def permission_delete(id): perm = Permission.query.get_or_404(id) if not perm.owner_is(g.user): abort(403) return render_delete(perm, title="Confirm delete", message="Delete permission %s?" % perm.name, success="Your permission has been deleted", next=url_for('permission_list'))
def remove_phone(number): userphone = UserPhone.query.filter_by(phone=number, user=g.user).first() if userphone is None: userphone = UserPhoneClaim.query.filter_by(phone=number, user=g.user).first_or_404() return render_delete(userphone, title="Confirm removal", message="Remove phone number %s?" % userphone, success="You have removed your number %s." % userphone, next=url_for('profile'))
def client_delete(key): client = Client.query.filter_by(key=key).first_or_404() if not client.owner_is(g.user): abort(403) return render_delete(client, title="Confirm delete", message="Delete application '%s'? " % client.title, success="You have deleted application '%s' and all its associated permissions and resources" % client.title, next=url_for('client_list'))
def org_delete(name): org = Organization.query.filter_by(name=name).first_or_404() if g.user not in org.owners.users: abort(403) return render_delete(org, title="Confirm delete", message="Delete organization '%s'? " % org.title, success="You have deleted organization '%s' and all its associated teams." % org.title, next=url_for('org_list'))
def permission_user_delete(key, userid): client = Client.query.filter_by(key=key).first_or_404() if not client.owner_is(g.user): abort(403) if client.user: user = User.query.filter_by(userid=userid).first_or_404() permassign = UserClientPermissions.query.filter_by(user=user, client=client).first_or_404() return render_delete(permassign, title="Confirm delete", message="Remove all permissions assigned to user %s for app '%s'?" % ( (user.pickername), client.title), success="You have revoked permisions for user %s" % user.pickername, next=url_for('client_info', key=client.key)) else: team = Team.query.filter_by(userid=userid).first_or_404() permassign = TeamClientPermissions.query.filter_by(team=team, client=client).first_or_404() return render_delete(permassign, title="Confirm delete", message="Remove all permissions assigned to team '%s' for app '%s'?" % ( (team.title), client.title), success="You have revoked permisions for team '%s'" % team.title, next=url_for('client_info', key=client.key))
def remove_email(md5sum): useremail = UserEmail.query.filter_by(md5sum=md5sum, user=g.user).first() if not useremail: useremail = UserEmailClaim.query.filter_by(md5sum=md5sum, user=g.user).first_or_404() if isinstance(useremail, UserEmail) and useremail.primary: flash("You cannot remove your primary email address", "error") return render_redirect(url_for('profile'), code=303) return render_delete(useremail, title="Confirm removal", message="Remove email address %s?" % useremail, success="You have removed your email address %s." % useremail, next=url_for('profile'))
def team_delete(name, userid): org = Organization.query.filter_by(name=name).first_or_404() if g.user not in org.owners.users: abort(403) team = Team.query.filter_by(org=org, userid=userid).first_or_404() if team == org.owners: abort(403) return render_delete(team, title=u"Confirm delete", message=u"Delete team '%s'?" % team.title, success=u"You have deleted team '%s' from organization '%s'." % (team.title, org.title), next=url_for('org_info', name=org.name))
def resource_delete(key, idr): client = Client.query.filter_by(key=key).first_or_404() if not client.owner_is(g.user): abort(403) resource = Resource.query.get_or_404(idr) if resource.client != client: abort(403) return render_delete(resource, title="Confirm delete", message="Delete resource '%s' from app '%s'?" % ( resource.title, client.title), success="You have deleted resource '%s' on app '%s'" % (resource.title, client.title), next=url_for('client_info', key=client.key))
def resource_action_delete(key, idr, ida): client = Client.query.filter_by(key=key).first_or_404() if not client.owner_is(g.user): abort(403) resource = Resource.query.get_or_404(idr) if resource.client != client: abort(403) action = ResourceAction.query.get_or_404(ida) if action.resource != resource: abort(403) return render_delete(action, title="Confirm delete", message="Delete action '%s' from resource '%s' of app '%s'?" % ( action.title, resource.title, client.title), success="You have deleted action '%s' on resource '%s' of app '%s'" % (action.title, resource.title, client.title), next=url_for('client_info', key=client.key))