def update(document_id):
document = get_document(document_id, action=request.authz.WRITE)
data = request_data()
document.update(data)
db.session.commit()
log_event(request, document_id=document.id)
update_document(document)
return view(document_id)
def update_collections(document_id):
document = get_document(document_id)
data = request_data()
if not isinstance(data, list) or \
False in [isinstance(d, int) for d in data]:
raise BadRequest()
document.update_collections(data, writeable=authz.collections(authz.WRITE))
db.session.commit()
log_event(request, document_id=document.id)
update_document(document)
return view_collections(document_id)
def update_collections(document_id):
document = get_document(document_id)
data = request_data()
if not isinstance(data, list) or \
False in [isinstance(d, int) for d in data]:
raise BadRequest()
document.update_collections(data, writeable=authz.collections(authz.WRITE))
db.session.commit()
log_event(request, document_id=document.id)
update_document(document)
return view_collections(document_id)
def update(document_id):
document = get_document(document_id)
# This is a special requirement for documents, so
# they cannot escalate privs:
authz.require(authz.collection_write(document.source_collection_id))
data = request_data()
document.update(data, writeable=authz.collections(authz.WRITE))
db.session.commit()
log_event(request, document_id=document.id)
update_document(document)
return view(document_id)
def update(document_id):
document = get_document(document_id)
# This is a special requirement for documents, so
# they cannot escalate privs:
authz.require(authz.collection_write(document.source_collection_id))
data = request_data()
document.update(data, writeable=authz.collections(authz.WRITE))
db.session.commit()
log_event(request, document_id=document.id)
update_document(document)
return view(document_id)
