def _doPut(self, dataObject):
if "name" in dataObject or "email" in dataObject or "photo" in dataObject:
try:
UM = UserMapper()
if self.arg.isdigit():
# Get the user by ID
user = UM.find(self.arg)
else:
# Get the user by E-mail
user = UM.getUserByEmail(self.arg)
if user is not None:
if self.user.getId() is user.getId() or self.user.accessLevel("super_user"):
if "name" in dataObject:
user.setName(dataObject["name"])
if "email" in dataObject:
user.setEmail(dataObject["email"])
if "photo" in dataObject:
user.setPhoto(dataObject["photo"])
UserMapper.update(user)
return self._response(user.dict(), CODE.CREATED)
else:
raise Forbidden()
else:
raise NotFound("This user does not exist")
except mdb.DatabaseError, e:
raise ServerError("Unable to search the user database (%s)" % e.args[1])
def _doPost(self, dataObject):
if "email" in dataObject and "password" in dataObject:
username = dataObject['email']
password = dataObject['password']
try:
umapper = UserMapper()
selectedUser = umapper.getUserByEmail(username)
except mdb.DatabaseError, e:
raise ServerError("Unable to search the user database (%s: %s)" % e.args[0], e.args[1])
# check we have a result
if selectedUser is None:
raise NotFound("We have no record of a user with the username %s" % username)
# check password is correct return corresponding key
if not checkHash(password, selectedUser.getPassword()):
raise Unauthorised("Failed to login with that username and password")
# get API token from the database and return it
try:
rdata = {}
ATM_ = ApitokenMapper()
rdata["apitoken"] = ATM_.findTokenByUserId(selectedUser.getId()).getToken()
rdata["user"] = selectedUser.dict(1)
return self._response(rdata, CODE.CREATED)
except mdb.DatabaseError, e:
raise ServerError("Unable to get API key from the database (%s: %s)" % e.args[0], e.args[1])
def _doDelete(self):
if self.arg is None:
raise MethodNotAllowed("You must provide the user ID or user EMAIL of the user to be deleted")
# get the user if it exists
try:
UM = UserMapper()
if self.arg.isdigit():
user = UM.find(self.arg)
else:
# Get the user by E-mail
user = UM.getUserByEmail(self.arg)
except mdb.DatabaseError, e:
raise ServerError("Unable to search the user database (%s: %s)" % e.args[0], e.args[1])
def _doGet(self):
try:
UM = UserMapper()
if self.arg is not None:
if self.arg.isdigit():
# Get the user by ID
user = UM.find(self.arg)
else:
# Get the user by E-mail
user = UM.getUserByEmail(self.arg)
if user is None:
raise NotFound("This user does not exist")
if self.user.accessLevel(
"super_user") or self.user.getId() == user.getId():
return self._response(user.dict(2), CODE.OK)
else:
raise Forbidden()
else:
if self.user.accessLevel("super_user"):
offset = 0
users = UM.findAll(offset, offset + 50)
userslist = []
for user in users:
userslist.append(user.dict(2))
userslist = {
"users": userslist,
"pagination_offset": offset,
"max_perpage": 50
}
return self._response(userslist, CODE.OK)
else:
raise Forbidden()
except mdb.DatabaseError, e:
raise ServerError("Unable to search the user database (%s: %s)" %
(e.args[0], e.args[1]))
def _doDelete(self):
if self.arg is None:
raise MethodNotAllowed(
"You must provide the user ID or user EMAIL of the user to be deleted"
)
# get the user if it exists
try:
UM = UserMapper()
if self.arg.isdigit():
user = UM.find(self.arg)
else:
# Get the user by E-mail
user = UM.getUserByEmail(self.arg)
except mdb.DatabaseError, e:
raise ServerError(
"Unable to search the user database (%s: %s)" % e.args[0],
e.args[1])
def _doGet(self):
try:
UM = UserMapper()
if self.arg is not None:
if self.arg.isdigit():
# Get the user by ID
user = UM.find(self.arg)
else:
# Get the user by E-mail
user = UM.getUserByEmail(self.arg)
if user is None:
raise NotFound("This user does not exist")
if self.user.accessLevel("super_user") or self.user.getId() == user.getId():
return self._response(user.dict(2), CODE.OK)
else:
raise Forbidden()
else:
if self.user.accessLevel("super_user"):
offset = 0
users = UM.findAll(offset, offset + 50)
userslist = []
for user in users:
userslist.append(user.dict(2))
userslist = {"users": userslist, "pagination_offset": offset, "max_perpage": 50}
return self._response(userslist, CODE.OK)
else:
raise Forbidden()
except mdb.DatabaseError, e:
raise ServerError("Unable to search the user database (%s: %s)" % (e.args[0], e.args[1]))
def _doPut(self, dataObject):
if "name" in dataObject or "email" in dataObject or "photo" in dataObject:
try:
UM = UserMapper()
if self.arg.isdigit():
# Get the user by ID
user = UM.find(self.arg)
else:
# Get the user by E-mail
user = UM.getUserByEmail(self.arg)
if user is not None:
if self.user.getId() is user.getId(
) or self.user.accessLevel("super_user"):
if "name" in dataObject:
user.setName(dataObject["name"])
if "email" in dataObject:
user.setEmail(dataObject["email"])
if "photo" in dataObject:
user.setPhoto(dataObject["photo"])
UserMapper.update(user)
return self._response(user.dict(), CODE.CREATED)
else:
raise Forbidden()
else:
raise NotFound("This user does not exist")
except mdb.DatabaseError, e:
raise ServerError("Unable to search the user database (%s)" %
e.args[1])