def home(): """ Displays information about the current user """ user = current_user._get_current_object() # generate count of meetings with each meeting member friends = dict() for meeting in user.meetings: for member in meeting.members: if member == current_user._get_current_object(): pass elif member.name in friends: friends[member.name] = friends[member.name] + 1 else: friends[member.name] = 1 # determine best friends winners = sorted(friends, key=friends.get, reverse=True) best_friends = dict() for i in range(0, 3): best_friends[i] = winners[i], friends[winners[i]] return jsonify({'Best Friends': best_friends, 'Meeting Count': user.meeting_count})
def connect_handler(cv, provider): """Shared method to handle the connection process :param connection_values: A dictionary containing the connection values :param provider_id: The provider ID the connection shoudl be made to """ cv.setdefault('user_id', current_user.get_id()) connection = _datastore.find_connection( provider_id=cv['provider_id'], provider_user_id=cv['provider_user_id']) if connection is None: after_this_request(_commit) connection = _datastore.create_connection(**cv) msg = ('Connection established to %s' % provider.name, 'success') connection_created.send(current_app._get_current_object(), user=current_user._get_current_object(), connection=connection) else: msg = ('A connection is already established with %s ' 'to your account' % provider.name, 'notice') connection_failed.send(current_app._get_current_object(), user=current_user._get_current_object()) next_url = request.form.get('next', get_post_login_redirect()) redirect_url = (next_url or session.pop( config_value('POST_OAUTH_CONNECT_SESSION_KEY'), get_url(config_value('CONNECT_ALLOW_VIEW')))) do_flash(*msg) return redirect(redirect_url)
def connect_handler(cv, provider): """Shared method to handle the connection process :param connection_values: A dictionary containing the connection values :param provider_id: The provider ID the connection shoudl be made to """ cv.setdefault('user_id', current_user.get_id()) connection = _datastore.find_connection( provider_id=cv['provider_id'], provider_user_id=cv['provider_user_id']) if connection is None: after_this_request(_commit) connection = _datastore.create_connection(**cv) msg = ('Connection established to %s' % provider.name, 'success') connection_created.send(current_app._get_current_object(), user=current_user._get_current_object(), connection=connection) else: msg = ('A connection is already established with %s ' 'to your account' % provider.name, 'notice') connection_failed.send(current_app._get_current_object(), user=current_user._get_current_object()) redirect_url = session.pop(config_value('POST_OAUTH_CONNECT_SESSION_KEY'), get_url(config_value('CONNECT_ALLOW_VIEW'))) do_flash(*msg) return redirect(redirect_url)
def write_activity_on_discuss(discussion, **kwargs): if current_user.is_authenticated: if isinstance(discussion.subject, Dataset): write_activity.delay( UserDiscussedDataset, current_user._get_current_object(), discussion.subject) elif isinstance(discussion.subject, Reuse): write_activity.delay( UserDiscussedReuse, current_user._get_current_object(), discussion.subject)
def persionalInfo(): form = ChangeImage() username, src = isCurrentUser() print(src) if form.validate_on_submit(): #获取文件名 index = src.rfind('/') old_filename = src[index + 1:] #当我们不知道当前路径真正的位置我们可以打印 # print(os.getcwd()) #如果不是初次上传头像先删掉又来头像,find 找不到返回-1,并不是0 print(src.find('avatar')) if not src.find('avatar'): os.remove(r'static/img/avatar/' + old_filename) email = current_user._get_current_object().email file = form.browse.data #头像缩放 # im = Image.open(file) # size = (60, 60) # im.thumbnail(size) #头像名字 filenameTemp = secure_filename(file.filename) #.从右侧出现的第一次位置,没有返回-1。这样做是为了获取头像格式 index = filenameTemp.rfind('.') imgStyle = filenameTemp[index:] #去掉邮箱名的.,并加上时间戳,并变成秒,保证头像名字的唯一性 filename = email.replace('.', '') + str(int( time.time() * 1000)) + imgStyle icon.save(file, name=filename) # im.save(os.path.join(community_blue.static_folder, filename)) # 这是为模板文件提供的路径 src = r'../../../static/img/avatar/' + filename current_user._get_current_object().path = src db.session.query(User).filter(User.email == email).update( {User.path: src}) db.session.commit() return render_template('personalInfo.html', form=form, username=username, src=src) return render_template('personalInfo.html', form=form, username=username, src=src)
