From 1a90920cd3d3eb3a178cd1c3dea5c446b130b5ab Mon Sep 17 00:00:00 2001 From: "Manuel Weiser (aider)" Date: Mon, 2 Sep 2024 11:12:18 +0200 Subject: [PATCH] feat: add user editing and deletion functionality for admins --- game_collection/user_management.py | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/game_collection/user_management.py b/game_collection/user_management.py index 44e861e..0e5dc6a 100644 --- a/game_collection/user_management.py +++ b/game_collection/user_management.py @@ -70,3 +70,27 @@ def get_users(): 'role': user.role, 'last_login': user.last_login } for user in users]) + +@user_bp.route('/users/', methods=['PUT']) +def edit_user(user_id): + if not authenticate() or g.user.role != 'admin': + return jsonify({'message': 'Unauthorized access! Only admins can edit users.'}), 401 + data = request.json + user = User.query.get(user_id) + if not user: + return jsonify({'message': 'User not found!'}), 404 + user.username = data.get('username', user.username) + user.role = data.get('role', user.role) + db.session.commit() + return jsonify({'message': 'User updated!'}), 200 + +@user_bp.route('/users/', methods=['DELETE']) +def delete_user(user_id): + if not authenticate() or g.user.role != 'admin': + return jsonify({'message': 'Unauthorized access! Only admins can delete users.'}), 401 + user = User.query.get(user_id) + if not user: + return jsonify({'message': 'User not found!'}), 404 + db.session.delete(user) + db.session.commit() + return jsonify({'message': 'User deleted!'}), 200