Get a post and its author by id. Checks that the id exists and optionally that the current user is the author. :param id: id of post to get :param check_author: require the current user to be the author :return: the post with author information :raise 404: if a post with th
(id, check_author=True)
| 26 | |
| 27 | |
| 28 | def get_post(id, check_author=True): |
| 29 | class="st">"""Get a post and its author by id. |
| 30 | |
| 31 | Checks that the id exists and optionally that the current user is |
| 32 | the author. |
| 33 | |
| 34 | :param id: id of post to get |
| 35 | :param check_author: require the current user to be the author |
| 36 | :return: the post with author information |
| 37 | :raise 404: if a post with the given id doesn&class="cm">#x27;t exist |
| 38 | :raise 403: if the current user isn&class="cm">#x27;t the author |
| 39 | class="st">""" |
| 40 | post = ( |
| 41 | get_db() |
| 42 | .execute( |
| 43 | class="st">"SELECT p.id, title, body, created, author_id, username" |
| 44 | class="st">" FROM post p JOIN user u ON p.author_id = u.id" |
| 45 | class="st">" WHERE p.id = ?", |
| 46 | (id,), |
| 47 | ) |
| 48 | .fetchone() |
| 49 | ) |
| 50 | |
| 51 | if post is None: |
| 52 | abort(404, fclass="st">"Post id {id} doesn&class="cm">#x27;t exist.") |
| 53 | |
| 54 | if check_author and post[class="st">"author_id"] != g.user[class="st">"id"]: |
| 55 | abort(403) |
| 56 | |
| 57 | return post |
| 58 | |
| 59 | |
| 60 | @bp.route(class="st">"/create", methods=(class="st">"GET", class="st">"POST")) |