def new(request):
""" Respond to the "/user/new" API call.
"""
try:
# Extract our payload from the request parameters.
request_payload = api_helper.process_request(request)
if "error" in request_payload: return request_payload['error']
# Check that the required fields are present.
error = api_helper.check_fields(request_payload,
required_fields=["user_id",
"password",
"pin_number"],
optional_fields=["name"])
if error != None: return error
user_id = request_payload['fields']['user_id']
password = request_payload['fields']['password']
pin_number = request_payload['fields']['pin_number']
name = request_payload['fields'].get("name", "")
# Check that the supplied values are acceptable.
if not account_helper.is_valid_user_id(user_id):
return api_helper.error(request_payload,
api_errors.INVALID_USER_ID)
if not account_helper.is_valid_password(password):
return api_helper.error(request_payload,
api_errors.INVALID_PASSWORD)
if not account_helper.is_valid_pin_number(pin_number):
return api_helper.error(request_payload,
api_errors.INVALID_PIN_NUMBER)
# Check that there is no user with this ID already in the system.
try:
existing_user = User.objects.get(user_id=user_id)
except User.DoesNotExist:
existing_user = None
if existing_user != None:
return api_helper.error(request_payload,
api_errors.DUPLICATE_USER_ID)
# Create the new User record.
user = User()
user.user_id = user_id
user.name = name
user.password = password
user.pin_number = pin_number
user.save()
# Finally, return an empty payload back to the caller.
return api_helper.response(request_payload, {})
except:
traceback.print_exc()
return HttpResponseServerError()
def update(request):
""" Respond to the "/user/update" API call.
"""
try:
# Extract our payload from the request parameters.
request_payload = api_helper.process_request(request)
if "error" in request_payload: return request_payload['error']
user = request_payload['session'].user
# Check that the required fields are present.
error = api_helper.check_fields(request_payload,
required_fields=["session_key",
"pin_number",
"changes"])
if error != None: return error
pin_number = request_payload['fields']['pin_number']
changes = request_payload['fields']['changes']
# Extract the various changes the caller wants to apply.
if not isinstance(changes, dict):
return HttpResponseBadRequest("Invalid parameter: changes")
if "name" in changes: new_name = changes['name']
else: new_name = None
if "password" in changes: new_password = changes['password']
else: new_password = None
if "pin_number" in changes: new_pin_number = changes['pin_number']
else: new_pin_number = None
# Check that the entered values are acceptable.
if new_name != None:
if not account_helper.is_valid_user_name(new_name):
return api_helper.error(request_payload,
api_errors.INVALID_USER_NAME)
if new_password != None:
if not account_helper.is_valid_password(new_password):
return api_helper.error(request_payload,
api_errors.INVALID_PASSWORD)
if new_pin_number != None:
if not account_helper.is_valid_pin_number(new_pin_number):
return api_helper.error(request_payload,
api_errors.INVALID_PIN_NUMBER)
# Check that the supplied PIN number is correct.
if pin_number != user.pin_number:
return api_helper.error(request_payload, api_errors.UNAUTHORIZED)
# Update the User record with the updated values.
if new_name != None: user.name = new_name
if new_password != None: user.password = new_password
if new_pin_number != None: user.pin_number = new_pin_number
user.save()
# Finally, return an empty payload back to the caller.
return api_helper.response(request_payload, {})
except:
traceback.print_exc()
return HttpResponseServerError()
