def get(self, user_id: str):
"""
GET /user/<user_id>
Returns a User if found
"""
user = UserService.get_by_public_id(user_id)
if user is None:
return self.format_failure(404, "User not found")
return self.format_success(200, {"user": user.dictionary})
def delete(self, user_id: str):
"""
DELETE /user/<user_id>
Deletes a User
"""
user = UserService.get_by_public_id(user_id)
if user is None:
return self.format_failure(404, "User not found")
user.delete()
return self.format_success(204)
def wrapper(*args, **kwargs):
user_id = kwargs.get("user_id")
user = UserService.get_by_public_id(user_id)
jwt = kwargs.get("jwt")
if user is None:
return Resource.format_failure(404, "User not found")
# Admin has superuser rights
if user.role == UserRoles.ADMIN:
return wrapped_func(*args, **kwargs, user=user)
# TribeAdmin has superuser rights over their tribe
# TODO: Tribeadmin edit logic
if jwt.get("user_id") != user.id:
return Resource.format_failure(
401, "You are not authorized to perform this action")
return wrapped_func(*args, **kwargs, user=user)