"""Routes for users."""
import os, security, json, utils
from bottle import Bottle, route, view, response, request, redirect

users = Bottle()

@users.route("/users")
@view("users")
@security.require_admin
def get_users():
    """Presents user with list of non-admin users and options to edit and
    delete."""
    users = utils.safejsonload(os.path.join("db", "users.json"))
    names = [ k for k, v in users.items() if not v["admin"] ]

    return dict(
        users = names,
    )

@users.post("/users")
@view("users")
@security.require_admin
def get_users():
    """Delete user from users.json if requested after validating it's not an
    admin."""
    path = os.path.join("db", "users.json")
    users = utils.safejsonload(path)
    action = request.forms.get("action").split("-")[0]
    username = "-".join(request.forms.get("action").split("-")[1:])

    # Delete user if requested (unless for some reason it's an admin)
    if action == "delete" and not users[username]["admin"]:
        users.pop(username)
        utils.safejsondump(users, path)

    redirect("/users") # Redirect to GET so back button doesn't resend