1
0
mirror of https://github.com/spl0k/supysonic.git synced 2024-11-13 21:52:18 +00:00
supysonic/api/user.py

95 lines
3.4 KiB
Python
Raw Normal View History

2012-10-14 17:04:39 +00:00
# coding: utf-8
2014-03-02 17:31:32 +00:00
# This file is part of Supysonic.
#
# Supysonic is a Python implementation of the Subsonic server API.
# Copyright (C) 2013 Alban 'spl0k' Féron
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
2012-10-14 17:04:39 +00:00
from flask import request
2014-03-23 15:53:26 +00:00
from web import app, store
2012-10-14 17:04:39 +00:00
from db import User
2013-09-05 16:40:43 +00:00
from managers.user import UserManager
2012-10-14 17:04:39 +00:00
2012-11-22 13:51:43 +00:00
@app.route('/rest/getUser.view', methods = [ 'GET', 'POST' ])
2012-10-14 17:04:39 +00:00
def user_info():
username = request.args.get('username')
if username is None:
return request.error_formatter(10, 'Missing username')
2012-10-14 17:04:39 +00:00
2013-06-18 14:12:35 +00:00
if username != request.username and not request.user.admin:
return request.error_formatter(50, 'Admin restricted')
2014-03-23 15:53:26 +00:00
user = store.find(User, User.name == username).one()
2012-10-14 17:04:39 +00:00
if user is None:
return request.error_formatter(0, 'Unknown user')
2012-10-14 17:04:39 +00:00
2013-06-18 14:12:35 +00:00
return request.formatter({ 'user': user.as_subsonic_user() })
@app.route('/rest/getUsers.view', methods = [ 'GET', 'POST' ])
def users_info():
if not request.user.admin:
return request.error_formatter(50, 'Admin restricted')
2014-03-23 15:53:26 +00:00
return request.formatter({ 'users': { 'user': [ u.as_subsonic_user() for u in store.find(User) ] } })
2013-06-18 14:12:35 +00:00
@app.route('/rest/createUser.view', methods = [ 'GET', 'POST' ])
def user_add():
if not request.user.admin:
return request.error_formatter(50, 'Admin restricted')
username, password, email, admin = map(request.args.get, [ 'username', 'password', 'email', 'adminRole' ])
if not username or not password or not email:
return request.error_formatter(10, 'Missing parameter')
admin = True if admin in (True, 'True', 'true', 1, '1') else False
2014-03-23 15:53:26 +00:00
status = UserManager.add(store, username, password, email, admin)
2013-06-18 14:12:35 +00:00
if status == UserManager.NAME_EXISTS:
return request.error_formatter(0, 'There is already a user with that username')
return request.formatter({})
@app.route('/rest/deleteUser.view', methods = [ 'GET', 'POST' ])
def user_del():
if not request.user.admin:
return request.error_formatter(50, 'Admin restricted')
username = request.args.get('username')
2014-03-23 15:53:26 +00:00
user = store.find(User, User.name == username).one()
2013-06-18 14:12:35 +00:00
if not user:
return request.error_formatter(70, 'Unknown user')
2014-03-23 15:53:26 +00:00
status = UserManager.delete(store, user.id)
2013-06-18 14:12:35 +00:00
if status != UserManager.SUCCESS:
return request.error_formatter(0, UserManager.error_str(status))
return request.formatter({})
@app.route('/rest/changePassword.view', methods = [ 'GET', 'POST' ])
def user_changepass():
username, password = map(request.args.get, [ 'username', 'password' ])
if not username or not password:
return request.error_formatter(10, 'Missing parameter')
if username != request.username and not request.user.admin:
return request.error_formatter(50, 'Admin restricted')
2014-03-23 15:53:26 +00:00
status = UserManager.change_password2(store, username, password)
2013-06-18 14:12:35 +00:00
if status != UserManager.SUCCESS:
return request.error_formatter(0, UserManager.error_str(status))
return request.formatter({})
2012-10-14 17:04:39 +00:00