def read(self, userName): if not user.read(userName): return error("User %s does not exist" % userName, UserDoesNotExistError) loggedInUser = helper.getLoggedInUser() if loggedInUser and user.canReadFull(user.idForName(userName), loggedInUser["_id"]): return data(user.readFull(userName).copy()) else: return data(user.read(userName).copy())
def update(self, userName): if not user.read(userName): return error("User %s does not exist" % userName, UserDoesNotExistError) loggedInUser = helper.getLoggedInUser() if loggedInUser and user.canUpdate(user.idForName(userName), loggedInUser["_id"]): theData = json.loads(helper.getRequestBody()) theData["_id"] = user.idForName(userName) return data(user.update(theData)) else: return error("Operation not permitted. You don't have permission to update this account.")
def delete(self, userName): if not user.read(userName): return error("User %s does not exist" % userName, UserDoesNotExistError) loggedInUser = helper.getLoggedInUser() if loggedInUser and user.canDelete(user.idForName(userName), loggedInUser["_id"]): if user.idForName(userName) == loggedInUser["_id"]: helper.setLoggedInUser(None) user.delete(userName) return ack else: return error("Operation not permitted. You don't have permission to delete this account.")
def resolveResource(self, userName): theUser = user.read(userName) return (theUser and theUser["_id"])