def creditor_restore(self):
""" Restore creditor, returns redirect. """
id = int(self.request.matchdict.get("id"))
c = Creditor.by_id(id)
if not c:
return HTTPNotFound()
""" Authorization check. """
if c.private and c.user_id is not authenticated_userid(self.request):
return HTTPForbidden()
c.archived = False
DBSession.add(c)
self.request.session.flash("Creditor %s restored" % (c.title), "status")
return HTTPFound(location=self.request.route_url("creditors_archived"))
def creditor_edit(self):
""" Edit creditor. """
id = int(self.request.matchdict.get("id"))
c = Creditor.by_id(id)
if not c:
return HTTPNotFound()
""" Authorization check. """
if c.private and c.user_id is not authenticated_userid(self.request):
return HTTPForbidden()
form = CreditorEditForm(self.request.POST, c, csrf_context=self.request.session)
if self.request.method == "POST" and form.validate():
form.populate_obj(c)
self.request.session.flash("Creditor %s updated" % (c.title), "status")
return HTTPFound(location=self.request.route_url("creditors"))
return {"title": "Edit creditor", "form": form, "id": id, "action": "creditor_edit"}
