supysonic/api/user.py

# coding: utf-8

# This file is part of Supysonic.
#
# Supysonic is a Python implementation of the Subsonic server API.
# Copyright (C) 2013  Alban 'spl0k' Féron
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

from flask import request
from web import app
from db import User
from managers.user import UserManager

@app.route('/rest/getUser.view', methods = [ 'GET', 'POST' ])
def user_info():
	username = request.args.get('username')
	if username is None:
		return request.error_formatter(10, 'Missing username')

	if username != request.username and not request.user.admin:
		return request.error_formatter(50, 'Admin restricted')

	user = User.query.filter(User.name == username).first()
	if user is None:
		return request.error_formatter(0, 'Unknown user')

	return request.formatter({ 'user': user.as_subsonic_user() })

@app.route('/rest/getUsers.view', methods = [ 'GET', 'POST' ])
def users_info():
	if not request.user.admin:
		return request.error_formatter(50, 'Admin restricted')

	return request.formatter({ 'users': { 'user': [ u.as_subsonic_user() for u in User.query.all() ] } })

@app.route('/rest/createUser.view', methods = [ 'GET', 'POST' ])
def user_add():
	if not request.user.admin:
		return request.error_formatter(50, 'Admin restricted')

	username, password, email, admin = map(request.args.get, [ 'username', 'password', 'email', 'adminRole' ])
	if not username or not password or not email:
		return request.error_formatter(10, 'Missing parameter')
	admin = True if admin in (True, 'True', 'true', 1, '1') else False

	status = UserManager.add(username, password, email, admin)
	if status == UserManager.NAME_EXISTS:
		return request.error_formatter(0, 'There is already a user with that username')

	return request.formatter({})

@app.route('/rest/deleteUser.view', methods = [ 'GET', 'POST' ])
def user_del():
	if not request.user.admin:
		return request.error_formatter(50, 'Admin restricted')

	username = request.args.get('username')
	user = User.query.filter(User.name == username).first()
	if not user:
		return request.error_formatter(70, 'Unknown user')

	status = UserManager.delete(user.id)
	if status != UserManager.SUCCESS:
		return request.error_formatter(0, UserManager.error_str(status))

	return request.formatter({})

@app.route('/rest/changePassword.view', methods = [ 'GET', 'POST' ])
def user_changepass():
	username, password = map(request.args.get, [ 'username', 'password' ])
	if not username or not password:
		return request.error_formatter(10, 'Missing parameter')

	if username != request.username and not request.user.admin:
		return request.error_formatter(50, 'Admin restricted')

	status = UserManager.change_password2(username, password)
	if status != UserManager.SUCCESS:
		return request.error_formatter(0, UserManager.error_str(status))

	return request.formatter({})
Implementing getUser.view 2012-10-14 17:04:39 +00:00			`# coding: utf-8`

Setting a license Closes #15 2014-03-02 17:31:32 +00:00			`# This file is part of Supysonic.`
			`#`
			`# Supysonic is a Python implementation of the Subsonic server API.`
			`# Copyright (C) 2013 Alban 'spl0k' Féron`
			`#`
			`# This program is free software: you can redistribute it and/or modify`
			`# it under the terms of the GNU Affero General Public License as published by`
			`# the Free Software Foundation, either version 3 of the License, or`
			`# (at your option) any later version.`
			`#`
			`# This program is distributed in the hope that it will be useful,`
			`# but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`# GNU Affero General Public License for more details.`
			`#`
			`# You should have received a copy of the GNU Affero General Public License`
			`# along with this program. If not, see <http://www.gnu.org/licenses/>.`

Implementing getUser.view 2012-10-14 17:04:39 +00:00			`from flask import request`
			`from web import app`
			`from db import User`
*Manager classes get their own package 2013-09-05 16:40:43 +00:00			`from managers.user import UserManager`
Implementing getUser.view 2012-10-14 17:04:39 +00:00
Some clients do POST requests 2012-11-22 13:51:43 +00:00			`@app.route('/rest/getUser.view', methods = [ 'GET', 'POST' ])`
Implementing getUser.view 2012-10-14 17:04:39 +00:00			`def user_info():`
			`username = request.args.get('username')`
			`if username is None:`
Adding a function to ease error reporting 2012-10-20 18:23:38 +00:00			`return request.error_formatter(10, 'Missing username')`
Implementing getUser.view 2012-10-14 17:04:39 +00:00
Implemented user management methods 2013-06-18 14:12:35 +00:00			`if username != request.username and not request.user.admin:`
			`return request.error_formatter(50, 'Admin restricted')`

Implementing getUser.view 2012-10-14 17:04:39 +00:00			`user = User.query.filter(User.name == username).first()`
			`if user is None:`
Adding a function to ease error reporting 2012-10-20 18:23:38 +00:00			`return request.error_formatter(0, 'Unknown user')`
Implementing getUser.view 2012-10-14 17:04:39 +00:00
Implemented user management methods 2013-06-18 14:12:35 +00:00			`return request.formatter({ 'user': user.as_subsonic_user() })`

			`@app.route('/rest/getUsers.view', methods = [ 'GET', 'POST' ])`
			`def users_info():`
			`if not request.user.admin:`
			`return request.error_formatter(50, 'Admin restricted')`

			`return request.formatter({ 'users': { 'user': [ u.as_subsonic_user() for u in User.query.all() ] } })`

			`@app.route('/rest/createUser.view', methods = [ 'GET', 'POST' ])`
			`def user_add():`
			`if not request.user.admin:`
			`return request.error_formatter(50, 'Admin restricted')`

			`username, password, email, admin = map(request.args.get, [ 'username', 'password', 'email', 'adminRole' ])`
			`if not username or not password or not email:`
			`return request.error_formatter(10, 'Missing parameter')`
			`admin = True if admin in (True, 'True', 'true', 1, '1') else False`

			`status = UserManager.add(username, password, email, admin)`
			`if status == UserManager.NAME_EXISTS:`
			`return request.error_formatter(0, 'There is already a user with that username')`

			`return request.formatter({})`

			`@app.route('/rest/deleteUser.view', methods = [ 'GET', 'POST' ])`
			`def user_del():`
			`if not request.user.admin:`
			`return request.error_formatter(50, 'Admin restricted')`

			`username = request.args.get('username')`
			`user = User.query.filter(User.name == username).first()`
			`if not user:`
			`return request.error_formatter(70, 'Unknown user')`

			`status = UserManager.delete(user.id)`
			`if status != UserManager.SUCCESS:`
			`return request.error_formatter(0, UserManager.error_str(status))`

			`return request.formatter({})`

			`@app.route('/rest/changePassword.view', methods = [ 'GET', 'POST' ])`
			`def user_changepass():`
			`username, password = map(request.args.get, [ 'username', 'password' ])`
			`if not username or not password:`
			`return request.error_formatter(10, 'Missing parameter')`

			`if username != request.username and not request.user.admin:`
			`return request.error_formatter(50, 'Admin restricted')`

			`status = UserManager.change_password2(username, password)`
			`if status != UserManager.SUCCESS:`
			`return request.error_formatter(0, UserManager.error_str(status))`

			`return request.formatter({})`
Implementing getUser.view 2012-10-14 17:04:39 +00:00