def user_dict(user):
"""Turn a User object into a dictionary suitable for serialization"""
data = to_dict(user)
del data['password_crypt']
if Admin_permission.can() or user.user_id == current_user.user_id:
data['roles'] = [r.name for r in user.roles]
return data
def update_user(user):
"""Update a user's data"""
if user.user_id != current_user.user_id:
Admin_permission.test(403)
input_data = json.loads(request.data)
if Admin_permission.can() and 'roles' in input_data:
for role in user.roles:
if role.name in input_data['roles']:
input_data['roles'].remove(role.name)
else:
user.roles.remove(role)
for role_name in input_data['roles']:
role = Role.query.filter_by(name=role_name).first()
if role is not None:
user.roles.append(role)
DB.session.commit()
return jsonify(user_dict(user))