Example #1
0
    def delete(self, id):
        c.attachment = FundingAttachment.find_by_id(id)
        c.funding = Funding.find_by_id(c.attachment.funding_id)
        
        if not (h.auth.authorized(h.auth.has_organiser_role) or c.funding.person == h.signed_in_person()):
            # Raise a no_auth error
            h.auth.no_role()

        return render('/funding_attachment/confirm_delete.mako')
    def delete(self, id):
        c.attachment = FundingAttachment.find_by_id(id)
        c.funding = Funding.find_by_id(c.attachment.funding_id)

        if not (h.auth.authorized(h.auth.has_organiser_role)
                or c.funding.person == h.signed_in_person()):
            # Raise a no_auth error
            h.auth.no_role()

        return render('/funding_attachment/confirm_delete.mako')
Example #3
0
    def _delete(self, id):
        c.attachment = FundingAttachment.find_by_id(id)
        funding = Funding.find_by_id(c.attachment.funding_id)

        if not (h.auth.authorized(h.auth.has_organiser_role) or funding.person == h.signed_in_person()):
            # Raise a no_auth error
            h.auth.no_role()

        meta.Session.delete(c.attachment)
        meta.Session.commit()

        h.flash("Attachment Deleted")
        redirect_to(controller='funding', action='view', id=funding.id)
    def _delete(self, id):
        c.attachment = FundingAttachment.find_by_id(id)
        funding = Funding.find_by_id(c.attachment.funding_id)

        if not (h.auth.authorized(h.auth.has_organiser_role)
                or funding.person == h.signed_in_person()):
            # Raise a no_auth error
            h.auth.no_role()

        meta.Session.delete(c.attachment)
        meta.Session.commit()

        h.flash("Attachment Deleted")
        redirect_to(controller='funding', action='view', id=funding.id)
Example #5
0
    def view(self, id):
        attachment = FundingAttachment.find_by_id(id)
        funding = Funding.find_by_id(attachment.funding_id)

        if not h.auth.authorized(h.auth.Or(h.auth.is_same_zookeepr_funding_submitter(funding.id), h.auth.has_organiser_role, h.auth.has_funding_reviewer_role)):
            # Raise a no_auth error
            h.auth.no_role()

        response.headers['content-type'] = attachment.content_type
        response.headers.add('content-transfer-encoding', 'binary')
        response.headers.add('content-length', len(attachment.content))
        response.headers['content-disposition'] = 'attachment; filename="%s";' % attachment.filename
        response.headers.add('Pragma', 'cache')
        response.headers.add('Cache-Control', 'max-age=3600,public')
        return attachment.content
    def view(self, id):
        attachment = FundingAttachment.find_by_id(id)
        funding = Funding.find_by_id(attachment.funding_id)

        if not h.auth.authorized(
                h.auth.Or(
                    h.auth.is_same_zookeepr_funding_submitter(
                        funding.id), h.auth.has_organiser_role,
                    h.auth.has_funding_reviewer_role)):
            # Raise a no_auth error
            h.auth.no_role()

        response.headers['content-type'] = attachment.content_type
        response.headers.add('content-transfer-encoding', 'binary')
        response.headers.add('content-length', len(attachment.content))
        response.headers[
            'content-disposition'] = 'attachment; filename="%s";' % attachment.filename
        response.headers.add('Pragma', 'cache')
        response.headers.add('Cache-Control', 'max-age=3600,public')
        return attachment.content