def delete(self, request): user_id = request.session.get("user_id") if user_id is None: return ErrorResponse(401, "Login first") form = JsonForm(request.json, ("article_id", )) if not form.is_valid(): return form.error_resp() session = Session() article = get_by_pk(session, Article, form.article_id) if article is None: return ErrorResponse(404, "Article not found.") if article.author_id != user_id: return ErrorResponse(403, "The article is not belong to you.") session.delete(article) session.commit() return JsonResponse({})
def post(self, request): action = request.POST.get("action") article_id = request.POST.get("article_id") user_id = request.session.get("user_id") if action and article_id and user_id: session = Session() article = session.query(Article).filter_by( id=article_id).one_or_none() if article is None: return HttpResponse("article not exist") if article.author_id != user_id: return HttpResponse("article is not belong to you") if action == "DELETE": session.delete(article) session.commit() return redirect("article-list") else: pass else: return redirect('article-list')