add: markdown permission setting
improve: template
This commit is contained in:
@@ -1,12 +1,15 @@
|
||||
from flask import Blueprint, request, jsonify
|
||||
from sqlalchemy import or_
|
||||
from api import limiter
|
||||
from api import require_auth, etag_response
|
||||
from api import require_auth, etag_response, verify_token, is_user_admin
|
||||
from contexts.RequestContext import RequestContext
|
||||
from db import get_db
|
||||
from db.models.Markdown import Markdown
|
||||
from db.models.MarkdownSetting import MarkdownSetting
|
||||
from db.models.MarkdownPermissionSetting import MarkdownPermissionSetting
|
||||
from events import markdown_created, markdown_updated, markdown_deleted
|
||||
import api
|
||||
import env_provider
|
||||
import logging
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
@@ -54,10 +57,23 @@ def get_index(path_id):
|
||||
@limiter.limit(api.get_rate_limit)
|
||||
@etag_response
|
||||
def get_markdown(markdown_id):
|
||||
is_admin = is_user_admin()
|
||||
|
||||
with get_db() as session:
|
||||
markdown = session.query(Markdown).get(markdown_id)
|
||||
if markdown is None:
|
||||
return jsonify({"error": "file not found"}), 404
|
||||
|
||||
if not is_admin and markdown.setting_id is not None:
|
||||
setting = session.query(MarkdownSetting).get(markdown.setting_id)
|
||||
if setting and setting.permission_setting_id:
|
||||
permission_setting = session.query(MarkdownPermissionSetting).get(setting.permission_setting_id)
|
||||
if permission_setting:
|
||||
if permission_setting.permission == 'private':
|
||||
return jsonify({"msg": "permission denied"}), 403
|
||||
elif permission_setting.permission == 'protected':
|
||||
return jsonify({"msg": "permission denied"}), 203
|
||||
|
||||
return jsonify(markdown.to_dict()), 200
|
||||
|
||||
@markdown_bp.route('/', methods=['POST'])
|
||||
|
||||
Reference in New Issue
Block a user