def delete(self, user_id): """ Delete user """ user = get_user_by_id_or_abort(user_id) if user != g.user: abort(403, message="Not authorized to delete user") crud.delete(user) return '', 204
def get(self, user_id): """ Retrieve user """ user = get_user_by_id_or_abort(user_id) ret_fields = { 'id': fields.Integer, 'email': fields.String, 'display_name': fields.String } return marshal(user, ret_fields), 200
def put(self, user_id): """ Update a user """ parser = reqparse.RequestParser() parser.add_argument('email', type=str) parser.add_argument('display_name', type=str) args = parser.parse_args() user = get_user_by_id_or_abort(user_id) if user != g.user: abort(403, message="Not authorized to update user") user.email = args.email user.display_name = args.display_name crud.save() ret_fields = { 'id': fields.Integer, 'email': fields.String, 'display_name': fields.String } return marshal(user, ret_fields), 200