def create(slug):
project = object_or_404(Project.by_slug(slug))
authz.require(authz.project_manage(project))
data = request_data({'project': project})
permission = permissions.save(data)
db.session.commit()
return jsonify(permissions.to_rest(permission), status=201)
def update(slug, id):
project = object_or_404(Project.by_slug(slug))
authz.require(authz.project_manage(project))
permission = object_or_404(Permission.by_project_and_id(project, id))
data = request_data({'project': project})
permission = permissions.save(data, permission=permission)
db.session.commit()
return jsonify(permissions.to_rest(permission))
def view(slug, id):
project = object_or_404(Project.by_slug(slug))
permission = object_or_404(Permission.by_project_and_id(project, id))
authz.require(authz.project_manage(project) or request.account==permission.account)
return jsonify(permissions.to_rest(permission))