def get_search_results(id, page): page = int(page) requester = get_requesting_user() if requester is None: response = base_routes.make_not_authorized_response() elif not is_integer(id): response = base_routes.make_bad_request_response() else: search = store.session.query(Search).filter_by(id=id).first() if search is None: response = base_routes.make_not_found_response() else: if search.has_admin_rights(requester): matching_searches = search_utils.find_matching_searches(search, page) serialized = [ search.serialize( requester, exclude=[], ) for search in matching_searches ] response_data = {'data': serialized} response = jsonify(response_data) else: response = base_routes.make_forbidden_response() return response
def get_search_results(id, page): page = int(page) requester = get_requesting_user() if requester is None: response = base_routes.make_not_authorized_response() elif not is_integer(id): response = base_routes.make_bad_request_response() else: search = store.session.query(Search).filter_by(id=id).first() if search is None: response = base_routes.make_not_found_response() else: if search.has_admin_rights(requester): matching_searches = search_utils.find_matching_searches( search, page) serialized = [ search.serialize( requester, exclude=[], ) for search in matching_searches ] response_data = {'data': serialized} response = jsonify(response_data) else: response = base_routes.make_forbidden_response() return response
def request_reset_password(email): user = store.session.query(User).filter_by(email=email).first() if user is None: response = base_routes.make_not_found_response() else: error_message = mail_actions.request_password_reset(user) if error_message: response = base_routes.make_server_error_response(error_message) else: response = base_routes.make_OK_response() return response
def request_reset_password(email): user = store.session.query(User).filter_by(email=email, active=True).first() if user is None: response = base_routes.make_not_found_response() else: error_message = mail_actions.request_password_reset(user) if error_message: response = base_routes.make_server_error_response( error_message) else: response = base_routes.make_OK_response() return response
def userbyemail(email): requester = get_requesting_user() if requester is None: response = base_routes.make_not_authorized_response() elif requester.email != email: response = base_routes.make_forbidden_response() else: users = store.session.query(User).filter(User.email == email, User.active == True).all() if len(users) > 1: logger.error('More than one active user with the same email - {}'.format(email)) user = users[0] elif len(users) == 0: user = None else: user = users[0] if user is None: response = base_routes.make_not_found_response() else: response = base_routes.make_single_response(requester, user) return response
def userbyemail(email): requester = get_requesting_user() if requester is None: response = base_routes.make_not_authorized_response() elif requester.email != email: response = base_routes.make_forbidden_response() else: users = store.session.query(User).filter( User.email == email, User.active == True).all() if len(users) > 1: logger.error( 'More than one active user with the same email - {}'. format(email)) user = users[0] elif len(users) == 0: user = None else: user = users[0] if user is None: response = base_routes.make_not_found_response() else: response = base_routes.make_single_response(requester, user) return response
def endpoint(requester: User, user_id: int) -> Response: """ User Endpoint http:get:: /rest/users/<user_id:int> **Example request**: .. sourcecode:: http GET /rest/users/42?field=name&field=bio HTTP/1.1 Host: app.communityshare.us Accept: application/json Authorization: Basic:username:password **Example response**: .. sourcecode:: http HTTP/1.1 200 OK Content-Type: application/json { "user": { "id": 23, "name": "Bob Smith", "bio": "On the weekends I polish copper mines." }, "links": [ { "rel": "self", "href": "https://app.communityshare.us/rest/users/42" } } :query int user_id: id of user to fetch :query list string field: additional fields to return, always returns user id, default returns all fields :statuscode 200: user successfully fetched :statuscode 400: invalid arguments passed in :statuscode 401: needs authentication """ user_id = int_or(user_id, None) fields = request.args.getlist('field') fields = fields if fields else None user = serialize(requester, get_user(user_id), fields=fields) # if the requester is not authorized # to see a user, it should be opaque # whether or not the user even exists # in this case, we return a "not found" # for both cases if user is None: return make_not_found_response() return jsonify( {'user': { **user, 'links': [{ 'rel': 'self', 'href': request.url, }] }})