mirror of
https://github.com/pds-nest/nest.git
synced 2024-11-30 00:14:19 +00:00
46 lines
1.8 KiB
Python
46 lines
1.8 KiB
Python
from flask import render_template, abort, jsonify, request
|
|
from ...database import *
|
|
from flask_jwt_extended import jwt_required
|
|
from ...gestione import *
|
|
from flask_cors import cross_origin
|
|
|
|
|
|
@cross_origin()
|
|
@jwt_required()
|
|
def page_user(email):
|
|
"""
|
|
User <email>:
|
|
+ GET: gets info about the specified user.
|
|
+ PATCH: password, username -> Updates data about the user, returns the updated user.
|
|
+ DELETE: deletes the specified user.
|
|
"""
|
|
user = find_user(get_jwt_identity())
|
|
if request.method == "GET":
|
|
if not email == user.email and not user.isAdmin:
|
|
return json_error("Thou art not authorized."), 403
|
|
target = find_user(email).to_json()
|
|
if not target:
|
|
return json_error("Could not locate the user."), 404
|
|
return json_success(target)
|
|
elif request.method == "DELETE":
|
|
if not user.isAdmin:
|
|
return json_error("User is not admin."), 403
|
|
target = find_user(email)
|
|
if not target:
|
|
return json_error("User not found."), 404
|
|
if user == target:
|
|
return json_error("The user cant delete himself. Its a sin."), 406
|
|
Base.session.delete(target)
|
|
Base.session.commit()
|
|
return json_success("The user has been deleted.")
|
|
elif request.method == "PATCH":
|
|
if not email == user.email and not user.isAdmin:
|
|
return json_error("Thou art not authorized."), 403
|
|
target = find_user(email)
|
|
if not target:
|
|
return json_error("Could not locate the user."), 404
|
|
if request.json.get("username"):
|
|
target.username = request.json.get("username")
|
|
if request.json.get("password"):
|
|
target.password = gen_password(request.json.get("password"))
|
|
Base.session.commit()
|