def GET(request):
"""Get this User."""
# Make sure required parameters are there
try:
request.check_required_parameters(
path={
'userId': 'int'
}
)
except exceptions.ParameterError as e:
return Response(400, e.message)
# Instantiate a User and make sure they exist
user = User.from_primary_key((request.params_path['userId'],))
if not user.exists():
return Response(404, '{} not found.'.format(user))
# Return this User
return Response(
200,
'Successfully retrieved {}'.format(user),
user.to_JSON(),
)
def PUT(request):
"""Update this User's given name and/ or family name."""
# Make sure the required parameters are there
try:
request.check_required_parameters(
body={
'user': {
'givenName': 'string',
'familyName': 'string'
}
},
path={
'userId': 'int'
}
)
except exceptions.ParameterError as e:
return Response(400, e.message)
# Instantiate a User and make sure they exist
user = User.from_primary_key((request.params_path['userId'],))
if not user.exists():
return Response(404, '{} not found.'.format(user))
# Make sure this User is allowed to edit this User
if not user.google_id_has_at_least(request.google_id, 'OWN'):
return Response(403, 'Forbidden from editing {}.'.format(user))
# Update this User
user.given_name = request.params_body['user']['givenName']
user.family_name = request.params_body['user']['familyName']
user.update()
# Return this User
return Response(
200,
'Successfully updated {}.'.format(user),
user.to_JSON()
)
def DELETE(request):
"""Delete this user."""
# Make sure required parameters are there
try:
request.check_required_parameters(
path={
'userId': 'int'
}
)
except exceptions.ParameterError as e:
return Response(400, e.message)
# Instantiate a User and make sure they exist
user = User.from_primary_key((request.params_path['userId'],))
if not user.exists():
return Response(404, '{} not found'.format(user))
# Make sure this User is allowed to delete this User
if not user.google_id_has_at_least(request.google_id, 'OWN'):
return Response(403, 'Forbidden from deleting {}.'.format(user))
# Delete this User
user.delete()
# Return this User
return Response(
200,
'Successfully deleted {}'.format(user),
user.to_JSON()
)
def GET(request):
"""Get this User's Authorizations."""
# Make sure required parameters are there
try:
request.check_required_parameters(
path={
'userId': 'int'
}
)
except exceptions.ParameterError as e:
return Response(400, e.message)
# Instantiate a User and make sure they exist
user = User.from_primary_key((request.params_path['userId'],))
if not user.exists():
return Response(404, '{} not found.'.format(user))
# Make sure this requester is allowed to retrieve this User's Authorizations
if not user.google_id_has_at_least(request.google_id, 'OWN'):
return Response(403, 'Forbidden from retrieving Authorizations for {}.'.format(user))
# Return this User's Authorizations
authorizations = Authorization.query('user_id', request.params_path['userId'])
return Response(
200,
'Successfully retrieved Authorizations for {}.'.format(user),
[x.to_JSON() for x in authorizations]
)
def POST(request):
"""Add an authorization for a user's access to a simulation."""
# Make sure required parameters are there
try:
request.check_required_parameters(
path={
'userId': 'int',
'simulationId': 'int'
},
body={'authorization': {
'authorizationLevel': 'string'
}})
except exceptions.ParameterError as e:
return Response(400, e.message)
# Instantiate an Authorization
authorization = Authorization.from_JSON({
'userId':
request.params_path['userId'],
'simulationId':
request.params_path['simulationId'],
'authorizationLevel':
request.params_body['authorization']['authorizationLevel']
})
# Make sure the Simulation and User exist
user = User.from_primary_key((authorization.user_id, ))
if not user.exists():
return Response(404, '{} not found.'.format(user))
simulation = Simulation.from_primary_key((authorization.simulation_id, ))
if not simulation.exists():
return Response(404, '{} not found.'.format(simulation))
# Make sure this User is allowed to add this Authorization
if not simulation.google_id_has_at_least(request.google_id, 'OWN'):
return Response(403,
'Forbidden from creating {}.'.format(authorization))
# Make sure this Authorization does not already exist
if authorization.exists():
return Response(409, '{} already exists.'.format(authorization))
# Try to insert this Authorization into the database
try:
authorization.insert()
except exceptions.ForeignKeyError:
return Response(400, 'Invalid authorizationLevel')
# Return this Authorization
return Response(200, 'Successfully added {}'.format(authorization),
authorization.to_JSON())