From 8e7c16dc29ebcda40a48b5c5bfda7852c5e7929a Mon Sep 17 00:00:00 2001
From: "Sachin S. Kamath" <sskamath96@gmail.com>
Date: Fri, 20 Oct 2017 20:21:36 +0530
Subject: [PATCH] Add user endpoint to pull users

Signed-off-by: Sachin S. Kamath <sskamath96@gmail.com>
---
 hodor/controllers/user.py | 28 +++++++++++++++++++---------
 hodor/models/user.py      |  1 +
 2 files changed, 20 insertions(+), 9 deletions(-)

diff --git a/hodor/controllers/user.py b/hodor/controllers/user.py
index 55655de..084cd2f 100644
--- a/hodor/controllers/user.py
+++ b/hodor/controllers/user.py
@@ -8,18 +8,29 @@ from sqlalchemy.exc import IntegrityError
 # Get all Users
 @app.route('/users', methods=['GET', 'POST'])
 def get_all_users():
-    response = {}
-    response['status'] = 200
-    response ['data'] = []
+    # TODO: Authentication for calling this API endpoint. Admin only.
     """
     This function iterates the database to find all users and returns it as JSON.
     :return: Response Code
     """
+    response = dict()
+    response['status'] = 200
+    response['data'] = []
+
+    for user in User.get_all():
+        current_user = dict()
+        '''
+        This can be done by directly dumping the dictionary but there's always a risk of data leak.
+        So, we pick what we need to give out out of the API.
+        '''
+        current_user['username'] = user.username
+        current_user['first_name'] = user.first_name
+        current_user['last_name'] = user.last_name
+        current_user['email'] = user.email
+        current_user['verified_account'] = user.verified_account
+        response['data'].append(current_user)
 
-    for ele in User.get_all():
-        user = ele.__dict__
-        print user
-    return 'Work in Progress'
+    return response
 
 
 @app.route('/users/new', methods=['GET', 'POST'])
@@ -37,11 +48,10 @@ def add_new_user():
             newuser['last_name'] = str(request.data.get('last_name').strip())
             newuser['email'] = str(request.data.get('email').strip())
             newuser['password'] = str(request.data.get('password').strip())
-            newuser['verification_code'] = str(request.data.get('verification_code').strip()) or newuser['verification_code']
+            newuser['verification_code'] = str(request.data.get('verification_code').strip())
         except Exception as e:
             print(e)
             abort(500)
-        print newuser
         user = User(**newuser)
         user.save()
     return make_response(jsonify(status=201, msg="User {} successfully added to database".format(user.username)), 201)
diff --git a/hodor/models/user.py b/hodor/models/user.py
index e637410..6b07ed7 100644
--- a/hodor/models/user.py
+++ b/hodor/models/user.py
@@ -12,6 +12,7 @@ class User(db.Model):
     first_name = db.Column(db.String(32), nullable=False)
     last_name = db.Column(db.String(32), nullable=False)
     email = db.Column(db.String(64), unique=True, nullable=False)
+    country = db.Column(db.String(64))
     '''PasswordType is an awesome function. To check for passwords later, 
         you can just do user['password'] == 'plaintext' for a boolean response.'''
     password = db.Column(PasswordType(
-- 
GitLab