def client_delete(key):
client = Client.query.filter_by(key=key).first_or_404()
if not client.owner_is(g.user):
abort(403)
return render_delete(client, title="Confirm delete", message="Delete application '%s'? " % client.title,
success="You have deleted application '%s' and all its associated permissions and resources" % client.title,
next=url_for('client_list'))
def permission_delete(id):
perm = Permission.query.get_or_404(id)
if not perm.owner_is(g.user):
abort(403)
return render_delete(perm, title="Confirm delete", message="Delete permission %s?" % perm.name,
success="Your permission has been deleted",
next=url_for('permission_list'))
def remove_phone(number):
userphone = UserPhone.query.filter_by(phone=number, user=g.user).first()
if userphone is None:
userphone = UserPhoneClaim.query.filter_by(phone=number, user=g.user).first()
return render_delete(userphone, title="Confirm removal", message="Remove phone number %s?" % userphone,
success="You have removed your number %s." % userphone,
next=url_for('profile'))
def org_delete(name):
org = Organization.query.filter_by(name=name).first_or_404()
if g.user not in org.owners.users:
abort(403)
return render_delete(org, title="Confirm delete", message="Delete organization '%s'? " % org.title,
success="You have deleted organization '%s' and all its associated teams." % org.title,
next=url_for('org_list'))
def permission_user_delete(key, userid):
client = Client.query.filter_by(key=key).first_or_404()
if not client.owner_is(g.user):
abort(403)
if client.user:
user = User.query.filter_by(userid=userid).first_or_404()
permassign = UserClientPermissions.query.filter_by(user=user, client=client).first_or_404()
return render_delete(permassign, title="Confirm delete", message="Remove all permissions assigned to user %s for app '%s'?" % (
(user.pickername), client.title),
success="You have revoked permisions for user %s" % user.pickername,
next=url_for('client_info', key=client.key))
else:
team = Team.query.filter_by(userid=userid).first_or_404()
permassign = TeamClientPermissions.query.filter_by(team=team, client=client).first_or_404()
return render_delete(permassign, title="Confirm delete", message="Remove all permissions assigned to team '%s' for app '%s'?" % (
(team.title), client.title),
success="You have revoked permisions for team '%s'" % team.title,
next=url_for('client_info', key=client.key))
def team_delete(name, userid):
org = Organization.query.filter_by(name=name).first_or_404()
if g.user not in org.owners.users:
abort(403)
team = Team.query.filter_by(org=org, userid=userid).first_or_404()
if team == org.owners:
abort(403)
return render_delete(team, title=u"Confirm delete", message=u"Delete team '%s'?" % team.title,
success=u"You have deleted team '%s' from organization '%s'." % (team.title, org.title),
next=url_for('org_info', name=org.name))
def resource_delete(key, idr):
client = Client.query.filter_by(key=key).first_or_404()
if not client.owner_is(g.user):
abort(403)
resource = Resource.query.get_or_404(idr)
if resource.client != client:
abort(403)
return render_delete(resource, title="Confirm delete", message="Delete resource '%s' from app '%s'?" % (
resource.title, client.title),
success="You have deleted resource '%s' on app '%s'" % (resource.title, client.title),
next=url_for('client_info', key=client.key))
def remove_email(md5sum):
useremail = UserEmail.query.filter_by(md5sum=md5sum, user=g.user).first()
if not useremail:
useremail = UserEmailClaim.query.filter_by(md5sum=md5sum, user=g.user).first()
if not useremail:
abort(404)
if useremail.primary:
flash("You cannot remove your primary email address", "error")
return render_redirect(url_for('profile'), code=303)
return render_delete(useremail, title="Confirm removal", message="Remove email address %s?" % useremail,
success="You have removed your email address %s." % useremail,
next=url_for('profile'))
def resource_action_delete(key, idr, ida):
client = Client.query.filter_by(key=key).first_or_404()
if not client.owner_is(g.user):
abort(403)
resource = Resource.query.get_or_404(idr)
if resource.client != client:
abort(403)
action = ResourceAction.query.get_or_404(ida)
if action.resource != resource:
abort(403)
return render_delete(action, title="Confirm delete", message="Delete action '%s' from resource '%s' of app '%s'?" % (
action.title, resource.title, client.title),
success="You have deleted action '%s' on resource '%s' of app '%s'" % (action.title, resource.title, client.title),
next=url_for('client_info', key=client.key))
def permission_user_delete(key, userid):
client = Client.query.filter_by(key=key).first()
if not client:
abort(404)
if client.user != g.user:
abort(403)
user = User.query.filter_by(userid=userid).first()
if not user:
abort(404)
permassign = UserClientPermissions.query.filter_by(user=user, client=client).first()
return render_delete(permassign, title="Confirm delete", message="Remove all permissions assigned to user '%s' for app '%s'?" % (
(user.displayname()), client.title),
success="You have revoked permisions for user '%s'" % user.displayname(),
next=url_for('client_info', key=client.key))