Get a post and its author by id. Checks that the id exists and optionally that the current user is the author. :param id: id of post to get :param check_author: require the current user to be the author :return: the post with author information :raise 404: if a post with th
(id, check_author=True)
| 26 | |
| 27 | |
| 28 | def get_post(id, check_author=True): |
| 29 | """Get a post and its author by id. |
| 30 | |
| 31 | Checks that the id exists and optionally that the current user is |
| 32 | the author. |
| 33 | |
| 34 | :param id: id of post to get |
| 35 | :param check_author: require the current user to be the author |
| 36 | :return: the post with author information |
| 37 | :raise 404: if a post with the given id doesn't exist |
| 38 | :raise 403: if the current user isn't the author |
| 39 | """ |
| 40 | post = ( |
| 41 | get_db() |
| 42 | .execute( |
| 43 | "SELECT p.id, title, body, created, author_id, username" |
| 44 | " FROM post p JOIN user u ON p.author_id = u.id" |
| 45 | " WHERE p.id = ?", |
| 46 | (id,), |
| 47 | ) |
| 48 | .fetchone() |
| 49 | ) |
| 50 | |
| 51 | if post is None: |
| 52 | abort(404, f"Post id {id} doesn't exist.") |
| 53 | |
| 54 | if check_author and post["author_id"] != g.user["id"]: |
| 55 | abort(403) |
| 56 | |
| 57 | return post |
| 58 | |
| 59 | |
| 60 | @bp.route("/create", methods=("GET", "POST")) |