def update(id): collection = get_collection(id, authz.WRITE) data = request_data() validate(data, collections_schema) collection.title = data.get('title') session.add(collection) update_subjects(collection, data) session.commit() return jsonify({'status': 'ok', 'data': collection})
def create(): authz.require(authz.logged_in()) data = request_data() validate(data, collections_schema) collection = Collection() collection.title = data.get('title') session.add(collection) update_subjects(collection, data) session.flush() permission = Permission() permission.resource_id = collection.id permission.resource_type = Permission.COLLECTION permission.read = True permission.write = True permission.role_id = request.auth_user session.add(permission) session.commit() return jsonify({'status': 'ok', 'data': collection}, status=201)