Example #1
0
def book_delete(book_id):
    if not current_user.is_admin:
        abort(403)
    b = Book.get(book_id)
    if not b:
        abort(404)
    b.delete()
    return redirect(url_for("admin_public"))
Example #2
0
def book_share(book_id):
    b = Book.get(book_id)
    if not b:
        abort(404)
    if b.added_by_login != current_user.login:
        abort(403)
    b.is_public = not b.is_public
    b.save()
    return redirect(url_for("main"))
Example #3
0
def admin_order_set_status(order_id, new_status_code):
    if not current_user.is_admin:
        abort(403)  # access denied
    o = Order.get(order_id)
    if not OrderStatus.get(new_status_code):
        return abort(400)  # bad request
    o.status_id = new_status_code
    o.save()
    return redirect(url_for('admin_order', order_id=order_id))
Example #4
0
def book_remove(book_id):
    b = Book.get(book_id)
    if not b:
        abort(404)
    if not b.is_public:
        abort(403)
    if current_user.has_book(b):
        current_user.books.remove(b)
        current_user.save()
    return redirect(url_for("main"))
Example #5
0
def book_get(book_id):
    b = Book.get(book_id)
    if not b:
        abort(404)
    if not b.is_public:
        abort(403)
    if not current_user.has_book(b):
        current_user.books.append(b)
        current_user.save()
    return redirect(url_for("public"))
Example #6
0
def comment_add(order_id):
    text = request.form['text']
    c = Comment()
    o = Order.get(order_id)
    if not o:
        abort(404)
    c.text = text
    c.order_id = order_id
    c.user_login = current_user.login
    c.save()
    if current_user.is_admin:
        return redirect(url_for('admin_order', order_id=order_id))
    return redirect(url_for('order', order_id=order_id))
Example #7
0
def admin_order_resolve(order_id):
    if not current_user.is_admin:
        abort(403)  # access denied
    o = Order.get(order_id)
    if not o:
        abort(404)
    if 'book_id' not in request.form:
        abort(400)
    o.status_id = 2  # resolved
    o.book_id = request.form['book_id']
    o.save()
    return redirect(url_for('admin_orders'))
Example #8
0
def test_abort_with_message():
    with pytest.raises(HTTPException) as excinfo:
        abort(400, message='custom error message')
    assert excinfo.value.data['message'] == 'custom error message'
Example #9
0
 def _check_conflict(self, name):
     query = RoomAttribute.query.filter(db.func.lower(RoomAttribute.name) == name.lower())
     if self.attribute:
         query = query.filter(RoomAttribute.id != self.attribute.id)
     if query.has_rows():
         abort(422, messages={'name': [_('Name must be unique')]})
Example #10
0
 def _check_conflict(self, name):
     query = EquipmentType.query.filter(db.func.lower(EquipmentType.name) == name.lower())
     if self.equipment_type:
         query = query.filter(EquipmentType.id != self.equipment_type.id)
     if query.has_rows():
         abort(422, messages={'name': [_('Name must be unique')]})
Example #11
0
 def _check_invalid_times(self, availability):
     if any(bh['start_time'] >= bh['end_time'] for bh in availability['bookable_hours']):
         abort(422, messages={'bookable_hours': [_('Start time should not be later than end time')]})
Example #12
0
 def _check_conflict(self, name):
     query = Location.query.filter(~Location.is_deleted, db.func.lower(Location.name) == name.lower())
     if self.location:
         query = query.filter(Location.id != self.location.id)
     if query.has_rows():
         abort(422, messages={'name': [_('Name must be unique')]})
Example #13
0
def admin_order(order_id):
    if not current_user.is_admin:
        abort(403)  # access denied
    o = Order.get(order_id)
    return render_template('admin/order.html', o=o)
Example #14
0
def admin_orders():
    if not current_user.is_admin:
        abort(403)  # access denied
    ods = Order.get_all()
    return render_template('admin/orders.html', orders=ods)
Example #15
0
def admin_users():
    if not current_user.is_admin:
        abort(403)  # access denied
    users = User.get_all()
    return render_template('admin/users.html', users=users)