def api_delete_post(post_id): p = Post.get_by_id(post_id) if p is None: return standardize_json({}, 'notfound') if g.athena not in moderators: return standardize_json({}, 'notauthorized') p.is_visible = False p.been_moderated = True save_all_changes() return standardize_json({})
def api_update_post(post_id): p = Post.get_by_id(post_id) if p is None: return standardize_json({}, 'notfound') # most of this function requires moderation bits, and it is highly limited in what it can update if g.athena not in moderators and g.athena != p.author: return standardize_json({}, 'notauthorized') if 'replies' in request.form: p.replies_enabled = request.form['replies'] == 'true' # if actor isn't a moderator, no effect! same for passing in random garbage if g.athena in moderators: if 'sticky' in request.form: p.sticky = request.form['sticky'] == 'true' if 'visible' in request.form: p.is_visible = request.form['visible'] == 'true' if 'moderated' in request.form: p.been_moderated = request.form['moderated'] == 'true' save_all_changes() return standardize_json({})