pikram/user-microservice
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Improved endpoint to edit user data

Browse Source
This commit is contained in:
Marcin-Ramotowski 2025-03-16 13:18:25 +00:00
parent 0cd57c0973
commit 8bb71309ea
2 changed files with 26 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
api/models.py
View File

@ -11,6 +11,9 @@ class User(db.Model):
def to_dict(self): def to_dict(self):
return {"id": self.id, "username": self.username, "email": self.email, "role": self.role} return {"id": self.id, "username": self.username, "email": self.email, "role": self.role}
def get_editable_fields():
return {"username", "email", "role", "password"}
class Task(db.Model): class Task(db.Model):
id = db.Column(db.Integer, primary_key=True, autoincrement=True) id = db.Column(db.Integer, primary_key=True, autoincrement=True)

35
api/user_views.py
View File

@ -40,21 +40,32 @@ def create_user():
return jsonify(user.to_dict()), 201 return jsonify(user.to_dict()), 201
@user_bp.route('/users/<int:user_id>', methods=['PUT']) @user_bp.route('/users/<int:user_id>', methods=['PUT', 'PATCH'])
@jwt_required() @jwt_required()
def edit_user(user_id): def edit_user(user_id):
request_data = request.get_json()
user_to_update = User.query.get_or_404(user_id)
request_username = request_data.get('username')
request_email = request_data.get('email')
validate_access(user_id) # check if user tries to edit other user account validate_access(user_id) # check if user tries to edit other user account
if request_username and request_email: request_data = request.get_json()
user_to_update.username = request_username if request_data.get('role') == 'Administrator':
user_to_update.email = request_email admin_required(get_jwt_identity())
db.session.commit()
return jsonify(user_to_update.to_dict()) request_fields = set(request_data.keys())
else: editable_fields = User.get_editable_fields()
return abort(400, {'error': 'Incomplete user data.'})
# PUT requires all values
if request.method == 'PUT':
if request_fields != editable_fields:
return jsonify({'error': 'Invalid request data structure.'}), 400
user_to_update = User.query.get_or_404(user_id)
for field_name in request_fields:
requested_value = request_data.get(field_name)
if requested_value is None:
continue
new_value = generate_password_hash(requested_value) \
if field_name == 'password' else requested_value
setattr(user_to_update, field_name, new_value)
db.session.commit()
return jsonify(user_to_update.to_dict())
@user_bp.route('/users/<int:user_id>', methods=['DELETE']) @user_bp.route('/users/<int:user_id>', methods=['DELETE'])