Пример #1
0
def check_post(id, check_author=True):
    """Get a post and its author by id.

    Checks that the id exists and optionally that the current user is
    the author.

    :param id: id of post to get
    :param check_author: require the current user to be the author
    :return: the post with author information
    :raise 404: if a post with the given id doesn't exist
    :raise 403: if the current user isn't the author
    """

    post = get_post(get_db(), id)

    if post is None:
        abort(404, "Post id {0} doesn't exist.".format(id))

    username = auth.username()
    user = get_user_by_username(get_db(), username)

    if not user:
        abort(403)

    if check_author and post["author_id"] != user["id"]:
        abort(403)

    return post
Пример #2
0
def get_post_by_id(id):

    post = get_post(get_db(), id)

    if post is None:
        abort(404)

    post = dict(post)

    return jsonify({'post': post})
Пример #3
0
def check_post(id):

    post = get_post(get_db(), id)

    if post is None:
        abort(404)

    if post["author_id"] != g.user["id"]:
        abort(403)

    return post
Пример #4
0
def new_post():

    if not request.json or not 'title' in request.json:
        abort(400)

    title = request.json['title']
    body = request.json.get('body', '')

    db = get_db()
    create_post(db, title, body, g.user['id'])

    last_id = get_last_id(db)[0]
    post = dict(get_post(db, last_id))

    return jsonify({'post': post}), 201
Пример #5
0
def upd_post(id):

    post = check_post(id)

    if not request.json:
        abort(400)

    if 'title' in request.json and not isinstance(request.json['title'], str):
        abort(400)

    if 'body' in request.json and not isinstance(request.json['body'], str):
        abort(400)

    title = request.json.get('title', post['title'])
    body = request.json.get('body', post['body'])

    db = get_db()
    update_post(db, title, body, id)

    post = dict(get_post(db, id))

    return jsonify({'post': post})
Пример #6
0
def check_post(id, check_author=True):
    """Get a post and its author by id.

    Checks that the id exists and optionally that the current user is
    the author.

    :param id: id of post to get
    :param check_author: require the current user to be the author
    :return: the post with author information
    :raise 404: if a post with the given id doesn't exist
    :raise 403: if the current user isn't the author
    """
    db = get_db()

    post = get_post(db, id)
    if not post:
        abort(404, "Post id {0} doesn't exist.".format(id))

    if check_author:
        if get_user_by_id(db, post['author_id']) != get_user_by_username(
                db, auth.username()):
            abort(403)

    return post