def patch_files(): res = {} try: id = request.args.get('id') current_id = str(session['user_id']) file = request.files['files[0]'] file_type = mime(file).split('/')[0] if file_type == 'image' and current_id == id: user = User.lookup_id(id) filename = secure_filename(file.filename) parts = filename.split('.') filename = '.'.join(parts[:-1]) + str(current_id) + '.' + parts[-1] destination = os.path.join(app.config['UPLOAD_FOLDER'], 'avatars/' + filename) file.save(destination) old_avatar = user.avatar user.avatar = filename user.update() try: if old_avatar != 'default.png': target = os.path.join(app.config['UPLOAD_FOLDER'], 'avatars/' + old_avatar) os.remove(target) except Exception: pass res = {'upload_success': True} elif current_id == id: res = {'upload_success': False, 'error': 'Invalid file type'} else: res = { 'upload_success': False, 'error': "You do not have permission to change this user's avatar" } except Exception: res = { 'upload_success': False, 'error': 'There was an error uploading your file' } return res, 200
def delete(): id = request.args.get('id') user = User.lookup_id(id) res = {} status = 200 if user and id == str(session['user_id']): try: user.delete() res = {'data': user} except Exception: res = {'error': 'Error deleting user'} status = 500 return jsonify(res), status
def patch(): user = User.lookup_id(request.args.get('id')) form = request.json res = {} if user: del form['avatar'] user = assign(form, user) try: user.update() res = {'data': user.as_dict()} except Exception: res = {'error': 'There was an error updating your account'} return jsonify(res), 200
def get(): try: id = int(request.args.get('id')) user = User.lookup_id(id) res = {} if user: user = user.as_dict() if session.get('user_id') != id: del user['email'] del user['password'] res = {'data': user} except Exception as e: res = {'error': 'There was an error finding this user'} return jsonify(res), 200
def save(self, warned): credentials = User.lookup_id(self.user_id) prerequisites = Course.lookup_id(self.course_id).prerequisites conflict = None if not warned: for prerequisite in prerequisites: matched = [ c for c in credentials if c.id == prerequisite.credential_id ] if matched.length == 0: conflict = prerequisite.id break if conflict: return "Missing prerequisite: " + Credential.lookup_id( conflict).name else: Base.save(self)
def is_admin(id): user = User.lookup_id(id) return user.admin