def delete_entry(entry_id): if not is_logged_in(): return 'User is not logged in; creator_id is not set' db = Database() db_entry = db.get_entry(entry_id) if db_entry['creator_id'] == get_current_user_id( ) or db.is_user_id_administrator(get_current_user_id()): db.disable_entry(entry_id) else: return "Invalid permissions" return redirect_to_referrer()
def modify_entry(entry_id): if not is_logged_in(): return 'User is not logged in; creator_id is not set' if not is_current_session_set(): return 'Session_id is not set' db = Database() db_entry = db.get_entry(entry_id) if db_entry['creator_id'] == get_current_user_id( ) or db.is_user_id_administrator(get_current_user_id()): new_value = request.data.decode('utf-8') db.update_entry(entry_id, new_value) return "OK" # clear entry_option_id # clear category_id?? # update user id?? (if admin changed it) else: return "Invalid permissions"