def get(group_id, user_id):
"""Method to handle GET verb for /Membership/user_id endpoint"""
obj = existing_dm_object(Membership, g.db_session,
[Membership.group_id, Membership.user_id],
[group_id, user_id])
if not obj:
return 'NOT_FOUND', 404
return obj.dump(True), 200
def delete(group_id, user_id):
"""Method to handle DELETE verb for /Membership/user_id endpoint"""
obj = existing_dm_object(Membership, g.db_session,
[Membership.group_id, Membership.user_id],
[group_id, user_id])
if not obj:
return 'NOT_FOUND', 404
delete_dm_object(obj, g.db_session)
return 'Membership deleted', 204
def put(group_id, user_id, body):
"""Method to handle PUT verb for /Membership/user_id endpoint"""
obj = existing_dm_object(Membership, g.db_session,
[Membership.group_id, Membership.user_id],
[group_id, user_id])
if not obj:
return 'NOT_FOUND', 404
obj.apply_update(body)
persist_dm_object(obj, g.db_session)
return 'Membership updated', 200
def delete(user_id):
"""Method to handle DELETE verb for /User/user_id endpoint"""
obj = existing_dm_object(User, g.db_session, User.user_id, user_id)
if not obj:
return 'NOT_FOUND', 404
user = g.db_session.query(User)\
.filter(User.user_id == g.user_id)\
.one_or_none()
if obj.username == user.username or not user.create_users:
current_app.logger.debug('/users PUT: rejected delete of %s by %s' %\
(obj.username, user.username))
return api_error(401, 'UNAUTHORIZED_USER_DELETION')
delete_dm_object(obj, g.db_session)
return 'User deleted', 204
def put(user_id, body):
"""Method to handle PUT verb for /User/user_id endpoint"""
obj = existing_dm_object(User, g.db_session, User.user_id, user_id)
if not obj:
return 'NOT_FOUND', 404
user = g.db_session.query(User)\
.filter(User.user_id == g.user_id)\
.one_or_none()
if obj.username != user.username and not user.create_users:
current_app.logger.debug('/users PUT: rejected update to %s by %s' %\
(obj.username, user.username))
return api_error(401, 'UNAUTHORIZED_USER_EDIT')
obj.apply_update(body)
if 'newPassword' in body:
obj.hash_password(body['newPassword'])
persist_dm_object(obj, g.db_session)
return 'User updated', 200
def delete(group_id):
"""Method to handle DELETE verb for /Group/group_id endpoint"""
obj = existing_dm_object(Group, g.db_session, Group.group_id, group_id)
if not obj:
return 'NOT_FOUND', 404
user = g.db_session.query(User)\
.filter(User.user_id == g.user_id)\
.one_or_none()
# Confirm the logged in user is an admin or owner
authorized = False
for member in obj.memberships:
if member.user.user_id == user.user_id:
if member.is_owner:
authorized = True
break
if not authorized:
return api_error(401,'INSUFFICIENT_PRIVILEGES', user.username)
delete_dm_object(obj, g.db_session)
return 'Group deleted', 204
def get(group_id):
"""Method to handle GET verb for /Group/group_id endpoint"""
obj = existing_dm_object(Group, g.db_session, Group.group_id, group_id)
if not obj:
return 'NOT_FOUND', 404
return obj.dump(True), 200
def get(user_id):
"""Method to handle GET verb for /User/user_id endpoint"""
obj = existing_dm_object(User, g.db_session, User.user_id, user_id)
if not obj:
return 'NOT_FOUND', 404
return obj.dump(True), 200