def update(document_id): document = get_document(document_id, action=request.authz.WRITE) data = request_data() document.update(data) db.session.commit() log_event(request, document_id=document.id) update_document(document) return view(document_id)
def update_collections(document_id): document = get_document(document_id) data = request_data() if not isinstance(data, list) or \ False in [isinstance(d, int) for d in data]: raise BadRequest() document.update_collections(data, writeable=authz.collections(authz.WRITE)) db.session.commit() log_event(request, document_id=document.id) update_document(document) return view_collections(document_id)
def update(document_id): document = get_document(document_id) # This is a special requirement for documents, so # they cannot escalate privs: authz.require(authz.collection_write(document.source_collection_id)) data = request_data() document.update(data, writeable=authz.collections(authz.WRITE)) db.session.commit() log_event(request, document_id=document.id) update_document(document) return view(document_id)