def delete(self, order_uuid):
""" Delete a specific order. """
try:
obj = Order.get(uuid=str(order_uuid))
except Order.DoesNotExist:
return None, NOT_FOUND
# get the user from the flask.g global object registered inside the
# auth.py::verify() function, called by @auth.login_required decorator
# and match it against the found user.
# This is to prevent users from deleting other users' account.
if auth.current_user != obj.user and auth.current_user.admin is False:
return ({'message': "You can't delete another user's order"},
UNAUTHORIZED)
obj.delete_instance(recursive=True)
return None, NO_CONTENT
评论列表
文章目录
