def manage_users():
r_method = request.json if request.method == 'POST' else request.args
if request.method == "GET":
return jsonify([User.serialize(x) for x in User.query.all()])
else:
user_id = r_method.get('user_id')
do_delete = 'do_delete' in r_method and bool(r_method.get('do_delete'))
do_update = 'do_update' in r_method and bool(r_method.get('do_update'))
user = User.query.filter_by(user_id=user_id).first()
all_admins = User.query.filter_by(is_admin=True).all()
if do_delete and not do_update:
if user.is_admin and len(all_admins) == 1:
# we can not allow deletion of the last admin account!
return jsonify({'did_succeed': False})
return jsonify({'did_succeed': remove_user(user)})
elif do_update:
new_email = r_method.get('new_email')
validated = bool(r_method.get('validated'))
is_admin = bool(r_method.get('is_admin'))
user.email = new_email
user.validated = validated
user.is_admin = is_admin
db.session.add(user)
db.session.commit()
keys = Apikey.query.filter_by(owner_id=user.user_id).all()
if len(keys) == 0 and user.validated:
create_apikey(user.user_id)
return jsonify({'did_succeed': True})
return jsonify({'did_succeed': False})
