def api_user_post(auth_user=None, api_core=None, request=None):
u"""Add a user."""
data = get_request_data(request, qs_only_first_value=True)
user = User(first_name=data[u'first_name'], last_name=data[u'last_name'], mail=data[u'mail'],
secret=data[u'secret'], admin_platform=data[u'admin_platform'])
api_core.save_user(user, hash_secret=True)
delattr(user, u'secret') # do not send back user's secret
return ok_200(user, include_properties=True)
def api_user_id_patch(id=None, auth_user=None, api_core=None, request=None):
u"""
Update an user.
User's admin_platform attribute can only be modified by root or any authenticated user with admin_platform attribute
set.
"""
user = api_core.get_user(spec={u'_id': id})
data = get_request_data(request, qs_only_first_value=True)
if not user:
raise IndexError(to_bytes(u'No user with id {0}.'.format(id)))
old_name = user.name
if u'first_name' in data:
user.first_name = data[u'first_name']
if u'last_name' in data:
user.last_name = data[u'last_name']
if u'mail' in data:
user.mail = data[u'mail']
if u'secret' in data:
user.secret = data[u'secret']
if auth_user.admin_platform and u'admin_platform' in data:
user.admin_platform = data[u'admin_platform']
api_core.save_user(user, hash_secret=True)
return ok_200(u'The user "{0}" has been updated.'.format(old_name), include_properties=False)