def update(hearing_id, comment_id):
if not (
current_user.is_authenticated() and
(current_user.is_official or current_user.is_admin)
):
abort(401)
Hearing.query.get_or_404(hearing_id)
comment = Comment.query.get_or_404(comment_id)
if not request.get_json() or is_spam(request.get_json()):
abort(400)
schema = CommentSchema(
only=('title', 'body', 'username', 'is_hidden')
)
data, errors = schema.load(request.get_json())
if errors:
return jsonify({'error': errors}), 400
comment.title = data['title']
comment.body = data['body']
comment.username = data['username']
comment.is_hidden = data['is_hidden']
comment.updated_at = datetime.utcnow()
db.session.commit()
serialized = CommentSchema(
comment,
exclude=('object_type', 'object_id')
)
return jsonify({'comment': serialized.data}), 200
def create(hearing_id):
hearing = Hearing.query.get_or_404(hearing_id)
schema = CommentSchema()
data, errors = schema.load(request.get_json())
if errors:
return jsonify({'error': errors}), 400
if not hearing.is_open:
return jsonify({'error': 'The hearing is no longer open.'}), 400
if is_spam(request.get_json()):
abort(400)
commented_object = (
COMMENTABLE_TYPES[data['object_type']].query
.get(int(data['object_id']))
)
if not commented_object:
return jsonify(
{'error': 'The target of this comment was not found.'}
), 400
# TODO: Check that the commented object belongs to the hearing.
comment = Comment(
title=data['title'],
body=data['body'],
username=data['username']
)
setattr(comment, data['object_type'], commented_object)
db.session.add(comment)
db.session.commit()
return jsonify({'comments': CommentSchema(comment).data}), 201
