def delete_note(id):
note = Note.find_by_id(id)
not_exists(note)
not_authorized(note.folder.author.name)
db.session.delete(note)
db.session.commit()
return {'message': 'Operation success'}, 201
def edit_note(id, data):
note = Note.find_by_id(id)
not_exists(note)
not_authorized(note.folder.author.name)
if data.get('title'):
if Note.find_by_title(data['title']):
abort(409, 'Title exists')
note.title = data['title']
if data.get('body'):
note.body = data['body']
db.session.commit()
return {'message': 'Operation Success'}, 200
def read_note(id):
note = Note.find_by_id(id)
not_exists(note)
owner = note.folder.author
reader = User.find_by_username(get_jwt_identity())
if note.folder.privacy.name == 'Secret':
not_authorized(note.folder.author.name)
if note.folder.privacy.name == 'Contact' and owner not in reader.followed:
abort(401, 'You don\'t have access to this file')
note_dict = to_dict(note)
note_dict['privacy'] = note.folder.privacy.name
note_dict['author'] = note.folder.author.name
return note_dict