2012-10-14 17:04:39 +00:00
|
|
|
# coding: utf-8
|
|
|
|
|
|
|
|
|
|
from flask import request
|
|
|
|
|
from web import app
|
|
|
|
|
from db import User
|
2013-06-18 14:12:35 +00:00
|
|
|
from user_manager import UserManager
|
2012-10-14 17:04:39 +00:00
|
|
|
|
2012-11-22 13:51:43 +00:00
|
|
|
@app.route('/rest/getUser.view', methods = [ 'GET', 'POST' ])
|
2012-10-14 17:04:39 +00:00
|
|
|
def user_info():
|
|
|
|
|
username = request.args.get('username')
|
|
|
|
|
if username is None:
|
2012-10-20 18:23:38 +00:00
|
|
|
return request.error_formatter(10, 'Missing username')
|
2012-10-14 17:04:39 +00:00
|
|
|
|
2013-06-18 14:12:35 +00:00
|
|
|
if username != request.username and not request.user.admin:
|
|
|
|
|
return request.error_formatter(50, 'Admin restricted')
|
|
|
|
|
|
2012-10-14 17:04:39 +00:00
|
|
|
user = User.query.filter(User.name == username).first()
|
|
|
|
|
if user is None:
|
2012-10-20 18:23:38 +00:00
|
|
|
return request.error_formatter(0, 'Unknown user')
|
2012-10-14 17:04:39 +00:00
|
|
|
|
2013-06-18 14:12:35 +00:00
|
|
|
return request.formatter({ 'user': user.as_subsonic_user() })
|
|
|
|
|
|
|
|
|
|
@app.route('/rest/getUsers.view', methods = [ 'GET', 'POST' ])
|
|
|
|
|
def users_info():
|
|
|
|
|
if not request.user.admin:
|
|
|
|
|
return request.error_formatter(50, 'Admin restricted')
|
|
|
|
|
|
|
|
|
|
return request.formatter({ 'users': { 'user': [ u.as_subsonic_user() for u in User.query.all() ] } })
|
|
|
|
|
|
|
|
|
|
@app.route('/rest/createUser.view', methods = [ 'GET', 'POST' ])
|
|
|
|
|
def user_add():
|
|
|
|
|
if not request.user.admin:
|
|
|
|
|
return request.error_formatter(50, 'Admin restricted')
|
|
|
|
|
|
|
|
|
|
username, password, email, admin = map(request.args.get, [ 'username', 'password', 'email', 'adminRole' ])
|
|
|
|
|
if not username or not password or not email:
|
|
|
|
|
return request.error_formatter(10, 'Missing parameter')
|
|
|
|
|
admin = True if admin in (True, 'True', 'true', 1, '1') else False
|
|
|
|
|
|
|
|
|
|
status = UserManager.add(username, password, email, admin)
|
|
|
|
|
if status == UserManager.NAME_EXISTS:
|
|
|
|
|
return request.error_formatter(0, 'There is already a user with that username')
|
|
|
|
|
|
|
|
|
|
return request.formatter({})
|
|
|
|
|
|
|
|
|
|
@app.route('/rest/deleteUser.view', methods = [ 'GET', 'POST' ])
|
|
|
|
|
def user_del():
|
|
|
|
|
if not request.user.admin:
|
|
|
|
|
return request.error_formatter(50, 'Admin restricted')
|
|
|
|
|
|
|
|
|
|
username = request.args.get('username')
|
|
|
|
|
user = User.query.filter(User.name == username).first()
|
|
|
|
|
if not user:
|
|
|
|
|
return request.error_formatter(70, 'Unknown user')
|
|
|
|
|
|
|
|
|
|
status = UserManager.delete(user.id)
|
|
|
|
|
if status != UserManager.SUCCESS:
|
|
|
|
|
return request.error_formatter(0, UserManager.error_str(status))
|
|
|
|
|
|
|
|
|
|
return request.formatter({})
|
|
|
|
|
|
|
|
|
|
@app.route('/rest/changePassword.view', methods = [ 'GET', 'POST' ])
|
|
|
|
|
def user_changepass():
|
|
|
|
|
username, password = map(request.args.get, [ 'username', 'password' ])
|
|
|
|
|
if not username or not password:
|
|
|
|
|
return request.error_formatter(10, 'Missing parameter')
|
|
|
|
|
|
|
|
|
|
if username != request.username and not request.user.admin:
|
|
|
|
|
return request.error_formatter(50, 'Admin restricted')
|
|
|
|
|
|
|
|
|
|
status = UserManager.change_password2(username, password)
|
|
|
|
|
if status != UserManager.SUCCESS:
|
|
|
|
|
return request.error_formatter(0, UserManager.error_str(status))
|
|
|
|
|
|
|
|
|
|
return request.formatter({})
|
2012-10-14 17:04:39 +00:00
|
|
|
|
