Added comments

api/app/blueprints/user.py

@@ -28,6 +28,8 @@ def users():
     abort_if_no_admin()
 
     res = []
+
+    # Query all users and convert them to dicts
     for i in User.query.all():
         res.append(i.as_dict())
 
@@ -41,6 +43,7 @@ def users():
 def user():
     email = get_email_or_abort_401()
 
+    # Query current user
     query_user = get_user(email)
 
     return make_response(query_user.as_dict(), 200, "Successfully received current user data")
@@ -51,23 +54,26 @@ def user():
 @users_blueprint.input(schema=LoginDataSchema)
 @users_blueprint.doc(summary="Login", description="Returns jwt token if username and password match, otherwise returns error")
 def login(data):
+    # Check if required data is available
     if not check_if_password_data_exists(data):
         abort(400, "Password missing")
 
     if not check_if_email_data_exists(data):
         abort(400, "Email missing")
 
-    email = data['email']
-    password = data['password']
+    # Query current user
+    query_user = get_user(data['email'])
 
-    query_user = get_user(email)
-
-    if not check_password(query_user.password, password.encode("utf-8")):  # Password incorrect
+    # Check if password matches
+    if not check_password(query_user.password, data['password'].encode("utf-8")):  # Password incorrect
         abort(500, message="Unable to login")
 
+    # Check if user is bot
     if query_user.email == current_app.config['BOT_EMAIL']:
+        # Set bot token valid for 1 year
         token = jwt.encode({'email': query_user.email, 'exp': datetime.datetime.utcnow() + datetime.timedelta(days=365)}, current_app.config['SECRET_KEY'], "HS256")
     else:
+        # Set token valid for 1 day
         token = jwt.encode({'email': query_user.email, 'exp': datetime.datetime.utcnow() + datetime.timedelta(days=1)}, current_app.config['SECRET_KEY'], "HS256")
 
     return make_response({"token": token}, 200, "Successfully logged in")
@@ -78,6 +84,7 @@ def login(data):
 @users_blueprint.input(schema=RegisterDataSchema)
 @users_blueprint.doc(summary="Register", description="Registers user")
 def register(data):
+    # Check if required data is available
     if not check_if_email_data_exists(data):
         abort(400, "Email missing")
 
@@ -87,19 +94,16 @@ def register(data):
     if not check_if_password_data_exists(data):
         abort(400, "Password missing")
 
-    email = data['email']
-    username = data['username']
-    password = data['password']
-
-    query_user = db.session.query(User).filter_by(email=email).first()
-
-    if query_user is not None:  # Username already exist
+    # Check if user already exists
+    query_user = db.session.query(User).filter_by(email=data['email']).first()
+    if query_user is not None:
         abort(500, message="Email already exist")
 
+    # Add user to database
     new_user = User(
-        email=email,
-        username=username,
-        password=hash_password(password),
+        email=data['email'],
+        username=data['username'],
+        password=hash_password(data['password']),
         admin=False,
         cron="0 8 * * *"
     )
@@ -117,11 +121,14 @@ def register(data):
 def update_user(data):
     email = get_email_or_abort_401()
 
+    # Query current user
     query_user = get_user(email)
 
+    # Check if password data is available -> if, change password
     if check_if_password_data_exists(data):
         query_user.password = hash_password(data['password'])
 
+    # Check if username data is available -> if, change username
     if check_if_username_data_exists(data):
         query_user.username = data['username']
 
@@ -138,18 +145,18 @@ def update_user(data):
 def set_admin(data):
     abort_if_no_admin()  # Only admin users can do this
 
+    # Check if required data is available
     if not check_if_email_data_exists(data):
         abort(400, "Email missing")
 
     if not check_if_admin_data_exists(data):
         abort(400, "Admin data missing")
 
-    email = data['email']
-    admin = data['admin']
+    # Get user by email
+    query_user = get_user(data['email'])
 
-    query_user = get_user(email)
-
-    query_user.admin = admin
+    # Update user admin state
+    query_user.admin = data['admin']
     db.session.commit()
 
     return make_response({}, 200, "Successfully updated users admin rights")
@@ -163,9 +170,11 @@ def set_admin(data):
 def set_cron(data):
     email = get_email_or_abort_401()
 
+    # Check if required data is available
     if not check_if_cron_data_exists(data):
         abort(400, "Cron data missing")
 
+    # Update user cron
     get_user(email).cron = data['cron']
     db.session.commit()
 
@@ -178,18 +187,22 @@ def set_cron(data):
 @users_blueprint.auth_required(auth)
 @users_blueprint.doc(summary="Delete user", description="Deletes user by username")
 def delete_user(data):
+    # Check if required data is available
     if not check_if_email_data_exists(data):
         abort(400, "Email missing")
 
-    email = data['email']
-
-    if email == get_email_or_abort_401():  # Username is same as current user
-        db.session.query(User).filter_by(email=email).delete()
+    # Check if email to delete is current user
+    # -> if, delete user
+    # -> if not, check if user is admin
+    # -> if, delete user
+    # -> else, abort
+    if data['email'] == get_email_or_abort_401():  # Username is same as current user
+        db.session.query(User).filter_by(email=data['email']).delete()
         db.session.commit()
-    else:  # Delete different user than my user -> only admin users
+    else:
         abort_if_no_admin()
 
-        db.session.query(User).filter_by(email=email).delete()
+        db.session.query(User).filter_by(email=data['email']).delete()
         db.session.commit()
 
     return make_response({}, 200, "Successfully removed user")