def put(self): token = request.headers.get('Authorization') if not token: abort(403, error="Unauthorized Access (no token") privilege_handler = PrivilegeHandler(token) if not privilege_handler.user_privileges(): abort(403, error="Unauthorized Access (invalid permissions)") parser = reqparse.RequestParser() parser.add_argument('userID') parser.add_argument('userType') parser.add_argument('firstName') parser.add_argument('lastName') parser.add_argument('email') args = parser.parse_args() user_id = args['userID'] user_type = args['userType'] first_name = args['firstName'] last_name = args['lastName'] email = args['email'] privilege_id = None if user_type == 'Admin': privilege_id = 1 elif user_type == 'Coordinator': privilege_id = 2 elif user_type == 'Manager': privilege_id = 3 elif user_type == 'Referee': privilege_id = 4 # using update_user stored procedure to update user db_connector = DatabaseConnector() db_connector.cursor.callproc( 'update_user', [user_id, privilege_id, user_type, first_name, last_name, email]) db_connector.conn.commit() # getting user_id to return to the frontend db_connector.cursor.execute('CALL get_user("{}");'.format(email)) db_response = db_connector.cursor.fetchone() user_data = { 'user_id': db_response[0], 'user_type': db_response[2], 'first_name': db_response[3], 'last_name': db_response[4], 'email': db_response[5], 'last_login': db_response[7].strftime('%Y-%m-%d %H:%M:%S') if db_response[7] else None } db_connector.conn.close() return {'user': user_data}, 200
def delete(self): token = request.headers.get('Authorization') if not token: abort(403, error="Unauthorized Access (no token") privilege_handler = PrivilegeHandler(token) if not privilege_handler.user_privileges(): abort(403, error="Unauthorized Access (invalid permissions)") parser = reqparse.RequestParser() parser.add_argument('userID') args = parser.parse_args() user_id = args['userID'] # deleting user object db_connector = DatabaseConnector() db_connector.cursor.execute( 'DELETE FROM users WHERE userID = {}'.format(user_id)) db_connector.conn.commit() db_connector.conn.close() return
def get(self): """ Gets user data from the database. :Input: .. code-block:: javascript Header: 'Authorization': String (JSON Web Token) :return: A JSON object containing the user data. .. code-block:: javascript { 'userID': Integer, 'userType': String, 'firstName': String, 'lastName': String, 'email': String, 'lastLogin': String } Success gives status code 200 """ token = request.headers.get('Authorization') if not token: abort(403, error="Unauthorized Access (no token)") tk_handler = TokenHandler() user_email = tk_handler.decode_token(token) db_connector = DatabaseConnector() # getting user_id to return to the frontend db_connector.cursor.execute('CALL get_user("{}");'.format(user_email)) db_response = db_connector.cursor.fetchone() user_data = { 'userID': db_response[0], 'userType': db_response[2], 'firstName': db_response[3], 'lastName': db_response[4], 'email': db_response[5], 'lastLogin': db_response[7].strftime('%Y-%m-%d %H:%M:%S') if db_response[7] else None } # returning data for all users if the user has user modification privileges privilege_handler = PrivilegeHandler(token) payload = {'user': user_data} if privilege_handler.user_privileges(): db_connector.cursor.execute('SELECT * FROM users') users = db_connector.cursor.fetchall() users_data = [] for user in users: users_data.append({ 'userID': user[0], 'privilegeID': user[1], 'userType': user[2], 'firstName': user[3], 'lastName': user[4], 'email': user[5], 'lastLogin': user[7].strftime('%Y-%m-%d %H:%M:%S') if user[7] else None }) payload['users'] = users_data db_connector.conn.close() return payload, 200