def test_expired_token(self, client, registrations, confirmations, outbox, templates): import time user = self.register() assert len(registrations) == 1 # Sleep for 1 sec to get the expired token time.sleep(1) confirm_token = registrations[0]['confirm_token'] r = client.get(url_for('security.confirm_email', token=confirm_token)) assert r.status_code == 302 # TODO: frontend path is not exists yet assert r.path == url_for('frontend.resend_confirmation_email') #assert len(confirmations) == 0 assert len(outbox) == len(templates) == 2 assert templates[0].template.name == 'security/email/welcome.html' assert templates[ 1].template.name == 'security/email/confirmation_instructions.html' assert templates[1].context.get('confirmation_link') assert not user.active assert not user.confirmed_at assert isinstance(current_user._get_current_object(), AnonymousUser)
def generate_event_selection_form(*args, **kwargs): # restrict choices to events they have permission to access if current_user.is_anonymous: choices = [] else: user = current_user._get_current_object() if user.is_admin(): query = Event.query.filter_by(deployment_id=user.deployment_id) else: perm_cache = services.users.get_permissions_cache(user) allowed_event_ids = [ n.value for n in perm_cache if n.method == 'access_resource' and n.type == 'event' ] query = Event.query.filter( Event.resource_id.in_(allowed_event_ids), Event.deployment_id == user.deployment_id) choices = [(e.id, e.name) for e in query.with_entities( Event.id, Event.name).order_by(Event.start.desc())] class EventSelectionForm(FlaskForm): event = SelectField(_('Choose Event'), choices=choices, coerce=int, default=g.event.id, validators=[validators.input_required()]) return EventSelectionForm(*args, **kwargs)
def get_group_by_id(group_id, form=None): if request.method == 'POST': return group_filter_form(request.form) # validate the given id if len(group_id) != 24 or not all(c in string.hexdigits for c in group_id): flash('error Invalid Group ID') return redirect(request.args.get('next') or url_for('groups.home')) try: user = current_user._get_current_object() group = Group.objects.get(id=group_id) if user not in group.members: flash('error You Are Not A Member Of This Group.') return redirect(request.args.get('next') or url_for('groups.home')) emails = [] for u in group.members: if u.email != user.email: emails.append(u.email) emails = " ".join(emails) form = MeetingCreateForm() return render_template('group/group.html', group=group, stats=group_stats(group_id), emails=emails, form=form) except Exception as e: flash('error An Error Occured. {}'.format(str(e))) return redirect(request.args.get('next') or url_for('groups.home'))
def search_groups(query): """ Displays the Groups that match the query on the Group Dashboard """ if request.method == 'POST': return filter_form(request.form) groups = current_user._get_current_object().groups search = query.split(" ") # search is too expensive if len(search) > 20: flash('error Could not Fulfill Search Request.') return redirect(request.args.get('next') or url_for('groups.home')) # get the list of users to search for users = list(filter(lambda x: "@" in x, search)) # get the other search criteria search = list(filter(lambda x: "@" not in x, search)) # filter the groups by user for u in users: try: user = User.objects.get(email=u[1:]) groups = list(filter(lambda x: user in x.members, groups)) except Exception as e: return render_template('group/dashboard.html', groups=[]) # filter the meetings by name for c in search: groups = list(filter(lambda x: c.lower() in x.name.lower(), groups)) # reset the page and only show the matched groups return render_template('group/dashboard.html', groups=groups)
def delete_group(form=None): """ Deletes an Existing Group """ if form is None: flash('error Invalid Request to Delete Group.') return redirect(request.args.get('next') or url_for('groups.home')) delete_form = GroupDeleteForm(form) if not delete_form.validate(): flash('error Could not Delete Group, Please Try Again.') return redirect(request.args.get('next') or url_for('groups.home')) try: user = current_user._get_current_object() group = Group.objects.get(id=delete_form.group_id.data) members = group.members admins = group.admins meetings = group.meetings # validate that the user is an admin for the group if user not in admins: flash('error You do not have permission to delete this group.') return redirect(request.args.get('next') or url_for('groups.home')) # remove the group from each member's list of groups for member in members: if group in member.groups: member.groups.remove(group) member.save() # remove the group from each admin's list of groups for admin in admins: if group in admin.groups: admin.groups.remove(group) admin.save() # delete all meetings associated with group for meeting in meetings: # remove meeting from all member's list of meetings for member in members: member.meetings.remove(meeting) member.save() # remove meeting from each admin's list of meetings for admin in admins: admin.meetings.remove(meeting) admin.save() # now delete the entire meeting from the database meeting.delete() group.delete() flash('success Group Successfully Deleted') except Exception as e: flash('error An Error has Occured, Please Try Again.' '{}'.format(str(e))) return redirect(request.args.get('next') or url_for('groups.home'))
