def admin_orders_mod(req, id): check_login(req) check_right(req, module_right) order = Order(id) if order.get(req) is None: raise SERVER_RETURN(state.HTTP_NOT_FOUND) cfg = Object() cfg.addresses_country = req.cfg.addresses_country cfg.addresses_region = req.cfg.addresses_region cfg.eshop_currency = req.cfg.eshop_currency order.calculate() return generate_page(req, "admin/eshop/orders_mod.html", token=create_token(req), order=order, cfg=cfg)
def user_orders_storno(req, id): check_login(req) # TODO: check_token check_referer(req, '/eshop/orders/%d' % id) message = req.form.getfirst('message', '', uni) order = Order(id) if order.get(req) is None: raise SERVER_RETURN(state.HTTP_NOT_FOUND) if order.client_id != req.login.id: raise SERVER_RETURN(state.HTTP_FORBIDDEN) if order.set_state(req, STATE_STORNED, usernote=message) is None: raise SERVER_RETURN(state.HTTP_NOT_FOUND) send_order_status(req, order) redirect(req, '/eshop/orders/%d' % id)
def user_orders_detail(req, id): sha = req.args.getfirst('sha', '', str) if not sha and not req.login: raise SERVER_RETURN(state.HTTP_FORBIDDEN) order = Order(id) if order.get(req) is None: raise SERVER_RETURN(state.HTTP_NOT_FOUND) order.sha = sha1(str(order.create_date)).hexdigest() if (sha and sha != order.sha): raise SERVER_RETURN(state.HTTP_FORBIDDEN) # if sha is set, you can see to order if (not sha and req.login and order.client_id != req.login.id): raise SERVER_RETURN(state.HTTP_FORBIDDEN) cfg = Object() cfg.addresses_country = req.cfg.addresses_country cfg.addresses_region = req.cfg.addresses_region cfg.eshop_currency = req.cfg.eshop_currency order.calculate() return generate_page(req, "eshop/orders_detail.html", order=order, sha=sha, cfg=cfg)