def edit():
"""
POST /comic/edit/:id
Updates comic details.
"""
comic = get_or_404(db.comic, request.args(0))
# Ensure the user owns this comic
if not comic_helpers.user_can_edit(db, comic.id, auth.user.id):
flash_and_redirect_back('danger', 'You cannot edit a comic you did not create.')
form = ComicForm(comic)
if form.process().accepted:
flash('info', 'Comic updated successfully.', comic.url)
elif form.form.errors:
flash('danger', 'Form has errors.')
return {
'form': form.form,
'comic': comic,
'owner': auth.user,
}
def view():
"""
GET /comic/view/:id
Views the details for a specific comic.
"""
comic = get_or_404(db.comic, request.args(0))
# Ensure that the user either owns the comic or that it belongs to a public box
user_id = auth.user.id if auth.is_logged_in() else 0
if not comic_helpers.user_can_view(db, comic.id, user_id):
raise HTTP(404)
available_boxes = db(db.box.owner == user_id).select()
return {
'comic': comic,
'boxes': db(db.comicbox.comic == comic.id)(db.box.id == db.comicbox.box)(
(db.box.private == False) | (db.box.owner == user_id)).select(db.box.ALL),
'artists': db(db.comicartist.comic == comic.id)(db.artist.id == db.comicartist.artist).select(db.artist.ALL),
'writers': db(db.comicwriter.comic == comic.id)(db.writer.id == db.comicwriter.writer).select(db.writer.ALL),
'owner': db(db.comicbox.comic == comic.id)(db.box.id == db.comicbox.box)(
db.auth_user.id == db.box.owner).select(db.auth_user.ALL).first(),
'can_edit': comic_helpers.user_can_edit(db, comic.id, user_id),
'available_boxes': available_boxes
}
def delete():
"""
POST /comic/delete/:id
Deletes a comic.
"""
comic = get_or_404(db.comic, request.args(0))
if not comic_helpers.user_can_edit(db, comic.id, auth.user.id):
flash_and_redirect_back('danger', 'You cannot delete a comic you did not create.')
comic.delete_record()
flash_and_redirect_back('info', 'Deleted %s.' % comic.full_name,
default=URL('collection', 'view', args=[auth.user.id]),
avoid='/comic/view')