ManuelW/MikaList
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add user editing and deletion functionality for admins

Browse Source
This commit is contained in:
Manuel Weiser 2024-09-02 11:12:18 +02:00
parent fb301ab9a7
commit 1a90920cd3
1 changed files with 24 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
game_collection/user_management.py
View File

@ -70,3 +70,27 @@ def get_users():
'role': user.role, 'role': user.role,
'last_login': user.last_login 'last_login': user.last_login
} for user in users]) } for user in users])
@user_bp.route('/users/<int:user_id>', methods=['PUT'])
def edit_user(user_id):
if not authenticate() or g.user.role != 'admin':
return jsonify({'message': 'Unauthorized access! Only admins can edit users.'}), 401
data = request.json
user = User.query.get(user_id)
if not user:
return jsonify({'message': 'User not found!'}), 404
user.username = data.get('username', user.username)
user.role = data.get('role', user.role)
db.session.commit()
return jsonify({'message': 'User updated!'}), 200
@user_bp.route('/users/<int:user_id>', methods=['DELETE'])
def delete_user(user_id):
if not authenticate() or g.user.role != 'admin':
return jsonify({'message': 'Unauthorized access! Only admins can delete users.'}), 401
user = User.query.get(user_id)
if not user:
return jsonify({'message': 'User not found!'}), 404
db.session.delete(user)
db.session.commit()
return jsonify({'message': 'User deleted!'}), 200