def delete(self, user_id):
""" Delete user """
user = get_user_by_id_or_abort(user_id)
if user != g.user:
abort(403, message="Not authorized to delete user")
crud.delete(user)
return '', 204
def get(self, user_id):
""" Retrieve user """
user = get_user_by_id_or_abort(user_id)
ret_fields = {
'id': fields.Integer,
'email': fields.String,
'display_name': fields.String
}
return marshal(user, ret_fields), 200
def put(self, user_id):
""" Update a user """
parser = reqparse.RequestParser()
parser.add_argument('email', type=str)
parser.add_argument('display_name', type=str)
args = parser.parse_args()
user = get_user_by_id_or_abort(user_id)
if user != g.user:
abort(403, message="Not authorized to update user")
user.email = args.email
user.display_name = args.display_name
crud.save()
ret_fields = {
'id': fields.Integer,
'email': fields.String,
'display_name': fields.String
}
return marshal(user, ret_fields), 200
