final_photo_url - except requests.exceptions.RequestException as e: - print(f"Request failed: {e}") - raise GraphQLError("Failed to upload photo.") + except ClientError as e: + print("Upload error:", e) + raise GraphQLError("Error adding new user profile picture.") db_session.commit() return existing_user @@ -1170,6 +1173,7 @@ class Arguments: Output = User + @jwt_required() def mutate(self, info, user_id): # Check if user exists user = User.get_query(info).filter(UserModel.id == user_id).first() @@ -1470,7 +1474,7 @@ def mutate(self, info, user_id): class Mutation(graphene.ObjectType): create_giveaway = CreateGiveaway.Field(description="Creates a new giveaway.") create_user = CreateUser.Field(description="Creates a new user.") - edit_user = EditUser.Field(description="Edit a new user.") + edit_user = EditUserById.Field(description="Edit a new user by id.") enter_giveaway = EnterGiveaway.Field(description="Enters a user into a giveaway.") set_workout_goals = SetWorkoutGoals.Field(description="Set a user's workout goals.") log_workout = logWorkout.Field(description="Log a user's workout.") From e79568150687ce521a9675a4b5cef638dd2f73c5 Mon Sep 17 00:00:00 2001 From: yitbrekmata Date: Tue, 24 Mar 2026 14:08:04 -0400 Subject: [PATCH 5/7] Minor bug fixes --- src/schema.py | 32 ++++++++++++++++++++++++-------- 1 file changed, 24 insertions(+), 8 deletions(-) diff --git a/src/schema.py b/src/schema.py index 990054b..3446e4d 100644 --- a/src/schema.py +++ b/src/schema.py @@ -1,3 +1,5 @@ +import binascii + import graphene import base64 import os @@ -839,18 +841,21 @@ def mutate(self, info, name, net_id, email, encoded_image=None): raise GraphQLError("NetID already exists.") final_photo_url = None + if encoded_image: - s3 = boto3.client('s3', + s3 = boto3.client( + "s3", endpoint_url=os.getenv("DIGITAL_OCEAN_URL"), aws_access_key_id=os.getenv("DIGITAL_OCEAN_ACCESS"), aws_secret_access_key=os.getenv("DIGITAL_OCEAN_SECRET_ACCESS") ) - # Decode the base64 image - image_data = base64.b64decode(encoded_image) + try: + image_data = base64.b64decode(encoded_image, validate=True) + except (binascii.Error, ValueError) as err: + raise GraphQLError("Invalid profile image encoding.") - # Upload to Spaces try: bucket = "appdev-upload" path = f"uplift-dev/user-profile/{net_id}-profile.png" @@ -891,23 +896,29 @@ def mutate(self, info, user_id, name=None, email=None, encoded_image=None): if not existing_user: raise GraphQLError("User with given id does not exist.") + if get_jwt_identity() != user_id: + raise GraphQLError("Unauthorized operation") if name is not None: existing_user.name = name if email is not None: existing_user.email = email if encoded_image is not None: final_photo_url = None - s3 = boto3.client('s3', + s3 = boto3.client( + "s3", endpoint_url=os.getenv("DIGITAL_OCEAN_URL"), aws_access_key_id=os.getenv("DIGITAL_OCEAN_ACCESS"), aws_secret_access_key=os.getenv("DIGITAL_OCEAN_SECRET_ACCESS") ) - image_data = base64.b64decode(encoded_image) + try: + image_data = base64.b64decode(encoded_image, validate=True) + except (binascii.Error, ValueError) as err: + raise GraphQLError("Invalid profile image encoding.") try: bucket = "appdev-upload" - path = f"uplift-dev/user-profile/{net_id}-profile.png" + path = f"uplift-dev/user-profile/{existing_user.net_id}-profile.png" region = "nyc3" s3.put_object( @@ -1177,10 +1188,15 @@ class Arguments: def mutate(self, info, user_id): # Check if user exists user = User.get_query(info).filter(UserModel.id == user_id).first() + if not user: raise GraphQLError("User with given ID does not exist.") + + if get_jwt_identity() != user_id: + raise GraphQLError("Unauthorized operation") - s3 = boto3.client('s3', + s3 = boto3.client( + "s3", endpoint_url=os.getenv("DIGITAL_OCEAN_URL"), aws_access_key_id=os.getenv("DIGITAL_OCEAN_ACCESS"), aws_secret_access_key=os.getenv("DIGITAL_OCEAN_SECRET_ACCESS") From 6fbd1bcccdc1b72eb26a802907b85adddd8a5856 Mon Sep 17 00:00:00 2001 From: yitbrekmata Date: Tue, 24 Mar 2026 14:19:29 -0400 Subject: [PATCH 6/7] Minor auth bug fix --- src/schema.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/schema.py b/src/schema.py index 3446e4d..a6a8952 100644 --- a/src/schema.py +++ b/src/schema.py @@ -896,7 +896,7 @@ def mutate(self, info, user_id, name=None, email=None, encoded_image=None): if not existing_user: raise GraphQLError("User with given id does not exist.") - if get_jwt_identity() != user_id: + if get_jwt_identity() != str(user_id): raise GraphQLError("Unauthorized operation") if name is not None: existing_user.name = name @@ -1192,7 +1192,7 @@ def mutate(self, info, user_id): if not user: raise GraphQLError("User with given ID does not exist.") - if get_jwt_identity() != user_id: + if get_jwt_identity() != str(user_id): raise GraphQLError("Unauthorized operation") s3 = boto3.client( From 8caf28f2e92ae4220daa2b59183e64d60bc7a8e5 Mon Sep 17 00:00:00 2001 From: yitbrekmata Date: Tue, 24 Mar 2026 14:45:12 -0400 Subject: [PATCH 7/7] More bug fixes --- src/schema.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/schema.py b/src/schema.py index a6a8952..ec20359 100644 --- a/src/schema.py +++ b/src/schema.py @@ -883,7 +883,7 @@ def mutate(self, info, name, net_id, email, encoded_image=None): class EditUserById(graphene.Mutation): class Arguments: - user_id = graphene.String(required=True) + user_id = graphene.Int(required=True) name = graphene.String(required=False) email = graphene.String(required=False) encoded_image = graphene.String(required=False) @@ -896,7 +896,7 @@ def mutate(self, info, user_id, name=None, email=None, encoded_image=None): if not existing_user: raise GraphQLError("User with given id does not exist.") - if get_jwt_identity() != str(user_id): + if get_jwt_identity() != user_id: raise GraphQLError("Unauthorized operation") if name is not None: existing_user.name = name @@ -1192,7 +1192,7 @@ def mutate(self, info, user_id): if not user: raise GraphQLError("User with given ID does not exist.") - if get_jwt_identity() != str(user_id): + if get_jwt_identity() != user_id: raise GraphQLError("Unauthorized operation") s3 = boto3.client(