def delete(slug, id): project = object_or_404(Project.by_slug(slug)) authz.require(authz.project_manage(project)) permission = object_or_404(Permission.by_project_and_id(project, id)) permissions.delete(permission) db.session.commit() raise Gone()
def update(slug, id): project = object_or_404(Project.by_slug(slug)) authz.require(authz.project_manage(project)) permission = object_or_404(Permission.by_project_and_id(project, id)) data = request_data({'project': project}) permission = permissions.save(data, permission=permission) db.session.commit() return jsonify(permission)
def view(slug, id): project = object_or_404(Project.by_slug(slug)) permission = object_or_404(Permission.by_project_and_id(project, id)) authz.require(authz.project_manage(project) or request.account == permission.account) return jsonify(permission)
def view(slug, id): project = object_or_404(Project.by_slug(slug)) permission = object_or_404(Permission.by_project_and_id(project, id)) authz.require( authz.project_manage(project) or request.account == permission.account) return jsonify(permission)