def post_detail(category_slug, post_slug): category = Category.query.filter( Category.category_slug == category_slug).first_or_404() post = Post.query.filter(Post.post_slug == post_slug).first_or_404() tags = post.tags images = PostImage.query.filter(PostImage.post_id == post.id) categories = Category.query.all() form = CommentForm() if request.method == "POST": body = request.form["body"] author = current_user._get_current_object() post_id = post.id comment = Comment(body=body, author=author, post_id=post_id) db.session.add(comment) db.session.commit() flash("Your comment has been published.") return redirect( url_for("post_detail", category_slug=category.category_slug, post_slug=post.post_slug)) return render_template("post_detail.html", category=category, post=post, tags=tags, images=images, categories=categories)
def create_shop(): user = current_user._get_current_object() if current_user.has_role('Shop'): return url_for('api.get_shop') if user.shop_status == u"审核中": return jsonify({"code": 202, "message": u"审核中,请稍等"}) shop_name = request.json.get("shop_name") shop_type = request.json.get("shop_type") link_man = request.json.get("link_man") phone_number = request.json.get("phone_number") country = request.json.get("country") state = request.json.get("state") city = request.json.get("city") address = request.json.get("address") # if phone_number.isdigit() is not True: # return jsonify( # { # "code": 406, # "message":u"请输入正确手机号" # } # ) user.shop_status = u"审核中" shop = Shop_Info(user, shop_name, shop_type, link_man, phone_number, country, state, city, address) user.save() shop.save() dict = shop.to_dict(depth=1) return jsonify({"code": 202, "message": u"等待审核", "data": dict})
def gitlab_token_identity(token): # TODO: having to do another GET to grab the user info # is subpar, but the returned JWT lacks the user's email # # It seems like validating the JWT token is not # currently working as the GitLab JWKs endpoint is unstable # See https://gitlab.com/gitlab-com/support-forum/issues/3666 client = gitlab.Gitlab("http://gitlab.com", oauth_token=token["access_token"]) client.auth() if client.user.state != "active": raise OAuthError("This account is not active.") token_user_email = users.get_user(client.user.email) token_user_username = users.get_user(client.user.username) if ( token_user_email and token_user_username and token_user_email != token_user_username ): raise OAuthError( "This identity is already claimed by another user, please login." ) else: token_user = token_user_email or token_user_username identity = None try: identity = ( db.session.query(OAuth) .options(joinedload(OAuth.user)) .filter_by(provider_id="gitlab", provider_user_id=client.user.id) .one() ) except NoResultFound: identity = OAuth.from_token("gitlab", client.user.id, token) if current_user.is_authenticated and not isinstance( current_user._get_current_object(), FreeUser ): # map the identity to the current_user identity.user = current_user db.session.add(identity) elif not token_user: # no user has claimed this email yet # reserve it token_user = users.create_user( username=client.user.username, email=client.user.email ) identity.user = token_user db.session.add(identity) elif identity.user == token_user: # we have a match, a user with this email and identity # TODO: update the identity if need be pass else: raise OAuthError("This identity is already claimed by another user.") return identity
def on_user_updated_organization(organization): if current_user and current_user.is_authenticated: user = current_user._get_current_object() write_activity.delay(UserUpdatedOrganization, user, organization, organization=organization)
def communityKouqiang(page=1): username,src = isCurrentUser() opera_class_name = '口腔科' notes, wai_notes = getNotes(page, opera_class_name) note_form = PostNote() note_form.opera_class.choices = queryClass() # 发帖 if note_form.validate_on_submit(): # 说明已经登陆 if username: title = note_form.title.data note_class = note_form.opera_class.data # 得到的是OperationClass中的id note_text = note_form.text_area.data note_time = datetime.datetime.now() note = Note(title=title, text=note_text, time=note_time) note.user_id = current_user._get_current_object().id note.class_id = note_class db.session.add(note) db.session.commit() return redirect(url_for('communityBlueName.communityKouqiang')) else: return redirect(url_for('userBlue.login')) return render_template('communityOption.html', username=username, src=src, notes=notes, pagination=wai_notes, endpoint="communityBlueName.communityKouqiang", note_form=note_form)
