def admin_pages_mod(req, id): """Edit page could: * author of page, if still have pages_author right * admin with pages_modify right * admin with pages_listall right and right which must have page too """ check_login(req) match_right(req, module_rights) token = do_create_token(req, '/admin/pages/%d' % id) page = Page(id) if (not do_check_right(req, 'pages_modify')) \ and (not page.check_right(req)): raise SERVER_RETURN(state.HTTP_FORBIDDEN) if req.method == 'POST': check_token(req, req.form.get('token')) page.bind(req.form) error = page.mod(req) if error: return generate_page(req, "admin/pages_mod.html", token=token, page=page, rights=rights, error=error, extra_rights=req.cfg.pages_extra_rights) # endif if not page.get(req): raise SERVER_RETURN(state.HTTP_NOT_FOUND) return generate_page(req, "admin/pages_mod.html", token=token, page=page, rights=rights, extra_rights=req.cfg.pages_extra_rights)
def admin_pages_del(req, id): """ Delete page, could: * author of page if have still pages_author right * admin with pages_modify """ check_login(req, '/log_in?referer=/admin/pages') match_right(req, ('pages_author', 'pages_modify')) check_token(req, req.form.get('token')) page = Page(id) if not page.check_right(req): raise SERVER_RETURN(state.HTTP_FORBIDDEN) page.delete(req) # TODO: redirect to same page redirect(req, '/admin/pages?error=%d' % SUCCESS)