def edit(id):
if not is_current_user_admin() and not is_current_user(id):
flask.abort(401)
user = find_one('users', _id=ObjectId(id))
if not user:
return NotFound(gettext('User not found'))
if flask.request.method == 'POST':
form = UserForm(user=user)
if form.validate_on_submit():
if form.email.data != user[
'email'] and not _is_email_address_valid(form.email.data):
return jsonify({'email':
['Email address is already in use']}), 400
updates = form.data
if form.company.data:
updates['company'] = ObjectId(form.company.data)
get_resource_service('users').patch(id=ObjectId(id),
updates=updates)
app.cache.delete(user.get('email'))
return jsonify({'success': True}), 200
return jsonify(form.errors), 400
return jsonify(user), 200
def is_user_topic(topic_id, user_id):
"""
Checks if the topic with topic_id belongs to user with user_id
"""
topic = find_one('topics', _id=ObjectId(topic_id))
if topic and str(topic.get('user')) == user_id:
return True
return False
def edit(_id):
if flask.request.args.get('context', '') == 'wire':
items = get_items_for_user_action([_id], 'items')
if not items:
return
item = items[0]
if is_json_request(flask.request):
return flask.jsonify(item)
if 'print' in flask.request.args:
assert flask.request.args.get('monitoring_profile')
monitoring_profile = get_entity_or_404(
flask.request.args.get('monitoring_profile'), 'monitoring')
items = get_items_for_monitoring_report([_id],
monitoring_profile,
full_text=True)
flask.request.view_args['date_items_dict'] = get_date_items_dict(items)
flask.request.view_args['monitoring_profile'] = monitoring_profile
flask.request.view_args['monitoring_report_name'] = app.config.get(
'MONITORING_REPORT_NAME', 'Newsroom')
flask.request.view_args['print'] = True
return wire_print(_id)
profile = find_one('monitoring', _id=ObjectId(_id))
if not profile:
return NotFound(gettext('monitoring Profile not found'))
if flask.request.method == 'POST':
form = MonitoringForm(monitoring=profile)
if form.validate_on_submit():
updates = form.data
request_updates = flask.request.get_json()
# If the updates have anything other than 'users', only admin or monitoring_admin can update
if len(request_updates.keys()
) == 1 and 'users' not in request_updates:
user = get_user()
if not is_admin(user):
return jsonify({'error': 'Bad request'}), 400
company = get_entity_or_404(profile['company'], 'companies')
if str(user['_id']) != str(
company.get('monitoring_administrator')):
return jsonify({'error': 'Bad request'}), 400
process_form_request(updates, request_updates, form)
set_version_creator(updates)
get_resource_service('monitoring').patch(ObjectId(_id),
updates=updates)
return jsonify({'success': True}), 200
return jsonify(form.errors), 400
return jsonify(profile), 200
def edit(id):
company = find_one('companies', _id=ObjectId(id))
if not company:
return NotFound(gettext('Company not found'))
if flask.request.method == 'POST':
form = CompanyForm(company=company)
if form.validate():
get_resource_service('companies').patch(id=ObjectId(id),
updates=form.data)
return jsonify({'success': True}), 200
return jsonify(form.errors), 400
def edit(id):
company = find_one('companies', _id=ObjectId(id))
if not company:
return NotFound(gettext('Company not found'))
if flask.request.method == 'POST':
company = get_json_or_400()
validate_company(company)
updates = get_company_updates(company)
get_resource_service('companies').patch(id=ObjectId(id),
updates=updates)
return jsonify({'success': True}), 200
return jsonify(company), 200
def update_users(id):
profile = find_one('monitoring', _id=ObjectId(id))
if not profile:
return NotFound(gettext('monitoring Profile not found'))
updates = flask.request.get_json()
if 'users' in updates:
updates['users'] = [
u['_id']
for u in get_items_by_id([ObjectId(u)
for u in updates['users']], 'users')
if u['company'] == profile.get('company')
]
get_resource_service('monitoring').patch(id=ObjectId(id),
updates=updates)
return jsonify({'success': True}), 200
def edit(_id):
company = find_one('companies', _id=ObjectId(_id))
if not company:
return NotFound(gettext('Company not found'))
if flask.request.method == 'POST':
company = get_json_or_400()
errors = get_errors_company(company)
if errors:
return errors
updates = get_company_updates(company)
set_version_creator(updates)
get_resource_service('companies').patch(ObjectId(_id), updates=updates)
app.cache.delete(_id)
return jsonify({'success': True}), 200
return jsonify(company), 200
def _resend_token(user_id, token_type):
"""
Sends a new token for a given user_id
:param user_id: Id of the user to send the token
:param token_type: validate or reset_password
:return:
"""
if not user_id:
return BadRequest(gettext('User id not provided'))
user = find_one('users', _id=ObjectId(user_id))
if not user:
return NotFound(gettext('User not found'))
if send_token(user, token_type):
return jsonify({'success': True}), 200
return jsonify({'message': 'Token could not be sent'}), 400
def edit(_id):
if not (is_current_user_admin()
or is_current_user_account_mgr()) and not is_current_user(_id):
flask.abort(401)
user = find_one('users', _id=ObjectId(_id))
if not user:
return NotFound(gettext('User not found'))
if flask.request.method == 'POST':
form = UserForm(user=user)
if form.validate_on_submit():
if form.email.data != user[
'email'] and not _is_email_address_valid(form.email.data):
return jsonify({'email':
['Email address is already in use']}), 400
updates = form.data
if form.company.data:
updates['company'] = ObjectId(form.company.data)
# account manager can do anything but promote themselves to admin
if is_current_user_account_mgr() and updates.get(
'user_type', '') != user.get('user_type', ''):
flask.abort(401)
if not (is_current_user_admin() or is_current_user_account_mgr())\
and not _user_allowed_field(updates, user):
flask.abort(401)
user = get_resource_service('users').patch(ObjectId(_id),
updates=updates)
app.cache.delete(user.get('email'))
app.cache.delete(_id)
return jsonify({'success': True}), 200
return jsonify(form.errors), 400
return jsonify(user), 200
