def admin_pages_mod(req, id):
"""Edit page could:
* author of page, if still have pages_author right
* admin with pages_modify right
* admin with pages_listall right and right which must have page too
"""
check_login(req)
match_right(req, module_rights)
token = do_create_token(req, '/admin/pages/%d' % id)
page = Page(id)
if (not do_check_right(req, 'pages_modify')) \
and (not page.check_right(req)):
raise SERVER_RETURN(state.HTTP_FORBIDDEN)
if req.method == 'POST':
check_token(req, req.form.get('token'))
page.bind(req.form)
error = page.mod(req)
if error:
return generate_page(req, "admin/pages_mod.html", token=token,
page=page, rights=rights, error=error,
extra_rights=req.cfg.pages_extra_rights)
# endif
if not page.get(req):
raise SERVER_RETURN(state.HTTP_NOT_FOUND)
return generate_page(req, "admin/pages_mod.html", token=token,
page=page, rights=rights,
extra_rights=req.cfg.pages_extra_rights)
def admin_pages_del(req, id):
""" Delete page, could:
* author of page if have still pages_author right
* admin with pages_modify
"""
check_login(req, '/log_in?referer=/admin/pages')
match_right(req, ('pages_author', 'pages_modify'))
check_token(req, req.form.get('token'))
page = Page(id)
if not page.check_right(req):
raise SERVER_RETURN(state.HTTP_FORBIDDEN)
page.delete(req)
# TODO: redirect to same page
redirect(req, '/admin/pages?error=%d' % SUCCESS)
