def edit(id): if not is_current_user_admin() and not is_current_user(id): flask.abort(401) user = find_one('users', _id=ObjectId(id)) if not user: return NotFound(gettext('User not found')) if flask.request.method == 'POST': form = UserForm(user=user) if form.validate_on_submit(): if form.email.data != user[ 'email'] and not _is_email_address_valid(form.email.data): return jsonify({'email': ['Email address is already in use']}), 400 updates = form.data if form.company.data: updates['company'] = ObjectId(form.company.data) get_resource_service('users').patch(id=ObjectId(id), updates=updates) app.cache.delete(user.get('email')) return jsonify({'success': True}), 200 return jsonify(form.errors), 400 return jsonify(user), 200
def is_user_topic(topic_id, user_id): """ Checks if the topic with topic_id belongs to user with user_id """ topic = find_one('topics', _id=ObjectId(topic_id)) if topic and str(topic.get('user')) == user_id: return True return False
def edit(_id): if flask.request.args.get('context', '') == 'wire': items = get_items_for_user_action([_id], 'items') if not items: return item = items[0] if is_json_request(flask.request): return flask.jsonify(item) if 'print' in flask.request.args: assert flask.request.args.get('monitoring_profile') monitoring_profile = get_entity_or_404( flask.request.args.get('monitoring_profile'), 'monitoring') items = get_items_for_monitoring_report([_id], monitoring_profile, full_text=True) flask.request.view_args['date_items_dict'] = get_date_items_dict(items) flask.request.view_args['monitoring_profile'] = monitoring_profile flask.request.view_args['monitoring_report_name'] = app.config.get( 'MONITORING_REPORT_NAME', 'Newsroom') flask.request.view_args['print'] = True return wire_print(_id) profile = find_one('monitoring', _id=ObjectId(_id)) if not profile: return NotFound(gettext('monitoring Profile not found')) if flask.request.method == 'POST': form = MonitoringForm(monitoring=profile) if form.validate_on_submit(): updates = form.data request_updates = flask.request.get_json() # If the updates have anything other than 'users', only admin or monitoring_admin can update if len(request_updates.keys() ) == 1 and 'users' not in request_updates: user = get_user() if not is_admin(user): return jsonify({'error': 'Bad request'}), 400 company = get_entity_or_404(profile['company'], 'companies') if str(user['_id']) != str( company.get('monitoring_administrator')): return jsonify({'error': 'Bad request'}), 400 process_form_request(updates, request_updates, form) set_version_creator(updates) get_resource_service('monitoring').patch(ObjectId(_id), updates=updates) return jsonify({'success': True}), 200 return jsonify(form.errors), 400 return jsonify(profile), 200
def edit(id): company = find_one('companies', _id=ObjectId(id)) if not company: return NotFound(gettext('Company not found')) if flask.request.method == 'POST': form = CompanyForm(company=company) if form.validate(): get_resource_service('companies').patch(id=ObjectId(id), updates=form.data) return jsonify({'success': True}), 200 return jsonify(form.errors), 400
def edit(id): company = find_one('companies', _id=ObjectId(id)) if not company: return NotFound(gettext('Company not found')) if flask.request.method == 'POST': company = get_json_or_400() validate_company(company) updates = get_company_updates(company) get_resource_service('companies').patch(id=ObjectId(id), updates=updates) return jsonify({'success': True}), 200 return jsonify(company), 200
def update_users(id): profile = find_one('monitoring', _id=ObjectId(id)) if not profile: return NotFound(gettext('monitoring Profile not found')) updates = flask.request.get_json() if 'users' in updates: updates['users'] = [ u['_id'] for u in get_items_by_id([ObjectId(u) for u in updates['users']], 'users') if u['company'] == profile.get('company') ] get_resource_service('monitoring').patch(id=ObjectId(id), updates=updates) return jsonify({'success': True}), 200
def edit(_id): company = find_one('companies', _id=ObjectId(_id)) if not company: return NotFound(gettext('Company not found')) if flask.request.method == 'POST': company = get_json_or_400() errors = get_errors_company(company) if errors: return errors updates = get_company_updates(company) set_version_creator(updates) get_resource_service('companies').patch(ObjectId(_id), updates=updates) app.cache.delete(_id) return jsonify({'success': True}), 200 return jsonify(company), 200
def _resend_token(user_id, token_type): """ Sends a new token for a given user_id :param user_id: Id of the user to send the token :param token_type: validate or reset_password :return: """ if not user_id: return BadRequest(gettext('User id not provided')) user = find_one('users', _id=ObjectId(user_id)) if not user: return NotFound(gettext('User not found')) if send_token(user, token_type): return jsonify({'success': True}), 200 return jsonify({'message': 'Token could not be sent'}), 400
def edit(_id): if not (is_current_user_admin() or is_current_user_account_mgr()) and not is_current_user(_id): flask.abort(401) user = find_one('users', _id=ObjectId(_id)) if not user: return NotFound(gettext('User not found')) if flask.request.method == 'POST': form = UserForm(user=user) if form.validate_on_submit(): if form.email.data != user[ 'email'] and not _is_email_address_valid(form.email.data): return jsonify({'email': ['Email address is already in use']}), 400 updates = form.data if form.company.data: updates['company'] = ObjectId(form.company.data) # account manager can do anything but promote themselves to admin if is_current_user_account_mgr() and updates.get( 'user_type', '') != user.get('user_type', ''): flask.abort(401) if not (is_current_user_admin() or is_current_user_account_mgr())\ and not _user_allowed_field(updates, user): flask.abort(401) user = get_resource_service('users').patch(ObjectId(_id), updates=updates) app.cache.delete(user.get('email')) app.cache.delete(_id) return jsonify({'success': True}), 200 return jsonify(form.errors), 400 return jsonify(user), 200