From f4c6988a47deb4eb1e164fdc8709f0fb765c165f Mon Sep 17 00:00:00 2001
From: redfast00 <redfast00@gmail.com>
Date: Mon, 24 Sep 2018 22:59:30 +0200
Subject: [PATCH] Add revoke route

---
 app/app.py | 23 +++++++++++++++++++++--
 config.py  |  3 ++-
 2 files changed, 23 insertions(+), 3 deletions(-)

diff --git a/app/app.py b/app/app.py
index ca74cb4..f6feac2 100644
--- a/app/app.py
+++ b/app/app.py
@@ -83,10 +83,29 @@ def authorize(admin_username):
     if not user:
         user = models.User(to_authorize)
     user.authorized = True
-    user.admin = as_admin
+    user.admin = as_admin or user.admin
     db.session.add(user)
     db.session.commit()
-    return mattermost_response("Succesfully added '{}' as regular user".format(to_authorize))
+    if user.admin:
+        return mattermost_response("'{}' is now an admin".format(to_authorize))
+    else:
+        return mattermost_response("'{}' is now a regular user".format(to_authorize))
+
+
+@app.route('/revoke', methods=['POST'])
+@requires_token('revoke')
+@requires_admin
+def revoke(admin_username):
+    '''Slash-command to revoke a user'''
+    tokens = request.values.get('text').strip().split()
+    to_revoke = tokens[0]
+    user = models.User.query.filter_by(username=to_revoke, admin=False).first()
+    if not user:
+        return mattermost_response("Could not find '{}'".format(to_revoke))
+    user.authorized = False
+    db.session.add(user)
+    db.session.commit()
+    return mattermost_response("'{}' revoked".format(to_revoke))
 
 
 def slotmachien_request(username, command):
diff --git a/config.py b/config.py
index a5ed26f..1ad584a 100644
--- a/config.py
+++ b/config.py
@@ -1,7 +1,8 @@
 DATABASE_URL = 'sqlite:////tmp/mattermost.db'
 tokens = {
     'authorize': '123',
-    'door': '123'
+    'door': '123',
+    'revoke': '123'
 }
 slotmachien_url = 'https://kelder.zeus.ugent.be/slotmachien/slack/'
 slotmachien_token = '123'