def post_edit_get(post_id): p = post.get_by_id(post_id) if p is None: return abort(404) usr = current_user._get_current_object() if p.author.id != usr.id: return abort(401) return render_template('decanter/admin/post_edit.html', post_id=post_id)
def post_read_instance_by_id(post_id): usr = current_user._get_current_object() add_fields = list() if not isinstance(usr, AnonymousUser): add_fields.extend(['draft']) p = post.get_by_id(post_id) if not p: return abort(404) return json_response(p.serialize(add_fields=add_fields), 200)
def post_update_by_id(post_id): usr = current_user._get_current_object() data = request.json pid = data.get('id', None) if pid is None or pid != post_id: return abort(400) p = post.get_by_id(pid) if not p: msg = 'Unknown post id: %s' % pid raise ObjectNotFoundError(msg) return update(usr, p, data)