def view(id): authz.require(id == current_user.id or authz.is_admin()) user = obj_or_404(User.by_id(id)) data = user.to_dict() if user.id != current_user.id: del data['email'] return jsonify(data)
def update(id): user = obj_or_404(User.by_id(id)) authz.require(user.id == current_user.id or authz.is_admin()) user.update(request_data()) db.session.add(user) db.session.commit() return jsonify(user)
def view(id): user = obj_or_404(User.by_id(id)) data = user.to_dict() if user.id != current_user.id: del data['email'] return jsonify(data)