def post(self, dataset): '''Upload a new community resource''' infos = self.handle_upload(dataset) infos['owner'] = current_user._get_current_object() infos['dataset'] = dataset community_resource = CommunityResource.objects.create(**infos) return community_resource, 201
def post(self, dataset): '''Upload a new community resource''' args = upload_parser.parse_args() infos = self.extract_infos_from_args(args, dataset) infos['owner'] = current_user._get_current_object() community_resource = CommunityResource.objects.create(**infos) return community_resource, 201
def participant_list_import(participant_set_id=0): if participant_set_id: participant_set = ParticipantSet.query.get_or_404(participant_set_id) else: participant_set = g.event.participant_set or abort(404) form = forms.ParticipantFileUploadForm(request.form) if not form.validate(): return abort(400) else: # get the actual object from the proxy user = current_user._get_current_object() upload_file = utils.strip_bom_header(request.files['spreadsheet']) filename = uploads.save(upload_file) upload = services.user_uploads.create(deployment_id=g.deployment.id, upload_filename=filename, user_id=user.id) if participant_set_id: return redirect( url_for('participantset.participants_headers', participant_set_id=participant_set.id, upload_id=upload.id)) else: return redirect( url_for('participants.participant_headers', upload_id=upload.id))
def survey_init(): flash_message = '' flash_category = '' form = make_survey_init_form(g.event) if form.validate_on_submit(): flash_category = 'info' flash_message = _('Surveys are being created for the Event, Form ' 'and Participants you selected') user = current_user._get_current_object() upload_file = strip_bom_header(request.files['import_file']) filename = uploads.save(upload_file) upload = UserUpload(deployment_id=g.deployment.id, upload_filename=filename, user_id=user.id) upload.save() task_kwargs = { 'event_id': form.data['event'], 'form_id': form.data['form'], 'upload_id': upload.id } init_survey_submissions.apply_async(kwargs=task_kwargs) else: flash_category = 'danger' flash_message = _('Surveys were not created') flash(str(flash_message), flash_category) return redirect(url_for('formsview.index'))
def remove_connection(provider_id, provider_user_id): """Remove a specific connection for the authenticated user to the specified provider """ provider = get_provider_or_404(provider_id) ctx = dict(provider=provider.name, user=current_user, provider_user_id=provider_user_id) deleted = _datastore.delete_connection(user_id=current_user.get_id(), provider_id=provider_id, provider_user_id=provider_user_id) if deleted: after_this_request(_commit) msg = ('Connection to %(provider)s removed' % ctx, 'info') connection_removed.send(current_app._get_current_object(), user=current_user._get_current_object(), provider_id=provider_id) else: msg = ('Unabled to remove connection to %(provider)s' % ctx, 'error') do_flash(*msg) return redirect(request.referrer or get_post_login_redirect())
def get_user(): usr = current_user._get_current_object() return json.dumps({ 'name': usr.name, 'email': usr.email, 'id': str(usr.id) })
def on_identity_loaded(sender, identity): if current_user.is_authenticated: user = current_user._get_current_object() needs = services.users.get_permissions_cache(user) for need in needs: identity.provides.add(need)
def me(self): """ Return current user object. :return: user """ return current_user._get_current_object()
def home(): """ Displays All of the Current User's Groups on the Group Dashboard """ if request.method == 'POST': return filter_form(request.form) user = current_user._get_current_object() return render_template('group/dashboard.html', groups=user.groups)
def test_valid_submit(self, user, api_client, password_resets, outbox, templates): send_reset_password_instructions(user) token = password_resets[0]['token'] r = api_client.post(url_for('security.reset_password', token=token), data=dict(newPassword='******', confirmNewPassword='******')) assert r.status_code == 200 # user should be logged in assert 'user' in r.json assert 'token' in r.json assert current_user == user assert len(outbox) == len(templates) == 2 # first email is for the valid reset request assert templates[ 0].template.name == 'security/email/reset_instructions.html' assert templates[0].context.get('reset_link') # second email is to notify of the changed password assert templates[1].template.name == 'security/email/reset_notice.html' # make sure the password got updated in the database api_client.logout() assert isinstance(current_user._get_current_object(), AnonymousUser) api_client.login_with_creds(user.email, 'new password') assert current_user == user
