flaschengeist/flaschengeist/modules/users/__init__.py

from flask import Blueprint, request, jsonify
from werkzeug.exceptions import NotFound, BadRequest, Forbidden

from flaschengeist import logger
from flaschengeist.system.decorator import login_required
from flaschengeist.system.controller import userController

users_bp = Blueprint("users", __name__)

permissions = {'EDIT_USER': 'edit_user'}

def register():
    return users_bp, permissions

#################################################
#                     Routes                    #
#                                               #
# /users          POST: register new            #
#                  GET: get all users           #
# /users/<uid>     GET: get user with uid       #
#                  PUT: modify user             #
#               DELETE: remove user             #
#################################################


@users_bp.route("/users", methods=['POST'])
def __registration():
    logger.debug("Register new User...")
    return jsonify({"ok": "ok... well not implemented"})


@users_bp.route("/users", methods=['GET'])
@login_required()
def __list_users(**kwargs):
    logger.debug("Retrieve list of all users")
    users = userController.get_users()
    return jsonify(users)


@users_bp.route("/users/<uid>", methods=['GET'])
@login_required()
def __get_user(uid, **kwargs):
    logger.debug("Get information of user {{ {} }}".format(uid))
    user = userController.get_user(uid)
    if user:
        return jsonify(user)
    raise NotFound


@users_bp.route("/users/<uid>", methods=['PUT'])
@login_required()
def __edit_user(uid, **kwargs):
    logger.debug("Modify information of user {{ {} }}".format(uid))
    user = userController.get_user(uid)
    if not user:
        raise NotFound

    if uid != kwargs['access_token'].user.uid and user.has_permissions(permissions['EDIT_USER']):
        return Forbidden

    data = request.get_json()
    if 'password' not in data:
        raise BadRequest("Password is missing")
    for key in ["firstname", "lastname", "display_name", "mail"]:
        if key in data:
            setattr(user, key, data[key])
    new_password = data['new_password'] if 'new_password' in data else None
    userController.modify_user(user, data['password'], new_password)
    userController.update_user(user)
    return jsonify({"ok": "ok"})