diff options
| author | leonoverweel <l.overweel@gmail.com> | 2017-01-24 12:05:15 +0100 |
|---|---|---|
| committer | leonoverweel <l.overweel@gmail.com> | 2017-01-24 12:05:15 +0100 |
| commit | 86a50a4f6df9ece982743a3b7ca510846d248909 (patch) | |
| tree | 79edc0478908b7fee9e5dca2088e562c7a62038b /opendc/api/v1/users/userId | |
Initial commit
Diffstat (limited to 'opendc/api/v1/users/userId')
| -rw-r--r-- | opendc/api/v1/users/userId/__init__.py | 0 | ||||
| -rw-r--r-- | opendc/api/v1/users/userId/authorizations/__init__.py | 0 | ||||
| -rw-r--r-- | opendc/api/v1/users/userId/authorizations/endpoint.py | 41 | ||||
| -rw-r--r-- | opendc/api/v1/users/userId/endpoint.py | 121 |
4 files changed, 162 insertions, 0 deletions
diff --git a/opendc/api/v1/users/userId/__init__.py b/opendc/api/v1/users/userId/__init__.py new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/opendc/api/v1/users/userId/__init__.py diff --git a/opendc/api/v1/users/userId/authorizations/__init__.py b/opendc/api/v1/users/userId/authorizations/__init__.py new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/opendc/api/v1/users/userId/authorizations/__init__.py diff --git a/opendc/api/v1/users/userId/authorizations/endpoint.py b/opendc/api/v1/users/userId/authorizations/endpoint.py new file mode 100644 index 00000000..2320456f --- /dev/null +++ b/opendc/api/v1/users/userId/authorizations/endpoint.py @@ -0,0 +1,41 @@ +from opendc.models.authorization import Authorization +from opendc.models.user import User +from opendc.util import database, exceptions +from opendc.util.rest import Response + +def GET(request): + """Get this User's Authorizations.""" + + # Make sure required parameters are there + + try: + request.check_required_parameters( + path = { + 'userId': 'int' + } + ) + + except exceptions.ParameterError as e: + return Response(400, e.message) + + # Instantiate a User and make sure they exist + + user = User.from_primary_key((request.params_path['userId'],)) + + if not user.exists(): + return Response(404, '{} not found.'.format(user)) + + # Make sure this requester is allowed to retrieve this User's Authorizations + + if not user.google_id_has_at_least(request.google_id, 'OWN'): + return Response(403, 'Forbidden from retrieving Authorizations for {}.'.format(user)) + + # Return this User's Authorizations + + authorizations = Authorization.query('user_id', request.params_path['userId']) + + return Response( + 200, + 'Successfully retrieved Authorizations for {}.'.format(user), + [x.to_JSON() for x in authorizations] + ) diff --git a/opendc/api/v1/users/userId/endpoint.py b/opendc/api/v1/users/userId/endpoint.py new file mode 100644 index 00000000..e4edc107 --- /dev/null +++ b/opendc/api/v1/users/userId/endpoint.py @@ -0,0 +1,121 @@ +from opendc.models.user import User +from opendc.util import database, exceptions +from opendc.util.rest import Response + +def DELETE(request): + """Delete this user.""" + + # Make sure required parameters are there + + try: + request.check_required_parameters( + path = { + 'userId': 'int' + } + ) + + except exceptions.ParameterError as e: + return Response(400, e.message) + + # Instantiate a User and make sure they exist + + user = User.from_primary_key((request.params_path['userId'],)) + + if not user.exists(): + return Response(404, '{} not found'.format(user)) + + # Make sure this User is allowed to delete this User + + if not user.google_id_has_at_least(request.google_id, 'OWN'): + return Response(403, 'Forbidden from deleting {}.'.format(user)) + + # Delete this User + + user.delete() + + # Return this User + + return Response( + 200, + 'Succesfully deleted {}'.format(user), + user.to_JSON() + ) + +def GET(request): + """Get this User.""" + + # Make sure required parameters are there + + try: + request.check_required_parameters( + path = { + 'userId': 'int' + } + ) + + except exceptions.ParameterError as e: + return Response(400, e.message) + + # Instantiate a User and make sure they exist + + user = User.from_primary_key((request.params_path['userId'],)) + + if not user.exists(): + return Response(404, '{} not found.'.format(user)) + + # Return this User + + return Response( + 200, + 'Successfully retrieved {}'.format(user), + user.to_JSON(), + ) + +def PUT(request): + """Update this User's given name and/ or family name.""" + + # Make sure the required parameters are there + + try: + request.check_required_parameters( + body = { + 'user': { + 'givenName': 'string', + 'familyName': 'string' + } + }, + path = { + 'userId': 'int' + } + ) + + except exceptions.ParameterError as e: + return Response(400, e.message) + + # Instantiate a User and make sure they exist + + user = User.from_primary_key((request.params_path['userId'],)) + + if not user.exists(): + return Response(404, '{} not found.'.format(user)) + + # Make sure this User is allowed to edit this User + + if not user.google_id_has_at_least(request.google_id, 'OWN'): + return Response(403, 'Forbidden from editing {}.'.format(user)) + + # Update this User + + user.given_name = request.params_body['user']['givenName'] + user.family_name = request.params_body['user']['familyName'] + + user.update() + + # Return this User + + return Response( + 200, + 'Successfully updated {}.'.format(user), + user.to_JSON() + ) + |