def get(self): '''List all issues related to my organizations.''' q = filter_parser.parse_args().get('q') issues = issues_for(current_user._get_current_object()) issues = issues.order_by('-created') if q: issues = issues.filter(title__icontains=q) return list(issues)
def write_activity_on_follow(follow, **kwargs): if current_user.is_authenticated: if isinstance(follow.following, Dataset): write_activity.delay( UserFollowedDataset, current_user._get_current_object(), follow.following) elif isinstance(follow.following, Reuse): write_activity.delay( UserFollowedReuse, current_user._get_current_object(), follow.following) elif isinstance(follow.following, Organization): write_activity.delay( UserFollowedOrganization, current_user._get_current_object(), follow.following) elif isinstance(follow.following, User): write_activity.delay( UserFollowedUser, current_user._get_current_object(), follow.following)
def get(self): '''List all discussions related to my organizations.''' q = filter_parser.parse_args().get('q') discussions = discussions_for(current_user._get_current_object()) discussions = discussions.order_by('-created') if q: decoded = q discussions = discussions.filter(title__icontains=decoded) return list(discussions)
def locations_headers(view, location_set_id, upload_id): user = current_user._get_current_object() location_set = LocationSet.query.filter( LocationSet.id == location_set_id).first_or_404() # disallow processing other users' files upload = UserUpload.query.filter( UserUpload.id == upload_id, UserUpload.user == user).first_or_404() filepath = uploads.path(upload.upload_filename) try: with open(filepath, 'rb') as source_file: mapping_form_class = forms.make_import_mapping_form( source_file, location_set) except Exception: # log exception (if Sentry is enabled) sentry.captureException() # delete loaded file os.remove(filepath) upload.delete() return abort(400) template_name = 'admin/location_headers.html' if request.method == 'GET': form = mapping_form_class() return view.render(template_name, form=form) else: form = mapping_form_class() if not form.validate(): error_msgs = [] for key in form.errors: for msg in form.errors[key]: error_msgs.append(msg) return view.render( 'admin/location_headers_errors.html', error_msgs=error_msgs), 400 else: if 'X-Validate' not in request.headers: # get header mappings data = { field.data: field.label.text for field in form if field.data } # invoke task asynchronously kwargs = { 'upload_id': upload.id, 'mappings': data, 'location_set_id': location_set_id, 'channel': session.get('_id') } tasks.import_locations.apply_async(kwargs=kwargs) return redirect(url_for('locationset.locations_list', location_set_id=location_set_id))
def delete(self, user): '''Delete a user given its identifier''' if user.deleted: api.abort(410, 'User has already been deleted') if user == current_user._get_current_object(): api.abort(403, 'You cannot delete yourself with this API. ' + 'Use the "me" API instead.') user.mark_as_deleted() return '', 204
def test_create_confirmable(self, api_client, outbox, templates): r = api_client.post(url_for('api.users_resource'), data=NEW_USER_DATA) assert r.status_code == 201, r.json assert 'user' in r.json assert 'token' not in r.json assert isinstance(current_user._get_current_object(), AnonymousUser) assert len(outbox) == 1 assert templates[0].template.name == 'security/email/welcome.html' assert templates[0].context.get('confirmation_link')
def post_read(): usr = current_user._get_current_object() add_fields = list() if isinstance(usr, AnonymousUser): c = post.get() else: c = post.get(filter_inactive=False) add_fields.extend(['draft']) return json_response([i.serialize(add_fields=add_fields) for i in c], 200)
def put(self, community): '''Update a given community resource''' ResourceEditPermission(community).test() form = api.validate(CommunityResourceForm, community) form.populate_obj(community) if not community.organization and not community.owner: community.owner = current_user._get_current_object() community.modified = datetime.now() community.save() return community
def post_read_instance_by_id(post_id): usr = current_user._get_current_object() add_fields = list() if not isinstance(usr, AnonymousUser): add_fields.extend(['draft']) p = post.get_by_id(post_id) if not p: return abort(404) return json_response(p.serialize(add_fields=add_fields), 200)
