from flask import jsonify, request import api from api import etag_response, limiter, require_auth from api.setting import setting_bp from db import get_db from db.models.MarkdownPermissionSetting import MarkdownPermissionSetting @setting_bp.route('/markdown/permission//', methods=['GET']) @etag_response @limiter.limit(api.get_rate_limit) def get_permission_setting(setting_id): with get_db() as session: setting = session.query(MarkdownPermissionSetting).get(setting_id) if not setting: return jsonify({}), 204 return jsonify(setting.to_dict()), 200 @setting_bp.route('/markdown/permission/', methods=['POST']) @require_auth(roles=['admin']) def create_permission_setting(): data = request.json permission = data.get('permission') new_setting = MarkdownPermissionSetting(permission=permission) with get_db() as session: session.add(new_setting) session.commit() return jsonify(new_setting.to_dict()), 201 @setting_bp.route('/markdown/permission/', methods=['PUT', 'PATCH']) @require_auth(roles=['admin']) def update_permission_setting(setting_id): with get_db() as session: setting = session.get(MarkdownPermissionSetting, setting_id) if setting is None: return jsonify({"error": "permission setting not found"}), 404 data = request.json if request.method == 'PUT': setting.permission = data.get('permission') elif request.method == 'PATCH': if 'permission' in data: setting.permission = data.get('permission') session.commit() return jsonify(setting.to_dict()), 200 @setting_bp.route('/markdown/permission/', methods=['DELETE']) @require_auth(roles=['admin']) def delete_permission_setting(setting_id): with get_db() as session: setting = session.get(MarkdownPermissionSetting, setting_id) st = setting.to_dict() session.delete(setting) session.commit() return jsonify(st), 200