opendc/api/v1/users/userId/authorizations/endpoint.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41

from opendc.models.authorization import Authorization
from opendc.models.user import User
from opendc.util import database, exceptions
from opendc.util.rest import Response

def GET(request):
    """Get this User's Authorizations."""

    # Make sure required parameters are there

    try:
        request.check_required_parameters(
            path = {
                'userId': 'int'
            }
        )

    except exceptions.ParameterError as e:
        return Response(400, e.message)

    # Instantiate a User and make sure they exist

    user = User.from_primary_key((request.params_path['userId'],))

    if not user.exists():
        return Response(404, '{} not found.'.format(user))

    # Make sure this requester is allowed to retrieve this User's Authorizations

    if not user.google_id_has_at_least(request.google_id, 'OWN'):
        return Response(403, 'Forbidden from retrieving Authorizations for {}.'.format(user))

    # Return this User's Authorizations

    authorizations = Authorization.query('user_id', request.params_path['userId'])

    return Response(
        200,
        'Successfully retrieved Authorizations for {}.'.format(user),
        [x.to_JSON() for x in authorizations]
    )