def eventIdAction(id):
if request.method == 'DELETE':
try:
event = Event.get(Event.id == id)
event.delete_instance()
except DoesNotExist:
abort(404)
return jsonify(success=1)
elif request.method == 'PUT':
data = request.json
data['source'] = data['source']['id']
data['target'] = data['target']['id']
data.pop('type', None)
if data['source'] != current_user.id and current_user.elder == 0:
abort(403)
target = None
try:
target = User.get(User.id == data['target'])
except DoesNotExist:
abort(403)
if target.disabled and current_user.elder == 0:
abort(403)
data['amount'] = max(min(current_user.max_points, data['amount']), 1)
event = Event(**data)
event.save()
return jsonify(success=1)
abort(404)
def eventAction():
data = request.json
data.pop('id', None)
if data['target'] == current_user.id:
abort(403)
target = User()
try:
target = User.get(User.id == data['target'])
except DoesNotExist:
abort(403)
if target.disabled:
abort(403)
data['amount'] = max(min(current_user.max_points, int(data['amount'])), 1)
event = Event(**data)
event.source = current_user.id
event.add()
return jsonify(success=1)