def update_user(user_id: int): """Update a user by their ID.""" req = UserRequestSchema().load(request.get_json()) updated_user = service.update_user(updating_user=g.user, update_user_id=user_id, **req) current_app.logger.info(f"Updated user {updated_user}") return UserResponseSchema().dump(updated_user)
def test_get_user_self(self, app, client: Client): register_resp = register_user(client) login_resp = login_user(client) resp = client.get( url_for("user.get_user_by_id", user_id=register_resp.json["id"]), headers={"Authorization": f"Bearer {login_resp.json['token']}"}, ) assert resp.status_code == 200 UserResponseSchema().loads(resp.data)
def test_register_user(self, client, db): resp = register_user(client) assert resp.status_code == 201, resp.json["message"] registered_user = UserResponseSchema().loads(resp.data) usr = (db.session.query(User).filter_by( id=registered_user["id"]).first()) assert usr assert argon2.verify("password", usr.password)
def get_user_by_id(user_id: int): """Get a specific user by their ID.""" if g.user.id != user_id and not g.user.is_admin(): current_app.logger.warning( f"User {g.user.id} tried to access {user_id} but was denied" + " due to not having admin privileges") raise AuthorizationException( f"User {g.user.email} does not have sufficient authorisation") found_user = service.get_user_by_id(user_id) current_app.logger.info(f"Found user {found_user}") return UserResponseSchema().dump(found_user)
def test_delete_user_self(self, db, client): register_resp = register_user(client) login_resp = login_user(client) resp = client.delete( url_for("user.update_user", user_id=register_resp.json["id"]), headers={"Authorization": f"Bearer {login_resp.json['token']}"}, ) assert resp.status_code == 200 UserResponseSchema().loads(resp.data) assert (db.session.query(User).filter_by( id=register_resp.json["id"]).scalar() is None)
def create_user(): """Create a new user.""" req = UserRequestSchema().loads(request.get_data()) created_user = service.add_user(**req) if not create_user: current_app.logger.error( f"User with email {req['email']} was not found, even though they" + " were just created") return 500 current_app.logger.info(f"Created user {created_user}") return UserResponseSchema().dump(created_user), 201
def test_get_user_admin(self, app, client): register_resp = register_user(client) login_resp = login_user( client, email=app.config["ADMIN_EMAIL"], password=app.config["ADMIN_PASSWORD"], ) resp = client.get( url_for("user.get_user_by_id", user_id=register_resp.json["id"]), headers={"Authorization": f"Bearer {login_resp.json['token']}"}, ) assert resp.status_code == 200 UserResponseSchema().loads(resp.data)
def test_delete_user_admin(self, db, app, client): register_resp = register_user(client) login_resp = login_user( client, email=app.config["ADMIN_EMAIL"], password=app.config["ADMIN_PASSWORD"], ) resp = client.delete( url_for("user.update_user", user_id=register_resp.json["id"]), headers={"Authorization": f"Bearer {login_resp.json['token']}"}, ) assert resp.status_code == 200 UserResponseSchema().loads(resp.data) assert (db.session.query(User).filter_by( id=register_resp.json["id"]).scalar() is None)
def test_update_user_self(self, db, client): register_resp = register_user(client) login_resp = login_user(client) user = (db.session.query(User).filter_by( id=register_resp.json["id"]).first()) user.first_name = "updated_first_name" req = UserRequestSchema().dump(user) req.pop("password") resp = client.put( url_for("user.update_user", user_id=user.id), headers={"Authorization": f"Bearer {login_resp.json['token']}"}, json=req, ) assert resp.status_code == 200 updated_user_resp = UserResponseSchema().loads(resp.data) assert updated_user_resp["first_name"] == user.first_name
def delete_user(user_id: int): """Delete a user by their ID.""" deleted_user = service.delete_user(deleting_user=g.user, delete_user_id=user_id) current_app.logger.info(f"Deleted user {deleted_user}") return UserResponseSchema().dump(deleted_user)
def get_users(): """Get all users.""" return UserResponseSchema(many=True).dumps(service.get_all_users())