def put(self):
token = request.headers.get('Authorization')
if not token:
abort(403, error="Unauthorized Access (no token")
privilege_handler = PrivilegeHandler(token)
if not privilege_handler.user_privileges():
abort(403, error="Unauthorized Access (invalid permissions)")
parser = reqparse.RequestParser()
parser.add_argument('userID')
parser.add_argument('userType')
parser.add_argument('firstName')
parser.add_argument('lastName')
parser.add_argument('email')
args = parser.parse_args()
user_id = args['userID']
user_type = args['userType']
first_name = args['firstName']
last_name = args['lastName']
email = args['email']
privilege_id = None
if user_type == 'Admin':
privilege_id = 1
elif user_type == 'Coordinator':
privilege_id = 2
elif user_type == 'Manager':
privilege_id = 3
elif user_type == 'Referee':
privilege_id = 4
# using update_user stored procedure to update user
db_connector = DatabaseConnector()
db_connector.cursor.callproc(
'update_user',
[user_id, privilege_id, user_type, first_name, last_name, email])
db_connector.conn.commit()
# getting user_id to return to the frontend
db_connector.cursor.execute('CALL get_user("{}");'.format(email))
db_response = db_connector.cursor.fetchone()
user_data = {
'user_id':
db_response[0],
'user_type':
db_response[2],
'first_name':
db_response[3],
'last_name':
db_response[4],
'email':
db_response[5],
'last_login':
db_response[7].strftime('%Y-%m-%d %H:%M:%S')
if db_response[7] else None
}
db_connector.conn.close()
return {'user': user_data}, 200
def delete(self):
token = request.headers.get('Authorization')
if not token:
abort(403, error="Unauthorized Access (no token")
privilege_handler = PrivilegeHandler(token)
if not privilege_handler.user_privileges():
abort(403, error="Unauthorized Access (invalid permissions)")
parser = reqparse.RequestParser()
parser.add_argument('userID')
args = parser.parse_args()
user_id = args['userID']
# deleting user object
db_connector = DatabaseConnector()
db_connector.cursor.execute(
'DELETE FROM users WHERE userID = {}'.format(user_id))
db_connector.conn.commit()
db_connector.conn.close()
return
def get(self):
"""
Gets user data from the database.
:Input:
.. code-block:: javascript
Header:
'Authorization': String (JSON Web Token)
:return: A JSON object containing the user data.
.. code-block:: javascript
{
'userID': Integer,
'userType': String,
'firstName': String,
'lastName': String,
'email': String,
'lastLogin': String
}
Success gives status code 200
"""
token = request.headers.get('Authorization')
if not token:
abort(403, error="Unauthorized Access (no token)")
tk_handler = TokenHandler()
user_email = tk_handler.decode_token(token)
db_connector = DatabaseConnector()
# getting user_id to return to the frontend
db_connector.cursor.execute('CALL get_user("{}");'.format(user_email))
db_response = db_connector.cursor.fetchone()
user_data = {
'userID':
db_response[0],
'userType':
db_response[2],
'firstName':
db_response[3],
'lastName':
db_response[4],
'email':
db_response[5],
'lastLogin':
db_response[7].strftime('%Y-%m-%d %H:%M:%S')
if db_response[7] else None
}
# returning data for all users if the user has user modification privileges
privilege_handler = PrivilegeHandler(token)
payload = {'user': user_data}
if privilege_handler.user_privileges():
db_connector.cursor.execute('SELECT * FROM users')
users = db_connector.cursor.fetchall()
users_data = []
for user in users:
users_data.append({
'userID':
user[0],
'privilegeID':
user[1],
'userType':
user[2],
'firstName':
user[3],
'lastName':
user[4],
'email':
user[5],
'lastLogin':
user[7].strftime('%Y-%m-%d %H:%M:%S') if user[7] else None
})
payload['users'] = users_data
db_connector.conn.close()
return payload, 200
