Esempio n. 1
0
def update_annotation(id):
    annotation = Annotation.get(id)

    if not annotation:
        return jsonify('Annotation not found. No update performed.', status=404)

    elif request.json and authorize(annotation, 'update', get_current_userid()):
        updated = Annotation.from_dict(request.json)
        if updated.permissions != annotation.permissions:
            if not authorize(annotation, ACTION.ADMIN, get_current_userid()):
                return jsonify('Could not authorise request (permissions change). No update performed', status=401)
        updated.save()
        return jsonify(updated.to_dict())
    else:
        return jsonify('Could not authorise request. No update performed', status=401)
Esempio n. 2
0
def read_annotation(id):
    annotation = Annotation.get(id)

    if not annotation:
        return jsonify('Annotation not found.', status=404)
    elif authorize(annotation, 'read', get_current_userid()):
        return jsonify(annotation.to_dict())
    else:
        return jsonify('Could not authorise request. Read not allowed', status=401)
Esempio n. 3
0
def delete_annotation(id):
    annotation = Annotation.get(id)

    if not annotation:
        return jsonify('Annotation not found. No delete performed.', status=404)

    elif authorize(annotation, 'delete', get_current_userid()):
        annotation.delete()
        return None, 204

    else:
        return jsonify('Could not authorise request. No update performed', status=401)
Esempio n. 4
0
def index():
    annotations = [anno.to_dict() for anno in Annotation.search() if authorize(anno, 'read', get_current_userid())]
    return jsonify(annotations)