def edit(id):
if not is_current_user_admin() and not is_current_user(id):
flask.abort(401)
user = find_one('users', _id=ObjectId(id))
if not user:
return NotFound(gettext('User not found'))
if flask.request.method == 'POST':
form = UserForm(user=user)
if form.validate_on_submit():
if form.email.data != user[
'email'] and not _is_email_address_valid(form.email.data):
return jsonify({'email':
['Email address is already in use']}), 400
updates = form.data
if form.company.data:
updates['company'] = ObjectId(form.company.data)
get_resource_service('users').patch(id=ObjectId(id),
updates=updates)
app.cache.delete(user.get('email'))
return jsonify({'success': True}), 200
return jsonify(form.errors), 400
return jsonify(user), 200
def edit(_id):
if not (is_current_user_admin()
or is_current_user_account_mgr()) and not is_current_user(_id):
flask.abort(401)
user = find_one('users', _id=ObjectId(_id))
if not user:
return NotFound(gettext('User not found'))
if flask.request.method == 'POST':
form = UserForm(user=user)
if form.validate_on_submit():
if form.email.data != user[
'email'] and not _is_email_address_valid(form.email.data):
return jsonify({'email':
['Email address is already in use']}), 400
updates = form.data
if form.company.data:
updates['company'] = ObjectId(form.company.data)
# account manager can do anything but promote themselves to admin
if is_current_user_account_mgr() and updates.get(
'user_type', '') != user.get('user_type', ''):
flask.abort(401)
if not (is_current_user_admin() or is_current_user_account_mgr())\
and not _user_allowed_field(updates, user):
flask.abort(401)
user = get_resource_service('users').patch(ObjectId(_id),
updates=updates)
app.cache.delete(user.get('email'))
app.cache.delete(_id)
return jsonify({'success': True}), 200
return jsonify(form.errors), 400
return jsonify(user), 200