def delete(self, user_id): if user_id is not None: if g.user.admin: user = User.get(user_id) user.delete(user_id) return self.send_200(user.json()) else: return self.send_401() else: return self.send_400('You must specify the ID of a user to delete')
def get(self, user_id): if user_id is None: userlist = [user.dict() for user in User.select()] return self.send_200(userlist) else: try: user = User.get(user_id) except SQLObjectNotFound: return self.send_404() else: return self.send_200(user.json())
def put(self, user_id): if user_id is not None: try: user = User.get(user_id) except SQLObjectNotFound: return self.send_404() if user != g.user or not g.user.admin: return self.send_401() else: if request.json: try: try: old_pass = request.json['old_password'] old_pass = generate_password(old_pass) tok = None except IndexError: old_pass = None tok = request.json['reset_token'] new_pass = request.json['new_password'] confirm_pass = request.json['confirm_pass'] except IndexError, e: return self.send_400("%s is required" % e) else: reset_allowed = False if old_pass and user.password == old_pass: reset_allowed = True else: try: t = ResetToken.select(ResetToken.q.token==tok) t = t[0] except (SQLObjectNotFound, IndexError): return self.send_401() if t.user == user and t.expires >= datetime.now(): reset_allowed = True if reset_allowed and new_pass == confirm_pass: user.set_pass(new_pass) return self.send_200(user.json()) else: return self.send_401()
def put(self, user_id): if user_id is not None: if request.json: try: user = User.get(user_id) if g.user != user or not g.user.admin: return self.send_401('Not authorized') except SQLObjectNotFound: return self.send_404() else: try: data = request.json email = data['email'] first_name = data['first_name'] last_name = data['last_name'] alias = data['alias'] except KeyError, e: return self.send_400('%s is required' % e) else: user.set(email=email, first_name=first_name, last_name=last_name, alias=alias) return self.send_200(user.json())