def put(self, object_id): user = user_model.get_or_404(object_id, message='User not found') if g.user != user and not g.user.admin: api.abort(403) args = users_put.parse_args() email = args['email'] password = args['password'] if email is not None and user.email != email: if user_model.get_by_email(email) is not None: api.abort(400, 'Email is already registered') user.email = email if password is not None: user.set_password(password) user.put() return '', 200
def delete(self, object_id): user = user_model.get_or_404(object_id, message='User not found') if g.user != user and not g.user.admin: api.abort(403) user.key.delete() return '', 204
def get(self, object_id): user = user_model.get_or_404(object_id, message='User not found') if g.user is not None: if g.user == user or g.user.admin: return api.marshal(user, private_user) return api.marshal(user, public_user)