def update(id, data):
authed_user = get_authed_user()
user = User.select().where(User.id == id).first()
if not user:
raise UserNotFound('id', id)
if 'email' in data:
user = User.select().where(User.email == data['email']).first()
if user:
raise UserWithPropExists('email', data['email'])
if 'username' in data:
user = User.select().where(User.username == data['username']).first()
if user:
raise UserWithPropExists('username', data['username'])
if 'role' in data:
if authed_user.role != 'super_admin':
raise RoleInvalid('super_admin')
if 'password' in data:
user.hash_password(data['password'])
del data['password']
user.save()
user = User.update(**data).where(User.id == id)
user.execute()
user = User.select().where(User.id == id).first()
return user
def get(self):
user = auth_service.get_authed_user()
return jsonify(UserSerializer().load(model_to_dict(user))[0])
def decorator(*args, **kwargs):
get_authed_user()
return func(*args, **kwargs)
def decorator(*args, **kwargs):
authed_user = get_authed_user()
if not authed_user.role or authed_user.role != 'admin':
raise RoleInvalid('admin')
return func(*args, **kwargs)