def update_annotation(id):
annotation = Annotation.get(id)
if not annotation:
return jsonify('Annotation not found. No update performed.', status=404)
elif request.json and authorize(annotation, 'update', get_current_userid()):
updated = Annotation.from_dict(request.json)
if updated.permissions != annotation.permissions:
if not authorize(annotation, ACTION.ADMIN, get_current_userid()):
return jsonify('Could not authorise request (permissions change). No update performed', status=401)
updated.save()
return jsonify(updated.to_dict())
else:
return jsonify('Could not authorise request. No update performed', status=401)
def read_annotation(id):
annotation = Annotation.get(id)
if not annotation:
return jsonify('Annotation not found.', status=404)
elif authorize(annotation, 'read', get_current_userid()):
return jsonify(annotation.to_dict())
else:
return jsonify('Could not authorise request. Read not allowed', status=401)
def delete_annotation(id):
annotation = Annotation.get(id)
if not annotation:
return jsonify('Annotation not found. No delete performed.', status=404)
elif authorize(annotation, 'delete', get_current_userid()):
annotation.delete()
return None, 204
else:
return jsonify('Could not authorise request. No update performed', status=401)
def index():
annotations = [anno.to_dict() for anno in Annotation.search() if authorize(anno, 'read', get_current_userid())]
return jsonify(annotations)
