def manage_users(): r_method = request.json if request.method == 'POST' else request.args if request.method == "GET": return jsonify([User.serialize(x) for x in User.query.all()]) else: user_id = r_method.get('user_id') do_delete = 'do_delete' in r_method and bool(r_method.get('do_delete')) do_update = 'do_update' in r_method and bool(r_method.get('do_update')) user = User.query.filter_by(user_id=user_id).first() all_admins = User.query.filter_by(is_admin=True).all() if do_delete and not do_update: if user.is_admin and len(all_admins) == 1: # we can not allow deletion of the last admin account! return jsonify({'did_succeed': False}) return jsonify({'did_succeed': remove_user(user)}) elif do_update: new_email = r_method.get('new_email') validated = bool(r_method.get('validated')) is_admin = bool(r_method.get('is_admin')) user.email = new_email user.validated = validated user.is_admin = is_admin db.session.add(user) db.session.commit() keys = Apikey.query.filter_by(owner_id=user.user_id).all() if len(keys) == 0 and user.validated: create_apikey(user.user_id) return jsonify({'did_succeed': True}) return jsonify({'did_succeed': False})