def delete(self, user_id):
if user_id is not None:
if g.user.admin:
user = User.get(user_id)
user.delete(user_id)
return self.send_200(user.json())
else:
return self.send_401()
else:
return self.send_400('You must specify the ID of a user to delete')
def get(self, user_id):
if user_id is None:
userlist = [user.dict() for user in User.select()]
return self.send_200(userlist)
else:
try:
user = User.get(user_id)
except SQLObjectNotFound:
return self.send_404()
else:
return self.send_200(user.json())
def put(self, user_id):
if user_id is not None:
try:
user = User.get(user_id)
except SQLObjectNotFound:
return self.send_404()
if user != g.user or not g.user.admin:
return self.send_401()
else:
if request.json:
try:
try:
old_pass = request.json['old_password']
old_pass = generate_password(old_pass)
tok = None
except IndexError:
old_pass = None
tok = request.json['reset_token']
new_pass = request.json['new_password']
confirm_pass = request.json['confirm_pass']
except IndexError, e:
return self.send_400("%s is required" % e)
else:
reset_allowed = False
if old_pass and user.password == old_pass:
reset_allowed = True
else:
try:
t = ResetToken.select(ResetToken.q.token==tok)
t = t[0]
except (SQLObjectNotFound, IndexError):
return self.send_401()
if t.user == user and t.expires >= datetime.now():
reset_allowed = True
if reset_allowed and new_pass == confirm_pass:
user.set_pass(new_pass)
return self.send_200(user.json())
else:
return self.send_401()
def put(self, user_id):
if user_id is not None:
if request.json:
try:
user = User.get(user_id)
if g.user != user or not g.user.admin:
return self.send_401('Not authorized')
except SQLObjectNotFound:
return self.send_404()
else:
try:
data = request.json
email = data['email']
first_name = data['first_name']
last_name = data['last_name']
alias = data['alias']
except KeyError, e:
return self.send_400('%s is required' % e)
else:
user.set(email=email, first_name=first_name,
last_name=last_name, alias=alias)
return self.send_200(user.json())