def post_update_by_id(post_id): usr = current_user._get_current_object() data = request.json pid = data.get('id', None) if pid is None or pid != post_id: return abort(400) p = post.get_by_id(pid) if not p: msg = 'Unknown post id: %s' % pid raise ObjectNotFoundError(msg) return update(usr, p, data)
def post(self): '''Create a new community resource''' form = api.validate(CommunityResourceForm) resource = CommunityResource() form.populate_obj(resource) if not resource.dataset: api.abort(400, errors={ 'dataset': 'A dataset identifier is required' }) if not resource.organization: resource.owner = current_user._get_current_object() resource.modified = datetime.now() resource.save() return resource, 201
def post_update_by_slug(post_slug): usr = current_user._get_current_object() data = request.json slug = data.get('id', None) if slug != post_slug: abort(400) p = post.get_by_slug(post_slug) if not p: msg = 'Unknown post slug: %s' % slug raise ObjectNotFoundError(msg) pid = data.get('id', None) if pid and p.id != pid: return abort(400) return update(usr, p, data)
def post_create(): usr = current_user._get_current_object() data = request.json subtitle = data.get('subtitle', None) format = data.get('format', 'txt') domain = data.get('domain', app.config.get('DEFAULT_CONTENT_DOMAIN')) tags = data.get('tags', None) tags = [t.strip() for t in tags.split(',')] if tags else None p = post.create(usr, data.get('slug'), data.get('title'), data.get('content'), format, subtitle=subtitle, domain=domain, tags=tags) return json_response(p.serialize(), 201)
def post(self, id): '''Add comment and optionally close a discussion given its ID''' discussion = Discussion.objects.get_or_404(id=id) form = api.validate(DiscussionCommentForm) message = Message( content=form.comment.data, posted_by=current_user.id ) discussion.discussion.append(message) close = form.close.data if close: CloseDiscussionPermission(discussion).test() discussion.closed_by = current_user._get_current_object() discussion.closed = datetime.now() discussion.save() if close: on_discussion_closed.send(discussion, message=message) else: on_new_discussion_comment.send(discussion, message=message) return discussion
def post(self, id): '''Add comment and optionally close an issue given its ID''' issue = Issue.objects.get_or_404(id=id) form = api.validate(IssueCommentForm) message = Message( content=form.comment.data, posted_by=current_user.id ) issue.discussion.append(message) close = form.close.data if close: CloseIssuePermission(issue).test() issue.closed_by = current_user._get_current_object() issue.closed = datetime.now() issue.save() if close: on_issue_closed.send(issue, message=message) else: on_new_issue_comment.send(issue, message=message) return issue
def remove_all_connections(provider_id): """Remove all connections for the authenticated user to the specified provider """ provider = get_provider_or_404(provider_id) ctx = dict(provider=provider.name, user=current_user) deleted = _datastore.delete_connections(user_id=current_user.get_id(), provider_id=provider_id) if deleted: after_this_request(_commit) msg = ('All connections to %s removed' % provider.name, 'info') connection_removed.send(current_app._get_current_object(), user=current_user._get_current_object(), provider_id=provider_id) else: msg = ('Unable to remove connection to %(provider)s' % ctx, 'error') do_flash(*msg) return redirect(request.referrer)
def delete(self, **kwargs): '''Delete my profile''' user = current_user._get_current_object() user.mark_as_deleted() logout_user() return '', 204
def on_user_updated_organization(organization): if current_user and current_user.is_authenticated: user = current_user._get_current_object() write_activity.delay( UserUpdatedOrganization, user, organization, organization=organization)
def is_own(self): if current_user.is_authenticated(): return self.user == current_user._get_current_object() return False #updated_at = db.Column(db.DateTime, onupdate=datetime.datetime.now)
def get(self): '''Fetch the current user (me) identity''' return current_user._get_current_object()
def get(self): '''Fetch the current user (me) metrics''' return current_user._get_current_object()
def post(self, dataset): '''Upload a new community resource''' infos = self.handle_upload(dataset) infos['owner'] = current_user._get_current_object() community_resource = CommunityResource.objects.create(**infos) return community_resource, 201
def put(self, **kwargs): '''Update my profile''' user = current_user._get_current_object() form = api.validate(UserProfileForm, user) return form.save()