def edit(id): if not is_current_user_admin() and not is_current_user(id): flask.abort(401) user = find_one('users', _id=ObjectId(id)) if not user: return NotFound(gettext('User not found')) if flask.request.method == 'POST': form = UserForm(user=user) if form.validate_on_submit(): if form.email.data != user[ 'email'] and not _is_email_address_valid(form.email.data): return jsonify({'email': ['Email address is already in use']}), 400 updates = form.data if form.company.data: updates['company'] = ObjectId(form.company.data) get_resource_service('users').patch(id=ObjectId(id), updates=updates) app.cache.delete(user.get('email')) return jsonify({'success': True}), 200 return jsonify(form.errors), 400 return jsonify(user), 200
def edit(_id): if not (is_current_user_admin() or is_current_user_account_mgr()) and not is_current_user(_id): flask.abort(401) user = find_one('users', _id=ObjectId(_id)) if not user: return NotFound(gettext('User not found')) if flask.request.method == 'POST': form = UserForm(user=user) if form.validate_on_submit(): if form.email.data != user[ 'email'] and not _is_email_address_valid(form.email.data): return jsonify({'email': ['Email address is already in use']}), 400 updates = form.data if form.company.data: updates['company'] = ObjectId(form.company.data) # account manager can do anything but promote themselves to admin if is_current_user_account_mgr() and updates.get( 'user_type', '') != user.get('user_type', ''): flask.abort(401) if not (is_current_user_admin() or is_current_user_account_mgr())\ and not _user_allowed_field(updates, user): flask.abort(401) user = get_resource_service('users').patch(ObjectId(_id), updates=updates) app.cache.delete(user.get('email')) app.cache.delete(_id) return jsonify({'success': True}), 200 return jsonify(form.errors), 400 return jsonify(user), 200