manage markdowns by path

api/path.py

@@ -0,0 +1,86 @@
+from flask import Blueprint, request, jsonify
+from api import require_auth
+from db import get_db
+from db.models.Markdown import Markdown
+from db.models.Path import Path
+from api import limiter
+import logging
+logger = logging.getLogger(__name__)
+
+path_bp = Blueprint('path', __name__, url_prefix='/api/path')
+
+@path_bp.route('/', methods=['GET'])
+@limiter.limit('5 per minute')
+def get_root_paths():
+    with get_db() as db:
+        paths = db.query(Path).filter(Path.parent_id == 0)
+        return jsonify([pth.to_dict() for pth in paths]), 200
+
+@path_bp.route('/<int:path_id>', methods=['GET'])
+@limiter.limit('5 per minute')
+def get_path(path_id):
+    with get_db() as db:
+        path = db.query(Path).get(path_id)
+        if path is None:
+            return jsonify({"error": "file not found"}), 404
+        return jsonify(path.to_dict()), 200
+
+@path_bp.route('/parent/<int:parent_id>', methods=['GET'])
+@limiter.limit('5 per minute')
+def get_path_by_parent(parent_id):
+    with get_db() as db:
+        paths = db.query(Path).filter(Path.parent_id == parent_id).all()
+        return jsonify([pth.to_dict() for pth in paths]), 200
+
+@path_bp.route('/', methods=['POST'])
+@limiter.limit('60 per minute')
+@require_auth(roles=['admin', 'creator'])
+def create_path():
+    data = request.json
+    if not data or 'name' not in data or 'parent_id' not in data:
+        return jsonify({"error": "bad request"}), 400
+    with get_db() as db:
+        if data['parent_id'] != 0 and not db.query(Path).get(data['parent_id']):
+            return jsonify({"error": "path not found"}), 404
+        if db.query(Path).filter_by(name=data['name'], parent_id=data['parent_id']).first():
+            return jsonify({"error": "Path already exists under the parent"}), 409
+
+        new_path = Path(name=data['name'], parent_id=data['parent_id'])
+        db.add(new_path)
+        db.commit()
+        return jsonify(new_path.to_dict()), 201
+
+@path_bp.route('/<int:path_id>', methods=['PUT'])
+@limiter.limit('30 per minute')
+@require_auth(roles=['admin'])
+def update_path(path_id):
+    data = request.json
+    if not data or 'name' not in data or 'parent_id' not in data:
+        return jsonify({"error": "bad request"}), 400
+    with get_db() as db:
+        path = db.query(Path).get(path_id)
+        if path is None:
+            return jsonify({"error": "path not found"}), 404
+        if db.query(Path).filter_by(name=data['name'], parent_id=data['parent_id']).first():
+            return jsonify({"error": "Path already exists under the parent"}), 409
+        path.name = data['name']
+        path.parent_id = data['parent_id']
+        db.commit()
+        return jsonify(path.to_dict()), 200
+
+@path_bp.route('/<int:path_id>', methods=['DELETE'])
+@limiter.limit('60 per minute')
+@require_auth(roles=['admin'])
+def delete_path(path_id):
+    with get_db() as db:
+        path = db.query(Path).get(path_id)
+        if not path:
+            return jsonify({"error": "path not found"}), 404
+        if db.query(Path).filter_by(parent_id=path_id).first():
+            return jsonify({"error": "can not delete non empty path"}), 409
+        if db.query(Markdown).filter_by(path_id=path_id).first():
+            return jsonify({"error": "can not delete non empty path"}), 409
+        db.delete(path)
+        db.commit()
+        return jsonify({"message": "path deleted"}), 200
+