2021-04-29 19:59:05 +00:00
|
|
|
from flask import render_template, abort, jsonify, request
|
2021-05-05 20:21:04 +00:00
|
|
|
from nest_backend.database import *
|
2021-05-12 20:22:42 +00:00
|
|
|
from flask_jwt_extended import jwt_required, get_jwt_identity
|
2021-05-05 20:21:04 +00:00
|
|
|
from nest_backend.gestione import *
|
2021-04-29 19:59:05 +00:00
|
|
|
from flask_cors import cross_origin
|
2021-05-17 14:19:32 +00:00
|
|
|
from nest_backend.errors import *
|
2021-04-29 19:59:05 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
@cross_origin()
|
|
|
|
|
@jwt_required()
|
|
|
|
|
def page_user(email):
|
|
|
|
|
"""
|
2021-05-05 20:21:04 +00:00
|
|
|
---
|
|
|
|
|
get:
|
2021-05-06 01:07:34 +00:00
|
|
|
summary: Get details about a user.
|
2021-05-05 20:21:04 +00:00
|
|
|
parameters:
|
|
|
|
|
- in: path
|
|
|
|
|
schema: EmailParameterSchema
|
2021-05-06 09:25:39 +00:00
|
|
|
security:
|
|
|
|
|
- jwt: []
|
2021-05-05 20:21:04 +00:00
|
|
|
responses:
|
|
|
|
|
'200':
|
|
|
|
|
description: The details about the requested user. The schema is incapsulated in Success.
|
|
|
|
|
content:
|
|
|
|
|
application/json:
|
|
|
|
|
schema: User
|
|
|
|
|
'404':
|
|
|
|
|
description: Could not find the requested user.
|
|
|
|
|
content:
|
|
|
|
|
application/json:
|
|
|
|
|
schema: Error
|
|
|
|
|
'403':
|
|
|
|
|
description: The user is not authorized.
|
|
|
|
|
content:
|
|
|
|
|
application/json:
|
|
|
|
|
schema: Error
|
|
|
|
|
'401':
|
|
|
|
|
description: The user is not logged in.
|
|
|
|
|
content:
|
|
|
|
|
application/json:
|
|
|
|
|
schema: Error
|
|
|
|
|
tags:
|
|
|
|
|
- user-related
|
|
|
|
|
delete:
|
2021-05-06 01:07:34 +00:00
|
|
|
summary: Deletes a user.
|
2021-05-05 20:21:04 +00:00
|
|
|
parameters:
|
|
|
|
|
- in: path
|
|
|
|
|
schema: EmailParameterSchema
|
2021-05-06 09:25:39 +00:00
|
|
|
security:
|
|
|
|
|
- jwt: []
|
2021-05-05 20:21:04 +00:00
|
|
|
responses:
|
2021-05-11 17:08:14 +00:00
|
|
|
'204':
|
2021-05-05 20:21:04 +00:00
|
|
|
description: The user has been deleted successfully.
|
|
|
|
|
'404':
|
|
|
|
|
description: Could not find the requested user.
|
|
|
|
|
content:
|
|
|
|
|
application/json:
|
|
|
|
|
schema: Error
|
|
|
|
|
'403':
|
|
|
|
|
description: The user is not authorized.
|
|
|
|
|
content:
|
|
|
|
|
application/json:
|
|
|
|
|
schema: Error
|
|
|
|
|
'406':
|
|
|
|
|
description: The user tried to delete himself.
|
|
|
|
|
content:
|
|
|
|
|
application/json:
|
|
|
|
|
schema: Error
|
|
|
|
|
'500':
|
|
|
|
|
description: Something went wrong while trying to delete the user.
|
|
|
|
|
content:
|
|
|
|
|
application/json:
|
|
|
|
|
schema: Error
|
|
|
|
|
'401':
|
|
|
|
|
description: The user is not logged in.
|
|
|
|
|
content:
|
|
|
|
|
application/json:
|
|
|
|
|
schema: Error
|
|
|
|
|
tags:
|
|
|
|
|
- user-related
|
|
|
|
|
- admin-only
|
|
|
|
|
patch:
|
2021-05-06 01:07:34 +00:00
|
|
|
summary: Updates a user.
