def order(order_id): o = Order.get(order_id) # mark all comments as read for c in o.comments: c.unread = False c.save() return render_template('order/order.html', o=o)
def admin_order_set_status(order_id, new_status_code): if not current_user.is_admin: abort(403) # access denied o = Order.get(order_id) if not OrderStatus.get(new_status_code): return abort(400) # bad request o.status_id = new_status_code o.save() return redirect(url_for('admin_order', order_id=order_id))
def admin_order_resolve(order_id): if not current_user.is_admin: abort(403) # access denied o = Order.get(order_id) if not o: abort(404) if 'book_id' not in request.form: abort(400) o.status_id = 2 # resolved o.book_id = request.form['book_id'] o.save() return redirect(url_for('admin_orders'))
def comment_add(order_id): text = request.form['text'] c = Comment() o = Order.get(order_id) if not o: abort(404) c.text = text c.order_id = order_id c.user_login = current_user.login c.save() if current_user.is_admin: return redirect(url_for('admin_order', order_id=order_id)) return redirect(url_for('order', order_id=order_id))
def admin_order(order_id): if not current_user.is_admin: abort(403) # access denied o = Order.get(order_id) return render_template('admin/order.html', o=o)