diff options
| -rw-r--r-- | backend/routes/forms/form.py | 39 |
1 files changed, 37 insertions, 2 deletions
diff --git a/backend/routes/forms/form.py b/backend/routes/forms/form.py index c953135..b87c7cf 100644 --- a/backend/routes/forms/form.py +++ b/backend/routes/forms/form.py @@ -1,6 +1,7 @@ """ -Returns or deletes a single form given an ID. +Returns, updates or deletes a single form given an ID. """ +from pydantic import ValidationError from spectree.response import Response from starlette.authentication import requires from starlette.requests import Request @@ -13,7 +14,7 @@ from backend.validation import OkayResponse, api, ErrorMessage class SingleForm(Route): """ - Returns or deletes a single form given an ID. + Returns, updates or deletes a single form given an ID. Returns all fields for admins, otherwise only public fields. """ @@ -41,6 +42,40 @@ class SingleForm(Route): @requires(["authenticated", "admin"]) @api.validate( + resp=Response( + HTTP_200=OkayResponse, + HTTP_400=ErrorMessage, + HTTP_404=ErrorMessage + ), + tags=["forms"] + ) + async def patch(self, request: Request) -> JSONResponse: + """Updates form by ID.""" + data = await request.json() + + if raw_form := await request.state.db.forms.find_one( + {"_id": request.path_params["form_id"]} + ): + if "_id" in data or "id" in data: + return JSONResponse({"error": "locked_field"}, status_code=400) + + raw_form.update(data) + try: + form = Form(**raw_form) + except ValidationError as e: + return JSONResponse(e.errors(), status_code=422) + + await request.state.db.forms.replace_one( + {"_id": request.path_params["form_id"]}, + form.dict() + ) + + return JSONResponse(form.dict()) + else: + return JSONResponse({"error": "not_found"}, status_code=404) + + @requires(["authenticated", "admin"]) + @api.validate( resp=Response(HTTP_200=OkayResponse, HTTP_404=ErrorMessage), tags=["forms"] ) |