1
Fork 0
mirror of https://github.com/pds-nest/nest.git synced 2024-11-27 07:24:17 +00:00
pds-2021-g2-nest/code/backend/nest_backend/routes/users/user.py

47 lines
1.8 KiB
Python
Raw Normal View History

from flask import render_template, abort, jsonify, request
from ...database import *
from flask_jwt_extended import jwt_required
from ...gestione import *
from flask_cors import cross_origin
@cross_origin()
@jwt_required()
def page_user(email):
"""
User <email>:
+ GET: gets info about the specified user.
+ PATCH: password, username -> Updates data about the user, returns the updated user.
+ DELETE: deletes the specified user.
"""
user = find_user(get_jwt_identity())
target = find_user(email)
if not target:
return json_error("Could not locate the user."), 404
if request.method == "GET":
if not email == user.email and not user.isAdmin:
return json_error("Thou art not authorized."), 403
return json_success(target.to_json())
elif request.method == "DELETE":
if not user.isAdmin:
return json_error("User is not admin."), 403
if user == target:
return json_error("The user cant delete himself. Its a sin."), 406
Base.session.delete(target)
try:
Base.session.commit()
except Exception:
Base.session.rollback()
return json_error("Could not delete the user."), 500
return json_success("The user has been deleted.")
elif request.method == "PATCH":
if not email == user.email and not user.isAdmin:
return json_error("Thou art not authorized."), 403
target = find_user(email)
if request.json.get("username"):
target.username = request.json.get("username")
if request.json.get("password"):
target.password = gen_password(request.json.get("password"))
Base.session.commit()
return json_success(target.to_json())