1 files changed, 36 insertions, 56 deletions

diff --git a/opendc/api/v2/users/userId/endpoint.py b/opendc/api/v2/users/userId/endpoint.py
index b7519973..bfed3fe5 100644
--- a/opendc/api/v2/users/userId/endpoint.py
+++ b/opendc/api/v2/users/userId/endpoint.py
@@ -1,78 +1,61 @@
 from opendc.models.user import User
 from opendc.util import exceptions
+from opendc.util.database import DB
 from opendc.util.rest import Response
 
 
-def DELETE(request):
-    """Delete this user."""
-
-    # Make sure required parameters are there
+def GET(request):
+    """Get this User."""
 
     try:
-        request.check_required_parameters(path={'userId': 'int'})
-
+        request.check_required_parameters(path={'userId': 'string'})
     except exceptions.ParameterError as e:
         return Response(400, str(e))
 
-    # Instantiate a User and make sure they exist
+    user = DB.fetch_one({'_id': request.params_path['userId']}, 'users')
 
-    user = User.from_primary_key((request.params_path['userId'], ))
+    if user is None:
+        return Response(404, f'User with ID {request.params_path["userId"]} not found.')
 
-    if not user.exists():
-        return Response(404, '{} not found'.format(user))
+    return Response(200, f'Successfully retrieved {user}.', user)
 
-    # Make sure this User is allowed to delete this User
-
-    if not user.google_id_has_at_least(request.google_id, 'OWN'):
-        return Response(403, 'Forbidden from deleting {}.'.format(user))
-
-    # Delete this User
-
-    user.delete()
-
-    # Return this User
-
-    return Response(200, 'Successfully deleted {}'.format(user), user.to_JSON())
-
-
-def GET(request):
-    """Get this User."""
 
-    # Make sure required parameters are there
+def PUT(request):
+    """Update this User's given name and/or family name."""
 
     try:
-        request.check_required_parameters(path={'userId': 'int'})
-
+        request.check_required_parameters(body={'user': {
+            'givenName': 'string',
+            'familyName': 'string'
+        }},
+                                          path={'userId': 'string'})
     except exceptions.ParameterError as e:
         return Response(400, str(e))
 
-    # Instantiate a User and make sure they exist
+    user_id = request.params_path['userId']
+    user = DB.fetch_one({'_id': user_id}, 'users')
 
-    user = User.from_primary_key((request.params_path['userId'], ))
+    if user is None:
+        return Response(404, f'User with ID {user_id} not found.')
 
-    if not user.exists():
-        return Response(404, '{} not found.'.format(user))
+    if user['googleId'] != request.google_id:
+        return Response(403, f'Forbidden from editing {user}.')
 
-    # Return this User
+    user['givenName'] = request.params_body['user']['givenName']
+    user['familyName'] = request.params_body['user']['familyName']
 
-    return Response(
-        200,
-        'Successfully retrieved {}'.format(user),
-        user.to_JSON(),
-    )
+    DB.update(user_id, user, 'users')
 
+    return Response(200, f'Successfully updated {user}.', user)
 
-def PUT(request):
-    """Update this User's given name and/ or family name."""
 
-    # Make sure the required parameters are there
+def DELETE(request):
+    """Delete this user."""
+
+    # Make sure required parameters are there
 
     try:
-        request.check_required_parameters(body={'user': {
-            'givenName': 'string',
-            'familyName': 'string'
-        }},
-                                          path={'userId': 'int'})
+        request.check_required_parameters(path={'userId': 'string'})
 
     except exceptions.ParameterError as e:
         return Response(400, str(e))
@@ -82,20 +65,17 @@ def PUT(request):
     user = User.from_primary_key((request.params_path['userId'], ))
 
     if not user.exists():
-        return Response(404, '{} not found.'.format(user))
+        return Response(404, '{} not found'.format(user))
 
-    # Make sure this User is allowed to edit this User
+    # Make sure this User is allowed to delete this User
 
     if not user.google_id_has_at_least(request.google_id, 'OWN'):
-        return Response(403, 'Forbidden from editing {}.'.format(user))
-
-    # Update this User
+        return Response(403, 'Forbidden from deleting {}.'.format(user))
 
-    user.given_name = request.params_body['user']['givenName']
-    user.family_name = request.params_body['user']['familyName']
+    # Delete this User
 
-    user.update()
+    user.delete()
 
     # Return this User
 
-    return Response(200, 'Successfully updated {}.'.format(user), user.to_JSON())
+    return Response(200, 'Successfully deleted {}'.format(user), user.to_JSON())