Esempio n. 1
0
def get(group_id, user_id):
    """Method to handle GET verb for /Membership/user_id endpoint"""
    obj = existing_dm_object(Membership, g.db_session,
                             [Membership.group_id, Membership.user_id],
                             [group_id, user_id])
    if not obj:
        return 'NOT_FOUND', 404
    return obj.dump(True), 200
Esempio n. 2
0
def delete(group_id, user_id):
    """Method to handle DELETE verb for /Membership/user_id endpoint"""
    obj = existing_dm_object(Membership, g.db_session,
                             [Membership.group_id, Membership.user_id],
                             [group_id, user_id])
    if not obj:
        return 'NOT_FOUND', 404
    delete_dm_object(obj, g.db_session)
    return 'Membership deleted', 204
Esempio n. 3
0
def put(group_id, user_id, body):
    """Method to handle PUT verb for /Membership/user_id endpoint"""
    obj = existing_dm_object(Membership, g.db_session,
                             [Membership.group_id, Membership.user_id],
                             [group_id, user_id])
    if not obj:
        return 'NOT_FOUND', 404
    obj.apply_update(body)
    persist_dm_object(obj, g.db_session)
    return 'Membership updated', 200
Esempio n. 4
0
def delete(user_id):
    """Method to handle DELETE verb for /User/user_id endpoint"""
    obj = existing_dm_object(User, g.db_session, User.user_id, user_id)
    if not obj:
        return 'NOT_FOUND', 404
    user = g.db_session.query(User)\
                       .filter(User.user_id == g.user_id)\
                       .one_or_none()
    if obj.username == user.username or not user.create_users:
        current_app.logger.debug('/users PUT: rejected delete of %s by %s' %\
                                 (obj.username, user.username))
        return api_error(401, 'UNAUTHORIZED_USER_DELETION')
    delete_dm_object(obj, g.db_session)
    return 'User deleted', 204
Esempio n. 5
0
def put(user_id, body):
    """Method to handle PUT verb for /User/user_id endpoint"""
    obj = existing_dm_object(User, g.db_session, User.user_id, user_id)
    if not obj:
        return 'NOT_FOUND', 404
    user = g.db_session.query(User)\
                       .filter(User.user_id == g.user_id)\
                       .one_or_none()
    if obj.username != user.username and not user.create_users:
        current_app.logger.debug('/users PUT: rejected update to %s by %s' %\
                                 (obj.username, user.username))
        return api_error(401, 'UNAUTHORIZED_USER_EDIT')
    obj.apply_update(body)
    if 'newPassword' in body:
        obj.hash_password(body['newPassword'])
    persist_dm_object(obj, g.db_session)
    return 'User updated', 200
Esempio n. 6
0
def delete(group_id):
    """Method to handle DELETE verb for /Group/group_id endpoint"""
    obj = existing_dm_object(Group, g.db_session, Group.group_id, group_id)
    if not obj:
        return 'NOT_FOUND', 404
    user = g.db_session.query(User)\
                       .filter(User.user_id == g.user_id)\
                       .one_or_none()
    # Confirm the logged in user is an admin or owner
    authorized = False
    for member in obj.memberships:
        if member.user.user_id == user.user_id:
            if member.is_owner:
                authorized = True
            break
    if not authorized:
        return api_error(401,'INSUFFICIENT_PRIVILEGES', user.username)
    delete_dm_object(obj, g.db_session)
    return 'Group deleted', 204
Esempio n. 7
0
def get(group_id):
    """Method to handle GET verb for /Group/group_id endpoint"""
    obj = existing_dm_object(Group, g.db_session, Group.group_id, group_id)
    if not obj:
        return 'NOT_FOUND', 404
    return obj.dump(True), 200
Esempio n. 8
0
def get(user_id):
    """Method to handle GET verb for /User/user_id endpoint"""
    obj = existing_dm_object(User, g.db_session, User.user_id, user_id)
    if not obj:
        return 'NOT_FOUND', 404
    return obj.dump(True), 200