def update(hearing_id, comment_id): if not ( current_user.is_authenticated() and (current_user.is_official or current_user.is_admin) ): abort(401) Hearing.query.get_or_404(hearing_id) comment = Comment.query.get_or_404(comment_id) if not request.get_json() or is_spam(request.get_json()): abort(400) schema = CommentSchema( only=('title', 'body', 'username', 'is_hidden') ) data, errors = schema.load(request.get_json()) if errors: return jsonify({'error': errors}), 400 comment.title = data['title'] comment.body = data['body'] comment.username = data['username'] comment.is_hidden = data['is_hidden'] comment.updated_at = datetime.utcnow() db.session.commit() serialized = CommentSchema( comment, exclude=('object_type', 'object_id') ) return jsonify({'comment': serialized.data}), 200
def create(hearing_id): hearing = Hearing.query.get_or_404(hearing_id) schema = CommentSchema() data, errors = schema.load(request.get_json()) if errors: return jsonify({'error': errors}), 400 if not hearing.is_open: return jsonify({'error': 'The hearing is no longer open.'}), 400 if is_spam(request.get_json()): abort(400) commented_object = ( COMMENTABLE_TYPES[data['object_type']].query .get(int(data['object_id'])) ) if not commented_object: return jsonify( {'error': 'The target of this comment was not found.'} ), 400 # TODO: Check that the commented object belongs to the hearing. comment = Comment( title=data['title'], body=data['body'], username=data['username'] ) setattr(comment, data['object_type'], commented_object) db.session.add(comment) db.session.commit() return jsonify({'comments': CommentSchema(comment).data}), 201