def edit_requests(field, id):
user = get_user()
if user is None:
return "You are not logged in", 400
req = Request.query.filter_by(id=int(id)).first()
if req is None:
return "You don't have permission for this action", 400
return (req.poster != user.id and verify_perm('edit')) or handleFormAction(
RequestForm, field, edit_request, id)
def signup(field):
return handleFormAction(SignupForm, field, post_signup)
def login(field):
return handleFormAction(LoginForm, field, post_login)
def edit_roles(id, field):
return verify_perm('admin') or handleFormAction(RoleForm, field, edit_role,
id)
def edit_users(id, field):
return verify_perm('admin') or handleFormAction(UserForm, field, edit_user,
id)
def edit_production(id, field):
return verify_perm('admin') or handleFormAction(ProductionForm, field,
edit_production, id)
def edit_clients(id, field):
return verify_perm('admin') or handleFormAction(ClientForm, field,
edit_client, id)
def new_roles(field):
return verify_perm('admin') or handleFormAction(RoleForm, field, add_role)
def new_users(field):
return verify_perm('admin') or handleFormAction(UserForm, field, add_user)
def new_production(field):
return verify_perm('admin') or handleFormAction(ProductionForm, field,
add_production)
def new_client(field):
return verify_perm('admin') or handleFormAction(ClientForm, field,
add_client)
def new_request(field):
return verify_perm('add') or handleFormAction(RequestForm, field,
add_request)