def user_login(): if request.method == 'POST': try: description = request.values.get('description') creater_user_id = request.values.get('user_id') if not description: return json.dumps({'error':'discription_IS_MANDOTRY','status':0}) if not creater_user_id: return json.dumps({'error':'PLS_GIVE_CURRENT_USER_ID','status':0}) q = Notes(description=description,creater_user_id=creater_user_id) db.session.add(q) db.session.commit() js={'status':1,'message':'notes created successfully!!'} return json.dumps(js) except Exception as e: print "==SOMETHING WENT WRONG!!",str(e) return json.dumps({'error':'SOMETHING_WENT_WRONG_IN_POSTING_NOTES','status':0}) elif request.method == 'GET': # get all the notes result_set_data=[] q = db.session.query(Notes.description,User.user_firstname,User.id.label('Creator_user_id')) q = q.join(User,Notes.creater_user_id == User.id) q = q.filter(User.status == 'A').all() if q: result_set_data = [u._asdict() for u in q] return json.dumps({'status':1,'data':result_set_data}) elif request.method == 'PUT': #get user id and notes id of the person editing the notes user_id = request.values.get('user_id') notes_id = request.values.get('notes_id') print "==notes_id",notes_id if not user_id: return json.dumps({'error':'user_id_IS_MANDOTRY_FOR_UPDATING RECORDS','status':0}) elif not notes_id: return json.dumps({'error':'notes_id_IS_MANDOTRY_FOR_UPDATING RECORDS','status':0}) # check whether the user has right to change the note if validate_access_for_notes(user_id=user_id,notes_id=notes_id,action='UPDATE'): description = request.values.get('description') if not description: return json.dumps({'error':'discription_IS_MANDOTRY','status':0}) q = db.session.query(Notes).filter(Notes.id == notes_id).update({ 'description':description }) db.session.commit() return json.dumps({'status':1,'message':'notes updated successfully!!'}) else: return json.dumps({'status':0,'error':'ACCESS_DENIED'}) else: return json.dumps({'error':'UNAUTHORISED_METHOD_FOR_ACCESS','status':0})