def update_user(user_id: int):
"""Update a user by their ID."""
req = UserRequestSchema().load(request.get_json())
updated_user = service.update_user(updating_user=g.user,
update_user_id=user_id,
**req)
current_app.logger.info(f"Updated user {updated_user}")
return UserResponseSchema().dump(updated_user)
def test_get_user_self(self, app, client: Client):
register_resp = register_user(client)
login_resp = login_user(client)
resp = client.get(
url_for("user.get_user_by_id", user_id=register_resp.json["id"]),
headers={"Authorization": f"Bearer {login_resp.json['token']}"},
)
assert resp.status_code == 200
UserResponseSchema().loads(resp.data)
def test_register_user(self, client, db):
resp = register_user(client)
assert resp.status_code == 201, resp.json["message"]
registered_user = UserResponseSchema().loads(resp.data)
usr = (db.session.query(User).filter_by(
id=registered_user["id"]).first())
assert usr
assert argon2.verify("password", usr.password)
def get_user_by_id(user_id: int):
"""Get a specific user by their ID."""
if g.user.id != user_id and not g.user.is_admin():
current_app.logger.warning(
f"User {g.user.id} tried to access {user_id} but was denied" +
" due to not having admin privileges")
raise AuthorizationException(
f"User {g.user.email} does not have sufficient authorisation")
found_user = service.get_user_by_id(user_id)
current_app.logger.info(f"Found user {found_user}")
return UserResponseSchema().dump(found_user)
def test_delete_user_self(self, db, client):
register_resp = register_user(client)
login_resp = login_user(client)
resp = client.delete(
url_for("user.update_user", user_id=register_resp.json["id"]),
headers={"Authorization": f"Bearer {login_resp.json['token']}"},
)
assert resp.status_code == 200
UserResponseSchema().loads(resp.data)
assert (db.session.query(User).filter_by(
id=register_resp.json["id"]).scalar() is None)
def create_user():
"""Create a new user."""
req = UserRequestSchema().loads(request.get_data())
created_user = service.add_user(**req)
if not create_user:
current_app.logger.error(
f"User with email {req['email']} was not found, even though they" +
" were just created")
return 500
current_app.logger.info(f"Created user {created_user}")
return UserResponseSchema().dump(created_user), 201
def test_get_user_admin(self, app, client):
register_resp = register_user(client)
login_resp = login_user(
client,
email=app.config["ADMIN_EMAIL"],
password=app.config["ADMIN_PASSWORD"],
)
resp = client.get(
url_for("user.get_user_by_id", user_id=register_resp.json["id"]),
headers={"Authorization": f"Bearer {login_resp.json['token']}"},
)
assert resp.status_code == 200
UserResponseSchema().loads(resp.data)
def test_delete_user_admin(self, db, app, client):
register_resp = register_user(client)
login_resp = login_user(
client,
email=app.config["ADMIN_EMAIL"],
password=app.config["ADMIN_PASSWORD"],
)
resp = client.delete(
url_for("user.update_user", user_id=register_resp.json["id"]),
headers={"Authorization": f"Bearer {login_resp.json['token']}"},
)
assert resp.status_code == 200
UserResponseSchema().loads(resp.data)
assert (db.session.query(User).filter_by(
id=register_resp.json["id"]).scalar() is None)
def test_update_user_self(self, db, client):
register_resp = register_user(client)
login_resp = login_user(client)
user = (db.session.query(User).filter_by(
id=register_resp.json["id"]).first())
user.first_name = "updated_first_name"
req = UserRequestSchema().dump(user)
req.pop("password")
resp = client.put(
url_for("user.update_user", user_id=user.id),
headers={"Authorization": f"Bearer {login_resp.json['token']}"},
json=req,
)
assert resp.status_code == 200
updated_user_resp = UserResponseSchema().loads(resp.data)
assert updated_user_resp["first_name"] == user.first_name
def delete_user(user_id: int):
"""Delete a user by their ID."""
deleted_user = service.delete_user(deleting_user=g.user,
delete_user_id=user_id)
current_app.logger.info(f"Deleted user {deleted_user}")
return UserResponseSchema().dump(deleted_user)
def get_users():
"""Get all users."""
return UserResponseSchema(many=True).dumps(service.get_all_users())