def edit(event_id):
event = db.Event.get_or_404(event_id)
with Grant(event, current_user, 'update'):
form = Event_Form(request.form, obj=event)
if form.validate_on_submit():
form.populate_obj(event)
event.save()
return redirect(url_for('calendar.show', event_id=event_id))
return render_template("calendar/edit.html", form=form)
def test_deny_authenticated_show(self):
g = Grant(self.obj1, self.anon_user, 'show')
self.assertRaises(PermissionDenied, g.__enter__())
def test_deny_nonfriend_notify(self):
g = Grant(self.obj1, self.user2, 'notify')
self.assertRaises(PermissionDenied, g.__enter__())
def test_deny_nonowner_update(self):
g = Grant(self.obj1, self.user1, 'update')
self.assertRaises(PermissionDenied, g.__enter__())
