Updates to Users API

SamPool1 · Apr 27, 2017 · cf814e9 · cf814e9
1 parent 584b17c
commit cf814e9
Show file tree

Hide file tree

Showing 3 changed files with 95 additions and 13 deletions.
diff --git a/server/blueprints/users.py b/server/blueprints/users.py
@@ -10,6 +10,14 @@
 
 
 # Controls non-specific users and roles
+@users_page.route('/', methods=['GET'])
+@auth_token_required
+@roles_accepted(*running_context.user_roles['/users'])
+def display_users():
+    result = str(running_context.User.query.all())
+    return json.dumps(result)
+
+#TODO: DELETE
 @users_page.route('/', methods=['POST'])
 @auth_token_required
 @roles_accepted(*running_context.user_roles['/users'])
@@ -18,7 +26,81 @@ def display_all_users():
     return json.dumps(result)
 
 
-# Controls non-specific users and roles
+@users_page.route('/<string:username>', methods=['PUT'])
+@auth_token_required
+@roles_accepted(*running_context.user_roles['/users'])
+def add_user(username):
+    form = forms.NewUserForm(request.form)
+    if form.validate():
+        if not running_context.User.query.filter_by(email=username).first():
+            un = username
+            pw = encrypt_password(form.password.data)
+
+            # Creates User
+            u = running_context.user_datastore.create_user(email=un, password=pw)
+
+            if form.role.data:
+                u.set_roles(form.role.data)
+
+            has_admin = False
+            for role in u.roles:
+                if role.name == 'admin':
+                    has_admin = True
+            if not has_admin:
+                u.set_roles(['admin'])
+
+            running_context.db.session.commit()
+            return json.dumps({"status": "user added " + str(u.id)})
+        else:
+            return json.dumps({"status": "user exists"})
+
+@users_page.route('/<string:username>', methods=['GET'])
+@auth_token_required
+@roles_accepted(*running_context.user_roles['/users'])
+def read_user(username):
+    user = running_context.user_datastore.get_user(username)
+    if user:
+        return json.dumps(user.display())
+    else:
+        return json.dumps({"status": "could not display user"})
+
+
+@users_page.route('/<string:username>', methods=['POST'])
+@auth_token_required
+@roles_accepted(*running_context.user_roles['/users'])
+def update_user(username):
+    user = running_context.user_datastore.get_user(username)
+    if user:
+        form = forms.EditUserForm(request.form)
+        if form.validate():
+            if form.password:
+                user.password = encrypt_password(form.password.data)
+                running_context.db.session.commit()
+            if form.role.data:
+                user.set_roles(form.role.data)
+
+        return json.dumps(user.display())
+    else:
+        return json.dumps({"status": "could not edit user"})
+
+
+@users_page.route('/<string:username>', methods=['DELETE'])
+@auth_token_required
+@roles_accepted(*running_context.user_roles['/users'])
+def delete_user(username):
+    user = running_context.user_datastore.get_user(username)
+    if user:
+        if user != current_user:
+            running_context.user_datastore.delete_user(user)
+            running_context.db.session.commit()
+            return json.dumps({"status": "user removed"})
+        else:
+            return json.dumps({"status": "user could not be removed"})
+    else:
+        return json.dumps({"status": "user could not be removed"})
+
+
+#TODO: DELETE
 @users_page.route('/<string:action>', methods=['POST'])
 @auth_token_required
 @roles_accepted(*running_context.user_roles['/users'])
@@ -52,7 +134,7 @@ def user_non_specific_actions(action):
             return json.dumps({"status": "invalid input"})
 
 
-# Controls non-specific users and roles
+#TODO: DELETE
 @users_page.route('/<string:id_or_email>', methods=['POST'])
 @auth_token_required
 @roles_accepted(*running_context.user_roles['/users'])
@@ -64,7 +146,7 @@ def display_user(id_or_email):
         return json.dumps({"status": "could not display user"})
 
 
-# Controls users and roles
+#TODO: DELETE
 @users_page.route('/<string:id_or_email>/<string:action>', methods=['POST'])
 @auth_token_required
 @roles_accepted(*running_context.user_roles['/users'])

diff --git a/server/forms.py b/server/forms.py
@@ -4,7 +4,7 @@
 
 
 class NewUserForm(Form):
-    username = StringField('username', [validators.Length(min=4, max=25), validators.data_required()])
+    username = StringField('username', [validators.Length(min=4, max=25), validators.Optional()])
     password = PasswordField('password', [validators.data_required()])
     role = FieldList(StringField('role'), [validators.Optional()])
 

diff --git a/tests/test_users_and_roles.py b/tests/test_users_and_roles.py
@@ -50,41 +50,41 @@ def test_edit_role_description(self):
 
     def test_add_user(self):
         data = {"username": self.email, "password": self.password}
-        response = json.loads(self.app.post('/users/add', data=data, headers=self.headers).get_data(as_text=True))
+        response = json.loads(self.app.put('/users/'+self.email, data=data, headers=self.headers).get_data(as_text=True))
         self.assertTrue("user added" in response["status"])
 
-        self.post_with_status_check('/users/add', 'user exists', data=data, headers=self.headers)
+        self.put_with_status_check('/users/'+self.email, 'user exists', data=data, headers=self.headers)
 
     def test_edit_user_password(self):
         data = {"username": self.email, "password": self.password}
-        json.loads(self.app.post('/users/add', data=data, headers=self.headers).get_data(as_text=True))
+        json.loads(self.app.put('/users/'+self.email, data=data, headers=self.headers).get_data(as_text=True))
 
         data = {"password": self.password}
         response = json.loads(
-            self.app.post('/users/' + self.email + '/edit', data=data, headers=self.headers).get_data(as_text=True))
+            self.app.post('/users/' + self.email, data=data, headers=self.headers).get_data(as_text=True))
         self.assertEqual(response["username"], self.email)
 
         data = {"password": "testPassword"}
-        self.app.post('/users/' + self.email + '/edit', data=data, headers=self.headers).get_data(as_text=True)
+        self.app.post('/users/' + self.email, data=data, headers=self.headers).get_data(as_text=True)
         with server.app.app_context():
             user = server.database.user_datastore.get_user(self.email)
             self.assertTrue(verify_password("testPassword", user.password))
 
     def test_remove_user(self):
         data = {"username": self.email, "password": self.password}
-        json.loads(self.app.post('/users/add', data=data, headers=self.headers).get_data(as_text=True))
+        json.loads(self.app.put('/users/'+self.email, data=data, headers=self.headers).get_data(as_text=True))
 
-        self.post_with_status_check('/users/{0}/remove'.format(self.email), 'user removed', headers=self.headers)
+        self.delete_with_status_check('/users/{0}'.format(self.email), 'user removed', headers=self.headers)
 
     def test_add_role_to_user(self):
         data = {"username": self.email, "password": self.password}
-        json.loads(self.app.post('/users/add', data=data, headers=self.headers).get_data(as_text=True))
+        json.loads(self.app.put('/users/'+self.email, data=data, headers=self.headers).get_data(as_text=True))
 
         data = {"name": self.name}
         self.put_with_status_check('/roles/'+self.name, "role added {0}".format(self.name), data=data, headers=self.headers)
 
         data = {"role-0": "admin", "role-1": self.name}
-        response = json.loads(self.app.post('/users/' + self.email + '/edit',
+        response = json.loads(self.app.post('/users/' + self.email,
                                             data=data, headers=self.headers).get_data(as_text=True))
         roles = [self.name, "admin"]
         self.assertEqual(len(roles), len(response["roles"]))