def update_user(self, id):
# get the user you want tot udate
user = User.query.filter_by(user_public_id=id).first()
# Check if not the user
if not user:
return http_error("No User Found!", 404)
# Check if the authenticated user
# is actually the owner of the resource or is_admin
if user == auth().get('user') or auth().get('user').is_admin:
# Decode the request data
data = request.data.decode('utf-8')
# Check if the first_name is in data
if 'first_name' in data and request.json['first_name'] != None:
user.first_name = request.json['first_name']
# Check if the last_name is in data
if 'last_name' in data and request.json['last_name'] != None:
user.last_name = request.json['last_name']
# Check if the username is in data
if 'username' in data and request.json['username'] != None and len(
request.json['username']) >= 6:
user.username = request.json['username']
# Then commit the session
db.session.commit()
# Return Json Response to the client
return self.user_schema.jsonify(user)
else:
return http_error("You are Not Permited to access this resource!",
403)
def delete_user(self, id):
user = User.query.filter_by(user_public_id=id).first()
# Check if the authenticated user
# is actually the owner of the resource or is_admin
if user == auth().get('user') or auth().get('user').is_admin:
db.session.delete(user)
db.session.commit()
return self.user_schema.jsonify(user), 204
else:
return http_error("You are Not Permited to access this resource!",
403)
def get_user(self, id):
user = User.query.filter_by(user_public_id=id).first()
# Check if not the user
if not user:
return http_error("No User Found!", 404)
# Check if the authenticated user
# is actually the owner of the resource or is_admin
if user == auth().get('user') or auth().get('user').is_admin:
user_result = self.user_schema.dump(user)
return jsonify(user_result)
else:
return http_error("You are Not Permited to access this resource!",
403)
def get_profile(self):
# Check if the authenticated user
# is actually the owner of the resource
user = auth().get('user')
profile_result = self.profile_schema.dump({
"name":
user.profile.name,
"profile_picture_url":
user.profile.profile_picture_url,
"profile_created_at":
user.profile.profile_created_at,
"profile_public_id":
user.profile.profile_public_id,
"profile_updated_at":
user.profile.profile_updated_at,
"email":
user.email,
"username":
user.username,
"is_admin":
user.is_admin,
"is_active":
user.is_active
})
return jsonify(profile_result)
def change_password(self):
# Check if the authenticated user is_admin
user = auth().get('user')
# Decode the request data
data = request.data.decode('utf-8')
# Check if the Current password is in data
if 'current_password' in data:
current_password = request.json['current_password']
else:
return http_error("The Current Password is Required!", 400)
# Check if the Current password is empty
if not current_password:
return http_error("The Current Password field cannot be empty!",
400)
# verify the Current password
if not check_password_hash(user.password, current_password):
return http_error(
"The Current password you provided is Incorrect!", 400)
# Check if the New password is in data
if 'new_password' in data:
new_password = request.json['new_password']
else:
return http_error("The New Password is Required!", 400)
# Check if the password is empty
if not new_password:
return http_error("The New Password field cannot be empty!", 400)
# Check the length of the password
if len(new_password) < 6:
return http_error(
"The New Password must be at least 6 characters!", 400)
else:
new_password = request.json['new_password']
# Confirm New Pasword
if 'confirm_new_password' in data:
confirm_new_password = request.json['confirm_new_password']
else:
return http_error("The Confirm New Password is Required!", 400)
# Check if the confirm New Pasword is the same with the new password
if new_password != confirm_new_password:
return http_error(
"The New Password and confirm new password fields must be the same!",
400)
# Hash The New Password
user.password = generate_password_hash(new_password, method='sha256')
# Then commit the session
db.session.commit()
# Return Json Response to the client
return user_schema.jsonify(user)
def get_all_users(self):
# Check if the user is admin
if not auth().get('user').is_admin:
return http_error(
"You dont' have the permision to Access this resource", 403)
all_users = User.query.all()
all_users_result = self.users_schema.dump(all_users)
return jsonify(all_users_result)
def upload_profile_picture(self):
if request.method == 'POST':
# check if the post request has the file part
if 'file' not in request.files:
return http_error("No file part selected", 400)
file = request.files['file']
# if user does not select file, browser also
# submit an empty part without filename
if file.filename == '':
return http_error("No selected file!", 400)
if file and allowed_file(file.filename):
# Pass through secure filename
filename = secure_filename(file.filename)
# Extract the filename and the file extention
# file_name, file_ext = os.path.splitext(filename)
_, file_ext = os.path.splitext(filename)
# Create a new file_name and concatnate with the ext
new_file_name = str(uuid.uuid4())
new_file_name = "{}{}".format(new_file_name, file_ext)
file.save(os.path.join(UPLOAD_FOLDER, new_file_name))
# Save the Profile Picture Url in Profile table
user = auth().get('user')
profile = user.profile
# Create the Profile Url
profile_picture_url = "{}{}{}".format(API_URL,
'/profile/picture/',
new_file_name)
profile.profile_picture_url = profile_picture_url
# Then commit the session
db.session.commit()
# Return Json Response of the profile to the client
profile_result = self.profile_schema.dump({
"name":
profile.name,
"profile_picture_url":
profile.profile_picture_url,
"profile_created_at":
profile.profile_created_at,
"profile_public_id":
profile.profile_public_id,
"profile_updated_at":
profile.profile_updated_at,
"email":
user.email,
"username":
user.username,
"is_admin":
user.is_admin,
"is_active":
user.is_active
})
return self.profile_schema.jsonify(profile_result)
def de_activate_user(self, id):
# Check if the authenticated user is_admin
if auth().get('user').is_admin:
# get the user you want to promote
user = User.query.filter_by(user_public_id=id).first()
user.is_active = False
# Then commit the session
db.session.commit()
# Return Json Response to the client
return self.user_schema.jsonify(user)
else:
return http_error("You are Not Permited to access this resource!",
403)