add some posts route annotations

2026-04-20 13:22:41 +03:00
parent f1931c76e6
commit a2ceaa0966
1 changed files with 38 additions and 1 deletions
--- a/app/routes/posts.py
+++ b/app/routes/posts.py
@@ -1,7 +1,44 @@
-from flask import Blueprint
+from flask import Blueprint, abort
+from functools import wraps
+from ..auth import login_required, get_active_user
+from ..models import Posts

 bp = Blueprint('posts', __name__, url_prefix='/posts/')

+def ownership_required(view_func):
+    @wraps(view_func)
+    def wrapper(*args, **kwargs):
+        post = Posts.find({'id': kwargs.get('post_id', None)})
+        if not post:
+            abort(404)
+
+        if post.user_id != get_active_user().id:
+            abort(403)
+
+        return view_func(*args, **kwargs)
+    return wrapper
+
+def ownership_or_mod_required(view_func):
+    @wraps(view_func)
+    def wrapper(*args, **kwargs):
+        post = Posts.find({'id': kwargs.get('post_id', None)})
+        if not post:
+            abort(404)
+
+        if post.user_id != get_active_user().id and not get_active_user().is_mod():
+            abort(403)
+
+        return view_func(*args, **kwargs)
+    return wrapper
+
@bp.get('/<int:post_id>/edit/')
+@login_required
+@ownership_required
 def edit(post_id):
    return 'stub'
+
+@bp.get('/<int:post_id>/delete/')
+@login_required
+@ownership_or_mod_required
+def delete(post_id):
+    return 'stub'