def deactivate_user(user_id):
"""
:Route: PUT /deactivate/<user_id>
:Description: Deactivates a user with id `user_id` without deleting user from database. A user with an activated account can log in. Otherwise account is rejected/suspended from use.
:param user_id: The unique ID of a specific user
:type user_id: int
:return: Success/error message
:Requires: Admin permissions
"""
# Check if user exists in collection
user = user_utils.get_user(user_id)
if user:
# Update status to inactive
user['account']['is_active'] = False
user['account']['time_updated'] = datetime.now().strftime(
'%Y-%m-%d %H:%M:%S')
# Update database entry
users_collection.replace_one({"account.id": str(user_id)}, user.copy())
return "Deactivated user with id " + str(user_id) + "!"
return "No such user with id " + str(user_id) + " found!"
def update_user(user_id):
"""
:Route: PUT /<user_id>?active=false&admin=true&password=str&first_name=Katrina&last_name=Wijaya&[email protected]
:Description: Updates user with id `user_id`. Updates any optional fields that are set as query parameters.
:param user_id: The int ID of a specific user
:type user_id: int
:param active: An optional query component/parameter to update whether or not a user is active. If true, user has an activated account that they can log in to, otherwise account will be rejected/suspended from use
:type active: boolean or None
:param admin: An optional query component/parameter to update whether or not a user has admin permissions. All admins have same permissions so maybe should create a super admin.
:type admin: boolean or None
:param password: An optional query component/parameter to update the password for a user. TODO: actually supporting passwords/salting/hashing.
:type password: str or None
:param first_name: An optional query component/parameter to update the user's first name. Does not modify full name stored in database.
:type first_name: str or None
:param last_name: An optional query component/parameter to update the user's last name. Does not modify full name stored in database.
:type last_name: str or None
:param email: An optional query component/parameter to update the user's email. TODO: email verification.
:type email: str or None
:return: JSON of updated user or an error message
:Requires: Admin permissions
"""
active = request.args.get('active')
admin = request.args.get('admin')
password = request.args.get('password')
first_name = request.args.get('first_name')
last_name = request.args.get('last_name')
email = request.args.get('email')
# Check if user already exists in collection
user = user_utils.get_user(user_id)
if user:
# Update access/update/login time (in UTC I think)
user['account']['time_updated'] = datetime.now().strftime(
'%Y-%m-%d %H:%M:%S')
# Update all fields as passed in via optional parameters
if active and active.lower() == "true":
user['account']['is_active'] = True
if active and active.lower() == "false":
user['account']['is_active'] = False
if admin and admin.lower() == "true":
user['account']['is_admin'] = True
if admin and admin.lower() == "false":
user['account']['is_admin'] = False
if password:
user['account'][
'password_hash'] = password # TODO: implement hashing/salting/do this better
if first_name: user['personal_info']['first_name'] = first_name
if last_name: user['personal_info']['last_name'] = last_name
if email: user['personal_info']['email'] = email
# Update database entry
users_collection.replace_one({"account.id": str(user_id)}, user.copy())
return jsonify(user_utils.get_user(user_id))
return "No such user with id " + str(user_id) + " found!"