1
Fork 0
mirror of https://github.com/pds-nest/nest.git synced 2024-11-30 00:14:19 +00:00
pds-2021-g2-nest/code/backend/nest_backend/routes/users/user.py

147 lines
4.9 KiB
Python
Raw Normal View History

from flask import render_template, abort, jsonify, request
2021-05-05 20:21:04 +00:00
from nest_backend.database import *
from flask_jwt_extended import jwt_required
2021-05-05 20:21:04 +00:00
from nest_backend.gestione import *
from flask_cors import cross_origin
@cross_origin()
@jwt_required()
def page_user(email):
"""
2021-05-05 20:21:04 +00:00
---
get:
summary: Get details about a user.
2021-05-05 20:21:04 +00:00
parameters:
- in: path
schema: EmailParameterSchema
security:
- jwt: []
2021-05-05 20:21:04 +00:00
responses:
'200':
description: The details about the requested user. The schema is incapsulated in Success.
content:
application/json:
schema: User
'404':
description: Could not find the requested user.
content:
application/json:
schema: Error
'403':
description: The user is not authorized.
content:
application/json:
schema: Error
'401':
description: The user is not logged in.
content:
application/json:
schema: Error
tags:
- user-related
delete:
summary: Deletes a user.
2021-05-05 20:21:04 +00:00
parameters:
- in: path
schema: EmailParameterSchema
security:
- jwt: []
2021-05-05 20:21:04 +00:00
responses:
'200':
description: The user has been deleted successfully.
'404':
description: Could not find the requested user.
content:
application/json:
schema: Error
'403':
description: The user is not authorized.
content:
application/json:
schema: Error
'406':
description: The user tried to delete himself.
content:
application/json:
schema: Error
'500':
description: Something went wrong while trying to delete the user.
content:
application/json:
schema: Error
'401':
description: The user is not logged in.
content:
application/json:
schema: Error
tags:
- user-related
- admin-only
patch:
summary: Updates a user.
2021-05-05 20:21:04 +00:00
parameters:
- in: path
schema: EmailParameterSchema
security:
- jwt: []
2021-05-05 20:21:04 +00:00
responses:
'200':
description: The user has been updated successfully.
content:
application/json:
schema: User
'404':
description: Could not find the requested user.
content:
application/json:
schema: Error
'403':
description: The user is not authorized.
content:
application/json:
schema: Error
'406':
description: The user tried to delete himself.
content:
application/json:
schema: Error
'401':
description: The user is not logged in.
content:
application/json:
schema: Error
tags:
- user-related
"""
user = find_user(get_jwt_identity())
target = find_user(email)
if not target:
return json_error("Could not locate the user."), 404
if request.method == "GET":
if not email == user.email and not user.isAdmin:
return json_error("Thou art not authorized."), 403
return json_success(target.to_json())
elif request.method == "DELETE":
if not user.isAdmin:
return json_error("User is not admin."), 403
if user == target:
return json_error("The user cant delete himself. Its a sin."), 406
2021-05-07 17:46:14 +00:00
ext.session.delete(target)
try:
2021-05-07 17:46:14 +00:00
ext.session.commit()
except Exception:
2021-05-07 17:46:14 +00:00
ext.session.rollback()
return json_error("Could not delete the user."), 500
return json_success("The user has been deleted.")
elif request.method == "PATCH":
if not email == user.email and not user.isAdmin:
return json_error("Thou art not authorized."), 403
target = find_user(email)
if request.json.get("username"):
target.username = request.json.get("username")
if request.json.get("password"):
target.password = gen_password(request.json.get("password"))
2021-05-07 17:46:14 +00:00
ext.session.commit()
return json_success(target.to_json())