Initial commit

6 files changed, 242 insertions, 0 deletions

diff --git a/opendc/api/v1/users/__init__.py b/opendc/api/v1/users/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/opendc/api/v1/users/__init__.py
diff --git a/opendc/api/v1/users/endpoint.py b/opendc/api/v1/users/endpoint.py
new file mode 100644
index 00000000..1f43f665
--- /dev/null
+++ b/opendc/api/v1/users/endpoint.py
@@ -0,0 +1,80 @@
+from opendc.models.user import User
+from opendc.util import database, exceptions
+from opendc.util.rest import Response
+
+def GET(request):
+    """Search for a User using their email address."""
+
+    # Make sure required parameters are there
+
+    try:
+        request.check_required_parameters(
+            query = {
+                'email': 'string'
+            }
+        )
+
+    except exceptions.ParameterError as e:
+        return Response(400, e.message)
+    
+    # Instantiate and read a User from the database
+
+    user = User.from_email(request.params_query['email'])
+
+    # Make sure this User exists in the database
+
+    if not user.exists():
+        return Response(404, '{} not found'.format(user))
+
+    # Return this User
+
+    return Response(
+        200,
+        'Successfully retrieved {}.'.format(user),
+        user.to_JSON()
+    )
+
+def POST(request):
+    """Add a new User."""
+
+    # Make sure required parameters are there
+
+    try:
+        request.check_required_parameters(
+            body = {
+                'user': {
+                    'googleId': 'string',
+                    'email': 'string'
+                }
+            }
+        )
+
+    except exceptions.ParameterError as e:
+        return Response(400, e.message)
+
+    # Instantiate a User
+
+    user = User.from_JSON(request.params_body['user'])
+
+    # Make sure a User with this Google ID does not already exist
+    
+    if user.exists('google_id'):
+        user = user.from_google_id(user.google_id)
+        return Response(409, '{} already exists.'.format(user))
+
+    # Make sure this User is authorized to create this User
+
+    if not request.google_id == user.google_id:
+        return Response(403, 'Fobidden from creating this User.')
+
+    # Insert the User
+
+    user.insert()
+
+    # Return a JSON representation of the User
+
+    return Response(
+        200, 
+        'Successfully created {}'.format(user), 
+        user.to_JSON()
+    )
diff --git a/opendc/api/v1/users/userId/__init__.py b/opendc/api/v1/users/userId/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/opendc/api/v1/users/userId/__init__.py
diff --git a/opendc/api/v1/users/userId/authorizations/__init__.py b/opendc/api/v1/users/userId/authorizations/__init__.py
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/opendc/api/v1/users/userId/authorizations/__init__.py
diff --git a/opendc/api/v1/users/userId/authorizations/endpoint.py b/opendc/api/v1/users/userId/authorizations/endpoint.py
new file mode 100644
index 00000000..2320456f
--- /dev/null
+++ b/opendc/api/v1/users/userId/authorizations/endpoint.py
@@ -0,0 +1,41 @@
+from opendc.models.authorization import Authorization
+from opendc.models.user import User
+from opendc.util import database, exceptions
+from opendc.util.rest import Response
+
+def GET(request):
+    """Get this User's Authorizations."""
+
+    # Make sure required parameters are there
+
+    try:
+        request.check_required_parameters(
+            path = {
+                'userId': 'int'
+            }
+        )
+
+    except exceptions.ParameterError as e:
+        return Response(400, e.message)
+
+    # Instantiate a User and make sure they exist
+
+    user = User.from_primary_key((request.params_path['userId'],))
+
+    if not user.exists():
+        return Response(404, '{} not found.'.format(user))
+
+    # Make sure this requester is allowed to retrieve this User's Authorizations
+
+    if not user.google_id_has_at_least(request.google_id, 'OWN'):
+        return Response(403, 'Forbidden from retrieving Authorizations for {}.'.format(user))
+
+    # Return this User's Authorizations
+
+    authorizations = Authorization.query('user_id', request.params_path['userId'])
+
+    return Response(
+        200,
+        'Successfully retrieved Authorizations for {}.'.format(user),
+        [x.to_JSON() for x in authorizations]
+    )
diff --git a/opendc/api/v1/users/userId/endpoint.py b/opendc/api/v1/users/userId/endpoint.py
new file mode 100644
index 00000000..e4edc107
--- /dev/null
+++ b/opendc/api/v1/users/userId/endpoint.py
@@ -0,0 +1,121 @@
+from opendc.models.user import User
+from opendc.util import database, exceptions
+from opendc.util.rest import Response
+
+def DELETE(request):
+    """Delete this user."""
+
+    # Make sure required parameters are there
+
+    try:
+        request.check_required_parameters(
+            path = {
+                'userId': 'int'
+            }
+        )
+
+    except exceptions.ParameterError as e:
+        return Response(400, e.message)
+
+    # Instantiate a User and make sure they exist
+
+    user = User.from_primary_key((request.params_path['userId'],))
+
+    if not user.exists():
+        return Response(404, '{} not found'.format(user))
+
+    # Make sure this User is allowed to delete this User
+
+    if not user.google_id_has_at_least(request.google_id, 'OWN'):
+        return Response(403, 'Forbidden from deleting {}.'.format(user))
+
+    # Delete this User
+
+    user.delete()
+
+    # Return this User
+
+    return Response(
+        200,
+        'Succesfully deleted {}'.format(user),
+        user.to_JSON()
+    )
+
+def GET(request):
+    """Get this User."""
+
+    # Make sure required parameters are there
+
+    try:
+        request.check_required_parameters(
+            path = {
+                'userId': 'int'
+            }
+        )
+
+    except exceptions.ParameterError as e:
+        return Response(400, e.message)
+
+    # Instantiate a User and make sure they exist
+
+    user = User.from_primary_key((request.params_path['userId'],))
+
+    if not user.exists():
+        return Response(404, '{} not found.'.format(user))
+
+    # Return this User
+
+    return Response(
+        200,
+        'Successfully retrieved {}'.format(user),
+        user.to_JSON(),
+    )
+
+def PUT(request):
+    """Update this User's given name and/ or family name."""
+
+    # Make sure the required parameters are there
+
+    try:
+        request.check_required_parameters(
+            body = {
+                'user': {
+                    'givenName': 'string',
+                    'familyName': 'string'
+                }
+            },
+            path = {
+                'userId': 'int'
+            }
+        )
+
+    except exceptions.ParameterError as e:
+        return Response(400, e.message)
+
+    # Instantiate a User and make sure they exist
+
+    user = User.from_primary_key((request.params_path['userId'],))
+
+    if not user.exists():
+        return Response(404, '{} not found.'.format(user))
+
+    # Make sure this User is allowed to edit this User
+
+    if not user.google_id_has_at_least(request.google_id, 'OWN'):
+        return Response(403, 'Forbidden from editing {}.'.format(user))
+    
+    # Update this User
+    
+    user.given_name = request.params_body['user']['givenName']
+    user.family_name = request.params_body['user']['familyName']
+
+    user.update()
+
+    # Return this User
+
+    return Response(
+        200,
+        'Successfully updated {}.'.format(user),
+        user.to_JSON()
+    )
+