def update_note():
params = request.form
body = params.get('body', None)
is_private = to_bool_or_none(params.get('isPrivate', False))
note_id = params.get('id', None)
subject = params.get('subject', None)
topics = get_note_topics_from_http_post()
note = Note.find_by_id(note_id=note_id) if note_id else None
if not note:
raise ResourceNotFoundError('Note not found')
if not subject:
raise BadRequestError('Note subject is required')
if note.author_uid != current_user.get_uid():
raise ForbiddenRequestError(
'Sorry, you are not the author of this note.')
if (is_private is not note.is_private
) and not current_user.can_access_private_notes:
raise ForbiddenRequestError(
'Sorry, you are not authorized to manage note privacy')
note = Note.update(
body=process_input_from_rich_text_editor(body),
is_private=is_private,
note_id=note_id,
subject=subject,
topics=topics,
)
note_read = NoteRead.find_or_create(current_user.get_id(), note_id)
return tolerant_jsonify(
_boa_note_to_compatible_json(note=note, note_read=note_read))
def test_admin_delete(self, client, fake_auth, mock_coe_advising_note):
"""Admin can delete another user's note."""
original_count_per_sid = len(Note.get_notes_by_sid(mock_coe_advising_note.sid))
fake_auth.login(admin_uid)
note_id = mock_coe_advising_note.id
response = client.delete(f'/api/notes/delete/{note_id}')
assert response.status_code == 200
assert not Note.find_by_id(note_id)
assert 1 == original_count_per_sid - len(Note.get_notes_by_sid(mock_coe_advising_note.sid))
assert not Note.update(note_id=note_id, subject='Deleted note cannot be updated')
def update_note():
params = request.form
note_id = params.get('id', None)
subject = params.get('subject', None)
body = params.get('body', None)
topics = get_note_topics_from_http_post()
if not note_id or not subject:
raise BadRequestError('Note requires \'id\' and \'subject\'')
if Note.find_by_id(note_id=note_id).author_uid != current_user.get_uid():
raise ForbiddenRequestError('Sorry, you are not the author of this note.')
note = Note.update(
note_id=note_id,
subject=subject,
body=process_input_from_rich_text_editor(body),
topics=topics,
)
note_read = NoteRead.find_or_create(current_user.get_id(), note_id)
return tolerant_jsonify(_boa_note_to_compatible_json(note=note, note_read=note_read))
def update_note():
params = request.form
note_id = params.get('id', None)
subject = params.get('subject', None)
body = params.get('body', None)
topics = _get_topics(params)
delete_ids_ = params.get('deleteAttachmentIds') or []
delete_ids_ = delete_ids_ if isinstance(delete_ids_, list) else str(delete_ids_).split(',')
delete_attachment_ids = [int(id_) for id_ in delete_ids_]
if not note_id or not subject:
raise BadRequestError('Note requires \'id\' and \'subject\'')
if Note.find_by_id(note_id=note_id).author_uid != current_user.get_uid():
raise ForbiddenRequestError('Sorry, you are not the author of this note.')
note = Note.update(
note_id=note_id,
subject=subject,
body=process_input_from_rich_text_editor(body),
topics=topics,
attachments=_get_attachments(request.files, tolerate_none=True),
delete_attachment_ids=delete_attachment_ids,
)
note_read = NoteRead.find_or_create(current_user.get_id(), note_id)
return tolerant_jsonify(_boa_note_to_compatible_json(note=note, note_read=note_read))