| 51 | @routes.route('/api/user/edit', methods = ['POST']) |
| 52 | @General_permissions.grant_permission_for(['normal_user', 'super_admin']) |
| 53 | def user_edit(): |
| 54 | error_list = [] |
| 55 | |
| 56 | with sessionMaker.session_scope() as session: |
| 57 | data = request.get_json(force = True) # Force = true if not set as application/json' |
| 58 | user = data.get('user', None) |
| 59 | if user is None: |
| 60 | out = jsonify(success = None, |
| 61 | error_list = ["No user"]) |
| 62 | return out, 400, {'ContentType': 'application/json'} |
| 63 | |
| 64 | # May want to update users other than the requesting user... |
| 65 | # db_user = session.query(User).filter_by(email=user['email']).first() |
| 66 | |
| 67 | # Permissions model here assumes that we know who the user is |
| 68 | # So therefore can only update for self |
| 69 | |
| 70 | db_user = session.query(User).filter(User.id == getUserID(session = session)).one() |
| 71 | |
| 72 | # Update info |
| 73 | # TODO lots of checks and things to consider here... |
| 74 | |
| 75 | db_user.first_name = user.get('first_name', None) |
| 76 | db_user.last_name = user.get('last_name', None) |
| 77 | |
| 78 | session.add(db_user) |
| 79 | |
| 80 | out = jsonify(success = True, |
| 81 | errors = [], |
| 82 | user = db_user.serialize()) |
| 83 | return out, 200, {'ContentType': 'application/json'} |
| 84 | |
| 85 | |
| 86 | images_allowed_file_names = [".jpg", ".jpeg", ".png"] |