def post_edit_get(post_id):
p = post.get_by_id(post_id)
if p is None:
return abort(404)
usr = current_user._get_current_object()
if p.author.id != usr.id:
return abort(401)
return render_template('decanter/admin/post_edit.html', post_id=post_id)
def post_read_instance_by_id(post_id):
usr = current_user._get_current_object()
add_fields = list()
if not isinstance(usr, AnonymousUser):
add_fields.extend(['draft'])
p = post.get_by_id(post_id)
if not p:
return abort(404)
return json_response(p.serialize(add_fields=add_fields), 200)
def post_update_by_id(post_id):
usr = current_user._get_current_object()
data = request.json
pid = data.get('id', None)
if pid is None or pid != post_id:
return abort(400)
p = post.get_by_id(pid)
if not p:
msg = 'Unknown post id: %s' % pid
raise ObjectNotFoundError(msg)
return update(usr, p, data)
