def new_article(): article = Article.from_dict(request.json) article.author = g.current_user db.session.add(article) db.session.commit() return ( jsonify(article.to_dict()), 201, {'Location': url_for('api.get_article', id=article.id, _external=True)} )
def edit_article(id): article = Article.query.get(id) if not article: return not_found(_('The article not exists')) if g.current_user != article.author and \ not g.current_user.can(Permission.MODERATE_ARTICLE): return forbidden('permission denied') article = Article.from_dict(request.json) db.session.add(article) db.session.commit() return jsonify(article.to_dict())