opendc/api/v1/users/userId/endpoint.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121

from opendc.models.user import User
from opendc.util import database, exceptions
from opendc.util.rest import Response

def DELETE(request):
    """Delete this user."""

    # Make sure required parameters are there

    try:
        request.check_required_parameters(
            path = {
                'userId': 'int'
            }
        )

    except exceptions.ParameterError as e:
        return Response(400, e.message)

    # Instantiate a User and make sure they exist

    user = User.from_primary_key((request.params_path['userId'],))

    if not user.exists():
        return Response(404, '{} not found'.format(user))

    # Make sure this User is allowed to delete this User

    if not user.google_id_has_at_least(request.google_id, 'OWN'):
        return Response(403, 'Forbidden from deleting {}.'.format(user))

    # Delete this User

    user.delete()

    # Return this User

    return Response(
        200,
        'Succesfully deleted {}'.format(user),
        user.to_JSON()
    )

def GET(request):
    """Get this User."""

    # Make sure required parameters are there

    try:
        request.check_required_parameters(
            path = {
                'userId': 'int'
            }
        )

    except exceptions.ParameterError as e:
        return Response(400, e.message)

    # Instantiate a User and make sure they exist

    user = User.from_primary_key((request.params_path['userId'],))

    if not user.exists():
        return Response(404, '{} not found.'.format(user))

    # Return this User

    return Response(
        200,
        'Successfully retrieved {}'.format(user),
        user.to_JSON(),
    )

def PUT(request):
    """Update this User's given name and/ or family name."""

    # Make sure the required parameters are there

    try:
        request.check_required_parameters(
            body = {
                'user': {
                    'givenName': 'string',
                    'familyName': 'string'
                }
            },
            path = {
                'userId': 'int'
            }
        )

    except exceptions.ParameterError as e:
        return Response(400, e.message)

    # Instantiate a User and make sure they exist

    user = User.from_primary_key((request.params_path['userId'],))

    if not user.exists():
        return Response(404, '{} not found.'.format(user))

    # Make sure this User is allowed to edit this User

    if not user.google_id_has_at_least(request.google_id, 'OWN'):
        return Response(403, 'Forbidden from editing {}.'.format(user))
    
    # Update this User
    
    user.given_name = request.params_body['user']['givenName']
    user.family_name = request.params_body['user']['familyName']

    user.update()

    # Return this User

    return Response(
        200,
        'Successfully updated {}.'.format(user),
        user.to_JSON()
    )