From 565ede0dc50c3b2df09c066ea3a28a4901cce547 Mon Sep 17 00:00:00 2001
From: Georgios Andreadis <info@gandreadis.com>
Date: Tue, 23 Jun 2020 18:08:28 +0200
Subject: Add DB handlers and rename to v2

---
 .../api/v2/users/userId/authorizations/endpoint.py | 42 ++++++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100644 opendc/api/v2/users/userId/authorizations/endpoint.py

(limited to 'opendc/api/v2/users/userId/authorizations/endpoint.py')

diff --git a/opendc/api/v2/users/userId/authorizations/endpoint.py b/opendc/api/v2/users/userId/authorizations/endpoint.py
new file mode 100644
index 00000000..46ca12ba
--- /dev/null
+++ b/opendc/api/v2/users/userId/authorizations/endpoint.py
@@ -0,0 +1,42 @@
+from opendc.models.authorization import Authorization
+from opendc.models.user import User
+from opendc.util import exceptions
+from opendc.util.rest import Response
+
+
+def GET(request):
+    """Get this User's Authorizations."""
+
+    # Make sure required parameters are there
+
+    try:
+        request.check_required_parameters(
+            path={
+                'userId': 'int'
+            }
+        )
+
+    except exceptions.ParameterError as e:
+        return Response(400, e.message)
+
+    # Instantiate a User and make sure they exist
+
+    user = User.from_primary_key((request.params_path['userId'],))
+
+    if not user.exists():
+        return Response(404, '{} not found.'.format(user))
+
+    # Make sure this requester is allowed to retrieve this User's Authorizations
+
+    if not user.google_id_has_at_least(request.google_id, 'OWN'):
+        return Response(403, 'Forbidden from retrieving Authorizations for {}.'.format(user))
+
+    # Return this User's Authorizations
+
+    authorizations = Authorization.query('user_id', request.params_path['userId'])
+
+    return Response(
+        200,
+        'Successfully retrieved Authorizations for {}.'.format(user),
+        [x.to_JSON() for x in authorizations]
+    )
-- 
cgit v1.2.3