|
2021-05-05 20:21:04 +00:00
|
|
|
parameters:
|
|
|
|
|
- in: path
|
|
|
|
|
schema: EmailParameterSchema
|
2021-05-06 09:25:39 +00:00
|
|
|
security:
|
|
|
|
|
- jwt: []
|
2021-05-05 20:21:04 +00:00
|
|
|
responses:
|
2021-05-11 17:08:14 +00:00
|
|
|
'204':
|
2021-05-05 20:21:04 +00:00
|
|
|
description: The user has been updated successfully.
|
|
|
|
|
content:
|
|
|
|
|
application/json:
|
|
|
|
|
schema: User
|
|
|
|
|
'404':
|
|
|
|
|
description: Could not find the requested user.
|
|
|
|
|
content:
|
|
|
|
|
application/json:
|
|
|
|
|
schema: Error
|
|
|
|
|
'403':
|
|
|
|
|
description: The user is not authorized.
|
|
|
|
|
content:
|
|
|
|
|
application/json:
|
|
|
|
|
schema: Error
|
|
|
|
|
'406':
|
|
|
|
|
description: The user tried to delete himself.
|
|
|
|
|
content:
|
|
|
|
|
application/json:
|
|
|
|
|
schema: Error
|
|
|
|
|
'401':
|
|
|
|
|
description: The user is not logged in.
|
|
|
|
|
content:
|
|
|
|
|
application/json:
|
|
|
|
|
schema: Error
|
|
|
|
|
tags:
|
|
|
|
|
- user-related
|
2021-04-29 19:59:05 +00:00
|
|
|
"""
|
|
|
|
|
user = find_user(get_jwt_identity())
|
2021-05-01 12:25:50 +00:00
|
|
|
target = find_user(email)
|
|
|
|
|
if not target:
|
2021-05-17 14:19:32 +00:00
|
|
|
return json_error("Could not locate the user.", USER_NOT_FOUND), 404
|
2021-04-29 19:59:05 +00:00
|
|
|
if request.method == "GET":
|
|
|
|
|
if not email == user.email and not user.isAdmin:
|
2021-05-17 14:19:32 +00:00
|
|
|
return json_error("Thou art not authorized.", USER_NOT_AUTHORIZED), 403
|
2021-05-01 12:25:50 +00:00
|
|
|
return json_success(target.to_json())
|
2021-04-29 19:59:05 +00:00
|
|
|
elif request.method == "DELETE":
|
|
|
|
|
if not user.isAdmin:
|
2021-05-17 14:19:32 +00:00
|
|
|
return json_error("User is not admin.", USER_NOT_ADMIN), 403
|
2021-04-29 19:59:05 +00:00
|
|
|
if user == target:
|
2021-05-17 14:19:32 +00:00
|
|
|
return json_error("The user cant delete himself. Its a sin.", USER_PREVENT_SEPPUKU), 406
|
2021-05-07 17:46:14 +00:00
|
|
|
ext.session.delete(target)
|
2021-05-01 12:25:50 +00:00
|
|
|
try:
|
2021-05-07 17:46:14 +00:00
|
|
|
ext.session.commit()
|
2021-05-01 12:25:50 +00:00
|
|
|
except Exception:
|
2021-05-07 17:46:14 +00:00
|
|
|
ext.session.rollback()
|
2021-05-17 14:19:32 +00:00
|
|
|
return json_error("Could not delete the user.", USER_DELETION_ERROR), 500
|
2021-05-11 21:47:47 +00:00
|
|
|
return json_success(""), 204 # "The user has been deleted."
|
2021-04-29 19:59:05 +00:00
|
|
|
elif request.method == "PATCH":
|
|
|
|
|
if not email == user.email and not user.isAdmin:
|
2021-05-17 14:19:32 +00:00
|
|
|
return json_error("Thou art not authorized.", USER_NOT_AUTHORIZED), 403
|
2021-04-29 19:59:05 +00:00
|
|
|
target = find_user(email)
|
|
|
|
|
if request.json.get("username"):
|
|
|
|
|
target.username = request.json.get("username")
|
|
|
|
|
if request.json.get("password"):
|
|
|
|
|
target.password = gen_password(request.json.get("password"))
|
2021-05-07 17:46:14 +00:00
|
|
|
ext.session.commit()
|
2021-05-11 21:47:47 +00:00
|
|
|
return json_success(target.to_json()), 200 # 204
|
